A novel privacy preserving user identification approach for network traffic

The prevalence of the Internet and cloud-based applications, alongside the technological evolution of smartphones, tablets and smartwatches, has resulted in users relying upon network connectivity more than ever before. This results in an increasingly voluminous footprint with respect to the network traffic that is created as a consequence. For network forensic examiners, this traffic represents a vital source of independent evidence in an environment where anti-forensics is increasingly challenging the validity of computer-based forensics. Performing network forensics today largely focuses upon an analysis based upon the Internet Protocol (IP) address – as this is the only characteristic available. More typically, however, investigators are not actually interested in the IP address but rather the associated user (whose account might have been compromised). However, given the range of devices (e.g., laptop, mobile, and tablet) that a user might be using and the widespread use of DHCP, IP is not a reliable and consistent means of understanding the traffic from a user. This paper presents a novel approach to the identification of users from network traffic using only the meta-data of the traffic (i.e. rather than payload) and the creation of application-level user interactions, which are proven to provide a far richer discriminatory feature set to enable more reliable identity verification. A study involving data collected from 46 users over a two-month period generated over 112 GBs of meta-data traffic was undertaken to examine the novel user-interaction based feature extraction algorithm. On an individual application basis, the approach can achieve recognition rates of 90%, with some users experiencing recognition performance of 100%. The consequence of this recognition is an enormous reduction in the volume of traffic an investigator has to analyse, allowing them to focus upon a particular suspect or enabling them to disregard traffic and focus upon what is left

When is computer-mediated intergroup contact most promising? Examining the effect of out-group members' anonymity on prejudice

Computer-mediated intergroup contact (CMIC) is a valuable strategy to reduce negative sentiments towards members of different social groups. We examined whether characteristics of communication media that facilitate intergroup encounters shape its effect on out-group attitudes. Specifically, we propose that concealing individuating cues about out-group members during CMIC increases prejudice, as interaction partners are perceived as less socially present. To assess these hypotheses, we conducted two mixed-factorial experiments. Participants engaged in synchronous intergroup contact via text-chat with out-group members (Study 1) and a confederate (Study 2) who either shared or concealed their name and photo. Overall, CMIC reduced negative out-group sentiments. Study 2 showed, however, that out-group members' anonymity decreased perceived social presence, which was associated with less positive evaluations of the CMIC and higher prejudice. In conclusion, CMIC can contribute to conflict resolution interventions, preparing individuals for direct intergroup contact, if its affordances or conversation topics enhance interaction partners' social presence

The utility of Google Trends as a tool for evaluating flooding in data‐scarce places

Google Trends (GT) offers a historical database of global internet searches with the potential to complement conventional records of environmental hazards, especially in regions where formal hydrometeorological data are scarce. We evaluate the extent to which GT can discern heavy rainfall and floods in Kenya and Uganda during the period 2014 to 2018. We triangulate counts of flood searches from GT with available rainfall records and media reports to build an inventory of extreme events. The Spearman rank correlation (ρ) between monthly mean search interest for flooding and monthly Climate Hazards Group InfraRed Precipitation with Station (CHIRPS) rainfall totals was ρ = +0.38 (p < 0.005) for Kenya and ρ = +0.64 (p < 0.001) for Uganda. Media reports of flooding were used to specify a threshold of detectability to give the same overall frequency of floods based on GT search interest. When the GT search index threshold was set at ≥15 and ≥29, the correct detection rate was 75% and 64% within a five-day window of known flood events in Kenya and Uganda, respectively. From these preliminary explorations we conclude that GT has potential as a proxy data source, but greater skill may emerge in places with larger search volumes and by linking to historical information about environmental hazards at sub-national scales. Wider applicability of the GT platform might be possible if there is greater transparency about how Google algorithms determine topics