Controlled Data Sharing for Collaborative Predictive Blacklisting

Although sharing data across organizations is often advocated as a promising way to enhance cybersecurity, collaborative initiatives are rarely put into practice owing to confidentiality, trust, and liability challenges. In this paper, we investigate whether collaborative threat mitigation can be realized via a controlled data sharing approach, whereby organizations make informed decisions as to whether or not, and how much, to share. Using appropriate cryptographic tools, entities can estimate the benefits of collaboration and agree on what to share in a privacy-preserving way, without having to disclose their datasets. We focus on collaborative predictive blacklisting, i.e., forecasting attack sources based on one's logs and those contributed by other organizations. We study the impact of different sharing strategies by experimenting on a real-world dataset of two billion suspicious IP addresses collected from Dshield over two months. We find that controlled data sharing yields up to 105% accuracy improvement on average, while also reducing the false positive rate.Comment: A preliminary version of this paper appears in DIMVA 2015. This is the full version. arXiv admin note: substantial text overlap with arXiv:1403.212

Introduction: the literature of the Anthropocene

Diletta De Cristofaro and Daniel Cordle introduce the special issue on the Literature of the Anthropocene. They provide the context for the issue and flesh out the main concerns of the essays included: form, scale, the reckoning of the human with the non-human, time, and the relationship between the Humanities and the Sciences

Mean birds: Detecting aggression and bullying on Twitter

In recent years, bullying and aggression against social media users have grown significantly, causing serious consequences to victims of all demographics. Nowadays, cyberbullying affects more than half of young social media users worldwide, suffering from prolonged and/or coordinated digital harassment. Also, tools and technologies geared to understand and mitigate it are scarce and mostly ineffective. In this paper, we present a principled and scalable approach to detect bullying and aggressive behavior on Twitter. We propose a robust methodology for extracting text, user, and network-based attributes, studying the properties of bullies and aggressors, and what features distinguish them from regular users. We find that bullies post less, participate in fewer online communities, and are less popular than normal users. Aggressors are relatively popular and tend to include more negativity in their posts. We evaluate our methodology using a corpus of 1.6M tweets posted over 3 months, and show that machine learning classification algorithms can accurately detect users exhibiting bullying and aggressive behavior, with over 90% AUC

Measuring #GamerGate: A Tale of Hate, Sexism, and Bullying

Over the past few years, online aggression and abusive behaviors have occurred in many different forms and on a variety of platforms. In extreme cases, these incidents have evolved into hate, discrimination, and bullying, and even materialized into real-world threats and attacks against individuals or groups. In this paper, we study the Gamergate controversy. Started in August 2014 in the online gaming world, it quickly spread across various social networking platforms, ultimately leading to many incidents of cyberbullying and cyberaggression. We focus on Twitter, presenting a measurement study of a dataset of 340k unique users and 1.6M tweets to study the properties of these users, the content they post, and how they differ from random Twitter users. We find that users involved in this "Twitter war" tend to have more friends and followers, are generally more engaged and post tweets with negative sentiment, less joy, and more hate than random users. We also perform preliminary measurements on how the Twitter suspension mechanism deals with such abusive behaviors. While we focus on Gamergate, our methodology to collect and analyze tweets related to aggressive and bullying activities is of independent interest

Novel Adaptive Fixturing for Precise Micro-positioning of Thin Walled Parts

Fixtures are used to locate and hold workpieces during machining. Because workpiece surface errors and fixture set-up errors (called source errors) always exist, the fixtured workpiece will consequently have position and/or orientation errors (called resultant errors) that will definitely affect the final machining accuracy. This paper illustrates a novel adaptive fixturing based on active clamping forces for smart micropositioning of thin walled precision parts. The aim of obtaining a modular unit, reusable and exploitable to different industrial applications has been pursued during the design phase. The proposed adaptive fixturing device can lead to the following advantages: - to perform an automatic errors-free workpiece clamping and then drastically reduce the overall fixturing set up time; - to recover unwanted strains induced on the workpiece, in order to limit the amplitude of elastic strain recovery; - to perform, if necessary, active vibration control (AVC) in order to limit vibration/chatter effects induced by the cutting tool

"I'm a Professor, which isn't usually a dangerous job": Internet-facilitated Harassment and Its Impact on Researchers

