Zone-based Federated Learning for Mobile Sensing Data

Mobile apps, such as mHealth and wellness applications, can benefit from deep learning (DL) models trained with mobile sensing data collected by smart phones or wearable devices. However, currently there is no mobile sensing DL system that simultaneously achieves good model accuracy while adapting to user mobility behavior, scales well as the number of users increases, and protects user data privacy. We propose Zone-based Federated Learning (ZoneFL) to address these requirements. ZoneFL divides the physical space into geographical zones mapped to a mobile-edge-cloud system architecture for good model accuracy and scalability. Each zone has a federated training model, called a zone model, which adapts well to data and behaviors of users in that zone. Benefiting from the FL design, the user data privacy is protected during the ZoneFL training. We propose two novel zone-based federated training algorithms to optimize zone models to user mobility behavior: Zone Merge and Split (ZMS) and Zone Gradient Diffusion (ZGD). ZMS optimizes zone models by adapting the zone geographical partitions through merging of neighboring zones or splitting of large zones into smaller ones. Different from ZMS, ZGD maintains fixed zones and optimizes a zone model by incorporating the gradients derived from neighboring zones' data. ZGD uses a self-attention mechanism to dynamically control the impact of one zone on its neighbors. Extensive analysis and experimental results demonstrate that ZoneFL significantly outperforms traditional FL in two models for heart rate prediction and human activity recognition. In addition, we developed a ZoneFL system using Android phones and AWS cloud. The system was used in a heart rate prediction field study with 63 users for 4 months, and we demonstrated the feasibility of ZoneFL in real-life

