Many works have addressed these issues by carefully categorizing the types of harm that could be inflicted [ 1, 2, 3, 4 ]. An approach for their detection is the use of Artificial Intelligence (AI) techniques, since they allow for analyzing the semantic and contextual information in which an ECA rule is applied. In [ 5 ], we firstly evaluated the feasibility of classifying ECA rules by training a classification model on manually labeled rules with respect to four classes of risk [ 2 ]. Such a solution provides many advantages over static approaches, such as the analysis of the information flow [ 2 ], which performs a static services analysis without considering the context where a rule is employed.

The results produced by classification models are dificult to understand without expert knowledge. Thus, it is fundamental to provide end-users with valid explanations describing the risks connected to a rule in a comprehensible manner, with the aim of enhancing the end-users trust. Such a task can be faced by employing the Explainable Security (XSec) paradigm, which is inspired by the eXplainable Artificial Intelligence (XAI) research field [ 6 ].

This position paper highlights existing AI techniques that can be used for generating natural language explanations clarifying why an ECA rule might cause harm.

Over the last few years, the need for solutions supporting end-users in understanding the results of AI techniques is progressively increasing. To this end, the Defense Advanced Research Projects Agency proposed the XAI paradigm [ 6 ], which deals with elucidating, in total transparency, the reason behind the outputs of an AI model.

Many XAI-based solutions have been proposed in the literature. For instance, Ribeiro et al. introduced Local Interpretable Model-Agnostic Explanations (LIME) [ 7 ], a technique that can faithfully explain the results of any AI model using a linear model. More specifically, we can use LIME to plot information about a model prediction, such as the probability distribution over target classes, the relevance of each feature of an instance in the classification task, and the set of words in a sentence that leads the model towards a specific decision. Similarly, Lundberg et al. presented SHapley Additive exPlanations (SHAP) [ 8 ], an additive feature attribution method based on Shapley values and game theory. SHAP makes it possible to identify the predictive power of features and the relationships between them and the target class.

Although these solutions allow for increasing end-user confidence and trust in prediction models by providing knowledge that can be easily interpreted, they may be inefective for the audience we consider. Indeed, it is worth noting that such solutions arise intending to define visual representations that facilitate end-users to comprehend model decisions in producing a specific output (e.g., which features lead to a prediction rather than another). Instead, in the context of ECA rules, we need to explain to end-users the scenarios in which a rule could become dangerous for their privacy or security.

Inspired by the XAI paradigm, Viganò et al. proposed a new paradigm: XSec [ 9 ]. The latter aims to explain reasoning about privacy and security vulnerabilities and concrete attacks on systems. The authors suggest several approaches to produce diferent explanations according to the levels of detail required by the stakeholders. For instance, explanations for a system analyst might be presented with a low level of abstraction, such as explanation trees, attack trees, formal languages, and so forth. Instead, non-expert end-users need easily understandable explanations, so a higher level of abstraction must be adopted.

A possible solution is using natural language explanations, which are immediately understandable by all types of end-users and can be customized according to the context of the use of rules. Figure 1 shows an example of the process yielding the generation of explanations for risky ECA rules. In particular, features concerning an ECA rule, i.e., event, condition, and action, are considered by a classification module, which identifies the class of risk. Finally, the XAI module will generate an explanation by considering both the ECA rule characteristics and the identified risk.

ECA Rule A nyoeuwreinmbaoixlin atWtaicthhmaennt

Event Condition

Upload file to OneDrive Action

Risky ECA rules classifier

Identified risk

XAI Module

Explanation "An attacker might send a malicious file that will be automatically synchronized across multiple devices, increasing the chance for an end-user to open it."

The automatic generation of textual explanations is faced by another branch of XAI, called Explainable AI with Natural Language Explanations (Natural-XAI) [ 10 ]. The latter aims to build AI models capable of generating sentences that justify the ground-truth predictions inferred by classification models. Several approaches could be adopted to generate textual explanations that express the reason involving the risks associated with ECA rules. Among them, language models represent an efective way to achieve this goal since they can produce a structured text relating the risk and the rule’s context of use. The existing models difer in the way they manipulate the data. For instance, Text-to-Text-Transfer-Transformer (T5) [ 11 ] is a model that can generate a sentence by taking a list of keywords as input. Thus, it is required to employ a further module for extracting the keywords from the rules’ information. On the other hand, a model as Generative Pre-trained Transformer 2 (GPT-2) [ 12 ] requires the definition of a specific format for the rules to produce the textual explanations corresponding to the risks. Concerning this matter, one approach that could be exploited is prompt-based learning [ 13 ]. The latter focuses on finding the most appropriate prompt to adopt with a language model in order to manipulate its behavior and predict the desired output. Recently, models capable of jointly generating the prediction and explanation for a given instance are becoming increasingly popular [14, 15]. These models provide an advantage with respect to the necessity of applying in combination two diferent models, i.e., a classifier and a language model.

At the workshop, we will present how language models can be adopted to achieve the discussed goals.

This work has been supported by the Italian Ministry of University and Research (MUR) under grant PRIN 2017 “EMPATHY: Empowering People in deAling with internet of THings ecosYstems” [14] L. A. Hendricks, Z. Akata, M. Rohrbach, J. Donahue, B. Schiele, T. Darrell, Generating visual explanations, in: European conference on computer vision, Springer, 2016, pp. 3–19. [15] D. H. Park, L. A. Hendricks, Z. Akata, A. Rohrbach, B. Schiele, T. Darrell, M. Rohrbach, Multimodal explanations: Justifying decisions and pointing to the evidence, in: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, 2018, pp. 8779–8788.