Trigger-action Internet of Things (IoT) platforms allow users to leverage functional dependencies between IoT event conditions and actions to set up trigger-action rules in a rule engine, where event conditions act as triggers to the corresponding actions. When these user-defined rules are executed, they create a chain of interactions. IoT hubs utilize this chain to automate network tasks, invoke actions in various IoT devices based on triggers, and communicate with users about the physical changes in the network. However, adversaries exploit this chain to maliciously inject fake event conditions in the network and perform remote injection attacks. The objective here is to force the hubs to invoke invalid actions in target IoT devices violating rule integrity. Security mechanisms in the existing literature attempt to address this vulnerability either by deploying event verification systems to verify the physical occurrence of IoT events or by enforcing security compliance mechanisms to prevent unsafe and insecure event transactions in the network. Although these mechanisms are well suited for offline protection, they can barely provide realtime defense against agile remote injection attacks. Additionally, some of the mechanisms require modification of the source code of IoT mobile apps, making the defense solutions platform dependent.In this dissertation, we present three novel research works to address this gap. First, we propose IoTMonitor, a Hidden Markov Model based security analysis system that discovers optimal attack paths from a set of physical evidence generated due to attack actions in the network. IoTMonitor learns attack behavior by continuously observing physical changes caused by event occurrences and determines the most likely IoT devices compromised by attackers. Second, we develop IoTWarden, a deep reinforcement learning (deep RL) based defense system that profiles attack actions at runtime and takes necessary defense actions to obstruct the progression of ongoing attacks. We implement an LSTM-based recurrent neural network (RNN) to infer attack behavior at runtime and a Deep Q-Network (DQN) based function approximator to obtain optimal defense policies. The objective here is to train a defense agent with an optimal action policy so that the agent takes defense actions at runtime yielding maximum security gain. Third, we develop IoTHaven, a realtime defense system to mitigate remote injection attacks in partially observable IoT networks. In IoTHaven, the defense agent takes optimal actions at runtime against ongoing remote injection attacks under the uncertainty of actual network states maximizing the overall security gain. We design the decision process of the defense agent as a Partially Observable Markov Decision Process (POMDP). IoTHaven utilizes a Deep Recurrent Q-Network (DRQN) based function approximator to obtain optimal defense policies.