Meaningful XAI Based on User-Centric Design Methodology

This report explores the concept of explainability in AI-based systems, distinguishing between "local" and "global" explanations. “Local” explanations refer to specific algorithmic outputs in their operational context, while “global” explanations encompass the system as a whole. The need to tailor explanations to users and tasks is emphasised, acknowledging that explanations are not universal solutions and can have unintended consequences. Two use cases illustrate the application of explainability techniques: an educational recommender system, and explainable AI for scientific discoveries. The report discusses the subjective nature of meaningfulness in explanations and proposes cognitive metrics for its evaluation. It concludes by providing recommendations, including the inclusion of “local” explainability guidelines in the EU AI proposal, the adoption of a user-centric design methodology, and the harmonisation of explainable AI requirements across different EU legislation and case law.Overall, this report delves into the framework and use cases surrounding explainability in AI-based systems, emphasising the need for “local” and “global” explanations, and ensuring they are tailored toward users of AI-based systems and their tasks

Attack2vec: Leveraging temporal word embeddings to understand the evolution of cyberattacks

Despite the fact that cyberattacks are constantly growing in complexity, the research community still lacks effective tools to easily monitor and understand them. In particular, there is a need for techniques that are able to not only track how prominently certain malicious actions, such as the exploitation of specific vulnerabilities, are exploited in the wild, but also (and more importantly) how these malicious actions factor in as attack steps in more complex cyberattacks. In this paper we present ATTACK2VEC, a system that uses temporal word embeddings to model how attack steps are exploited in the wild, and track how they evolve. We test ATTACK2VEC on a dataset of billions of security events collected from the customers of a commercial Intrusion Prevention System over a period of two years, and show that our approach is effective in monitoring the emergence of new attack strategies in the wild and in flagging which attack steps are often used together by attackers (e.g., vulnerabilities that are frequently exploited together). ATTACK2VEC provides a useful tool for researchers and practitioners to better understand cyberattacks and their evolution, and use this knowledge to improve situational awareness and develop proactive defenses.Accepted manuscrip

ATTACK2VEC: Leveraging Temporal Word Embeddings to Understand the Evolution of Cyberattacks

Despite the fact that cyberattacks are constantly growing in complexity, the research community still lacks effective tools to easily monitor and understand them. In particular, there is a need for techniques that are able to not only track how prominently certain malicious actions, such as the exploitation of specific vulnerabilities, are exploited in the wild, but also (and more importantly) how these malicious actions factor in as attack steps in more complex cyberattacks. In this paper we present ATTACK2VEC, a system that uses temporal word embeddings to model how attack steps are exploited in the wild, and track how they evolve. We test ATTACK2VEC on a dataset of billions of security events collected from the customers of a commercial Intrusion Prevention System over a period of two years, and show that our approach is effective in monitoring the emergence of new attack strategies in the wild and in flagging which attack steps are often used together by attackers (e.g., vulnerabilities that are frequently exploited together). ATTACK2VEC provides a useful tool for researchers and practitioners to better understand cyberattacks and their evolution, and use this knowledge to improve situational awareness and develop proactive defenses

Strengthening the Customer Experience via Interactive Digital Tactics: Evaluating the Quantification of Self and Gamification

Managing customer interactions has evolved, with firms shifting their focus from simply “selling” to customers to instead building more meaningful personal relationships with them. A key part of this new thinking is the customer experience, involving interactions between a customer and brand that provoke a meaningful personal reaction, and often include the consumer playing an active role in tailoring the experience. I examine two interactive innovations, the quantification of self (QOS) and gamification, that are being utilized by marketers to enrich the customer experience. QOS involves the production of highly-detailed individualized performance metrics for personal activity monitoring. Gamification is the use of game design elements to enhance products and services. There is a significant overlap between the two, when gamification is based on QOS metrics. Both QOS and gamification are meant to deepen the consumer experience with a product/brand, in terms of more engagement and more personal benefits derived. In addition, both involve co-creation. My dissertation explores these marketing tactics and their impact on the customer experience. The purpose of essay one is to establish if QOS data, provided via a consumer product, positively impacts motivation toward a goal pursuit. I propose and show support for a mediation model that captures the psychological process underlying QOS’s positive motivational impact. My model suggests three factors mediate the impact of QOS on motivation: 1) feedback loop enhancement, 2) self-empowerment amplification, and 3) goal focus strengthening. This research suggests QOS-based consumer products used as part of a goal pursuit will provide the user with a more personally meaningful experience than a similar non-QOS product. The purpose of essay two is to understand the impact of QOS in wellness programs that are directed by a third party. Since an increase in perceived self-empowerment is found in essay one to be a critical mediating factor in the impact of QOS, this essay explores the hypothesis that QOS loses much of its appeal when run by a third party that is seen as having a power advantage. The theoretical framework for this essay draws from self-determination theory and the consumer empowerment literature. This research identifies an important boundary condition for the impact of QOS. Essay three examines the use of gamification in marketing contexts, including gamification’s impact on the gamified marketing activity itself (enjoyment, emotional attachment) as well as the potential spillover benefits for the brand associated with the activity. I also gauge potential moderators of gamification’s appeal, such as individual’s innate competitiveness and innate propensity for risk. My results suggest gamification has some ability to bolster anticipated enjoyment and interest in joining a marketing activity, though this can vary substantially due to innate personal characteristics and situational factors. No support was found for gamification’s ability to strengthen emotional engagement with the activity or the brand. Drawing from established theoretical foundations such as goal setting theory, self-determination theory and the consumer empowerment literature, these three essays extend marketing theory regarding how interactive, digital-based environments can help marketers strengthen the consumer experience. My research provides models to understand the meaningful benefits consumers derive from these marketing approaches. It also identifies important boundary conditions and modifiers, including innate personal characteristics and situational contexts. In my discussion of results, I provide applicable managerial insights for strengthening relationships between consumers and products/brands

System Security Assurance: A Systematic Literature Review

System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber-physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions

On the relative value of weak information of supervision for learning generative models: An empirical study

Weakly supervised learning is aimed to learn predictive models from partially supervised data, an easy-to-collect alternative to the costly standard full supervision. During the last decade, the research community has striven to show that learning reliable models in specific weakly supervised problems is possible. We present an empirical study that analyzes the value of weak information of supervision throughout its entire spectrum, from none to full supervision. Its contribution is assessed under the realistic assumption that a small subset of fully supervised data is available. Particularized in the problem of learning with candidate sets, we adapt Cozman and Cohen [1] key study to learning from weakly supervised data. Standard learning techniques are used to infer generative models from this type of supervision with both synthetic and real data. Empirical results suggest that weakly labeled data is helpful in realistic scenarios, where fully labeled data is scarce, and its contribution is directly related to both the amount of information of supervision and how meaningful this information is

Designing for digital wellbeing: A research & practice agenda

Traditionally, many consumer-focused technologies have been designed to maximize user engagement with their products and services. More recently, many technology companies have begun to introduce digital wellbeing features, such as for managing time spent and for encouraging breaks in use. These are in the context of, and likely in response to, renewed concerns in the media about technology dependency and even addiction. The promotion of technology abstinence is also increasingly widespread, e.g., via digital detoxes. Given that digital technologies are an important and valuable feature of many people's lives, digital wellbeing features are arguably preferable to abstinence

MORE: A multi‐objective refactoring recommendation approach to introducing design patterns and fixing code smells

Peer Reviewedhttps://deepblue.lib.umich.edu/bitstream/2027.42/137556/1/smr1843.pdfhttps://deepblue.lib.umich.edu/bitstream/2027.42/137556/2/smr1843_am.pd