Context: Security Requirements engineering is necessary to achieve secure software systems. Many techniques and approaches have been proposed to elicit security requirements in the initial phases of development. With the growing importance of security and immense increase in security breaches over the past few years, researchers and practitioners have been striving to achieve a mature process of coping with security requirements. Much of the activities in this regard are seen in academia but industry still seems to be lacking in giving the required importance to security requirements engineering. That is why, security requirements engineering is still not always considered as a central part of requirements engineering. This study is targeted to bridge this gap between academia and industry in terms of security requirements engineering and to provide a concrete approach to efficiently elicit and specify security requirements. The Misuse case technique is proposed for this purpose. However it lacks in providing guidelines for enabling scalable use. This limitation has been addressed to achieve a mature process of security requirements elicitation. Objectives: In this study, we propose a framework to elicit security requirements early in the software development using misuse case technique. Objective is to make misuse case technique scalable and applicable to the real-world projects. The proposed framework was presented to two representatives from the Swedish Armed Forces (SWAF). The feedback received from the representatives was utilized to refine, update and finalize the framework. Methods: The study involved a systematic review to gain an insight of the academic perspective in the area of study. Document extraction was adopted to observe the industrial trends in the said subject. These were the software requirements specification documents of the real-world systems. Document extraction was supported with informed brainstorming because the study revolved around misuse case technique and informed brainstorming is considered to be the most suitable technique for this purpose. A workshop was conducted with two representatives of Swedish Armed Forces followed by two subsequent asynchronous communication rounds and a facilitated session to get feedback about the proposed solution. This feedback was utilized to refine, update and finalize the proposed solution. Results: The results of the systematic review were organized in tabular forms for a clear understanding and easy analysis. A security requirements categorization was obtained as a result which was finalized after an initial validation with the help of real-world projects. Furthermore, a framework was proposed utilizing this categorization to address the limitations of misuse case technique. The framework was created and refined through workshop and different communication rounds with representatives of SWAF. Their feedback was used as input to further improve the usefulness and usability aspects of the framework. Conclusions: The significance of security requirements engineering is undisputedly accepted both in academia and industry. However, the area is not a subject of practice in industrial projects. The reasons include lack of mature processes as well as expensive and time consuming solutions. Lack of empirical evidences adds to the problems. The conducted study and proposed process of dealing with this issue is considered as a one step forward towards addressing the challenges.
Context. An SSL encrypted client-server communication is necessary to maintain the security and privacy of the communication. For an SSL encryption to work, there should be a security certificate which has a certain expiry period. Periodic renewal of the certificate after its expiry is a waste of time and an effort on part of the company.
Objectives. In this study, a new system has been developed and implemented, which sends a certificate during prior communication and does not wait for the certificate to expire. Automating the process to a certain extent was done to not compromise the security of the system and to speed up the process and reduce the downtime.
Methods. Experiments have been conducted to test the new system and compare it to the old system. The experiments were conducted to analyze the packets and the downtime occurring from certificate renewal.
Results. The results of the experiments show that there is a significant reduction in downtime. This was achieved due to the implementation of the new system and semi-automation
Conclusions. The system has been implemented, and it greatly reduces the downtime occurring due to the expiry of the security certificates. Semi-Automation has been done to not hamper the security and make the system robust.
As computers are increasingly more integrated into our daily lives we become more dependent on software. This situation is exploited by villainous actors on the Internet that distribute malicious software in search for fast financial gains on the expense of deceived computer users. As a result, computer users need more accurate and aiding mechanisms to assist them when separating legitimate software from its unwanted counterparts. However, such separations are complicated due to a greyzone of software that exists between legitimate and purely malicious software. The software in this greyzone often vaguely labeled spyware. This work introduce both user-aiding mechanisms and an attempt to clarify the greyzone by introducing the concept of privacy-invasive software (PIS) as a category of software that ignores the users’ right to be left alone. Such software is distributed with a specific intent (often of commercial nature), which negatively affect the users to various degree. PIS is therefore classified with respect to the degree of informed consent and the amount of negative consequences for the users. To mitigate the effects from PIS, two novel mechanisms for safeguarding user consent during software installation are introduced; a collaborative software reputation system; and an automated End User License Agreement (EULA) classification. In the software reputation system, users collaborate by sharing experiences of previously used software programs, allowing new users to rely on the collective experience when installing software. The EULA classification generalizes patterns from a set of both legitimate and questionable software EULAs, so that computer users can automatically classify previously unknown EULAs as belonging to legitimate software or not. Both techniques increase user awareness about software program behavior, which allow users to make more informed decisions concerning software installations, which arguably reduces the threat from PIS. We present experimental results showing the ability of a set of machine learning algorithms ability to perform automated EULA classification. In addition, we also present a prototype implementation of a software reputation system, together with simulation results of the large-scale use of the system.
