TY - GEN
T1 - Explainable AI for Classifying Devices on the Internet
AU - Lavrenovs, Arturs
AU - Graf, Roman
N1 - Publisher Copyright:
© 2021 NATO CCDCOE.
PY - 2021/5/25
Y1 - 2021/5/25
N2 - Devices reachable on the Internet pose varying levels of risk to their owners and the wider public, depending on their role and functionality, which can be considered their class. Discussing the security implications of these devices without knowing their classes is impractical. There are multiple AI methods to solve the challenge of classifying devices. Since the number of significant features in device HTTP response was determined to be low in the existing word-embedding neural network, we elected to employ an alternative method of Naive Bayes classification. The Naive Bayes method demonstrated high accuracy, but we recognise the need to explain classification results to improve classification accuracy. The black-box implementation of Artificial Neural Networks has been a serious concern when evaluating the classification results produced in most fields. While devices on the Internet have historically been classified manually or using trivial fingerprinting to match major vendors, these are not feasible anymore because of an ever-increasing variety of devices on the Internet. In the last few years, device classification using Neural Networks has emerged as a new research direction. These research results often claim high accuracy through the validation employed, but through random sampling there always occur devices that cannot be easily classified, that an expert intuitively would classify differently. Addressing this issue is critical for establishing trust in classification results and can be achieved by employing explainable AI. To better understand the models for classifying devices reachable on the Internet and to improve classification accuracy, we developed a novel explainable AI method, which returns the features that are most significant for classification decisions. We employed a Local Interpretable Model-Agnostic Explanations (LIME) framework toexplain Naive Bayes model classification results, and using this method were able to further improve accuracy with a better understanding of the results.
AB - Devices reachable on the Internet pose varying levels of risk to their owners and the wider public, depending on their role and functionality, which can be considered their class. Discussing the security implications of these devices without knowing their classes is impractical. There are multiple AI methods to solve the challenge of classifying devices. Since the number of significant features in device HTTP response was determined to be low in the existing word-embedding neural network, we elected to employ an alternative method of Naive Bayes classification. The Naive Bayes method demonstrated high accuracy, but we recognise the need to explain classification results to improve classification accuracy. The black-box implementation of Artificial Neural Networks has been a serious concern when evaluating the classification results produced in most fields. While devices on the Internet have historically been classified manually or using trivial fingerprinting to match major vendors, these are not feasible anymore because of an ever-increasing variety of devices on the Internet. In the last few years, device classification using Neural Networks has emerged as a new research direction. These research results often claim high accuracy through the validation employed, but through random sampling there always occur devices that cannot be easily classified, that an expert intuitively would classify differently. Addressing this issue is critical for establishing trust in classification results and can be achieved by employing explainable AI. To better understand the models for classifying devices reachable on the Internet and to improve classification accuracy, we developed a novel explainable AI method, which returns the features that are most significant for classification decisions. We employed a Local Interpretable Model-Agnostic Explanations (LIME) framework toexplain Naive Bayes model classification results, and using this method were able to further improve accuracy with a better understanding of the results.
KW - Naive Bayes
KW - classifying devices on the Internet
KW - explainable AI
KW - machine learning
UR - https://www.scopus.com/pages/publications/85112313887
U2 - 10.23919/CyCon51939.2021.9467804
DO - 10.23919/CyCon51939.2021.9467804
M3 - Conference paper
AN - SCOPUS:85112313887
T3 - International Conference on Cyber Conflict, CYCON
SP - 291
EP - 308
BT - 2021 13th International Conference on Cyber Conflict, CyCon 2021
A2 - Jancarkova, Tat'ana
A2 - Lindstrom, Lauri
A2 - Visky, Gabor
A2 - Zotz, P.
PB - NATO CCD COE Publications
T2 - 13th International Conference on Cyber Conflict, CyCon 2021
Y2 - 25 May 2021 through 28 May 2021
ER -