Signed Latent Factors for Spamming Activity Detection

Due to the increasing trend of performing spamming activities (e.g., Web spam, deceptive reviews, fake followers, etc.) on various online platforms to gain undeserved benefits, spam detection has emerged as a hot research issue. Previous attempts to combat spam mainly employ features related to metadata, user behaviors, or relational ties. These works have made considerable progress in understanding and filtering spamming campaigns. However, this problem remains far from fully solved. Almost all the proposed features focus on a limited number of observed attributes or explainable phenomena, making it difficult for existing methods to achieve further improvement. To broaden the vision about solving the spam problem and address long-standing challenges (class imbalance and graph incompleteness) in the spam detection area, we propose a new attempt of utilizing signed latent factors to filter fraudulent activities. The spam-contaminated relational datasets of multiple online applications in this scenario are interpreted by the unified signed network. Two competitive and highly dissimilar algorithms of latent factors mining (LFM) models are designed based on multi-relational likelihoods estimation (LFM-MRLE) and signed pairwise ranking (LFM-SPR), respectively. We then explore how to apply the mined latent factors to spam detection tasks. Experiments on real-world datasets of different kinds of Web applications (social media and Web forum) indicate that LFM models outperform state-of-the-art baselines in detecting spamming activities. By specifically manipulating experimental data, the effectiveness of our methods in dealing with incomplete and imbalanced challenges is valid

Trust Management for P2P application in Delay Tolerant Mobile Ad-hoc Networks. An Investigation into the development of a Trust Management Framework for Peer to Peer File Sharing Applications in Delay Tolerant Disconnected Mobile Ad-hoc Networks.

Security is essential to communication between entities in the internet. Delay tolerant and disconnected Mobile Ad Hoc Networks (MANET) are a class of networks characterized by high end-to-end path latency and frequent end-to-end disconnections and are often termed as challenged networks. In these networks nodes are sparsely populated and without the existence of a central server, acquiring global information is difficult and impractical if not impossible and therefore traditional security schemes proposed for MANETs cannot be applied. This thesis reports trust management schemes for peer to peer (P2P) application in delay tolerant disconnected MANETs. Properties of a profile based file sharing application are analyzed and a framework for structured P2P overlay over delay tolerant disconnected MANETs is proposed. The framework is implemented and tested on J2ME based smart phones using Bluetooth communication protocol. A light weight Content Driven Data Propagation Protocol (CDDPP) for content based data delivery in MANETs is presented. The CDDPP implements a user profile based content driven P2P file sharing application in disconnected MANETs. The CDDPP protocol is further enhanced by proposing an adaptive opportunistic multihop content based routing protocol (ORP). ORP protocol considers the store-carry-forward paradigm for multi-hop packet delivery in delay tolerant MANETs and allows multi-casting to selected number of nodes. Performance of ORP is compared with a similar autonomous gossiping (A/G) protocol using simulations. This work also presents a framework for trust management based on dynamicity aware graph re-labelling system (DA-GRS) for trust management in mobile P2P applications. The DA-GRS uses a distributed algorithm to identify trustworthy nodes and generate trustable groups while isolating misleading or untrustworthy nodes. Several simulations in various environment settings show the effectiveness of the proposed framework in creating trust based communities. This work also extends the FIRE distributed trust model for MANET applications by incorporating witness based interactions for acquiring trust ratings. A witness graph building mechanism in FIRE+ is provided with several trust building policies to identify malicious nodes and detect collusive behaviour in nodes. This technique not only allows trust computation based on witness trust ratings but also provides protection against a collusion attack. Finally, M-trust, a light weight trust management scheme based on FIRE+ trust model is presented

Mitigating Colluding Attacks in Online Social Networks and Crowdsourcing Platforms