As computers are increasingly more integrated into our daily lives, we need aiding mechanisms for separating legitimate software from their unwanted counterparts. We use the term Privacy-Invasive Software (PIS) to refer to such illegitimate software, sometimes loosely labelled as spyware. In this thesis, we include an introduction to PIS, and how it differs from both legitimate and traditionally malicious software. We also present empirical measurements indicating the effects that PIS have on infected computers and networks. An important contribution of this work is a classification of PIS in which we target both the level of user consent, as well as the degree of user consequences associated with PIS. These consequences, affecting both users and their computers, form a global problem that deteriorates a vast number of users’ computer experiences today. As a way to hinder, or at least mitigate, this development we argue for more user-oriented countermeasures that focus on informing users about the behaviour and consequences associated with using a particular software. In addition to current reactive countermeasures, we also need preventive tools dealing with the threat of PIS before it enters users’ computers. Collaborative reputation systems present an interesting way forward towards such preventive and user-oriented countermeasures against PIS. Moving the software reputations from old channels (such as computer magazines or friends’ recommendations) into an instantly fast reputation system would be beneficial for the users when distinguishing unwanted software from legitimate. It is important that such a reputation system is designed to address antagonistic intentions from both individual users and groups thereof, so that users could depend on the reputations. This would allow users to reach more informed decisions by taking the reported consequences into account when deciding whether they want a specific software to enter their computer or not.
To identify series of residential burglaries, detecting linked crimes performed bythe same constellations of criminals is necessary. Comparison of crime reports today isdicult as crime reports traditionally have been written as unstructured text and oftenlack a common information-basis. Based on a novel process for collecting structured crimescene information the present study investigates the use of clustering algorithms to groupsimilar crime reports based on combined crime characteristics from the structured form.Clustering quality is measured using Connectivity and Silhouette index, stability usingJaccard index, and accuracy is measured using Rand index and a Series Rand index.The performance of clustering using combined characteristics was compared with spatialcharacteristic. The results suggest that the combined characteristics perform better orsimilar to the spatial characteristic. In terms of practical signicance, the presentedclustering approach is capable of clustering cases using a broader decision basis.
Law enforcement agencies strive to link serial crimes, most preferably based on physical evidence, such as DNA or fingerprints, in order to solve criminal cases more efficiently. However, physical evidence is more common at crime scenes in some crime categories than others. For crime categories with relative low occurrence of physical evidence it could instead be possible to link related crimes using soft evidence based on the perpetrators' modus operandi (MO). However, crime linkage based on soft evidence is associated with considerably higher error-rates, i.e. crimes being incorrectly linked. In this study, we investigate the possibility of filtering erroneous crime links based on travel time between crimes using web-based direction services, more specifically Google maps. A filtering method has been designed, implemented and evaluated using two data sets of residential burglaries, one with known links between crimes, and one with estimated links based on soft evidence. The results show that the proposed route-based filtering method removed 79 % more erroneous crimes than the state-of-the-art method relying on Euclidean straight-line routes. Further, by analyzing travel times between crimes in known series it is indicated that burglars on average have up to 15 minutes for carrying out the actual burglary event. © 2016 IEEE.
Law enforcement agencies strive to link crimes perpetrated by the same offenders into crime series in order to improve investigation efficiency. Such crime linkage can be done using both physical traces (e.g., DNA or fingerprints) or 'soft evidence' in the form of offenders' modus operandi (MO), i.e. their behaviors during crimes. However, physical traces are only present for a fraction of crimes, unlike behavioral evidence. This work-in-progress paper presents a method for aggregating multiple criminal profilers' ratings of offenders' behavioral characteristics based on feature-rich crime scene descriptions. The method calculates consensus ratings from individual experts' ratings, which then are used as a basis for classification algorithms. The classification algorithms can automatically generalize offenders' behavioral characteristics from cues in the crime scene data. Models trained on the consensus rating are evaluated against models trained on individual profiler's ratings. Thus, whether the consensus model shows improved performance over individual models. © 2018 IEEE.
This work presents a method for detecting statisticallysignificant temporal hotspots, i.e. the date and time of events,which is useful for improved planning of response activities.Temporal hotspots are calculated using Local Indicators ofSpatial Association (LISA) statistics. The temporal data is ina 7x24 matrix that represents a temporal resolution of weekdaysand hours-in-the-day. Swedish residential burglary events areused in this work for testing the temporal hotspot detectionapproach. Although, the presented method is also useful forother events as long as they contain temporal information, e.g.attack attempts recorded by intrusion detection systems. Byusing the method for detecting significant temporal hotspotsit is possible for domain-experts to gain knowledge about thetemporal distribution of the events, and also to learn at whichtimes mitigating actions could be implemented.
