An Accuracy-Assured Privacy-Preserving Recommender System for Internet Commerce

Recommender systems, tool for predicting users' potential preferences by computing history data and users' interests, show an increasing importance in various Internet applications such as online shopping. As a well-known recommendation method, neighbourhood-based collaborative filtering has attracted considerable attention recently. The risk of revealing users' private information during the process of filtering has attracted noticeable research interests. Among the current solutions, the probabilistic techniques have shown a powerful privacy preserving effect. When facing $k$ Nearest Neighbour attack, all the existing methods provide no data utility guarantee, for the introduction of global randomness. In this paper, to overcome the problem of recommendation accuracy loss, we propose a novel approach, Partitioned Probabilistic Neighbour Selection, to ensure a required prediction accuracy while maintaining high security against $k$NN attack. We define the sum of $k$ neighbours' similarity as the accuracy metric alpha, the number of user partitions, across which we select the $k$ neighbours, as the security metric beta. We generalise the $k$ Nearest Neighbour attack to beta k Nearest Neighbours attack. Differing from the existing approach that selects neighbours across the entire candidate list randomly, our method selects neighbours from each exclusive partition of size $k$ with a decreasing probability. Theoretical and experimental analysis show that to provide an accuracy-assured recommendation, our Partitioned Probabilistic Neighbour Selection method yields a better trade-off between the recommendation accuracy and system security.Comment: replacement for the previous versio

CROSS-BORDER DATA TRANSFER REGULATION: A COMPARATIVE STUDY OF CHINA AND EUROPE

With the so-called Industry 4.0 revolution ongoing, end-to-end digitalisation of all assets and integration into a digital ecosystem led the world to the unprecedented increases in connectivity and global flows. Cross-border data flow has become the cornerstone of the cross-border economy, especially for digital products. Without cross-border data flow, there will be no transactions. As a result, governments have started updating the data-related policies, such as restrictive measures for data cross-border flows or rules to mandate local data storage. Against this background, this study focuses on emerging research topics, starting with contemporary public policies on the cross-border data transfer. The objective is to examine whether the policymakers from both regions could better achieve their goals of promoting digital economy by establishing a mutual understanding with the industrial entities, while maintaining the balance between the protection of personal information and the innovation in digital markets. For that purpose, this research explores the historical development of data transfer regulatory measures in China, the EU and the U.S., studied the specific challenges they are encountering in the data globalisation era. Part I studied the evolvement of the CBDT rules. It is pointed out that the CBDT regulation is a technology-led phenomenon yet not novel. It is an emerging threat to privacy posed by the development of technology, thus attracted the scrutiny from the public and the authorities. The CBDT regulation reflects the enforcement of national jurisdiction in the cyberspace, which does not enjoy an indisputable general consensus in the contemporary international law. The rulemaking of CBDT cannot avoid the controversial debate over the legitimacy of state supervision of the network. CBDT regulation is originated from the protection of personal data in the EU, yet the disagreement with regard to its philosophy is derived from the conflict of different legislative values, that is, different legislators have different understandings of the freedom of free flow of information and the right to personal information. The author also questioned the rationale of the EU data transfer rules by discussing the target validity of the current rules, that is, the target validity for data protection. Part II compared the EU and China\u2019s data protection laws as well as the CBDT rules respectively. Challenges that CBDT restriction measures might face are listed, since the data transborder transmission is not a legislative measure by nature. In the process of rulemaking and implementation existed dual pressures from domestic and abroad, categorised as technological, international legislative and theoretical challenges. Theoretically, Cyberspace does not have a boundary similar to a physical space, the theoretical premise that the EU CBDT rules ignored is that the state must control the transborder transmission of data by setting the borders. Thus, for China, two aspects must be addressed: is there an independent cyberspace law, and where is the boundary between the virtual and real world. International legislative challenges arise from the oversea data access of the U.S. government. The EU CBDT framework has limited impact when facing such data access under the cover of FISA and CLOUD Act of the U.S. Particularly, this dissertation discussed the potentials for a free flow of data transfer mechanism between the EU and China. It is worth exploring the possibility for a region-based bilateral collaboration, such as a free trade zone in China, to seek for the EU Commission\u2019s recognition of adequate level of protection of personal information. For general data-intensive entities, binding corporate rules and standard contractual clauses are still the preferrable approaches. Part III examines the data protection implementation and data transfer compliance in the context of the HEART project. By analysing the use-cases the HEART deployed, as well as the architecture that it proposed, Chapter 6 studies the privacy-enhancing measures from both the organisational and technical perspectives. Specifically, the data classification system and dynamic data security assessments are proposed. Chapter 7 studied the use case of federated recommender system within the HEART platform and its potentials for the promotion of GDPR compliance. The recommender system is thoroughly analysed under the requirements of the GDPR, including the fundamental data processing principles and threat assessment within the data processing

