Mohd Anwar

Automatic evaluation of information provider reliability and expertise

Q&A social media have gained a lot of attention during the recent years. People rely on these sites to obtain information due to a number of advantages they offer as compared to conventional sources of knowledge (e.g., asynchronous and convenient access). However, for the same question one may find highly contradicting answers, causing an ambiguity with respect to the correct information. This can be attributed to the presence of unreliable and/or non-expert users. These two attributes (reliability and expertise) significantly affect the quality of the answer/information provided. We present a novel approach for estimating these user’s characteristics relying on human cognitive traits. In brief, we propose each user to monitor the activity of his peers (on the basis of responses to questions asked by him) and observe their compliance with predefined cognitive models. These observations lead to local assessments that can be further fused to obtain a reliability and expertise consensus for every other user in the social network (SN). For the aggregation part we use subjective logic. To the best of our knowledge this is the first study of this kind in the context of Q&A SNs. Our proposed approach is highly distributed; each user can individually estimate the expertise and the reliability of his peers using his direct interactions with them and our framework. The online SN (OSN), which can be considered as a distributed database, performs continuous data aggregation for users expertise and reliability assesment in order to reach a consensus. In our evaluations, we first emulate a Q&A SN to examine various performance aspects of our algorithm (e.g., convergence time, responsiveness etc.). Our evaluations indicate that it can accurately assess the reliability and the expertise of a user with a small number of samples and can successfully react to the latter’s behavior change, provided that the cognitive traits hold in practice. Furthermore, the use of the consensus operator for the aggregation of multiple opinions on a specific user, reduces the uncertainty with regards to the final assessment. However, as real data obtained from Yahoo! Answers imply, the pairwise interactions between specific users are limited. Hence, we consider the aggregate set of questions as posted from the system itself and we assess the expertise and realibility of users based on their response behavior. We observe, that users have different behaviors depending on the level at which we are observing them. In particular, while their activity is focused on a few general categories, yielding them reliable, their microscopic (within general category) activity is highly scattered.

Kalico: a smartphone application for health-smart menu selection within a budget

Smartphone apps are increasingly in use for personalized and preventive health and wellness management. Many preventive and manageable health conditions such as obesity, diabetes, and hypertension can be addressed through proper smartphone-based dietary interventions. Our research aims at developing a smartphone-based dietary software that helps users select a healthy eat-out menu item within a budget. To this end, our contribution in this research is three-fold: first, we identify gaps in existing smartphone apps; second, we elicit requirements for a smartphone-based dietary intervention app; third, following the elicited requirements, we design and develop an android app.

An Evolutionary General Regression Neural Network Classifier for Intrusion Detection

The goal of an intrusion detection system (IDS) is to monitor anomalous activities and differentiate between normal and abnormal behaviors (intrusion) in a host system or in a network. The IDS must maintain a high intrusion detection rate (DR) while simultaneously maintain a low false alarm rate (FAR). A high detection rate is the focus of this paper. In this paper, we implemented an Evolutionary General Regression Neural Network (E-GRNN) as a two-class classifier for intrusion detection based on features of application layer protocols (e.g., http, ftp, smtp, etc.) used in simulated network traffic activities. The E-GRNN is an evolutionary search-inspired General Regression Neural Network, which extracts the most salient features to reduce computational complexity and increase accuracy. Our research shows that the E-GRNN classifier was able to achieve a DR of 95.53% and an FAR of 2.11%.

A Method for Developing Abuse Cases and Its Evaluation

To develop secure software, software engineers need to have the mindset of attackers. Developing abuse cases can help software engineers to think more like attackers. This paper describes a method for developing abuse cases based on threat modeling, attack patterns, and Common Weakness Enumeration. The method also includes ranking the abuse cases according to their risks. This method intends to help non-experts create abuse cases following a specific process, and leveraging the knowledge bases of threat modeling, attack patterns, and Common Weakness Enumeration. The proposed method was evaluated through two evaluation studies conducted in two secure software engineering courses at two different universities. Evaluation studies show that the proposed method was easier to follow by non-experts in generating abuse cases than brainstorming, and could reduce the time needed for creating abuse cases. Other findings from the evaluation studies are also discussed in the paper.

