User-profile-based analytics for detecting cloud security breaches

While the growth of cloud-based technologies has benefited the society tremendously, it has also increased the surface area for cyber attacks. Given that cloud services are prevalent today, it is critical to devise systems that detect intrusions. One form of security breach in the cloud is when cyber-criminals compromise Virtual Machines (VMs) of unwitting users and, then, utilize user resources to run time-consuming, malicious, or illegal applications for their own benefit. This work proposes a method to detect unusual resource usage trends and alert the user and the administrator in real time. We experiment with three categories of methods: simple statistical techniques, unsupervised classification, and regression. So far, our approach successfully detects anomalous resource usage when experimenting with typical trends synthesized from published real-world web server logs and cluster traces. We observe the best results with unsupervised classification, which gives an average F1-score of 0.83 for web server logs and 0.95 for the cluster traces

Fighting Poverty, Profitably: Transforming the Economics of Payments to Build Sustainable, Inclusive Financial Systems

The Gates Foundation's Financial Services for the Poor program (FSP) believes that effective financial services are paramount in the fight against poverty. Nonetheless, today more than 2 billion people live outside the formal financial sector. Increasing their access to high quality, affordable financial services will accelerate the well-being of households, communities, and economies in the developing world. One of the most promising ways to deliver these financial services to the poor -- profitably and at scale -- is by using digital payment platforms.These are the conclusions we have reached as the result of extensive research in pursuit of one of the Foundation's primary missions: to give the world's poorest people the chance to lift themselves out of hunger and extreme poverty.FSP conducted this research because we believe that there is a gap in the fact base and understanding of how payment systems can extend digital services to low income consumers in developing markets. This is a complex topic, with fragmented information and a high degree of country-by-country variability. A complete view across the entire payment system has been missing, limiting how system providers, policy makers, and regulators (groups we refer to collectively as financial inclusion stakeholders) evaluate decisions and take actions. With a holistic view of the payment system, we believe that interventions can have higher impact, and stakeholders can better understand and address the ripple effects that changes to one part of the system can have. In this report, we focus on the economics of payment systems to understand how they can be transformed to serve poor people in a way that is profitable and sustainable in aggregate

From Social Data Mining to Forecasting Socio-Economic Crisis

Socio-economic data mining has a great potential in terms of gaining a better understanding of problems that our economy and society are facing, such as financial instability, shortages of resources, or conflicts. Without large-scale data mining, progress in these areas seems hard or impossible. Therefore, a suitable, distributed data mining infrastructure and research centers should be built in Europe. It also appears appropriate to build a network of Crisis Observatories. They can be imagined as laboratories devoted to the gathering and processing of enormous volumes of data on both natural systems such as the Earth and its ecosystem, as well as on human techno-socio-economic systems, so as to gain early warnings of impending events. Reality mining provides the chance to adapt more quickly and more accurately to changing situations. Further opportunities arise by individually customized services, which however should be provided in a privacy-respecting way. This requires the development of novel ICT (such as a self- organizing Web), but most likely new legal regulations and suitable institutions as well. As long as such regulations are lacking on a world-wide scale, it is in the public interest that scientists explore what can be done with the huge data available. Big data do have the potential to change or even threaten democratic societies. The same applies to sudden and large-scale failures of ICT systems. Therefore, dealing with data must be done with a large degree of responsibility and care. Self-interests of individuals, companies or institutions have limits, where the public interest is affected, and public interest is not a sufficient justification to violate human rights of individuals. Privacy is a high good, as confidentiality is, and damaging it would have serious side effects for society.Comment: 65 pages, 1 figure, Visioneer White Paper, see http://www.visioneer.ethz.c

Bad moon on the rise? Lunar cycles and incidents of crime

Popular cultures in Western societies have long espoused the notion that phases of the moon influence human behavior. In particular, there is a common belief the full moon increases incidents of aberrant, deviant, and criminal behavior. Using police, astronomical, and weather data from a major southwestern American city, this study assessed whether lunar cycles related with rates of reported crime. The findings fail to support popular lore, which has suggested that lunar phase influenced the volume of crime reported to the police. Future research directions examining qualitative rather than quantitative aspects of this problem may yield further inform the understanding of whether lunar cycles appreciably influence demands for policing services

Click Fraud Detection in Online and In-app Advertisements: A Learning Based Approach

