Contributions to privacy in web search engines

Els motors de cerca d’Internet recullen i emmagatzemen informació sobre els seus usuaris per tal d’oferir-los millors serveis. A canvi de rebre un servei personalitzat, els usuaris perden el control de les seves pròpies dades. Els registres de cerca poden revelar informació sensible de l’usuari, o fins i tot revelar la seva identitat. En aquesta tesis tractem com limitar aquests problemes de privadesa mentre mantenim suficient informació a les dades. La primera part d’aquesta tesis tracta els mètodes per prevenir la recollida d’informació per part dels motores de cerca. Ja que aquesta informació es requerida per oferir un servei precís, l’objectiu es proporcionar registres de cerca que siguin adequats per proporcionar personalització. Amb aquesta finalitat, proposem un protocol que empra una xarxa social per tal d’ofuscar els perfils dels usuaris. La segona part tracta la disseminació de registres de cerca. Proposem tècniques que la permeten, proporcionant k-anonimat i minimitzant la pèrdua d’informació.Web Search Engines collects and stores information about their users in order to tailor their services better to their users' needs. Nevertheless, while receiving a personalized attention, the users lose the control over their own data. Search logs can disclose sensitive information and the identities of the users, creating risks of privacy breaches. In this thesis we discuss the problem of limiting the disclosure risks while minimizing the information loss. The first part of this thesis focuses on the methods to prevent the gathering of information by WSEs. Since search logs are needed in order to receive an accurate service, the aim is to provide logs that are still suitable to provide personalization. We propose a protocol which uses a social network to obfuscate users' profiles. The second part deals with the dissemination of search logs. We propose microaggregation techniques which allow the publication of search logs, providing $k$-anonymity while minimizing the information loss

Semantic microaggregation for the anonymization of query logs using the open directory project

Web search engines gather information from the queries performed by the user in the form of query logs. These logs are extremely useful for research, marketing, or profiling, but at the same time they are a great threat to the user’s privacy. We provide a novel approach to anonymize query logs so they ensure user k-anonymity, by extending a common method used in statistical disclosure control: microaggregation. Furthermore, our microaggregation approach takes into account the semantics of the queries by relying on the Open Directory Project. We have tested our proposal with real data from AOL query logsPeer Reviewe

The Data that Drives Cyber Insurance: A Study into the Underwriting and Claims Processes

Cyber insurance is a key component in risk management, intended to transfer risks and support business recovery in the event of a cyber incident. As cyber insurance is still a new concept in practice and research, there are many unanswered questions regarding the data and economic models that drive it, the coverage options and pricing of premiums, and its more procedural policy-related aspects. This paper aims to address some of these questions by focusing on the key types of data which are used by cyber-insurance practitioners, particularly for decision-making in the insurance underwriting and claim processes. We further explore practitioners' perceptions of the challenges they face in gathering and using data, and identify gaps where further data is required. We draw our conclusions from a qualitative study by conducting a focus group with a range of cyber-insurance professionals (including underwriters, actuaries, claims specialists, breach responders, and cyber operations specialists) and provide valuable contributions to existing knowledge. These insights include examples of key data types which contribute to the calculation of premiums and decisions on claims, the identification of challenges and gaps at various stages of data gathering, and initial perspectives on the development of a pre-competitive dataset for the cyber insurance industry. We believe an improved understanding of data gathering and usage in cyber insurance, and of the current challenges faced, can be invaluable for informing future research and practice

The Anatomy of Online Deception: What Makes Automated Text Convincing?

Technology is rapidly evolving, and with it comes increasingly sophisticated bots (i.e. software robots) which automatically produce content to inform, influence, and deceive genuine users. This is particularly a problem for social media networks where content tends to be extremely short, informally written, and full of inconsistencies. Motivated by the rise of bots on these networks, we investigate the ease with which a bot can deceive a human. In particular, we focus on deceiving a human into believing that an automatically generated sample of text was written by a human, as well as analysing which factors affect how convincing the text is. To accomplish this, we train a set of models to write text about several distinct topics, to simulate a bot's behaviour, which are then evaluated by a panel of judges. We find that: (1) typical Internet users are twice as likely to be deceived by automated content than security researchers; (2) text that disagrees with the crowd's opinion is more believably human; (3) light-hearted topics such as Entertainment are significantly easier to deceive with than factual topics such as Science; and (4) automated text on Adult content is the most deceptive regardless of a user's background

Validating an Insider Threat Detection System:A Real Scenario Perspective

There exists unequivocal evidence denoting the dire consequences which organisations and governmental institutions face from insider threats. While the in-depth knowledge of the modus operandi that insiders possess provides ground for more sophisticated attacks, organisations are ill-equipped to detect and prevent these from happening. The research community has provided various models and detection systems to address the problem, but the lack of real data due to privacy and ethical issues remains a significant obstacle for validating and designing effective and scalable systems. In this paper, we present the results and our experiences from applying our detection system into a multinational organisation, the approach followed to abide with the ethical and privacy considerations and the lessons learnt on how the validation process refined the system in terms of effectiveness and scalability

Myo1f, an Unconventional Long-Tailed Myosin, Is a New Partner for the Adaptor 3BP2 Involved in Mast Cell Migration.

