IoT network security is generally viewed from the perspective of a single, or few attack surfaces. A general characterization of threat provenance under multiple concurrently prevailing attacks can be useful for mitigating origins of attacks and studying the profile of propagating threats. In this talk, we present a novel threat provenance identification framework for IoT networks called PlumeWalk. PlumeWalk helps in securing large-sized networks while being efficiently computable on IoT devices. Further, PlumeWalk outperforms a centrality measure on graphs based on shortest paths called “Betweenness Centrality”.