Access Control for Multi-tenancy in Cloud-Based Health Information Systems

Cloud technology can be used to support costeffective, scalable, and well-managed healthcare information systems. However, cloud computing, particularly multitenancy, introduces privacy and security issues related to personal health information (PHI). In this paper, we designed ontological models for healthcare workflow and multi-tenancy, and then applied HIPAA requirements on the models to generate HIPAA-compliant access control policies. We used Semantic Web Rule Language (SWRL) to represent access control policies as rules, and we verified the rules with an OWL-DL reasoner. Additionally, we implemented HIPAA security rules through access control policies in a cloud-based simulated healthcare environment. More specifically, we investigated access control policy specification and enforcement for cloud based healthcare information systems using an open source cloud platform, OpenStack. The results manifest HIPAA compliance through authorization policies that are capable of addressing vulnerabilities of multi-tenancy.

Intrusion Detection Using a Multiple-Detector Set Artificial Immune System

The goal of an intrusion detection system (IDS) is to monitor activities to detect breaches in security policies of a computer system or a network. This paper focuses on anomaly detection paradigm of IDS. The goal of anomaly-based IDS is to classify intrusion based on system and network activities outside of a normal region. In this paper we employ a multipledetector set artificial immune system, a variation of artificial immune system, to classify intrusion based on features of application layer protocols (e.g., http, ftp, smtp, etc.) in network data flows. Our result shows the multiple-detector set artificial immune system achieved a Detection Rate of 53.34% and a False Positive Rate of 0.20%. The mAIS achieved an accuracy of 76.57%.

Detection of Mobile Malware: An Artificial Immunity Approach

Inspired by the human immune system, we explore the development of a new multiple detector set artificial immune system (mAIS) for the detection of mobile malware based on the information flows in Android apps. mAISs differ from conventional AISs in that multiple detector sets are evolved concurrently via negative selection. Typically, the first detector set is composed of detectors that match information flows associated with malicious apps while the second detector set is composed of detectors that match the information flows associated with benign apps. The mAIS presented in this paper incorporates feature selection along with a negative selection technique known as the split detector method (SDM). This new mAIS has been compared with a variety of conventional AISs and mAISs using a dataset of information flows captured from malicious and benign Android applications. Our preliminary results show that the newly designed mAIS outperforms the conventional AISs and mAISs in terms of accuracy and false positive rate of malware detection. This paper ends with a discussion of how mAISs can be used to solve dynamic cybersecurity problems as well as a discussion of our future research. This approach achieved 93.33% accuracy with a 0.00% false positive rate.

Privacy Preferences vs. Privacy Settings: An Exploratory Facebook Study

Attacks on confidential data on the Internet is increasing. The reachability to users’ data needs stricter control. One way to do this by the user is applying proper privacy settings. Research finds there is slackness in online users’ applying proper privacy settings but no such work has focused on the reasons behind the slackness behavior. Our work aimed at studying user slackness behavior and investigating the human factors involved on such behavior. We evaluated the extent to which FB users’ privacy settings match their privacy preferences, whether FB user privacy setting behavior is dependent on age, gender, or education demographics, and the effectiveness of FB’s privacy settings. Our results validated user slackness in privacy settings and suggested a significant association between the age categories and the privacy settings behavior. The results also suggested that FB’s privacy settings system is not effective for its diverse demographic user base.

Zen_Space: A Smartphone App for Individually Tailored Stress Management Support for College Students

Alleviating stress reduces the risk of developing many chronic health problems. Though the effects of stress on the body may not always be immediately evident, exposure to chronic stress can lead to serious health problems and/or exacerbate existing medical conditions. This research study explores how a personal computing device such as a smartphone can be used to provide information regarding individually tailored stress management activities for college students. Since the use of smartphones is pervasive, one way to address this issue would be to develop a smartphone application in which a user can monitor stress as well as obtain various interventions for stress management. The proposed stress management application is based on information obtained from the user regarding stress type and intensity. An application that provides recommendations for stress-relieving activities can have a positive impact on a student’s health and well-being.

Grid Framework to Address Password Memorability Issues and Offline Password Attacks

Passwords today are the most widely used form of authentication, yet have significant issues in regards to security due to human memorability limitations. Inability to remember strong passwords causes users generally to only satisfy the bare minimum requirements during an enrollment process. Users having weak passwords are vulnerable to offline password attacks, where an adversary iteratively guesses the victim’s password and tests for correctness. In this paper, we introduce a new password scheme, Grid framework, that takes advantage of current encryption technologies and reduces the user’s effort to create a strong password. The Grid Framework scheme translates an easy-to-remember sequence on a grid into a complex password consisting of randomly selected uppercase, lowercase, numeric, and special symbols with a minimum length of eighteen characters that the user is not required to memorize. The Grid Framework results in a system that increases memorability for secure authentication.