Abstract
Due to their high vulnerability, IoT has become a primary target for cybercriminals (e.g., botnets, network infiltration). As a result, many solutions have been developed to help users and administrators identify IoT devices. While solutions based on deep learning have been shown to outperform traditional approaches in other domains, their lack of explanation and their inference latency present major obstacles for their adoption in network traffic analysis, where throughputs of Gbps are typically expected. Extracting rules from a trained neural network presents a compelling solution, but existing methods are limited to feedforward networks, and RNN/LSTM. In contrast, attention-based models are a more recent architecture, and are replacing RNN/LSTM due to their higher performance. In this paper, we therefore propose a novel efficient algorithm to extract rules from a trained attention-based model. Evaluations on actual packet traces of more than 100 IoT devices demonstrate that the proposed algorithm reduces the storage requirements and inference latency by 4 orders of magnitude while still achieving an average f1-score of 0.995 and a fidelity score of 98.94%. Further evaluation on an independent dataset also shows improved generalization performance: The extracted rules achieve better performance, especially thanks to their inherent capability to identify unknown devices.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Notations were slightly modified.
References
Hautala, L.: Why it was so easy to hack the cameras that took down the web. In: CNET Security, October 2016
Palmer, D.: 175,000 IoT cameras can be remotely hacked thanks to flaw, says security researcher. In: ZDNet, July 2017
Yu, T., Sekar, V., Seshan, S., Agarwal, Y., Xu, C.: Handling a trillion (unfixable) flaws on a billion devices: rethinking network security for the internet-of-things. In: Proceedings of the 14th ACM Workshop on Hot Topics in Networks, HotNets-XIV (2015)
Sivanathan, A., et al.: Characterizing and classifying IoT traffic in smart cities and campuses. In: IEEE Infocom Workshop Smart Cities and Urban Computing (2017)
Miettinen, M., et al.: Iot sentinel demo: automated device-type identification for security enforcement in iot. In: IEEE ICDCS (2017)
Meidan, Y., et al.: Profiliot: a machine learning approach for IoT device identification based on network traffic analysis, April 2017
Guo, H., Heidemann, J.: IP-based IoT device detection. In: Proceedings of the 2018 Workshop on IoT Security and Privacy, IoT Samp;P 2018, (New York, NY, USA), pp. 36–42. Association for Computing Machinery (2018)
Ortiz, J., Crawford, C., Le, F.: Devicemien: network device behavior modeling for identifying unknown Iot devices. In: Proceedings of the International Conference on Internet of Things Design and Implementation, IoTDI 2019, (New York, NY, USA), pp. 106–117. Association for Computing Machinery (2019)
Bremler-Barr, A., Levy, H., Yakhini, Z.: IoT or not: identifying IoT devices in a shorttime scale (2019)
Mazhar, M.H., Shafiq, Z.: Characterizing smart home IoT traffic in the wild (2020)
Huang, D.Y., Apthorpe, N., Acar, G., Li, F., Feamster, N.: Iot inspector: crowdsourcing labeled network traffic from smart home devices at scale (2019)
Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435–2463 (1999)
Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX Conference on System Administration, LISA 1999 (USA), pp. 229–238. USENIX Association (1999)
Cleeremans, A., Servan-Schreiber, D., Mcclelland, J.: Finite state automata and simple recurrent networks. Neural Comput. - NECO 1, 372–381 (1989)
Hayashi, Y., Imura, A.: Fuzzy neural expert system with automated extraction of fuzzy if-then rules from a trained neural network. In: Proceedings First International Symposium on Uncertainty Modeling and Analysis (1990)
Towell, G.G., Shavlik, J.W.: The extraction of refined rules from knowledge-based neural networks. In: Machine Learning, pp. 71–101 (1993)
Fu, L.: Rule generation from neural networks. In: IEEE Transactions on Systems, Man, and Cybernetics (1994)
Omlin, C., Giles, C.: Extraction of rules from discrete-time recurrent neural network. Neural Netw. 9, 41–52 (2001)
Murdoch, W.J., Szlam, A.: Automatic rule extraction from long short term memory networks, CoRR, vol. abs/1702.02540 (2017)
Ribeiro, M.T., Singh, S., Guestrin, C.: “why should i trust you?": explaining the predictions of any classifier. In: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2016, (New York, NY, USA), pp. 1135–1144. Association for Computing Machinery (2016)
Bahdanau, D., Cho, K., Bengio, Y.: Neural machine translation by jointly learning to align and translate. arXiv e-prints, p. arXiv:1409.0473, September 2014
Xu, K., et al.: Show, attend and tell: neural image caption generation with visual attention. arXiv e-prints, p. arXiv:1502.03044, February 2015
Chorowski, J.K., Bahdanau, D., Serdyuk, D., Cho, K., Bengio, Y.: Attention-based models for speech recognition. In: Cortes, C., Lawrence, N.D., Lee, D.D., Sugiyama, M., Garnett, R. (eds.) Advances in Neural Information Processing Systems 28, pp. 577–585. Curran Associates Inc. (2015)
Sutskever, I., Vinyals, O., Le, Q.V.: Sequence to sequence learning with neural networks. arXiv e-prints, p. arXiv:1409.3215, September 2014
Cho, K., van Merrienboer, B., Gülçehre, Ç., Bougares, F., Schwenk, H., Bengio, Y.: Learning phrase representations using RNN encoder-decoder for statistical machine translation. CoRR, vol. abs/1406.1078 (2014)
Rayome, A.D.: Security flaw made 175,000 iot cameras vulnerable to becoming spy cams for hackers. https://www.techrepublic.com/article/security-flaw-made-175000-iot-cameras-vulnerable-to-becoming-spy-cams-for-hackers//. Accessed 01 August 2017
Acknowledgment
The authors would like to thank the anonymous reviewers for their suggestions, and comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Le, F., Srivatsa, M. (2020). Deriving Interpretable Rules for IoT Discovery Through Attention. In: Song, W., Lee, K., Yan, Z., Zhang, LJ., Chen, H. (eds) Internet of Things - ICIOT 2020. ICIOT 2020. Lecture Notes in Computer Science(), vol 12405. Springer, Cham. https://doi.org/10.1007/978-3-030-59615-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-59615-6_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-59614-9
Online ISBN: 978-3-030-59615-6
eBook Packages: Computer ScienceComputer Science (R0)