Identifying and combating cyber-threats in the field of online banking

This thesis has been carried out in the industrial environment external to the University, as an industrial PhD. The results of this PhD have been tested, validated, and implemented in the production environment of Caixabank and have been used as models for others who have followed the same ideas. The most burning threats against banks throughout the Internet environment are based on software tools developed by criminal groups, applications running on web environment either on the computer of the victim (Malware) or on their mobile device itself through downloading rogue applications (fake app's with Malware APP). Method of the thesis has been used is an approximation of qualitative exploratory research on the problem, the answer to this problem and the use of preventive methods to this problem like used authentication systems. This method is based on samples, events, surveys, laboratory tests, experiments, proof of concept; ultimately actual data that has been able to deduce the thesis proposal, using both laboratory research and grounded theory methods of data pilot experiments conducted in real environments. I've been researching the various aspects related to e-crime following a line of research focusing on intrinsically related topics: - The methods, means and systems of attack: Malware, Malware families of banker Trojans, Malware cases of use, Zeus as case of use. - The fixed platforms, mobile applications and as a means for malware attacks. - forensic methods to analyze the malware and infrastructure attacks. - Continuous improvement of methods of authentication of customers and users as a first line of defense anti- malware. - Using biometrics as innovative factor authentication.The line investigating Malware and attack systems intrinsically is closed related to authentication methods and systems to infect customer (executables, APP's, etc.), because the main purpose of malware is precisely steal data entered in the "logon "authentication system, to operate and thus, fraudulently, steal money from online banking customers. Experiments in the Malware allowed establishing a new method of decryption establishing guidelines to combat its effects describing his fraudulent scheme and operation infection. I propose a general methodology to break the encryption communications malware (keystream), extracting the system used to encrypt such communications and a general approach of the Keystream technique. We show that this methodology can be used to respond to the threat of Zeus and finally provide lessons learned highlighting some general principles of Malware (in general) and in particular proposing Zeus Cronus, an IDS that specifically seeks the Zeus malware, testing it experimentally in a network production and providing an effective skills to combat the Malware are discussed. The thesis is a research interrelated progressive evolution between malware infection systems and authentication methods, reflected in the research work cumulatively, showing an evolution of research output and looking for a progressive improvement of methods authentication and recommendations for prevention and preventing infections, a review of the main app stores for mobile financial services and a proposal to these stores. The most common methods eIDAMS (authentication methods and electronic identification) implemented in Europe and its robustness are analyzed. An analysis of adequacy is presented in terms of efficiency, usability, costs, types of operations and segments including possibilities of use as authentication method with biometrics as innovation.Este trabajo de tesis se ha realizado en el entorno industrial externo a la Universidad como un PhD industrial Los resultados de este PhD han sido testeados, validados, e implementados en el entorno de producción de Caixabank y han sido utilizados como modelos por otras que han seguido las mismas ideas. Las amenazas más candentes contra los bancos en todo el entorno Internet, se basan en herramientas software desarrolladas por los grupos delincuentes, aplicaciones que se ejecutan tanto en entornos web ya sea en el propio ordenador de la víctima (Malware) o en sus dispositivos móviles mediante la descarga de falsas aplicaciones (APP falsa con Malware). Como método se ha utilizado una aproximación de investigación exploratoria cualitativa sobre el problema, la respuesta a este problema y el uso de métodos preventivos a este problema a través de la autenticación. Este método se ha basado en muestras, hechos, encuestas, pruebas de laboratorio, experimentos, pruebas de concepto; en definitiva datos reales de los que se ha podido deducir la tesis propuesta, utilizando tanto investigación de laboratorio como métodos de teoría fundamentada en datos de experimentos pilotos realizados en entornos reales. He estado investigando los diversos aspectos relacionados con e-crime siguiendo una línea de investigación focalizada en temas intrínsecamente relacionadas: - Los métodos, medios y sistemas de ataque: Malware, familias de Malware de troyanos bancarios, casos de usos de Malware, Zeus como caso de uso. - Las plataformas fijas, los móviles y sus aplicaciones como medio para realizar los ataques de Malware. - Métodos forenses para analizar el Malware y su infraestructura de ataque. - Mejora continuada de los métodos de autenticación de los clientes y usuarios como primera barrera de defensa anti- malware. - Uso de la biometría como factor de autenticación innovador. La línea investiga el Malware y sus sistemas de ataque intrínsecamente relacionada con los métodos de autenticación y los sistemas para infectar al cliente (ejecutables, APP's, etc.) porque el objetivo principal del malware es robar precisamente los datos que se introducen en el "logon" del sistema de autenticación para operar de forma fraudulenta y sustraer así el dinero de los clientes de banca electrónica. Los experimentos realizados en el Malware permitieron establecer un método novedoso de descifrado que estableció pautas para combatir sus efectos fraudulentos describiendo su esquema de infección y funcionamiento Propongo una metodología general para romper el cifrado de comunicaciones del malware (keystream) extrayendo el sistema utilizado para cifrar dichas comunicaciones y una generalización de la técnica de Keystream. Se demuestra que esta metodología puede usarse para responder a la amenaza de Zeus y finalmente proveemos lecciones aprendidas resaltando algunos principios generales del Malware (en general) y Zeus en particular proponiendo Cronus, un IDS que persigue específicamente el Malware Zeus, probándolo experimentalmente en una red de producción y se discuten sus habilidades y efectividad. En la tesis hay una evolución investigativa progresiva interrelacionada entre el Malware, sistemas de infección y los métodos de autenticación, que se refleja en los trabajos de investigación de manera acumulativa, mostrando una evolución del output de investigación y buscando una mejora progresiva de los métodos de autenticación y de la prevención y recomendaciones para evitar las infecciones, una revisión de las principales tiendas de Apps para servicios financieros para móviles y una propuesta para estas tiendas. Se analizan los métodos más comunes eIDAMS (Métodos de Autenticación e Identificación electrónica) implementados en Europa y su robustez y presentamos un análisis de adecuación en función de eficiencia, usabilidad, costes, tipos de operación y segmentos incluyendo un análisis de posibilidades con métodos biométricos como innovación.Postprint (published version

An Approach to Guide Users Towards Less Revealing Internet Browsers

When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Previous research has shown that there are numerous privacy and security risks result from exposing sensitive information in the User-Agent string. For example, it enables device and browser fingerprinting and user tracking and identification. Our large analysis of thousands of User-Agent strings shows that browsers differ tremendously in the amount of information they include in their User-Agent strings. As such, our work aims at guiding users towards using less exposing browsers. In doing so, we propose to assign an exposure score to browsers based on the information they expose and vulnerability records. Thus, our contribution in this work is as follows: first, provide a full implementation that is ready to be deployed and used by users. Second, conduct a user study to identify the effectiveness and limitations of our proposed approach. Our implementation is based on using more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available and the solution has been deployed

