User's Privacy in Recommendation Systems Applying Online Social Network Data, A Survey and Taxonomy

Recommender systems have become an integral part of many social networks and extract knowledge from a user's personal and sensitive data both explicitly, with the user's knowledge, and implicitly. This trend has created major privacy concerns as users are mostly unaware of what data and how much data is being used and how securely it is used. In this context, several works have been done to address privacy concerns for usage in online social network data and by recommender systems. This paper surveys the main privacy concerns, measurements and privacy-preserving techniques used in large-scale online social networks and recommender systems. It is based on historical works on security, privacy-preserving, statistical modeling, and datasets to provide an overview of the technical difficulties and problems associated with privacy preserving in online social networks.Comment: 26 pages, IET book chapter on big data recommender system

Anonymizing cybersecurity data in critical infrastructures: the CIPSEC approach

Cybersecurity logs are permanently generated by network devices to describe security incidents. With modern computing technology, such logs can be exploited to counter threats in real time or before they gain a foothold. To improve these capabilities, logs are usually shared with external entities. However, since cybersecurity logs might contain sensitive data, serious privacy concerns arise, even more when critical infrastructures (CI), handling strategic data, are involved. We propose a tool to protect privacy by anonymizing sensitive data included in cybersecurity logs. We implement anonymization mechanisms grouped through the definition of a privacy policy. We adapt said approach to the context of the EU project CIPSEC that builds a unified security framework to orchestrate security products, thus offering better protection to a group of CIs. Since this framework collects and processes security-related data from multiple devices of CIs, our work is devoted to protecting privacy by integrating our anonymization approach.Peer ReviewedPostprint (published version

A look ahead approach to secure multi-party protocols

Secure multi-party protocols have been proposed to enable non-colluding parties to cooperate without a trusted server. Even though such protocols prevent information disclosure other than the objective function, they are quite costly in computation and communication. Therefore, the high overhead makes it necessary for parties to estimate the utility that can be achieved as a result of the protocol beforehand. In this paper, we propose a look ahead approach, specifically for secure multi-party protocols to achieve distributed k-anonymity, which helps parties to decide if the utility benefit from the protocol is within an acceptable range before initiating the protocol. Look ahead operation is highly localized and its accuracy depends on the amount of information the parties are willing to share. Experimental results show the effectiveness of the proposed methods

Fuzz-classification (p, l)-Angel: An enhanced hybrid artificial intelligence based fuzzy logic for multiple sensitive attributes against privacy breaches

The inability of traditional privacy-preserving models to protect multiple datasets based on sensitive attributes has prompted researchers to propose models such as SLOMS, SLAMSA, (p, k)-Angelization, and (p, l)-Angelization, but these were found to be insufficient in terms of robust privacy and performance. (p, l)-Angelization was successful against different privacy disclosures, but it was not efficient. To the best of our knowledge, no robust privacy model based on fuzzy logic has been proposed to protect the privacy of sensitive attributes with multiple records. In this paper, we suggest an improved version of (p, l)-Angelization based on a hybrid AI approach and privacy-preserving approach like Generalization. Fuzz-classification (p, l)-Angel uses artificial intelligence based fuzzy logic for classification, a high-dimensional segmentation technique for segmenting quasi-identifiers and multiple sensitive attributes. We demonstrate the feasibility of the proposed solution by modelling and analyzing privacy violations using High-Level Petri Nets. The results of the experiment demonstrate that the proposed approach produces better results in terms of efficiency and utility