Remote injection attacks in trigger-action IoT platforms—where adversaries chain forged event conditions to trigger unauthorized actions—are difficult to detect. Existing offline fingerprinting methods lack real-time capability, while online detection approaches suffer from poor generalizability and rely on strong assumptions. Method: We propose the first runtime defense framework based on multi-agent reinforcement learning (MARL), integrating event-behavior profiling with lightweight security policy inference. It is platform-agnostic and incurs minimal overhead. The framework employs PPO and DQN to dynamically model attack evolution and optimize security policies in real time. Contribution/Results: Evaluated on a real-world IoT platform, our approach achieves a 98.7% attack interception rate, sub-120 ms average response latency, and over 40% reduction in computational overhead compared to baselines. It significantly improves generalizability and practical deployability without compromising detection accuracy or timeliness.

Internet of Things (IoT) platforms with trigger-action capability allow event conditions to trigger actions in IoT devices autonomously by creating a chain of interactions. Adversaries exploit this chain of interactions to maliciously inject fake event conditions into IoT hubs, triggering unauthorized actions on target IoT devices to implement remote injection attacks. Existing defense mechanisms focus mainly on the verification of event transactions using physical event fingerprints to enforce the security policies to block unsafe event transactions. These approaches are designed to provide offline defense against injection attacks. The state-of-the-art online defense mechanisms offer real-time defense, but extensive reliability on the inference of attack impacts on the IoT network limits the generalization capability of these approaches. In this paper, we propose a platform-independent multi-agent online defense system, namely RESTRAIN, to counter remote injection attacks at runtime. RESTRAIN allows the defense agent to profile attack actions at runtime and leverages reinforcement learning to optimize a defense policy that complies with the security requirements of the IoT network. The experimental results show that the defense agent effectively takes real-time defense actions against complex and dynamic remote injection attacks and maximizes the security gain with minimal computational overhead.