Hi-Guard: Secure HAN & Content Moderation

• Hi-Guard is a dual-framework approach comprising Hanguard for smart home network security and Hi-Guard for hierarchical, multimodal content moderation.
• Hanguard employs a dual-plane architecture with cryptographic authorization and RBAC-based flow control to enforce per-app, per-flow policies in HANs.
• Hi-Guard uses a two-stage hierarchical pipeline with reinforcement learning to achieve interpretable, fine-grained risk classification for content moderation.

Hi-Guard refers to two technically distinct but eponymous security frameworks: (1) Hanguard, a practical OS/router-coordinated per-app policy enforcement system for Home Area Networks (HANs) in smart homes (Demetriou et al., 2017), and (2) Hierarchical Guard (Hi-Guard), an advanced multimodal content moderation architecture that achieves policy alignment, interpretability, and hierarchical risk classification at scale (Li et al., 5 Aug 2025). Both paradigms build on the principle of fine-grained, transparent policy enforcement, but target separate domains: network-layer IoT access versus platform content moderation. The following provides an integrated overview of both, with a focus on their methodologies, architectural innovations, technical mechanisms, evaluation results, and limitations.

1. Problem Formulations and Motivation

Hanguard (HAN Security)

Hanguard addresses the implicit trust model in smart homes, where a Wi-Fi-authenticated device—regardless of its internal app composition—receives unrestricted intranet access. This traditional trust boundary is vulnerable to malicious apps installed on resident smartphones, allowing lateral movement or unauthorized control over IoT devices (e.g., smart locks, cameras) that expose local APIs. The core objective is to provide per-app, per-flow network access control without modifying IoT devices, smartphone kernels, or relying on secure programming in vendor software (Demetriou et al., 2017).

Hi-Guard (Policy-Aligned Moderation)

Hi-Guard is motivated by the inadequacy of label-driven content moderation systems, which lack compliance with evolving platform policies and provide limited decision transparency. Social platforms require interpretable, fine-grained risk classification systems capable of reasoning over multimodal content (text, image) and adapting to policy updates. The goal is to minimize noisy moderation and improve human review outcomes by integrating explicit rule definitions and hierarchical taxonomies into the inference process (Li et al., 5 Aug 2025).

2. System Architectures and Core Mechanisms

Framework	Domain	Architecture	Granularity
Hanguard	HAN Security	Dual-plane (Phone Monitor, Router)	App-level, Per-flow
Hi-Guard	Content Moderation	Two-stage, Hierarchical Pipeline	Multilevel Taxonomy

Hanguard

Hanguard operates via two cooperating planes:

• Control Plane: A userspace Monitor runs on each trusted Android/iOS phone, intercepts socket API calls (via Xposed/ptrace or NEPacketTunnelProvider/fishhook), identifies the initiating app, and conveys access decisions to the router.
• Data Plane: The HAN router (OpenWrt-based) maintains per-flow tables (indexed by {phone_ID, app_ID, 5-tuple}), incorporating only flows with positive authorization. Flows lacking approval are dropped at ingress.

Policy decisions are backed by a hybrid Role-Based Access Control (RBAC) schema, using both Type Enforcement (TE) and Multi-Category Security (MCS). Access is only permitted when the subject (app) type is subordinate to the object (device) type in the lattice (τ(s) ⪯ τ(o)), and their category sets intersect (κ(s) ∩ κ(o) ≠ ∅).

Hi-Guard

Hi-Guard inserts into a three-stage content moderation system, replacing the monolithic decision model with:

• Stage 1: A lightweight binary filter (Qwen2-VL-2B, SFT-trained) discriminates “safe” versus “risky” multimodal content by minimizing cross-entropy loss.
• Stage 2: A hierarchical classifier (Qwen2-VL-7B), prompted by explicit policy definitions, performs path-based classification through a four-level taxonomy: Domain → Topic → Subtype → Behavior.

The hierarchical design reduces misclassification at finer levels by repeatedly narrowing candidate sets and provides interpretable, semantically-anchored categorization.

3. Policy Alignment and Rule-Grounded Decision-Making

Hanguard

Policy is instantiated through a combination of RBAC, TE, and MCS, forming high-fidelity access rules. The Monitor applies local policy, sends signed authorization requests with embedded nonce, phone/app ID, 5-tuple, and timestamp—authenticated via HMAC with a shared secret K established during provisioning. The router validates, then enforces flow enforcement accordingly (Demetriou et al., 2017).

Hi-Guard

Hi-Guard ingests the verbatim text of the platform’s moderation policies into the system prompt, injecting rule statements at every taxonomy level. At inference, the model is instructed to provide both a detailed reasoning (> ...) explicitly referencing category definitions (and sibling contrasts), and a final decision (<answer>...). This structure ensures decisions are tightly anchored to policy semantics, increasing transparency for both automated processing and human audit (Li et al., 5 Aug 2025).

