The emerging Internet of Things (IoT) landscape is characterized by a high number of heterogeneous smart devices and services often provided by third parties. Although machine-based Service Level Agreements (SLA) have been recently leveraged to establish and share policies in this scenario, system owners do not always give full transparency regarding the security and privacy of the offered features. Hence, the issue of making end users aware of the overall system security levels and the fulfillment of their privacy requirements through the provision of the requested service remains a challenging task. To tackle this problem, we propose a complete framework that allows users to choose suitable levels of privacy and security requirements for service acquisition in IoT. Our approach leverages a Deep Reinforcement Learning solution in which a user agent, inside the environment, is trained to select the best encountered smart objects providing the user target services on behalf of its owner. This strategy is designed to allow the agent to learn from experience by moving in a complex, multi-dimensional environment and reacting to possible changes. During the learning phase, a key task for the agent is to adhere to deadlines while ensuring user security and privacy requirements. Finally, to assess the performance of the proposed approach, we carried out an extensive experimental campaign. The obtained results also show that our solution can be successfully deployed on very basic and simple devices typically available in an IoT setting.
A deep reinforcement learning approach for security-aware service acquisition in IoT
Arazzi M.;Nocera A.
2024-01-01
Abstract
The emerging Internet of Things (IoT) landscape is characterized by a high number of heterogeneous smart devices and services often provided by third parties. Although machine-based Service Level Agreements (SLA) have been recently leveraged to establish and share policies in this scenario, system owners do not always give full transparency regarding the security and privacy of the offered features. Hence, the issue of making end users aware of the overall system security levels and the fulfillment of their privacy requirements through the provision of the requested service remains a challenging task. To tackle this problem, we propose a complete framework that allows users to choose suitable levels of privacy and security requirements for service acquisition in IoT. Our approach leverages a Deep Reinforcement Learning solution in which a user agent, inside the environment, is trained to select the best encountered smart objects providing the user target services on behalf of its owner. This strategy is designed to allow the agent to learn from experience by moving in a complex, multi-dimensional environment and reacting to possible changes. During the learning phase, a key task for the agent is to adhere to deadlines while ensuring user security and privacy requirements. Finally, to assess the performance of the proposed approach, we carried out an extensive experimental campaign. The obtained results also show that our solution can be successfully deployed on very basic and simple devices typically available in an IoT setting.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.