Trigger-Action platforms are systems that enable users to easily define, in terms of conditional rules, custom behaviors concerning Internet-of-Things (IoT) devices and web services. Unfortunately, although these tools stimulate the cre- ativity of users in building automation, they may also introduce serious risks for the users. Indeed, trigger-action rules can lead to the possibility of users harming themselves, for example by unintentionally disclosing non-public information, or unwillingly exposing their smart environment to cyber-threats. In this pa- per, we propose to use Natural Language Processing (NLP) techniques to detect automation rules, defined within Trigger- Action IoT platforms, that potentially violate the security or privacy of the users. The proposed NLP-based models capture the semantic and contextual information of the trigger-action rules by applying classification techniques to different combinations of rule’s features. We evaluate the proposed solution with the mainstream trigger-action platform, namely IFTTT, by training the NLP models with a dataset of 76,741 rules labeled by using an ensemble of three semi-supervised learning techniques. The experimental results demonstrate that the model based on BERT (Bidirectional Encoder Representations from Transformers) ob- tains the highest performances when trained on all features, achieving average Precision and Recall values between 88% and 93%. We also compare the achieved performances with those of a baseline system implementing information flow analysis.
Identifying Security and Privacy Violation Rules in Trigger-Action IoT Platforms with NLP Models / Breve, Bernardo; Gaetano, Cimino; Deufemia, Vincenzo. - In: IEEE INTERNET OF THINGS JOURNAL. - ISSN 2327-4662. - 10:(2023), pp. 5607-5622. [10.1109/JIOT.2022.3222615]
Identifying Security and Privacy Violation Rules in Trigger-Action IoT Platforms with NLP Models
Breve Bernardo;
2023
Abstract
Trigger-Action platforms are systems that enable users to easily define, in terms of conditional rules, custom behaviors concerning Internet-of-Things (IoT) devices and web services. Unfortunately, although these tools stimulate the cre- ativity of users in building automation, they may also introduce serious risks for the users. Indeed, trigger-action rules can lead to the possibility of users harming themselves, for example by unintentionally disclosing non-public information, or unwillingly exposing their smart environment to cyber-threats. In this pa- per, we propose to use Natural Language Processing (NLP) techniques to detect automation rules, defined within Trigger- Action IoT platforms, that potentially violate the security or privacy of the users. The proposed NLP-based models capture the semantic and contextual information of the trigger-action rules by applying classification techniques to different combinations of rule’s features. We evaluate the proposed solution with the mainstream trigger-action platform, namely IFTTT, by training the NLP models with a dataset of 76,741 rules labeled by using an ensemble of three semi-supervised learning techniques. The experimental results demonstrate that the model based on BERT (Bidirectional Encoder Representations from Transformers) ob- tains the highest performances when trained on all features, achieving average Precision and Recall values between 88% and 93%. We also compare the achieved performances with those of a baseline system implementing information flow analysis.| File | Dimensione | Formato | |
|---|---|---|---|
|
Identifying_Security_and_Privacy_Violation_Rules_in_Trigger-Action_IoT_Platforms_With_NLP_Models.pdf
non disponibili
Licenza:
Non specificato
Dimensione
2.81 MB
Formato
Adobe PDF
|
2.81 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
