165 research outputs found
An Accuracy-Assured Privacy-Preserving Recommender System for Internet Commerce
Recommender systems, tool for predicting users' potential preferences by
computing history data and users' interests, show an increasing importance in
various Internet applications such as online shopping. As a well-known
recommendation method, neighbourhood-based collaborative filtering has
attracted considerable attention recently. The risk of revealing users' private
information during the process of filtering has attracted noticeable research
interests. Among the current solutions, the probabilistic techniques have shown
a powerful privacy preserving effect. When facing Nearest Neighbour attack,
all the existing methods provide no data utility guarantee, for the
introduction of global randomness. In this paper, to overcome the problem of
recommendation accuracy loss, we propose a novel approach, Partitioned
Probabilistic Neighbour Selection, to ensure a required prediction accuracy
while maintaining high security against NN attack. We define the sum of
neighbours' similarity as the accuracy metric alpha, the number of user
partitions, across which we select the neighbours, as the security metric
beta. We generalise the Nearest Neighbour attack to beta k Nearest
Neighbours attack. Differing from the existing approach that selects neighbours
across the entire candidate list randomly, our method selects neighbours from
each exclusive partition of size with a decreasing probability. Theoretical
and experimental analysis show that to provide an accuracy-assured
recommendation, our Partitioned Probabilistic Neighbour Selection method yields
a better trade-off between the recommendation accuracy and system security.Comment: replacement for the previous versio
CROSS-BORDER DATA TRANSFER REGULATION: A COMPARATIVE STUDY OF CHINA AND EUROPE
With the so-called Industry 4.0 revolution ongoing, end-to-end digitalisation of all assets and
integration into a digital ecosystem led the world to the unprecedented increases in connectivity
and global flows. Cross-border data flow has become the cornerstone of the cross-border
economy, especially for digital products. Without cross-border data flow, there will be no
transactions. As a result, governments have started updating the data-related policies, such as
restrictive measures for data cross-border flows or rules to mandate local data storage. Against
this background, this study focuses on emerging research topics, starting with contemporary
public policies on the cross-border data transfer.
The objective is to examine whether the policymakers from both regions could better
achieve their goals of promoting digital economy by establishing a mutual understanding with
the industrial entities, while maintaining the balance between the protection of personal
information and the innovation in digital markets. For that purpose, this research explores the
historical development of data transfer regulatory measures in China, the EU and the U.S.,
studied the specific challenges they are encountering in the data globalisation era.
Part I studied the evolvement of the CBDT rules. It is pointed out that the CBDT
regulation is a technology-led phenomenon yet not novel. It is an emerging threat to privacy
posed by the development of technology, thus attracted the scrutiny from the public and the
authorities. The CBDT regulation reflects the enforcement of national jurisdiction in the
cyberspace, which does not enjoy an indisputable general consensus in the contemporary
international law. The rulemaking of CBDT cannot avoid the controversial debate over the
legitimacy of state supervision of the network. CBDT regulation is originated from the
protection of personal data in the EU, yet the disagreement with regard to its philosophy is
derived from the conflict of different legislative values, that is, different legislators have
different understandings of the freedom of free flow of information and the right to personal
information. The author also questioned the rationale of the EU data transfer rules by
discussing the target validity of the current rules, that is, the target validity for data protection.
Part II compared the EU and China\u2019s data protection laws as well as the CBDT rules
respectively. Challenges that CBDT restriction measures might face are listed, since the data
transborder transmission is not a legislative measure by nature. In the process of rulemaking
and implementation existed dual pressures from domestic and abroad, categorised as
technological, international legislative and theoretical challenges. Theoretically, Cyberspace
does not have a boundary similar to a physical space, the theoretical premise that the EU CBDT
rules ignored is that the state must control the transborder transmission of data by setting the
borders. Thus, for China, two aspects must be addressed: is there an independent cyberspace
law, and where is the boundary between the virtual and real world. International legislative
challenges arise from the oversea data access of the U.S. government. The EU CBDT
framework has limited impact when facing such data access under the cover of FISA and
CLOUD Act of the U.S. Particularly, this dissertation discussed the potentials for a free flow
of data transfer mechanism between the EU and China. It is worth exploring the possibility for
a region-based bilateral collaboration, such as a free trade zone in China, to seek for the EU
Commission\u2019s recognition of adequate level of protection of personal information. For general
data-intensive entities, binding corporate rules and standard contractual clauses are still the
preferrable approaches.
