Alexander Binun, Bracha Shapira and Yuval Elovici
The purpose of this paper is to present an extension to a framework based on the information structure (IS) model for combining information filtering (IF) results. The main goal…
Abstract
Purpose
The purpose of this paper is to present an extension to a framework based on the information structure (IS) model for combining information filtering (IF) results. The main goal of the framework is to combine the results of the different IF systems so as to maximise the expected payoff (EP) to the user. In this paper we compare three different approaches to tuning the relevance thresholds of individual IF systems that are being combined in order to maximise the EP to the user. In the first approach we set the same threshold for each of the IF systems. In the second approach the threshold of each IF system is tuned independently to maximise its own EP (“local optimisation”). In the third approach the thresholds of the IF systems are jointly tuned to maximise the EP of the combined system (“global optimisation”).
Design/methodology/approach
An empirical evaluation is conducted to examine the performance of each approach using two IF systems based on somewhat different filtering algorithms (TFIDF, OKAPI). Experiments are run using the TREC3, TREC6, and TREC7 test collections.
Findings
The experiments reveal that, as expected, the third approach always outperforms the first and the second, and that for some user profiles, the difference is significant. However, operational goals argue against global optimisation, and the costs of meeting these operational goals are discussed.
Research limitations/implications
One limitation is the assumption of independence of the IF systems: in real life systems usually use similar algorithms, so dependency might occur. The approach also tends to be examined with the assumption of dependency between systems.
Practical implications
The main practical implications of this study lie in the empirical proof that combination of filtering systems improves filtering results and the finding about the optimal combination methods for the different user profiles. Many filtering applications exist (e.g. spam filters, news personalisation systems, etc.) that can benefit from these findings.
Originality/value
The study presents and compares the contribution of three different combination methods of filtering systems to the improvement of filtering results It empirically shows the benefits of each method and draws important conclusions about the combination of filtering systems.
Details
Keywords
Yuval Elovici, Bracha Shapira and Adlay Meshiach
The purpose of this paper is to prove the ability of PRivAte Web (PRAW) – a system for private web browsing – to stand possible attacks.
Abstract
Purpose
The purpose of this paper is to prove the ability of PRivAte Web (PRAW) – a system for private web browsing – to stand possible attacks.
Design/methodology/approach
Attacks on the systems were simulated, manipulating systems variables. A privacy measure was defined to evaluate the capability of the systems to stand the attacks. Analysis of results was performed.
Findings
It was shown that, even if the attack is optimised to provide the attacker's highest utility, the similarity between the user profile and the approximated profile is pretty low and does not enable the eavesdropper to derive an accurate estimation of the user profile.
Research limitations/implications
One limitation is the “cold start” problem – in the current version, an observer might detect the first transaction, which is always a real user transaction. As a remedy for this problem, the first transaction will be randomly delayed and a random number of fake transactions played before the real one (according to Tr). Another limitation is that PRAW supports only link browsing, originated in search engine interactions (since it is the most common interaction on the web. It should be extended to include concealment of browsing to links originating in the “Favourites” list, that users tend to browse regularly (even a few times a day) for professional or personal reasons.
Practical implications
PRAW is feasible and preserves the privacy of web browsers. It is now undergoing commercialisation to become a shelf tool for privacy preservation.
Originality/value
The paper presents a practical statistical method for privacy preservation and proved that it is standing possible attacks. Methods usually proposed for this problem are not statistical, but cryptography oriented, and are too expensive in processing‐time to be practical.
Details
Keywords
Rami Puzis, Dana Yagil, Yuval Elovici and Dan Braha
The purpose of this paper is to model and study the effectiveness of an attack on the anonymity of Internet users by a group of collaborating eavesdroppers.
Abstract
Purpose
The purpose of this paper is to model and study the effectiveness of an attack on the anonymity of Internet users by a group of collaborating eavesdroppers.
Design/methodology/approach
The paper is based on an analysis of the Internet topology. The study is based on two methods for choosing nodes that contribute the most to the detection of as many communicating Internet users as possible.