Online Social Networks (OSNs) have created new ways for people to communicate, and for companies to engage their customers -- with these new avenues for communication come new vulnerabilities that can be exploited by attackers. This dissertation aims to investigate two attack models: Identity Clone Attacks (ICA) and Reconnaissance Attacks (RA). During an ICA, attackers impersonate users in a network and attempt to infiltrate social circles and extract confidential information. In an RA, attackers gather information on a target\u27s resources, employees, and relationships with other entities over public venues such as OSNs and company websites. This was made easier for the RA to be efficient because well-known social networks, such as Facebook, have a policy to force people to use their real identities for their accounts. The goal of our research is to provide mechanisms to defend against colluding attackers in the presence of ICA and RA collusion attacks. In this work, we consider a scenario not addressed by previous works, wherein multiple attackers collude against the network, and propose defense mechanisms for such an attack. We take into account the asymmetric nature of social networks and include the case where colluders could add or modify some attributes of their clones. We also consider the case where attackers send few friend requests to uncover their targets. To detect fake reviews and uncovering colluders in crowdsourcing, we propose a semantic similarity measurement between reviews and a community detection algorithm to overcome the non-adversarial attack. ICA in a colluding attack may become stronger and more sophisticated than in a single attack. We introduce a token-based comparison and a friend list structure-matching approach, resulting in stronger identifiers even in the presence of attackers who could add or modify some attributes on the clone. We also propose a stronger RA collusion mechanism in which colluders build their own legitimacy by considering asymmetric relationships among users and, while having partial information of the networks, avoid recreating social circles around their targets. Finally, we propose a defense mechanism against colluding RA which uses the weakest person (e.g., the potential victim willing to accept friend requests) to reach their target

