Proactive Detection of Physical Inter-rule Vulnerabilities in IoT Services Using a Deep Learning Approach

TL;DR

This paper presents a deep learning framework using Transformer models to proactively identify physical inter-rule vulnerabilities in IoT systems by analyzing user descriptions and trigger-action rules, enhancing IoT security.

Contribution

The paper introduces a novel deep learning approach employing Transformers to automatically discover physical inter-rule vulnerabilities from natural language descriptions in IoT platforms.

Findings

Transformer achieves 95.22% accuracy in extracting trigger-action rules.

The approach identified 99 potential physical vulnerabilities in real IoT apps.

The framework effectively predicts environment channels involved in vulnerabilities.

Abstract

Emerging Internet of Things (IoT) platforms provide sophisticated capabilities to automate IoT services by enabling occupants to create trigger-action rules. Multiple trigger-action rules can physically interact with each other via shared environment channels, such as temperature, humidity, and illumination. We refer to inter-rule interactions via shared environment channels as a physical inter-rule vulnerability. Such vulnerability can be exploited by attackers to launch attacks against IoT systems. We propose a new framework to proactively discover possible physical inter-rule interactions from user requirement specifications (i.e., descriptions) using a deep learning approach. Specifically, we utilize the Transformer model to generate trigger-action rules from their associated descriptions. We discover two types of physical inter-rule vulnerabilities and determine associated environment channels using natural language processing (NLP) tools. Given the extracted trigger-action rules and associated environment channels, an approach is proposed to identify hidden physical inter-rule vulnerabilities among them. Our experiment on 27983 IFTTT style rules shows that the Transformer can successfully extract trigger-action rules from descriptions with 95.22% accuracy. We also validate the effectiveness of our approach on 60 SmartThings official IoT apps and discover 99 possible physical inter-rule vulnerabilities.