Findings
The paper illustrates that it is possible to compromise the anonymity of many Internet users when eavesdropping on a relatively small number of nodes, even when the most central ones are protected from eavesdropping.
Research limitations/implications
It is assumed that the Internet users under attack are not using any anonymity enhancing technologies, but nodes can be protected from eavesdropping. It proposes a measure of the success of an attack on Internet users' anonymity, for a given deployment of collaborating eavesdroppers in the Internet.
Practical implications
The paper shows that several, and not necessarily the most prominent, collaborating nodes can compromise the anonymity of a considerable portion of Internet users. This study also emphasizes that when trying to completely compromise the anonymity of Internet users, an eavesdroppers' deployment strategy that considers eavesdroppers' collaboration can result in substantial resource saving compared to choosing a set of the most prominent nodes.
Originality/value
The paper proposes a new measure of anonymity level in the network, based on the linkability of the Internet users. This paper is the first to present results of a non‐trivial Group Betweenness optimization strategy in large complex networks.
Details
Keywords
Yuval Elovici, Chanan Glezer and Bracha Shapira
To propose a model of a privacy‐enhanced catalogue search system (PECSS) in an attempt to address privacy threats to consumers, who search for products and services on the world…
Abstract
Purpose
To propose a model of a privacy‐enhanced catalogue search system (PECSS) in an attempt to address privacy threats to consumers, who search for products and services on the world wide web.
Design/methodology/approach
The model extends an agent‐based architecture for electronic catalogue mediation by supplementing it with a privacy enhancement mechanism. This mechanism introduces fake queries into the original stream of user queries, in an attempt to reduce the similarity between the actual interests of users (“internal user profile”) and the interests as observed by potential eavesdroppers on the web (“external user profile”). A prototype was constructed to demonstrate the feasibility and effectiveness of the model.
Findings
The evaluation of the model indicates that, by generating five fake queries per each original user query, the user's profile is hidden most effectively from any potential eavesdropper. Future research is needed to identify the optimal glossary of fake queries for various clients. The model also should be tested against various attacks perpetrated against the mixed stream of original and fake queries (i.e. statistical clustering).
Research limitations/implications
The model's feasibility was evaluated through a prototype. It was not empirically tested against various statistical methods used by intruders to reveal the original queries.
Practical implications
A useful architecture for electronic commerce providers, internet service providers (ISP) and individual clients who are concerned with their privacy and wish to minimize their dependencies on third‐party security providers.
Originality/value
The contribution of the PECSS model stems from the fact that, as the internet gradually transforms into a non‐free service, anonymous browsing cannot be employed any more to protect consumers' privacy, and therefore other approaches should be explored. Moreover, unlike other approaches, our model does not rely on the honesty of any third mediators and proxies that are also exposed to the interests of the client. In addition, the proposed model is scalable as it is installed on the user's computer.
Details
Keywords
This paper proposes a new framework for optimizing investment decisions when deciding about information security remedies.
Abstract
Purpose
This paper proposes a new framework for optimizing investment decisions when deciding about information security remedies.
Design/methodology/approach
The framework assumes that the organization is aware of a set of remedies that can be employed to address end‐effects that have been identified. The framework also assumes that the organization defines its information security policy by setting a minimum level of protection for each end‐effect. Given the two sets of costs, that of the end‐effect and the potential damage it can cause and that of the remedy and the required level of protection from each end‐effect, this framework can be used to identify the optimal set of remedies for a given budget that complies with the organization's information security policy. The framework is illustrated using a practical example concerning investment decision optimization in a financial organization.
Findings
The paper shows that exhausting the information security budget does not assure a higher level of security required by the organisation.
Practical implications
Concentrating on end‐effects and on the organizational requirements eases the process of remedy selection. The proposed methodology circumvents the common process of assuming probabilities of information security events.
Originality/value
This research proposes a practical and an easily implementable framework, enabling the information security manager to align the information security remedies and best practice methodological requirements with organizational budget constraints and business requirements while maintaining a required level of security.