A Smartphone-Based Prototype System for Incident/Work Zone Management Driven by Crowd-Sourced Data, 2015

This project develops a smartphone-based prototype system that supplements the 511 system to improve its dynamic traffic routing service to state highway users under non-recurrent congestion. This system will save considerable time to provide crucial traffic information and en-route assistance to travelers for them to avoid being trapped in traffic congestion due to accidents, work zones, hazards, or special events. It also creates a feedback loop between travelers and responsible agencies that enable the state to effectively collect, fuse, and analyze crowd-sourced data for next-gen transportation planning and management. This project can result in substantial economic savings (e.g. less traffic congestion, reduced fuel wastage and emissions) and safety benefits for the freight industry and society due to better dissemination of real-time traffic information by highway users. Such benefits will increase significantly in future with the expected increase in freight traffic on the network. The proposed system also has the flexibility to be integrated with various transportation management modules to assist state agencies to improve transportation services and daily operations

Implicit personalization in driving assistance: State-of-the-art and open issues

In recent decades, driving assistance systems have been evolving towards personalization for adapting to different drivers. With the consideration of driving preferences and driver characteristics, these systems become more acceptable and trustworthy. This article presents a survey on recent advances in implicit personalized driving assistance. We classify the collection of work into three main categories: 1) personalized Safe Driving Systems (SDS), 2) personalized Driver Monitoring Systems (DMS), and 3) personalized In-vehicle Information Systems (IVIS). For each category, we provide a comprehensive review of current applications and related techniques along with the discussion of industry status, benefits of personalization, application prospects, and future focal points. Both relevant driving datasets and open issues about personalized driving assistance are discussed to facilitate future research. By creating an organized categorization of the field, we hope that this survey could not only support future research and the development of new technologies for personalized driving assistance but also facilitate the application of these techniques within the driving automation community</h2

Supporting Mobile Distributed Services

With sensors becoming increasingly ubiquitous, there is a tremendous potential for services which can take advantage of the data collected by these sensors, from the important -- such as detecting medical emergencies and imminent natural disasters -- to the mundane -- such as waiting times experienced by diners at restaurants. This information can then be used to offer useful services. For example, a busy professional could find a restaurant to go to for a quick lunch based on information available from smartphones of people already there having lunch, waiting to be seated, or even heading there; a government could conduct a census in real-time, or “sense” public opinion. I refer to such services as mobile distributed services. The barriers to offering mobile distributed services continue to be prohibitive for most: not only must these services be implemented, but they would also inevitably compete for resources on people's devices. This is in part because such services are poorly understood, and consequently, there is limited language support for programming them. In this thesis, I address practical challenges related to three important problems in mobile distributed services. In addition, I present my efforts towards a formal model for representing mobile distributed services. First, I address the challenge of enhancing the programmability of mobile distributed services. This thesis presents a set of core mechanisms underlying mobile distributed services. I interpret and implement these mechanisms for the domain of crowd-sourced services. A distributed runtime middleware, CSSWare, has been developed to simplify the burden of initiating and managing crowd-sourced services. CSSWare provides a set of domain-specific programming constructs for launching a new service. Service designers may launch novel services over CSSWare by simply plugging in small pieces of service specific code. Particularly, new services can be prototyped in fewer than 100 lines of code. This ease of programming promises to democratize the building of such services. Second, I address the challenge of efficiently supporting the sensing needs of mobile distributed services, and more generally sensor-based applications. I developed ShareSens, an approach to opportunistically merge sensing requirements of independent applications. When multiple applications make sensing requests, instead of serving each request independently, ShareSens opportunistically merges the requests, achieving significant power and energy savings. Custom filters are then used to extract the data required by each application. Third, I address the problem of programming the sensing requirements of mobile distributed services. In particular, ModeSens is presented to allow multi-modal sensing requirements of a service to be programmed separately from its function. Programmers can specify the modes in which a service can be, the sensing needs of each mode, and the sensed events which trigger mode transition. ModeSens then monitors for mode transition events, and dynamically adjusts the sensing frequencies to match the current mode's requirements. Separating the mode change logic from an application's functional logic leads to more modular code. In addition, I present MobDisS (Mobile Distributed Services), an early model for representing mobile distributed services, allowing them to be carefully studied. Services can be built by composing simpler services. I present the syntax and operational semantics of MobDisS. Although this work can be evaluated along multiple dimensions, my primary goal is to enhance programmability of mobile distributed services. This is illustrated by providing the actual code required for creating two realistic services using CSSWare. Each service demonstrates different facets of the middleware, ranging from the use of different sensors to the use of different facilities provided by CSSWare. Furthermore, experimental results are presented to demonstrate scalability, performance and data-contributor side energy efficiency of CSSWare and ShareSens. Finally, a set of experimental evaluation is carried out to measure the performance and energy costs of using ModeSens