Click Fraud is the fraudulent act of clicking on pay-per-click advertisements to increase a site’s revenue, to drain revenue from the advertiser, or to inflate the popularity of content on social media platforms. In-app advertisements on mobile platforms are among the most common targets for click fraud, which makes companies hesitant to advertise their products. Fraudulent clicks are supposed to be caught by ad providers as part of their service to advertisers, which is commonly done using machine learning methods. However: (1) there is a lack of research in current literature addressing and evaluating the different techniques of click fraud detection and prevention, (2) threat models composed of active learning systems (smart attackers) can mislead the training process of the fraud detection model by polluting the training data, (3) current deep learning models have significant computational overhead, (4) training data is often in an imbalanced state, and balancing it still results in noisy data that can train the classifier incorrectly, and (5) datasets with high dimensionality cause increased computational overhead and decreased classifier correctness -- while existing feature selection techniques address this issue, they have their own performance limitations. By extending the state-of-the-art techniques in the field of machine learning, this dissertation provides the following solutions: (i) To address (1) and (2), we propose a hybrid deep-learning-based model which consists of an artificial neural network, auto-encoder and semi-supervised generative adversarial network. (ii) As a solution for (3), we present Cascaded Forest and Extreme Gradient Boosting with less hyperparameter tuning. (iii) To overcome (4), we propose a row-wise data reduction method, KSMOTE, which filters out noisy data samples both in the raw data and the synthetically generated samples. (iv) For (5), we propose different column-reduction methods such as multi-time-scale Time Series analysis for fraud forecasting, using binary labeled imbalanced datasets and hybrid filter-wrapper feature selection approaches

Online Privacy in Mobile and Web Platforms: Risk Quantification and Obfuscation Techniques

The wide-spread use of the web and mobile platforms and their high engagement in human lives pose serious threats to the privacy and confidentiality of users. It has been demonstrated in a number of research works that devices, such as desktops, mobile, and web browsers contain subtle information and measurable variation, which allow them to be fingerprinted. Moreover, behavioural tracking is another form of privacy threat that is induced by the collection and monitoring of users gestures such as touch, motion, GPS, search queries, writing pattern, and more. The success of these methods is a clear indication that obfuscation techniques to protect the privacy of individuals, in reality, are not successful if the collected data contains potentially unique combinations of attributes relating to specific individuals. With this in view, this thesis focuses on understanding the privacy risks across the web and mobile platforms by identifying and quantifying the privacy leakages and then designing privacy preserving frameworks against identified threats. We first investigate the potential of using touch-based gestures to track mobile device users. For this purpose, we propose and develop an analytical framework that quantifies the amount of information carried by the user touch gestures. We then quantify users privacy risk in the web data using probabilistic method that incorporates all key privacy aspects, which are uniqueness, uniformity, and linkability of the web data. We also perform a large-scale study of dependency chains in the web and find that a large proportion of websites under-study load resources from suspicious third-parties that are known to mishandle user data and risk privacy leaks. The second half of the thesis addresses the abovementioned identified privacy risks by designing and developing privacy preserving frameworks for the web and mobile platforms. We propose an on-device privacy preserving framework that minimizes privacy leakages by bringing down the risk of trackability and distinguishability of mobile users while preserving the functionality of the existing apps/services. We finally propose a privacy-aware obfuscation framework for the web data having high predicted risk. Using differentially-private noise addition, our proposed framework is resilient against adversary who has knowledge about the obfuscation mechanism, HMM probabilities and the training dataset

mFish Alpha Pilot: Building a Roadmap for Effective Mobile Technology to Sustain Fisheries and Improve Fisher Livelihoods.

In June 2014 at the Our Ocean Conference in Washington, DC, United States Secretary of State John Kerry announced the ambitious goal of ending overfishing by 2020. To support that goal, the Secretary's Office of Global Partnerships launched mFish, a public-private partnership to harness the power of mobile technology to improve fisher livelihoods and increase the sustainability of fisheries around the world. The US Department of State provided a grant to 50in10 to create a pilot of mFish that would allow for the identification of behaviors and incentives that might drive more fishers to adopt novel technology. In May 2015 50in10 and Future of Fish designed a pilot to evaluate how to improve adoption of a new mobile technology platform aimed at improving fisheries data capture and fisher livelihoods. Full report