Enhancing trustability in MMOGs environments

Massively Multiplayer Online Games (MMOGs; e.g., World of Warcraft), virtual worlds (VW; e.g., Second Life), social networks (e.g., Facebook) strongly demand for more autonomic, security, and trust mechanisms in a way similar to humans do in the real life world. As known, this is a difficult matter because trusting in humans and organizations depends on the perception and experience of each individual, which is difficult to quantify or measure. In fact, these societal environments lack trust mechanisms similar to those involved in humans-to-human interactions. Besides, interactions mediated by compute devices are constantly evolving, requiring trust mechanisms that keep the pace with the developments and assess risk situations. In VW/MMOGs, it is widely recognized that users develop trust relationships from their in-world interactions with others. However, these trust relationships end up not being represented in the data structures (or databases) of such virtual worlds, though they sometimes appear associated to reputation and recommendation systems. In addition, as far as we know, the user is not provided with a personal trust tool to sustain his/her decision making while he/she interacts with other users in the virtual or game world. In order to solve this problem, as well as those mentioned above, we propose herein a formal representation of these personal trust relationships, which are based on avataravatar interactions. The leading idea is to provide each avatar-impersonated player with a personal trust tool that follows a distributed trust model, i.e., the trust data is distributed over the societal network of a given VW/MMOG. Representing, manipulating, and inferring trust from the user/player point of view certainly is a grand challenge. When someone meets an unknown individual, the question is “Can I trust him/her or not?”. It is clear that this requires the user to have access to a representation of trust about others, but, unless we are using an open source VW/MMOG, it is difficult —not to say unfeasible— to get access to such data. Even, in an open source system, a number of users may refuse to pass information about its friends, acquaintances, or others. Putting together its own data and gathered data obtained from others, the avatar-impersonated player should be able to come across a trust result about its current trustee. For the trust assessment method used in this thesis, we use subjective logic operators and graph search algorithms to undertake such trust inference about the trustee. The proposed trust inference system has been validated using a number of OpenSimulator (opensimulator.org) scenarios, which showed an accuracy increase in evaluating trustability of avatars. Summing up, our proposal aims thus to introduce a trust theory for virtual worlds, its trust assessment metrics (e.g., subjective logic) and trust discovery methods (e.g., graph search methods), on an individual basis, rather than based on usual centralized reputation systems. In particular, and unlike other trust discovery methods, our methods run at interactive rates.MMOGs (Massively Multiplayer Online Games, como por exemplo, World of Warcraft), mundos virtuais (VW, como por exemplo, o Second Life) e redes sociais (como por exemplo, Facebook) necessitam de mecanismos de confiança mais autónomos, capazes de assegurar a segurança e a confiança de uma forma semelhante à que os seres humanos utilizam na vida real. Como se sabe, esta não é uma questão fácil. Porque confiar em seres humanos e ou organizações depende da percepção e da experiência de cada indivíduo, o que é difícil de quantificar ou medir à partida. Na verdade, esses ambientes sociais carecem dos mecanismos de confiança presentes em interacções humanas presenciais. Além disso, as interacções mediadas por dispositivos computacionais estão em constante evolução, necessitando de mecanismos de confiança adequados ao ritmo da evolução para avaliar situações de risco. Em VW/MMOGs, é amplamente reconhecido que os utilizadores desenvolvem relações de confiança a partir das suas interacções no mundo com outros. No entanto, essas relações de confiança acabam por não ser representadas nas estruturas de dados (ou bases de dados) do VW/MMOG específico, embora às vezes apareçam associados à reputação e a sistemas de reputação. Além disso, tanto quanto sabemos, ao utilizador não lhe é facultado nenhum mecanismo que suporte uma ferramenta de confiança individual para sustentar o seu processo de tomada de decisão, enquanto ele interage com outros utilizadores no mundo virtual ou jogo. A fim de resolver este problema, bem como os mencionados acima, propomos nesta tese uma representação formal para essas relações de confiança pessoal, baseada em interacções avatar-avatar. A ideia principal é fornecer a cada jogador representado por um avatar uma ferramenta de confiança pessoal que segue um modelo de confiança distribuída, ou seja, os dados de confiança são distribuídos através da rede social de um determinado VW/MMOG. Representar, manipular e inferir a confiança do ponto de utilizador/jogador, é certamente um grande desafio. Quando alguém encontra um indivíduo desconhecido, a pergunta é “Posso confiar ou não nele?”. É claro que isto requer que o utilizador tenha acesso a uma representação de confiança sobre os outros, mas, a menos que possamos usar uma plataforma VW/MMOG de código aberto, é difícil — para não dizer impossível — obter acesso aos dados gerados pelos utilizadores. Mesmo em sistemas de código aberto, um número de utilizadores pode recusar partilhar informações sobre seus amigos, conhecidos, ou sobre outros. Ao juntar seus próprios dados com os dados obtidos de outros, o utilizador/jogador representado por um avatar deve ser capaz de produzir uma avaliação de confiança sobre o utilizador/jogador com o qual se encontra a interagir. Relativamente ao método de avaliação de confiança empregue nesta tese, utilizamos lógica subjectiva para a representação da confiança, e também operadores lógicos da lógica subjectiva juntamente com algoritmos de procura em grafos para empreender o processo de inferência da confiança relativamente a outro utilizador. O sistema de inferência de confiança proposto foi validado através de um número de cenários Open-Simulator (opensimulator.org), que mostrou um aumento na precisão na avaliação da confiança de avatares. Resumindo, a nossa proposta visa, assim, introduzir uma teoria de confiança para mundos virtuais, conjuntamente com métricas de avaliação de confiança (por exemplo, a lógica subjectiva) e em métodos de procura de caminhos de confiança (com por exemplo, através de métodos de pesquisa em grafos), partindo de uma base individual, em vez de se basear em sistemas habituais de reputação centralizados. Em particular, e ao contrário de outros métodos de determinação do grau de confiança, os nossos métodos são executados em tempo real

Algorithmic Pricing:The Current State of Affairs from a Law and Economics Perspective

The rise of algorithmic pricing has transformed perfect price discrimination from a theoretical concept into a real possibility. Through self-learning pricingalgorithms, a strategy can be developed that approximates consumers’ reservation prices with ever-improving accuracy. This paper analyzes algorithmic pricing from a law and economics perspective to identify the efficiency and equity effects that the practice could cause and determine to which extent it is regulated under the current legal framework. This paper finds that under competitive market conditions, algorithmic pricing could be welcomed from an efficiency perspective, but from an equity and ethical perspective serious concerns need to be raised. If these concerns are to be taken seriously, the legal framework provides only a partially functional approach to address algorithmic pricing. Additional appropriate remedies are, therefore, needed to protect consumers adequately and effectively against exploitation that reduces their welfare