Understanding and mitigating the impact of Internet demand in everyday life

Digital devices and online services are increasingly embedded within our everyday lives. The growth in usage of these technologies has implications for environmental sustainability due to the energy demand from the underlying Internet infrastructure (e.g. communication networks, data centres). Energy efficiencies in the infrastructure are important, but they are made inconsequential by the sheer growth in the demand for data. We need to transition users’ Internet-connected practices and adapt HumanComputer Interaction (HCI) design in less demanding and more sustainable directions. Yet it’s not clear what the most data demanding devices and online activities are in users’ lives, and how this demand can be intervened with most effectively through HCI design. In this thesis, the issue of Internet demand is explored—uncovering how it is embedded into digital devices, online services and users’ everyday practices. Specifically, I conduct a series of experiments to understand Internet demand on mobile devices and in the home, involving: a large-scale quantitative analysis of 398 mobile devices; and a mixed-methods study involving month-long home router logging and interviews with 20 participants (nine households). Through these studies, I provide an in-depth understanding of how digital activities in users’ lives augment Internet demand (particularly through the practice of watching), and outline the roles for the HCI community and broader stakeholders (policy makers, businesses) in curtailing this demand. I then juxtapose these formative studies with design workshops involving 13 participants; these discover how we can reduce Internet demand in ways that users may accept or even want. From this, I provide specific design recommendations for the HCI community aiming to alleviate the issue of Internet growth for concerns of sustainability, as well as holistically mitigate the negative impacts that digital devices and online services can create in users’ lives

Real-time localisation system for GPS denied open areas using smart street furniture

Real-time measurement of crowd dynamics has been attracting significant interest, as it has many applications including real-time monitoring of emergencies and evacuation plans. To effectively measure crowd behaviour, an accurate estimate for pedestrians’ locations is required. However, estimating pedestrians’ locations is a great challenge especially for open areas with poor Global Positioning System (GPS) signal reception and/or lack of infrastructure to install expensive solutions such as video-based systems. Street furniture assets such as rubbish bins have become smart, as they have been equipped with low-power sensors. Currently, their role is limited to certain applications such as waste management. We believe that the role of street furniture can be extended to include building real-time localisation systems as street furniture provides excellent coverage across different areas such as parks, streets, homes, universities. In this thesis, we propose a novel wireless sensor network architecture designed for smart street furniture. We extend the functionality of sensor nodes to act as soft Access Point (AP), sensing Wifi signals received from surrounding Wifi-enabled devices. Our proposed architecture includes a real-time and low-power design for sensor nodes. We attached sensor nodes to rubbish bins located in a busy GPS denied open area at Murdoch University (Perth, Western Australia), known as Bush Court. This enabled us to introduce two unique Wifi-based localisation datasets: the first is the Fingerprint dataset called MurdochBushCourtLoC-FP (MBCLFP) in which four users generated Wifi fingerprints for all available cells in the gridded Bush Court, called Reference Points (RPs), using their smartphones, and the second is the APs dataset called MurdochBushCourtLoC-AP (MBCLAP) that includes auto-generated records received from over 1000 users’ devices. Finally, we developed a real-time localisation approach based on the two datasets using a four-layer deep learning classifier. The approach includes a light-weight algorithm to label the MBCLAP dataset using the MBCLFP dataset and convert the MBCLAP dataset to be synchronous. With the use of our proposed approach, up to 19% improvement in location prediction is achieved

AI-based framework for automatically extracting high-low features from NDS data to understand driver behavior

