Privacy Leaks through Data Hijacking Attack on Mobile Systems

To persistently eavesdrop on the mobile devices, attackers may obtain the elevated privilege and inject malicious modules into the user devices. Unfortunately, the attackers may not be able to obtain the privilege for a long period of time since the exploitable vulnerabilities may be fixed or the malware may be removed. In this paper, we propose a new data hijacking attack for the mobile apps. By employing the proposed method, the attackers are only required to obtain the root privilege of the user devices once, and they can persistently eavesdrop without any change to the original device. Specifically, we design a new approach to construct a shadow system by hijacking user data files. In the shadow system, attackers possess the identical abilities to the victims. For instance, if a victim has logged into the email app, the attacker can also access the email server in the shadow system without authentication in a long period of time. Without reauthentication of the app, it is difficult for victims to notice the intrusion since the whole eavesdropping is performed on other devices (rather than the user devices). In our experiments, we evaluate the effectiveness of the proposed attack and the result demonstrates that even the Android apps released by the top developers cannot resist this attack. Finally, we discuss some approaches to defend the proposed attack

Measuring Re-identification Risk

Compact user representations (such as embeddings) form the backbone of personalization services. In this work, we present a new theoretical framework to measure re-identification risk in such user representations. Our framework, based on hypothesis testing, formally bounds the probability that an attacker may be able to obtain the identity of a user from their representation. As an application, we show how our framework is general enough to model important real-world applications such as the Chrome's Topics API for interest-based advertising. We complement our theoretical bounds by showing provably good attack algorithms for re-identification that we use to estimate the re-identification risk in the Topics API. We believe this work provides a rigorous and interpretable notion of re-identification risk and a framework to measure it that can be used to inform real-world applications

Discretization-Based Feature Selection as a Bilevel Optimization Problem

Discretization-based feature selection (DBFS) approaches have shown interesting results when using several metaheuristic algorithms, such as particle swarm optimization (PSO), genetic algorithm (GA), ant colony optimization (ACO), etc. However, these methods share the same shortcoming which consists in encoding the problem solution as a sequence of cut-points. From this cut-points vector, the decision of deleting or selecting any feature is induced. Indeed, the number of generated cut-points varies from one feature to another. Thus, the higher the number of cut-points, the higher the probability of selecting the considered feature; and vice versa. This fact leads to the deletion of possibly important features having a single or a low number of cut-points, such as the infection rate, the glycemia level, and the blood pressure. In order to solve the issue of the dependency relation between the feature selection (or removal) event and the number of its generated potential cut-points, we propose to model the DBFS task as a bilevel optimization problem and then solve it using an improved version of an existing co-evolutionary algorithm, named I-CEMBA. The latter ensures the variation of the number of features during the migration process in order to deal with the multimodality aspect. The resulting algorithm, termed bilevel discretization-based feature selection (Bi-DFS), performs selection at the upper level while discretization is done at the lower level. The experimental results on several high-dimensional datasets show that Bi-DFS outperforms relevant state-of-the-art methods in terms of classification accuracy, generalization ability, and feature selection bias

Investigating prediction modelling of academic performance for students in rural schools in Kenya

Academic performance prediction modelling provides an opportunity for learners' probable outcomes to be known early, before they sit for final examinations. This would be particularly useful for education stakeholders to initiate intervention measures to help students who require high intervention to pass final examinations. However, limitations of infrastructure in rural areas of developing countries, such as lack of or unstable electricity and Internet, impede the use of PCs. This study proposed that an academic performance prediction model could include a mobile phone interface specifically designed based on users' needs. The proposed mobile academic performance prediction system (MAPPS) could tackle the problem of underperformance and spur development in the rural areas. A six-step Cross-Industry Standard Process for Data Mining (CRISP-DM) theoretical framework was used to support the design of MAPPS. Experiments were conducted using two datasets collected in Kenya. One dataset had 2426 records of student data having 22 features, collected from 54 rural primary schools. The second dataset had 1105 student records with 19 features, collected from 11 peri-urban primary schools. Evaluation was conducted to investigate: (i) which is the best classifier model among the six common classifiers selected for the type of data used in this study; (ii) what is the optimal subset of features from the total number of features for both rural and peri-urban datasets; and (iii) what is the predictive performance of the Mobile Academic Performance Prediction System in classifying the high intervention class. It was found that the system achieved an F-Measure rate of nearly 80% in determining the students who need high intervention two years before the final examination. It was also found that the system was useful and usable in rural environments; the accuracy of prediction was good enough to motivate stakeholders to initiate strategic intervention measures. This study provides experimental evidence that Educational Data Mining (EDM) techniques can be used in the developing world by exploiting the ubiquitous mobile technology for student academic performance prediction