4. Training, Optimization, and Structured Rewards

Hanguard

No ML-based training is required; policy evaluation is determined by static mapping functions and direct rule enforcement, with cryptographic mechanisms ensuring integrity and replay resistance.

Hi-Guard

Hi-Guard employs composite reinforcement optimization via Group Relative Policy Optimization (GRPO):

• Format reward: Binary indicator for matching the expected output structure (“<think>...<answer>...”).
• Path-aware soft-margin accuracy: For true path $P=(y^{(1)},…,y^{(L)})$ and model path $\hat P=(\hat y^{(1)},…,\,\hat y^{(L)})$, sibling misclassifications at level l incur a penalty $-2^{l-1}$, promoting precision at deeper hierarchy nodes. The total reward combines these items:

$$R_{\mathrm{acc}} = \frac1L \sum_{l=1}^{L} R_{\mathrm{acc}}^{(l)}, \qquad R_{\mathrm{final}} = R_{\mathrm{acc}} + R_{\mathrm{format}}$$

• GRPO update: Rewards for G sampled paths are normalized, and the policy is updated to maximize expected advantage-weighted log-probabilities within the batch. This reduces update variance given sparse, structure-dependent rewards (Li et al., 5 Aug 2025).

5. Implementation Details

Hanguard

• Router: ~500 LOC C kernel module or iptables extension (OpenWrt), maintaining an in-memory flow table. Netfilter hooks drop unauthorized packets.
• Phone Monitor: ~2000 LOC (Android Java/JNI), ~1500 LOC (iOS/Objective-C/Swift). Intercepts socket calls, references internal policy DB, asynchronously communicates with the router (typical latency ≈100 ms).
• Cryptography: Each decision message includes nonce, timestamp, and HMAC for replay/mutation resilience.

Hi-Guard

• Stage-1 Model: Qwen2-VL-2B, SFT-trained, low overhead for initial binary screening.
• Stage-2 Model: Qwen2-VL-7B, policy-prompted, optimized via GRPO for path-based, multi-level classification. All training incorporates the hierarchical taxonomy and platform rules within prompts.
• Output format and reasoning: Enforced via both reward shaping and explicit instruction.

6. Empirical Evaluation and Deployment

Hanguard

• Performance: In lab deployment with 8 IoT devices, 8 phones, and 1 OpenWrt router (400 MHz MIPS, 64 MB RAM): median per-flow setup latency ≈1–2 ms; throughput impact <3% at 100 Mbps; router CPU overhead approx. 10% at 1000 concurrent flows, rising to 30% at 3000 flows; per-flow memory ≈2 KB.
• Scalability: Lookup and enforcement latency remain constant (O(1)) up to >5000 flow entries.
• Deployment: No changes required for IoT devices or smartphone OS kernels, facilitating end-user adoption (Demetriou et al., 2017).

Hi-Guard

• Datasets: Binary filter trained on 28K samples; hierarchical classifier on 24K risk-annotated samples (plus held-out categories for generalization).
• Metrics: On unseen categories, Hi-Guard achieves 84.11% overall accuracy (Precision 52.72%, Recall 59.42%), outperforming Qwen2-VL baselines by +12.13 points.
• Human Evaluation: Professional moderators rate Hi-Guard’s chain-of-thought as “best” in 73.3% of cases, compared to 15.4% for RLVR.
• Production results: Deployed in an online moderation loop, Hi-Guard achieves 85.06% accuracy, 51.09% precision and 79.14% recall on risky content, while reducing human review requirements by 56.38% to 0.24% content triage. Sub-second GPU inference per content sample supports practical scale (Li et al., 5 Aug 2025).

7. Limitations and Security Considerations

Hanguard

No modifications to HAN devices or smartphone kernels are required, maximizing backward compatibility. Limitations include potential covert channel attempts (e.g., DNS tunneling) and noncompliant apps exploiting raw sockets, both mitigated by comprehensive API interception. Message replay/drop is countered via cryptographic controls. All flows not explicitly approved are denied by default (Demetriou et al., 2017).

Hi-Guard

The system’s interpretability depends on the quality and currency of policy prompts; any drift between codified platform guidelines and implementation may reduce alignment. Generalization is tied to taxonomy completeness and the semantic distance penalty. Stage-1 binary filtering may set a recall-accuracy tradeoff. Inference speed and cost are mitigated by staged model selection and prompt engineering (Li et al., 5 Aug 2025).

---

Hi-Guard, in both its HAN and content moderation instantiations, exemplifies a convergence on rule-grounded, fine-grained, and explainable policy enforcement—whether at the level of network flows or semantic content labeling. Its deployment demonstrates the feasibility of transparent, robust, and scalable trust boundaries in complex real-world environments.