Mast cell chemotaxis is essential for cell recruitment to target tissues, where these cells play an important role in adaptive and innate immunity. Stem cell factor (SCF) is a major chemoattractant for mast cells. SCF binds to the KIT receptor, thereby triggering tyrosine phosphorylation in the cytoplasmic domain and resulting in docking sites for SH2 domain-containing molecules, such as Lyn and Fyn, and the subsequent activation of the small GTPases Rac that are responsible for cytoskeletal reorganization and mast cell migration. In previous works we have reported the role of 3BP2, an adaptor molecule, in mast cells. 3BP2 silencing reduces FcεRI-dependent degranulation, by targeting Lyn and Syk phosphorylation, as well as SCF-dependent cell survival. This study examines its role in SCF-dependent migration and reveals that 3BP2 silencing in human mast cell line (LAD2) impairs cell migration due to SCF and IgE. In that context we found that 3BP2 silencing decreases Rac-2 and Cdc42 GTPase activity. Furthermore, we identified Myo1f, an unconventional type-I myosin, as a new partner for 3BP2. This protein, whose functions have been described as critical for neutrophil migration, remained elusive in mast cells. Myo1f is expressed in mast cells and colocalizes with cortical actin ring. Interestingly, Myo1f-3BP2 interaction is modulated by KIT signaling. Moreover, SCF dependent adhesion and migration through fibronectin is decreased after Myo1f silencing. Furthermore, Myo1f silencing leads to downregulation of β1 and β7 integrins on the mast cell membrane. Overall, Myo1f is a new 3BP2 ligand that connects the adaptor to actin cytoskeleton and both molecules are involved in SCF dependent mast cell migration

Cyber security in the age of COVID-19:a timeline and analysis of cyber-crime and cyber-attacks during the pandemic

The COVID-19 pandemic was a remarkable, unprecedented event which altered the lives of billions of citizens globally resulting in what became commonly referred to as the new-normal in terms of societal norms and the way we live and work. Aside from the extraordinary impact on society and business as a whole, the pandemic generated a set of unique cyber-crime related circumstances which also affected society and business. The increased anxiety caused by the pandemic heightened the likelihood of cyber-attacks succeeding corresponding with an increase in the number and range of cyber-attacks.This paper analyses the COVID-19 pandemic from a cyber-crime perspective and highlights the range of cyber- attacks experienced globally during the pandemic. Cyber- attacks are analysed and considered within the context of key global events to reveal the modus-operandi of cyber- attack campaigns. The analysis shows how following what appeared to be large gaps between the initial outbreak of the pandemic in China and the first COVID-19 related cyber-attack, attacks steadily became much more prevalent to the point that on some days, three or four unique cyber- attacks were being reported. The analysis proceeds to utilise the UK as a case study to demonstrate how cyber-criminals leveraged salient events and governmental announcements to carefully craft and execute cyber-crime campaigns

Smart Insiders: Exploring the Threat from Insiders using the Internet-of-Things

The Internet-of-Things (IoT) is set to be one of the most disruptive technology paradigms since the advent of the Internet itself. Market research company Gartner estimates that around 4.9 billion connected things will be in use in 2015, and around 25 billion by 2020. While there are substantial opportunities accompanying IoT, spanning from Healthcare to Energy, there are an equal number of concerns regarding the security and privacy of this plethora of ubiquitous devices. In this position paper we approach security and privacy in IoT from a different perspective to existing research, by considering the impact that IoT may have on the growing problem of insider threat within enterprises. Our specific aim is to explore the extent to which IoT may exacerbate the insider-threat challenge for organisations and overview the range of new and adapted attack vectors. Here, we focus especially on (personal) devices which insiders bring and use within their employer’s enterprise. As a start to addressing these issues, we outline a broad research agenda to encourage further research in this area

Analytics for characterising and measuring the naturalness of online personae

Currently 40 % of the world’s population, around 3 billion users, are online using cyberspace for everything from work to pleasure. While there are numerous benefits accompanying this medium, the Internet is not without its perils. In this case study article, we focus specifically on the challenge of fake (or unnatural) online identities, such as those used to defraud people and organisations, with the aim of exploring an approach to detect them

Practitioners' Views on Cybersecurity Control Adoption and Effectiveness

Cybersecurity practitioners working in organisations implement risk controls aiming to improve the security of their systems. Determining prioritisation of the deployment of controls and understanding their likely impact on overall cybersecurity posture is challenging, yet without this understanding there is a risk of implementing inefficient or even harmful security practices. There is a critical need to comprehend the value of controls in reducing cyberrisk exposure in various organisational contexts, and the factors affecting their usage. Such information is important for research into cybersecurity risk and defences, for supporting cybersecurity decisions within organisations, and for external parties guiding cybersecurity practice such as standards bodies and cyber-insurance companies. Cybersecurity practitioners possess a wealth of field knowledge in this area, yet there has been little academic work collecting and synthesising their views. In an attempt to highlights trends and a range of wider organisational factors that impact on a control's effectiveness and deployment, we conduct a set of interviews exploring practitioners' perceptions. We compare alignment with the recommendations of security standards and requirements of cyberinsurance policies to validate findings. Although still exploratory, we believe this methodology would help in identifying points of improvement in cybersecurity investment, describing specific potential benefits