Preserving Privacy in Mobile Environments

Technology is improving day-by-day and so is the usage of mobile devices. Every activity that would involve manual and paper transactions can now be completed in seconds using your ngertips. On one hand, life has become fairly convenient with the help of mobile devices, whereas on the other hand privacy of the data and the transactions occurring in the process have been under continuous threat. Mobile devices connect to a number of service providers for various reasons. These could include downloading data, online purchasing or could be just used to browse information which may be irrelevant at a later point. Access to critical and sensitive information may be available at a number of places. In case of a mobile device, the information may be available with the service provider. Service Provider could be in the form of any web portal. In all such scenarios, passing the information or data from the service provider into the mobile device is a major challenge, as the data/information cannot be sent in plain text format. The con dentiality and integrity of the data needs to be protected and hence, the service provider must convert the data into an encrypted format before passing it onto the mobile device, to prevent risks from sniffing and unauthorized disclosure of data. Preserving the location of the individual user of any mobile device has also been the concern for a number of researchers. Mobile devices have become an important tool in modern communication. Mobile and other handheld devices such as ipads and tablets have over taken laptops and desktops and hence there has been an increasing research interest in this area in recent years. This includes improving the quality of communication and the overall end-to-end data security in day-to-day transactions. Mobile devices continuously connect to di erent service providers for day-to-day needs such as online purchases, online banking and endless sur ng for information. In addition to this devices could be connecting to the service providers to receive or send sensitive information. At the Service Provider end, the data would be stored with the provider and Service Provider would only hand over the data if it con rms that the person requested it is authorized to receive the information. The exchange of data from one end of the network to the other is a major challenge due to malicious intruder mishandling of the data. Hence the con dentiality and integrity of the data needs to be protected either by transforming the sensitive information into a non-readable format or by converting into a cipher text. Privacy has been an open problem for research as more and more information is getting leaked on a day-to-day basis. Through this thesis, I have tried to address a number of areas within the privacy realm where information and data access and sharing is a key concern along side the key aspect of location privacy. I have also tried to address the problems in the space of access control wherein I have proposed policy based languages and extensions for ensuring appropriate access control methodologies. The main goal and focus in this work has been to enforce the importance of location privacy in mobile environments and to propose solutions that resolve the problems of where and when to enforce location security. Another key goal of this work has been to create new access control and trust based solutions to ensure the right level of access to the right receiver of information. Through my research, I have explored the various privacy related attacks and suggested appropriate countermeasures for the same. In addition to proposing and showcasing solutions using policy languages for access control, I have also introduced geospatial access control solutions to ensure that the right user is accessing or requesting for the right information from the right location. This helps the appropriate and the right use of the information by the right resource. Through my thesis I have also given equal importance to the trust aspects of sharing information. I have created new trust assessment models to show how fused information can be handled and how can trust be imposed on the information provider and the information itself. The main contribution of this thesis is to address the problems around protecting the data and individual's privacy and to propose solutions to mitigate these issues using new and novel techniques. They can be detailed as the following: In privacy, there is always a privacy versus utility tradeo and in order to make use of utility, trust in the location is essential. Through this research I have developed i) novel attestation models and access control methodologies including Privacy Preferences Platform (P3P) extensions, ii) Extensible Access Control Markup Language (XACML) extensions and iii) Geospatial access control through GeoXACML. iv)I have created new methodologies to enforce location privacy and shown where best to enforce privacy. v)I have also shown that global attestation is very crucial for privacy and needs accurate methods in place to attest user's location information for access. vi) Fusing of location information is very crucial as there could be a number of similar or con icting information produced about a common source and it is very important to assess and evaluate the trust level in the information. I have proposed, developed and implemented a new trust assessment framework. This framework looks at the incoming information and passes it on to the rule engine in the framework to make some inferences and then the trust assessment module computes the trust score based on forward chaining or background chaining scheme. The framework is used to evaluate the trust on the fused information in a streaming setup. vii) I have created new solutions to look at the similarity pro les and create identity enforcement through pro ling. I have shown methods of anonymisation for location privacy and identity privacy