Leveraging contextual-cognitive relationships into mobile commerce systems

A thesis submitted to the University of Bedfordshire in partial fulfilment of the requirements for the degree of Doctor of PhilosophyMobile smart devices are becoming increasingly important within the on-line purchasing cycle. Thus the requirement for mobile commerce systems to become truly context-aware remains paramount if they are to be effective within the varied situations that mobile users encounter. Where traditionally a recommender system will focus upon the user – item relationship, i.e. what to recommend, in this thesis it is proposed that due to the complexity of mobile user situational profiles the how and when must also be considered for recommendations to be effective. Though non-trivial, it should be, through the understanding of a user’s ability to complete certain cognitive processes, possible to determine the likelihood of engagement and therefore the success of the recommendation. This research undertakes an investigation into physical and modal contexts and presents findings as to their relationships with cognitive processes. Through the introduction of the novel concept, disruptive contexts, situational contexts, including noise, distractions and user activity, are identified as having significant effects upon the relationship between user affective state and cognitive capability. Experimental results demonstrate that by understanding specific cognitive capabilities, e.g. a user’s perception of advert content and user levels of purchase-decision involvement, a system can determine potential user engagement and therefore improve the effectiveness of recommender systems’ performance. A quantitative approach is followed with a reliance upon statistical measures to inform the development, and subsequent validation, of a contextual-cognitive model that was implemented as part of a context-aware system. The development of SiDISense (Situational Decision Involvement Sensing system) demonstrated, through the use of smart-phone sensors and machine learning, that is was viable to classify subjectively rated contexts to then infer levels of cognitive capability and therefore likelihood of positive user engagement. Through this success in furthering the understanding of contextual-cognitive relationships there are novel and significant advances that are now viable within the area of m-commerce

COMITMENT: A Fog Computing Trust Management Approach

As an extension of cloud computing, fog computing is considered to be relatively more secure than cloud computing due to data being transiently maintained and analyzed on local fog nodes closer to data sources. However, there exist several security and privacy concerns when fog nodes collaborate and share data to execute certain tasks. For example, offloading data to a malicious fog node can results into an unauthorized collection or manipulation of users’ private data. Cryptographic-based techniques can prevent external attacks, but are not useful when fog nodes are already authenticated and part of a networks using legitimate identities. We therefore resort to trust to identify and isolate malicious fog nodes and mitigate security, respectively. In this paper, we present a fog COMputIng Trust manageMENT (COMITMENT) approach that uses quality of service and quality of protection history measures from previous direct and indirect fog node interactions for assessing and managing the trust level of the nodes within the fog computing environment. Using COMITMENT approach, we were able to reduce/identify the malicious attacks/interactions among fog nodes by approximately 66%, while reducing the service response time by approximately 15s

Internet of Things data contextualisation for scalable information processing, security, and privacy

The Internet of Things (IoT) interconnects billions of sensors and other devices (i.e., things) via the internet, enabling novel services and products that are becoming increasingly important for industry, government, education and society in general. It is estimated that by 2025, the number of IoT devices will exceed 50 billion, which is seven times the estimated human population at that time. With such a tremendous increase in the number of IoT devices, the data they generate is also increasing exponentially and needs to be analysed and secured more efficiently. This gives rise to what is appearing to be the most significant challenge for the IoT: Novel, scalable solutions are required to analyse and secure the extraordinary amount of data generated by tens of billions of IoT devices. Currently, no solutions exist in the literature that provide scalable and secure IoT scale data processing. In this thesis, a novel scalable approach is proposed for processing and securing IoT scale data, which we refer to as contextualisation. The contextualisation solution aims to exclude irrelevant IoT data from processing and address data analysis and security considerations via the use of contextual information. More specifically, contextualisation can effectively reduce the volume, velocity and variety of data that needs to be processed and secured in IoT applications. This contextualisation-based data reduction can subsequently provide IoT applications with the scalability needed for IoT scale knowledge extraction and information security. IoT scale applications, such as smart parking or smart healthcare systems, can benefit from the proposed method, which  improves the scalability of data processing as well as the security and privacy of data.   The main contributions of this thesis are: 1) An introduction to context and contextualisation for IoT applications; 2) a contextualisation methodology for IoT-based applications that is modelled around observation, orientation, decision and action loops; 3) a collection of contextualisation techniques and a corresponding software platform for IoT data processing (referred to as contextualisation-as-a-service or ConTaaS) that enables highly scalable data analysis, security and privacy solutions; and 4) an evaluation of ConTaaS in several IoT applications to demonstrate that our contextualisation techniques permit data analysis, security and privacy solutions to remain linear, even in situations where the number of IoT data points increases exponentially