The paper applies reinforcement learning to novel Internet of Thing configurations. Our analysis of inaudible attacks on voice-activated devices confirms the alarming risk factor of 7.6 out of 10, underlining significant security vulnerabilities scored independently by NIST National Vulnerability Database (NVD). Our baseline network model showcases a scenario in which an attacker uses inaudible voice commands to gain unauthorized access to confidential information on a secured laptop. We simulated many attack scenarios on this baseline network model, revealing the potential for mass exploitation of interconnected devices to discover and own privileged information through physical access without adding new hardware or amplifying device skills. Using Microsoft's CyberBattleSim framework, we evaluated six reinforcement learning algorithms and found that Deep-Q learning with exploitation proved optimal, leading to rapid ownership of all nodes in fewer steps. Our findings underscore the critical need for understanding non-conventional networks and new cybersecurity measures in an ever-expanding digital landscape, particularly those characterized by mobile devices, voice activation, and non-linear microphones susceptible to malicious actors operating stealth attacks in the near-ultrasound or inaudible ranges. By 2024, this new attack surface might encompass more digital voice assistants than people on the planet yet offer fewer remedies than conventional patching or firmware fixes since the inaudible attacks arise inherently from the microphone design and digital signal processing.

翻译：本文应用强化学习于新型物联网配置。我们对语音激活设备无声攻击的分析证实了风险因子高达7.6/10的警示性结论，凸显了美国国家标准与技术研究院国家漏洞数据库（NVD）独立评估的严重安全漏洞。我们的基线网络模型展示了一种场景：攻击者利用无声语音命令获取受保护笔记本电脑上的机密信息。基于该基线网络模型，我们模拟了多种攻击场景，揭示了通过物理接入（无需新增硬件或提升设备能力）利用互联设备的大规模漏洞来发现并获取特权信息的可能性。采用微软CyberBattleSim框架，我们评估了六种强化学习算法，发现基于利用的深度Q学习算法性能最优，能以最少步数快速控制所有节点。研究结果强调了在日益扩张的数字生态中理解非常规网络及新型网络安全措施的迫切性，尤其是那些包含移动设备、语音激活功能及非线性麦克风的系统——这些系统易受恶意行为者在近超声或无声频段实施隐蔽攻击。到2024年，这一新型攻击面覆盖的数字语音助手数量可能超过全球人口，但由于无声攻击本质上源于麦克风设计与数字信号处理，传统补丁或固件更新的应对手段将更加有限。