Part III examines the data protection implementation and data transfer compliance in
the context of the HEART project. By analysing the use-cases the HEART deployed, as well
as the architecture that it proposed, Chapter 6 studies the privacy-enhancing measures from
both the organisational and technical perspectives. Specifically, the data classification system
and dynamic data security assessments are proposed. Chapter 7 studied the use case of
federated recommender system within the HEART platform and its potentials for the
promotion of GDPR compliance. The recommender system is thoroughly analysed under the
requirements of the GDPR, including the fundamental data processing principles and threat
assessment within the data processing
Leveraging contextual-cognitive relationships into mobile commerce systems
A thesis submitted to the University of Bedfordshire in partial fulfilment of the requirements for the degree of Doctor of PhilosophyMobile smart devices are becoming increasingly important within the on-line purchasing cycle. Thus the requirement for mobile commerce systems to become truly context-aware remains paramount if they are to be effective within the varied situations that mobile users encounter. Where traditionally a recommender system will focus upon the user – item relationship, i.e. what to recommend, in this thesis it is proposed that due to the complexity of mobile user situational profiles the how and when must also be considered for recommendations to be effective. Though non-trivial, it should be, through the understanding of a user’s ability to complete certain cognitive processes, possible to determine the likelihood of engagement and therefore the success of the recommendation.
This research undertakes an investigation into physical and modal contexts and presents findings as to their relationships with cognitive processes. Through the introduction of the novel concept, disruptive contexts, situational contexts, including noise, distractions and user activity, are identified as having significant effects upon the relationship between user affective state and cognitive capability. Experimental results demonstrate that by understanding specific cognitive capabilities, e.g. a user’s perception of advert content and user levels of purchase-decision involvement, a system can determine potential user engagement and therefore improve the effectiveness of recommender systems’ performance.
A quantitative approach is followed with a reliance upon statistical measures to inform the development, and subsequent validation, of a contextual-cognitive model that was implemented as part of a context-aware system. The development of SiDISense (Situational Decision Involvement Sensing system) demonstrated, through the use of smart-phone sensors and machine learning, that is was viable to classify subjectively rated contexts to then infer levels of cognitive capability and therefore likelihood of positive user engagement. Through this success in furthering the understanding of contextual-cognitive relationships there are novel and significant advances that are now viable within the area of m-commerce
COMITMENT: A Fog Computing Trust Management Approach
As an extension of cloud computing, fog computing is considered to be relatively more secure than cloud computing due to data being transiently maintained and analyzed on local fog nodes closer to data sources. However, there exist several security and privacy concerns when fog nodes collaborate and share data to execute certain tasks. For example, offloading data to a malicious fog node can results into an unauthorized collection or manipulation of users’ private data. Cryptographic-based techniques can prevent external attacks, but are not useful when fog nodes are already authenticated and part of a networks using legitimate identities. We therefore resort to trust to identify and isolate malicious fog nodes and mitigate security, respectively. In this paper, we present a fog COMputIng Trust manageMENT (COMITMENT) approach that uses quality of service and quality of protection history measures from previous direct and indirect fog node interactions for assessing and managing the trust level of the nodes within the fog computing environment. Using COMITMENT approach, we were able to reduce/identify the malicious attacks/interactions among fog nodes by approximately 66%, while reducing the service response time by approximately 15s
Internet of Things data contextualisation for scalable information processing, security, and privacy
The Internet of Things (IoT) interconnects billions of sensors and other devices (i.e., things) via the internet, enabling novel services and products that are becoming increasingly important for industry, government, education and society in general. It is estimated that by 2025, the number of IoT devices will exceed 50 billion, which is seven times the estimated human population at that time. With such a tremendous increase in the number of IoT devices, the data they generate is also increasing exponentially and needs to be analysed and secured more efficiently. This gives rise to what is appearing to be the most significant challenge for the IoT: Novel, scalable solutions are required to analyse and secure the extraordinary amount of data generated by tens of billions of IoT devices. Currently, no solutions exist in the literature that provide scalable and secure IoT scale data processing. In this thesis, a novel scalable approach is proposed for processing and securing IoT scale data, which we refer to as contextualisation. The contextualisation solution aims to exclude irrelevant IoT data from processing and address data analysis and security considerations via the use of contextual information. More specifically, contextualisation can effectively reduce the volume, velocity and variety of data that needs to be processed and secured in IoT applications. This contextualisation-based data reduction can subsequently provide IoT applications with the scalability needed for IoT scale knowledge extraction and information security. IoT scale applications, such as smart parking or smart healthcare systems, can benefit from the proposed method, which  improves the scalability of data processing as well as the security and privacy of data.   The main contributions of this thesis are: 1) An introduction to context and contextualisation for IoT applications; 2) a contextualisation methodology for IoT-based applications that is modelled around observation, orientation, decision and action loops; 3) a collection of contextualisation techniques and a corresponding software platform for IoT data processing (referred to as contextualisation-as-a-service or ConTaaS) that enables highly scalable data analysis, security and privacy solutions; and 4) an evaluation of ConTaaS in several IoT applications to demonstrate that our contextualisation techniques permit data analysis, security and privacy solutions to remain linear, even in situations where the number of IoT data points increases exponentially
- …