Sanja Šćepanović

Semantic homophily in online communication: Evidence from Twitter

People are observed to assortatively connect on a set of traits. This phenomenon, termed assortative mixing or sometimes homophily, can be quantified through assortativity coefficient in social networks. Uncovering the exact causes of strong assortative mixing found in social networks has been a research challenge. Among the main suggested causes from sociology are the tendency of similar individuals to connect (often itself referred as homophily) and the social influence among already connected individuals. An important question to researchers and in practice can be tackled, as we present here: understanding the exact mechanisms of interplay between these tendencies and the underlying social network structure. Namely, in addition to the mentioned assortativity coefficient, there are several other static and temporal network properties and substructures that can be linked to the tendencies of homophily and social influence in the social network and we herein investigate those. Concretely, we tackle a computer-mediated \textit{communication network} (based on Twitter mentions) and a particular type of assortative mixing that can be inferred from the semantic features of communication content that we term \textit{semantic homophily}. Our work, to the best of our knowledge, is the first to offer an in-depth analysis on semantic homophily in a communication network and the interplay between them. We quantify diverse levels of semantic homophily, identify the semantic aspects that are the drivers of observed homophily, show insights in its temporal evolution and finally, we present its intricate interplay with the communication network on Twitter. By analyzing these mechanisms we increase understanding on what are the semantic aspects that shape and how they shape the human computer-mediated communication.

Denial-of-Service Mitigation for Internet Services

Denial-of-service attacks present a serious threat to the availability of online services. Distributed attackers, i.e. botnets, are capable of exhausting the server capacity with legitimate-looking requests. Such attacks are difficult to defend against using traditional filtering mechanisms. We propose a machine learning and filtering system that forms a profile of normal client behavior based on normal traffic features and, during an attack, optimizes capacity allocation for legitimate clients based on the profile. The proposed defense mechanism is evaluated using simulations based on real-life server usage patterns. The simulations indicate that the mechanism is capable of mitigating an overwhelming server capacity exhaustion DDoS attack. During attacks where a botnet floods a server with legitimate-looking requests, over 80 percent of the legitimate clients are still served, even on servers that are heavily loaded to begin with. An implementation of the mechanism is tested using synthetic HTTP attack traffic, also with encouraging results.

YouPower: An open source platform for community-oriented smart grid user engagement

This paper presents YouPower, an open source platform designed to make people more aware of their energy consumption and encourage sustainable consumption with local communities. The platform is designed iteratively in collaboration with users in the Swedish and Italian test sites of the project to improve the design and increase active user participation. The community-oriented design is composed of parts that link energy data to energy actions, provide comparisons at different levels, generate dynamic time-of-use signals, offer energy conservation suggestions, and support social sharing. The goal is to bridge peoples attitude-behavior gap in energy consumption and to facilitate the behavior change process towards sustainable energy consumption that is implementable in peoples daily life. Preliminary results show that community-oriented energy intervention has the potential to improve user engagement significantly.

A Post-Mortem Empirical Investigation of the Popularity and Distribution of Malware Files in the Contemporary Web-Facing Internet

This short empirical paper investigates a snapshot of about two million files from a continuously updated big data collection maintained by F-Secure for security intelligence purposes. By further augmenting the snapshot with open data covering about a half of a million files, the paper examines two questions: (a) what is the shape of a probability distribution characterizing the relative share of malware files to all files distributed from web-facing Internet domains, and (b) what is the distribution shaping the popularity of malware files? A bimodal distribution is proposed as an answer to the former question, while a graph theoretical definition for the popularity concept indicates a long-tailed, extreme value distribution. With these two questions – and the answers thereto, the paper contributes to the attempts to understand large-scale characteristics of malware at the grand population level – at the level of the whole Internet.

Correlating file-based malware graphs against the empirical ground truth of DNS graphs

This exploratory empirical paper investigates whether the sharing of unique malware files between domains is empirically associated with the sharing of Internet Protocol (IP) addresses and the sharing of normal, non-malware files. By utilizing a graph theoretical approach with a web crawling dataset from F-Secure, the paper finds no robust statistical associations, however. Unlike what might be expected from the still continuing popularity of shared hosting services, the sharing of IP addresses through the domain name system (DNS) seems to neither increase nor decrease the sharing of malware files. In addition to these exploratory empirical results, the paper contributes to the field of DNS mining by elaborating graph theoretical representations that are applicable for analyzing different network forensics problems.

Interplay Between Spreading and Random Walk Processes in Multiplex Networks

Real networks in our surrounding are usually complex and composite by nature and they consist of many interwoven layers. The commutation of agents (nodes) across layers in these composite multiplex networks heavily influences the underlying dynamical processes, such as information, idea and disease spreading, synchronization, consensus, etc. In order to understand how the agents’ dynamics and the compositeness of multiplex networks influence the spreading dynamics, we develop a susceptible-infected-susceptible-based model on the top of these networks, which is integrated with the transition of agents across layers. Moreover, we analytically obtain a critical infection rate for which an epidemic dies out in a multiplex network, and latter show that this rate can be higher compared with the isolated networks. Finally, using numerical simulations we confirm the epidemic threshold and we show some interesting insights into the epidemic onset and the spreading dynamics in several real and generic multiplex networks.

Embedding internet-of-things in large-scale socio-technical systems: A community-oriented design in future smart grids

In traditional engineering, technologies are viewed as the core of the engineering design, in a physical world with a large number of diverse technological artefacts. The real world, however, also includes a huge number of social components—people, communities, institutions, regulations and everything that exists in the human mind—that have shaped and been shaped by the technological components. Smart urban ecosystems are examples of large-scale Socio-Technical Systems (STS) that rely on technologies, in particular on the Internet-of-Things (IoT), within a complex social context where the technologies are embedded. Designing applications that embed both social complexity and IoT in large-scale STS requires a Socio-Technical (ST) approach, which has not yet entered the mainstream of design practice. This chapter reviews the literature and presents our experience of adopting an ST approach to the design of a community-oriented smart grid application. It discusses the challenges, process and outcomes of this apporach, and provides a set of lessons learned derived from this experience that are also deemed relevant to the design of other smart urban ecosystems.

Analyzing the power consumption behavior of a large scale data center

The aim of this paper is to illustrate the use of application and system level logs to better understand scientific data center behavior and energy-spending. Analyzing a data center log of 900 nodes (Sandy Bridge and Haswell), we study node power consumption and describe approaches to estimate and forecast it. Our results include methods to cluster nodes based on different vmstat and RAPL measurements as well as Gaussian and GAM models for estimating the plug power consumption. We also analyze failed jobs and find that non-successfully terminated jobs consume around 40% of computing time. While the actual numbers are likely to vary in different data centers at different times, the purpose of the paper is to share ideas of what can be found by statistical and machine learning analysis of large amount of log data.