RITA: Automatic Framework for Designing of Resilient IoT Applications
This work addresses the need for efficient and secure design of resilient IoT applications, offering a practical solution for developers, but it is incremental as it builds on existing NER and threat analysis methods.
The paper tackled the manual and error-prone process of designing resilient IoT systems by proposing RITA, an automated framework that uses a fine-tuned RoBERTa-based NER model to identify IoT Critical Objects, correlate threats, and recommend countermeasures, outperforming ChatGPT in four of seven ICO categories in empirical evaluation.
Designing resilient Internet of Things (IoT) systems requires i) identification of IoT Critical Objects (ICOs) such as services, devices, and resources, ii) threat analysis, and iii) mitigation strategy selection. However, the traditional process for designing resilient IoT systems is still manual, leading to inefficiencies and increased risks. In addition, while tools such as ChatGPT could support this manual and highly error-prone process, their use raises concerns over data privacy, inconsistent outputs, and internet dependence. Therefore, we propose RITA, an automated, open-source framework that uses a fine-tuned RoBERTa-based Named Entity Recognition (NER) model to identify ICOs from IoT requirement documents, correlate threats, and recommend countermeasures. RITA operates entirely offline and can be deployed on-site, safeguarding sensitive information and delivering consistent outputs that enhance standardization. In our empirical evaluation, RITA outperformed ChatGPT in four of seven ICO categories, particularly in actuator, sensor, network resource, and service identification, using both human-annotated and ChatGPT-generated test data. These findings indicate that RITA can improve resilient IoT design by effectively supporting key security operations, offering a practical solution for developing robust IoT architectures.