While the Internet has dramatically increased the exposure that research can receive, it has also facilitated harassment against scholars. To understand the impact that these attacks can have on the work of researchers, we perform a series of systematic interviews with researchers including academics, journalists, and activists, who have experienced targeted, Internet-facilitated harassment. We provide a framework for understanding the types of harassers that target researchers, the harassment that ensues, and the personal and professional impact on individuals and academic freedom. We then study preventative and remedial strategies available, and the institutions that prevent some of these strategies from being more effective. Finally, we discuss the ethical structures that could facilitate more equitable access to participating in research without serious personal suffering

Changes in the composition of the passive layer and pitting corrosion of stainless steel in phosphate-borate buffer containing chloride ions

The influence of the passive layer properties on the pitting corrosion of 316SS was studied in phosphate—borate buffer containing chloride ions by using potential step and potentiodynamic techniques complemented with scanning electron microscopy. The increase of the anodization time in the passive region decreases the nucleation rate and the mean number of corrosion pits formed onthe 316SS surface. Results are explained through changes in the structure and composition of the passive layer during anodization. Two different Cr(III) species can be voltammetrically detected at short anodization times, an outer weakly bound Cr(III) species which is electroaoxidized to soluble CrO42− and an inner Cr(III) species which is electrooxidized to Cr(VI) but retained in the film at potentials lying in the transpassive region. As the anodization time in the passive region increases, the weakly bound Cr(III) species is transformed into another more stable one, probably an iron chromite, which exhibits an electooxidation potential more positive than that of Cr(III) species. The aged passive layer becomes more resistant to pit initiation, due to either a decrease in the density of active sites or a decrease in the nucleation rate constant for pit initiation.Instituto de Investigaciones Fisicoquímicas Teóricas y Aplicada

Detecting cyberbullying and cyberaggression in social media

Cyberbullying and cyberaggression are increasingly worrisome phenomena affecting people across all demographics. More than half of young social media users worldwide have been exposed to such prolonged and/or coordinated digital harassment. Victims can experience a wide range of emotions, with negative consequences such as embarrassment, depression, isolation from other community members, which embed the risk to lead to even more critical consequences, such as suicide attempts. In this work, we take the first concrete steps to understand the characteristics of abusive behavior in Twitter, one of today’s largest social media platforms. We analyze 1.2 million users and 2.1 million tweets, comparing users participating in discussions around seemingly normal topics like the NBA, to those more likely to be hate-related, such as the Gamergate controversy, or the gender pay inequality at the BBC station. We also explore specific manifestations of abusive behavior, i.e., cyberbullying and cyberaggression, in one of the hate-related communities (Gamergate). We present a robust methodology to distinguish bullies and aggressors from normal Twitter users by considering text, user, and network-based attributes. Using various state-of-the-art machine-learning algorithms, we classify these accounts with over 90% accuracy and AUC. Finally, we discuss the current status of Twitter user accounts marked as abusive by our methodology and study the performance of potential mechanisms that can be used by Twitter to suspend users in the future

Flexible and Robust Privacy-Preserving Implicit Authentication

Implicit authentication consists of a server authenticating a user based on the user's usage profile, instead of/in addition to relying on something the user explicitly knows (passwords, private keys, etc.). While implicit authentication makes identity theft by third parties more difficult, it requires the server to learn and store the user's usage profile. Recently, the first privacy-preserving implicit authentication system was presented, in which the server does not learn the user's profile. It uses an ad hoc two-party computation protocol to compare the user's fresh sampled features against an encrypted stored user's profile. The protocol requires storing the usage profile and comparing against it using two different cryptosystems, one of them order-preserving; furthermore, features must be numerical. We present here a simpler protocol based on set intersection that has the advantages of: i) requiring only one cryptosystem; ii) not leaking the relative order of fresh feature samples; iii) being able to deal with any type of features (numerical or non-numerical). Keywords: Privacy-preserving implicit authentication, privacy-preserving set intersection, implicit authentication, active authentication, transparent authentication, risk mitigation, data brokers.Comment: IFIP SEC 2015-Intl. Information Security and Privacy Conference, May 26-28, 2015, IFIP AICT, Springer, to appea