Sentiment analysis and resources for informal Arabic text on social media

Online content posted by Arab users on social networks does not generally abide by the grammatical and spelling rules. These posts, or comments, are valuable because they contain users’ opinions towards different objects such as products, policies, institutions, and people. These opinions constitute important material for commercial and governmental institutions. Commercial institutions can use these opinions to steer marketing campaigns, optimize their products and know the weaknesses and/ or strengths of their products. Governmental institutions can benefit from the social networks posts to detect public opinion before or after legislating a new policy or law and to learn about the main issues that concern citizens. However, the huge size of online data and its noisy nature can hinder manual extraction and classification of opinions present in online comments. Given the irregularity of dialectal Arabic (or informal Arabic), tools developed for formally correct Arabic are of limited use. This is specifically the case when employed in sentiment analysis (SA) where the target of the analysis is social media content. This research implemented a system that addresses this challenge. This work can be roughly divided into three blocks: building a corpus for SA and manually tagging it to check the performance of the constructed lexicon-based (LB) classifier; building a sentiment lexicon that consists of three different sets of patterns (negative, positive, and spam); and finally implementing a classifier that employs the lexicon to classify Facebook comments. In addition to providing resources for dialectal Arabic SA and classifying Facebook comments, this work categorises reasons behind incorrect classification, provides preliminary solutions for some of them with focus on negation, and uses regular expressions to detect the presence of lexemes. This work also illustrates how the constructed classifier works along with its different levels of reporting. Moreover, it compares the performance of the LB classifier against Naïve Bayes classifier and addresses how NLP tools such as POS tagging and Named Entity Recognition can be employed in SA. In addition, the work studies the performance of the implemented LB classifier and the developed sentiment lexicon when used to classify other corpora used in the literature, and the performance of lexicons used in the literature to classify the corpora constructed in this research. With minor changes, the classifier can be used in domain classification of documents (sports, science, news, etc.). The work ends with a discussion of research questions arising from the research reported

Simulation for digital manufacturing

Digitalisation has been among the most-often discussed developments of our modern society for decades and it increasingly stretches to manufacturing. Industrial processes merge with information technologies, accelerated by rapidly increasing amount of data and newly developed smart algorithms. This thesis focuses on demands of digital manufacturing and a neutral evaluation of smart algorithms. Digitalisation is a vast field. Various solutions have been suggested lately and establish further continuously. Companies feel increasingly pressured to amend their structures to smart and agile factories. These wide-spanning refurbishments often lack concrete objectives and clear target figures for successful implementation. This limits the clarity for comparing different solutions. Deriving from a discussion on purposes of digitalisation, simulation and calculation models have been established to evaluate and rate the most valuable approaches. A test and development system is established, which is suitable to compare different smart production IT solutions. Based on this practical case, a concrete evaluation is described. An exemplary production line is evaluated to find requirements for improved flexibility. After a critical discussion about the suitability of the suggested solution, assistance systems and mathematical models are introduced with which development and optimisation of smart production structures can be implemented in a given manufacturing system.Digitalisierung gehört seit Jahrzehnten zu den am häufigsten diskutierten Entwicklungen unserer heutigen Gesellschaft und erstreckt sich zunehmend auch auf die Produktion. Industrielle Prozesse verbinden sich mit Informationstechnik, beschleunigt durch rasant steigende Datenmengen und neu entwickelte, smarte Algorithmen. Diese Arbeit fokussiert sich auf die Anforderungen digitaler Fertigung und eine neutrale Bewertung smarter Algorithmen. Digitalisierung ist ein breites Feld. Verschiedene Lösungen wurden zuletzt vorgeschlagen und entwickeln sich kontinuierlich weiter. Unternehmen stehen zunehmend unter Druck, ihre Strukturen zu smarten und agilen Fabriken zu entwickeln. Diese weitreichenden Erneuerungen lassen oft konkrete Ziele und klare Zielvorgaben für eine erfolgreiche Implementierung vermissen. Dies reduziert die Klarheit im direkten Vergleich verschiedener Lösungen. Ausgehend von einer Diskussion über den Zweck der Digitalisierung, wurden Simulations- und Berechnungsmodelle entwickelt um vielversprechende Anwendungen zu bewerten und zu klassifizieren. Ein Test- und Entwicklungssystem wurde eingerichtet, um verschiedene smarte IT-Lösungen im Produktionsumfeld vergleichen zu können. Nach einer kritischen Diskussion, in wie fern die vorgeschlagene Lösung geeignet ist, werden Assistenzsysteme und mathematische Modelle vorgestellt, die die Entwicklung und Optimierung smarter Produktionsstrukturen für ein gegebenes Fertigungssystem unterstützt

XX Workshop de Investigadores en Ciencias de la Computación - WICC 2018 : Libro de actas

Actas del XX Workshop de Investigadores en Ciencias de la Computación (WICC 2018), realizado en Facultad de Ciencias Exactas y Naturales y Agrimensura de la Universidad Nacional del Nordeste, los dìas 26 y 27 de abril de 2018.Red de Universidades con Carreras en Informática (RedUNCI

XX Workshop de Investigadores en Ciencias de la Computación - WICC 2018 : Libro de actas

Actas del XX Workshop de Investigadores en Ciencias de la Computación (WICC 2018), realizado en Facultad de Ciencias Exactas y Naturales y Agrimensura de la Universidad Nacional del Nordeste, los dìas 26 y 27 de abril de 2018.Red de Universidades con Carreras en Informática (RedUNCI

WICC 2017 : XIX Workshop de Investigadores en Ciencias de la Computación

Actas del XIX Workshop de Investigadores en Ciencias de la Computación (WICC 2017), realizado en el Instituto Tecnológico de Buenos Aires (ITBA), el 27 y 28 de abril de 2017.Red de Universidades con Carreras en Informática (RedUNCI