Our ability to detect and characterize unsafe driving behaviors in naturalistic driving environments and associate them with road crashes will be a significant step toward developing effective crash countermeasures. Due to some limitations, researchers have not yet fully achieved the stated goal of characterizing unsafe driving behaviors. These limitations include, but are not limited to, the high cost of data collection and the manual processes required to extract information from NDS data. In light of this limitations, the primary objective of this study is to develop an artificial intelligence (AI) framework for automatically extracting high-low features from the NDS dataset to explain driver behavior using a low-cost data collection method. The author proposed three novel objectives for achieving the study's objective in light of the identified research gaps. Initially, the study develops a low-cost data acquisition system for gathering data on naturalistic driving. Second, the study develops a framework that automatically extracts high- to low-level features, such as vehicle density, turning movements, and lane changes, from the data collected by the developed data acquisition system. Thirdly, the study extracted information from the NDS data to gain a better understanding of people's car-following behavior and other driving behaviors in order to develop countermeasures for traffic safety through data collection and analysis. The first objective of this study is to develop a multifunctional smartphone application for collecting NDS data. Three major modules comprised the designed app: a front-end user interface module, a sensor module, and a backend module. The front-end, which is also the application's user interface, was created to provide a streamlined view that exposed the application's key features via a tab bar controller. This allows us to compartmentalize the application's critical components into separate views. The backend module provides computational resources that can be used to accelerate front-end query responses. Google Firebase powered the backend of the developed application. The sensor modules included CoreMotion, CoreLocation, and AVKit. CoreMotion collects motion and environmental data from the onboard hardware of iOS devices, including accelerometers, gyroscopes, pedometers, magnetometers, and barometers. In contrast, CoreLocation determines the altitude, orientation, and geographical location of a device, as well as its position relative to an adjacent iBeacon device. The AVKit finally provides a high-level interface for video content playback. To achieve objective two, we formulated the problem as both a classification and time-series segmentation problem. This is due to the fact that the majority of existing driver maneuver detection methods formulate the problem as a pure classification problem, assuming a discretized input signal with known start and end locations for each event or segment. In practice, however, vehicle telemetry data used for detecting driver maneuvers are continuous; thus, a fully automated driver maneuver detection system should incorporate solutions for both time series segmentation and classification. The five stages of our proposed methodology are as follows: 1) data preprocessing, 2) segmentation of events, 3) machine learning classification, 4) heuristics classification, and 5) frame-by-frame video annotation. The result of the study indicates that the gyroscope reading is an exceptional parameter for extracting driving events, as its accuracy was consistent across all four models developed. The study reveals that the Energy Maximization Algorithm's accuracy ranges from 56.80 percent (left lane change) to 85.20 percent (right lane change) (lane-keeping) All four models developed had comparable accuracies to studies that used similar models. The 1D-CNN model had the highest accuracy (98.99 percent), followed by the LSTM model (97.75 percent), the RF model (97.71 percent), and the SVM model (97.65 percent). To serve as a ground truth, continuous signal data was annotated. In addition, the proposed method outperformed the fixed time window approach. The study analyzed the overall pipeline's accuracy by penalizing the F1 scores of the ML models with the EMA's duration score. The pipeline's accuracy ranged between 56.8 percent and 85.0 percent overall. The ultimate goal of this study was to extract variables from naturalistic driving videos that would facilitate an understanding of driver behavior in a naturalistic driving environment. To achieve this objective, three sub-goals were established. First, we developed a framework for extracting features pertinent to comprehending the behavior of natural-environment drivers. Using the extracted features, we then analyzed the car-following behaviors of various demographic groups. Thirdly, using a machine learning algorithm, we modeled the acceleration of both the ego-vehicle and the leading vehicle. Younger drivers are more likely to be aggressive, according to the findings of this study. In addition, the study revealed that drivers tend to accelerate when the distance between them and the vehicle in front of them is substantial. Lastly, compared to younger drivers, elderly motorists maintain a significantly larger following distance. This study's results have numerous safety implications. First, the analysis of the driving behavior of different demographic groups will enable safety engineers to develop the most effective crash countermeasures by enhancing their understanding of the driving styles of different demographic groups and the causes of collisions. Second, the models developed to predict the acceleration of both the ego-vehicle and the leading vehicle will provide enough information to explain the behavior of the ego-driver.Includes bibliographical references