The behavioral analysis of smart devices plays a key role in enforcing security for IoT environments. In particular, anomalous patterns can be targeted in the behavior of smart devices as potential IoT cybersecurity threats. In this article, an explainable machine-learning approach is proposed for dealing with behavioral anomalies. Essentially, a rule-based classifier is inferred from the observed behavior of smart devices, to detect and explain patterns of behavioral anomalies. Predictive association modeling is adopted in the formulation of the classifier, to achieve superior effectiveness in detecting behavioral patterns and ensuring clear explanations of both these latter and their classifications. Moreover, the specifically-conceived design of the classifier reduces the number of tunable parameters to one. An extensive empirical evaluation is comparatively carried out on real-world benchmark data. The experimental results reveal the effectiveness, robustness, and scalability of the proposed approach.

Rule-Based Detection of Anomalous Patterns in Device Behavior for Explainable IoT Security

Gianni Costa;Agostino Forestiero;Riccardo Ortale
2023

Abstract

The behavioral analysis of smart devices plays a key role in enforcing security for IoT environments. In particular, anomalous patterns can be targeted in the behavior of smart devices as potential IoT cybersecurity threats. In this article, an explainable machine-learning approach is proposed for dealing with behavioral anomalies. Essentially, a rule-based classifier is inferred from the observed behavior of smart devices, to detect and explain patterns of behavioral anomalies. Predictive association modeling is adopted in the formulation of the classifier, to achieve superior effectiveness in detecting behavioral patterns and ensuring clear explanations of both these latter and their classifications. Moreover, the specifically-conceived design of the classifier reduces the number of tunable parameters to one. An extensive empirical evaluation is comparatively carried out on real-world benchmark data. The experimental results reveal the effectiveness, robustness, and scalability of the proposed approach.
2023
Istituto di Calcolo e Reti ad Alte Prestazioni - ICAR
Anomaly detection , behavioral patterns , explainable machine learning , Internet of Things
File in questo prodotto:
File Dimensione Formato  
Rule-Based Detection of Anomalous Patterns in Device Behavior for Explainable IoT Security.pdf

solo utenti autorizzati

Tipologia: Versione Editoriale (PDF)
Licenza: NON PUBBLICO - Accesso privato/ristretto
Dimensione 826.41 kB
Formato Adobe PDF
826.41 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/511257
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 1
social impact