Modern markets : competition in the 21st century

Defence date: 25 September 2023Examining board: Prof. Giacomo Calzolari (Eurooean University Institute, supervisor); Prof. David Levine (Eurooean University Institute, co-supervisor); Dr. Justus Haucap (Düsseldorf Institute for Competition Economics (DICE)); Dr. Pierre Regibeau (European Commission)This thesis is composed of three independent chapters, the third of which consists of two separate but thematically related papers. In Chapter 1, I introduce a theoretical model of vertical integration with a novel demand structure to investigate the effect of vertical integration into Internet infrastructure on competition in digital markets. I find that pure infrastructure providers have an incentive to accommodate vertically integrated firms by becoming “commoditized” suppliers of infrastructure. My model explains new trends in digital markets and has implications for competition policy, industrial policy and political economy. In Chapter 2, I estimate the effects of crisis intensity and deregulation on home bias in procurement. Using a novel data set on the award of procurement contracts for medical supplies during the first wave of the Covid-19 pandemic in Europe, I study the propensity to award contracts internationally. I document a unique shift towards international procurement, driven by local spikes in infection rates and deregulation. In Chapter 3, I study the role of pricing algorithms in online marketplaces. Its first part is a joint article with Giacomo Calzolari that describes the algorithmic repricing industry. Based on a novel sample of 130 repricing companies, we study the prices and claimed attributes of pricing algorithms. We find that turn-key algorithmic pricing services are widely available, and discuss product features, fees, and associated services. The second part of Chapter 3 is a literature review on algorithmic pricing. I summarize findings from the economics literature covering computational, experimental, and empirical methods as well as adjacent fields. I argue that a lack of understanding of buyer responses to algorithmic pricing cycles and endogenous adoption of algorithmic pricing are the main gaps in the literature.-- 1. Internet infrastructure and competition in digital markets -- 2. Does buyer discretion facilitate home bias in procurement? Cross-border procurement of medical supplies under Covid-19 -- 3. Pricing algorithms out of the box: a study of the repricing industry -- 4. Algorithmic pricing - a literature review -- A. Appendix to chapter 1 -- B. Appendix to chapter 2 -- C. Appendix to chapter

Resale price maintenance and the limits of Article 101 TFEU: reconsidering the application of EU competition law to vertical price restraints

The public policy towards minimum resale price maintenance (‘RPM’), or vertical price fixing, namely the practice whereby a manufacturer stipulates a retail price floor below which its products are not to be resold, has traditionally been one of the most contentious antitrust issues on both sides of the Atlantic. Economic theory suggests that RPM is capable of producing ambivalent welfare consequences, thus obscuring the intellectual debate as to the optimal antitrust response to the practice. This normative uncertainty is best reflected in the divergent approach taken to RPM under the relevant laws of the United States and the European Union, arguably the world’s two most mature antitrust jurisdictions. In 2007, in its seminal Leegin judgment, the United States Supreme Court abolished the century-old per se ban on vertical price fixing. At the same time, under the European Commission’s recent Guidelines on Vertical Restraints price floors remain subject to a quasi-conclusive presumption of illegality. The purpose of this thesis is to examine whether a more consistent approach through the relaxation of the European Commission’s blanket prohibition on price floors would be feasible and, in effect, desirable. Based on insights from new institutional economics, it will be argued that RPM may on certain occasions be a substitute – however imperfect – for vertical integration, where a merger would be prohibitively costly for the parties, in which case the hierarchical form of organisation will have to be replaced by a hybrid governance structure. Under certain circumstances, a fixed retail profit margin may enhance the self-enforcing range of long-term partnerships governed by relational norms, as well as the manufacturer’s control over distribution by reducing substantially the transaction costs associated with monitoring dealer performance. At the same time, however, the analysis will take into account the various objections to the practice, most notably the horizontal collusion theory, in order to argue that the approach to RPM should in principle be cautious. The discussion will culminate in the proposal for a new, workable analytical framework for the substantive assessment of vertical price fixing under EU competition law, which will be based on a – genuinely – rebuttable presumption of anti-competitive object under Article 101(1) of the Treaty on the Functioning of the European Union

Regulating Vertical Agreements: a comparative law & economics analysis of Brazil and Europe

This research reviews the enforcement of the Brazilian and the EU antitrust policies oriented to vertical agreements from an institutional perspective. It has considered both the evolution of the legal framework and the application of the existing policies in practice. The thesis highlighted the main challenges of the current approaches taken by the competition authorities in these jurisdictions and formulated specific proposals for improvements. Because Brazilian competition rules were originally inspired by the European legal framework, this PhD research also resumes discussions regarding comparative law and the efficiency of transplanting laws and good practices