Mina Sheikhalishahi

Modeling Privacy Aware Information Sharing Systems: A Formal and General Approach

This paper presents and model a novel general framework for privacy aware collaborative information sharing for data analysis. Collaborative information sharing systems can be cross-domain, involve different data providers which might also be competitors. For this reason, shared information may imply privacy concerns, which must be addressed, applying privacy preserving mechanisms on information before sharing them. However, since the application of these privacy preserving mechanisms may negatively affect the accuracy of data analysis, a trade-off must be considered, and the privacy preserving mechanism to be applied must be chosen correctly. The proposed framework is based on the separation between a first level which enforces information privacy as specified by data providers, and a second level which performs data analysis on the sanitized data. The proposed framework defines and models a workflow which applies to any privacy aware collaborative information sharing system, defines indexes to measure the compatibility between privacy requirements, and includes a novel method to compute the trade-off between privacy and accuracy. This work also proposes a methodology to choose, case-by-case, the privacy mechanism which maximizes the trade-off between privacy and accuracy. An applicative example on a real dataset with more than 30k records is also presented.

Fast and Effective Clustering of Spam Emails Based on Structural Similarity

Spam emails yearly impose extremely heavy costs in terms of time, storage space and money to both private users and companies. Finding and persecuting spammers and eventual spam emails stakeholders should allow to directly tackle the root of the problem. To facilitate such a difficult analysis, which should be performed on large amounts of unclassified raw emails, in this paper we propose a framework to fast and effectively divide large amount of spam emails into homogeneous campaigns through structural similarity. The framework exploits a set of 21 features representative of the email structure and a novel categorical clustering algorithm named Categorical Clustering Tree (CCTree). The methodology is evaluated and validated through standard tests performed on three dataset accounting to more than 200k real recent spam emails.

Privacy-Utility Feature Selection as a Privacy Mechanism in Collaborative Data Classification

This paper presents a novel framework for privacy aware collaborative information sharing for data classification. Data holders participating in this information sharing system, for global benefits are interested to model a classifier on whole dataset, but are ready to share their own table of data if a certain amount of privacy is guaranteed. To address this issue, we propose a privacy mechanism based on privacy-utility feature selection, which by eliminating the most irrelevant set of features in terms of accuracy and privacy, guarantees the privacy requirements of data providers, whilst the data remain practically useful for classification. Due to the fact that the proposed trade-off metric is required to be exploited on whole dataset, a distributed secure sum protocol is utilized to protect information leakage in each site. The proposed approach is evaluated and validated through standard Tumor dataset.

Privacy-Aware Data Sharing in a Tree-Based Categorical Clustering Algorithm

Despite being one of the most common approaches in unsupervised data analysis, a very small literature exists in applying formal methods to address data mining problems. This paper applies an abstract representation of a hierarchical categorical clustering algorithm (CCTree) to solve the problem of privacy-aware data clustering in distributed agents. The proposed methodology is based on rewriting systems, and automatically generates a global structure of the clusters. We prove that the proposed approach improves the time complexity. Moreover a metric is provided to measure the privacy gain after revealing the CCTree result. Furthermore, we discuss under what condition the CCTree clustering in distributed framework produces the comparable result to the centralized one.

Digital Waste Sorting: A Goal-Based, Self-Learning Approach to Label Spam Email Campaigns

Fast analysis of correlated spam emails may be vital in the effort of finding and prosecuting spammers performing cybercrimes such as phishing and online frauds. This paper presents a self-learning framework to automatically divide and classify large amounts of spam emails in correlated labeled groups. Building on large datasets daily collected through honeypots, the emails are firstly divided into homogeneous groups of similar messages campaigns, which can be related to a specific spammer. Each campaign is then associated to a class which specifies the goal of the spammer, i.e. phishing, advertisement, etc. The proposed framework exploits a categorical clustering algorithm to group similar emails, and a classifier to subsequently label each email group. The main advantage of the proposed framework is that it can be used on large spam emails datasets, for which no prior knowledge is provided. The approach has been tested on more than 3200 real and recent spam emails, divided in more than 60 campaigns, reporting a classification accuracy of 97i¾?% on the classified data.

A Distributed Framework for Collaborative and Dynamic Analysis of Android Malware

Combination of dynamic and static analysis is very effective in detecting malicious Android apps. However, dynamic analysis is hardly practiced on large scale, due to the necessary active interaction with the malicious app, which is reliable only if performed by a user on a real device. In this paper we present a framework for distributed and collaborative analysis of Android suspicious apps, which leverages real users to test the functionality of apps and detect eventual malicious behaviors by exploiting an on-host app for intrusion detection. The paper introduces the architecture, workflow and protocols to handle the report received by participating users, detecting and filtering the malicious ones. Simulative results to assess the performance of the proposed framework are reported and discussed.

Try Walking in My Shoes, if You Can: Accurate Gait Recognition Through Deep Learning

Human gait seamless continuous authentication, based on wearable accelerometers, is a novel biometric instrument which can be exploited to identify the user of mobile and wearable devices. In this paper, we present a study on recognition of user identity, by analysis of gait data, collected through body inertial sensors from 175 different users. The mechanism used for identity recognition is based on deep learning machinery, specifically on a convolutional network, trained with readings from different sensors, and on filtering and buffering mechanism to increase the accuracy. Results show a very high accuracy in both recognizing known and unknown identities.

Collaborative Attribute Retrieval in Environment with Faulty Attribute Managers

Attributes describing the features of subjects, objects and of the environment are used in access and usage control models to determine the right of a subject to use an object in a given environment. Hence, it is crucial for the effective enforcement of access and usage policies that authorization systems are able to promptly retrieve the values of the required attributes from the Attribute Providers. However, sometimes attribute providers could not respond when queried by Authorization systems, because they could be temporary down or unreachable. This could affect the decision processes, causing some requests to be unduly denied or some ongoing accesses to be unduly interrupted. This paper proposes a strategy that can be adopted by an Authorization system to estimate the value of the attributes it requires when the corresponding attribute providers are not responding. This strategy leverages on the collaboration of the other Authorization systems which exploit the same attribute providers, and which could have cached a value for the required attributes. We validate the presented approach through a set of simulative experiments which consider the presence of malicious authorization systems in the cooperative environment.

Secure Two-party Agglomerative Hierarchical Clustering Construction.

This paper presents a framework for secure two-party agglomerative hierarchical clustering construction over partitioned data. It is assumed that data is distributed between two parties horizontally, such that for mutual benefits both parties are willing to identify clusters on their data as a whole, but for privacy restrictions, they avoid to share their datasets. To this end, in this study, we propose general algorithms based on secure scalar product and secure hamming distance computation to securely compute the desired criteria in constructing clusters’ scheme. The proposed approach covers all possible secure agglomerative hierarchical clustering construction when data is distributed between two parties, including both numerical and categorical data.

Privacy-Utility Feature Selection as a tool in Private Data Classification

This paper presents a novel framework for privacy aware collaborative information sharing for data classification. Two data holders participating in this information sharing system, for global benefits are interested to model a classifier on whole dataset, if a certain amount of privacy is guaranteed. To address this issue, we propose a privacy mechanism approach based on privacy-utility feature selection, which by eliminating the most irrelevant set of features in terms of accuracy and privacy, guarantees the privacy requirements of data providers, whilst the data remain practically useful for classification. Due to the fact that the proposed trade-off metric is required to be exploited on whole dataset, secure weighted average protocol is utilized to protect information leakage in each site.