Law enforcement agencies, as well as researchers rely on temporal analysis methods in many crime analyses, e.g., spatio-temporal analyses. A number of temporal analysis methods are being used, but a structured comparison in different configurations is yet to be done. This study aims to fill this research gap by comparing the accuracy of five existing, and one novel, temporal analysis methods in approximating offense times for residential burglaries that often lack precise time information. The temporal analysis methods are evaluated in eight different configurations with varying temporal resolution, as well as the amount of data (number of crimes) available during analysis. A dataset of all Swedish residential burglaries reported between 2010 and 2014 is used (N = 103,029). From that dataset, a subset of burglaries with known precise offense times is used for evaluation. The accuracy of the temporal analysis methods in approximating the distribution of burglaries with known precise offense times is investigated. The aoristic and the novel aoristic_ext method perform significantly better than three of the traditional methods. Experiments show that the novel aoristic_ext method was most suitable for estimating crime frequencies in the day-of-the-year temporal resolution when reduced numbers of crimes were available during analysis. In the other configurations investigated, the aoristic method showed the best results. The results also show the potential from temporal analysis methods in approximating the temporal distributions of residential burglaries in situations when limited data are available.
Streaming data services, such as video-on-demand, are getting increasingly more popular, and they are expected to account for more than 80% of all Internet traffic in 2020. In this context, it is important for streaming service providers to detect deviations in service requests due to issues or changing end-user behaviors in order to ensure that end-users experience high quality in the provided service. Therefore, in this study we investigate to what extent sequence-based Markov models can be used for anomaly detection by means of the end-users’ control sequences in the video streams, i.e., event sequences such as play, pause, resume and stop. This anomaly detection approach is further investigated over three different temporal resolutions in the data, more specifically: 1 h, 1 day and 3 days. The proposed anomaly detection approach supports anomaly detection in ongoing streaming sessions as it recalculates the probability for a specific session to be anomalous for each new streaming control event that is received. Two experiments are used for measuring the potential of the approach, which gives promising results in terms of precision, recall, F 1 -score and Jaccard index when compared to k-means clustering of the sessions. © 2019, The Author(s).
I detta artikel beskrivs en metod som används i polisregionerna Syd, Väst och Stockholm1 för att samla in strukturerade brottsplatsuppgifter från bostadsinbrott, samt hur den insamlade informationen kan analyseras med automatiska metoder som kan assistera brottssamordnare i deras arbete. Dessa automatiserade analyser kan användas som filtrerings- eller selekteringsverktyg för bostadsinbrott och därmed effektivisera och underlätta arbetet. Vidare kan metoden användas för att avgöra sannolikheten att två brott är utförda av samma gärningsman, vilket kan hjälpa polisen att identifiera serier av brott. Detta är möjligt då gärningsmän tenderar att begå brott på ett snarlikt sätt och det är möjligt, baserat på strukturerade brottsplatsuppgifter, att automatiskt hitta dessa mönster. I kapitlet presenteras och utvärderas en prototyp på ett IT-baserat beslutsstödsystem samt två automatiska metoder för brottssamordning.
Objectives: The present study aims to extend current research on how offenders’ modus operandi (MO) can be used in crime linkage, by investigating the possibility to automatically estimate offenders’ risk exposure and level of pre-crime preparation for residential burglaries. Such estimations can assist law enforcement agencies when linking crimes into series and thus provide a more comprehensive understanding of offenders and targets, based on the combined knowledge and evidence collected from different crime scenes. Methods: Two criminal profilers manually rated offenders’ risk exposure and level of pre-crime preparation for 50 burglaries each. In an experiment we then analyzed to what extent 16 machine-learning algorithms could generalize both offenders’ risk exposure and preparation scores from the criminal profilers’ ratings onto 15,598 residential burglaries. All included burglaries contain structured and feature-rich crime descriptions which learning algorithms can use to generalize offenders’ risk and preparation scores from.Results: Two models created by Naïve Bayes-based algorithms showed best performance with an AUC of 0.79 and 0.77 for estimating offenders' risk and preparation scores respectively. These algorithms were significantly better than most, but not all, algorithms. Both scores showed promising distinctiveness between linked series, as well as consistency for crimes within series compared to randomly sampled crimes.Conclusions: Estimating offenders' risk exposure and pre-crime preparation can complement traditional MO characteristics in the crime linkage process. The estimations are also indicative to function for cross-category crimes that otherwise lack comparable MO. Future work could focus on increasing the number of manually rated offenses as well as fine-tuning the Naïve Bayes algorithm to increase its estimation performance.
User privacy is widely affected by the occurrence of privacy-invasive software (PIS) on the Internet. Various forms of countermeasures try to mitigate the negative effects caused by PIS. We use a computer forensic tool to evaluate an anti-spyware tool, with respect to found PIS over a four years period. Within the anti-spyware tool PIS was slowly identified, caused classification problems, and formely classified PIS were sometimes excluded. Background information on both PIS and countermeasure techniques are also presented, followed by discussions on legal disputes between developers of PIS and vendors of countermeasures. © 2006 IEEE.
In this paper we analyze how a proposed Swedish Road User Charging (RUC) system for differentiated distance based taxation affects the corporate confidentiality of haulers. Each hauler needs to equip all their vehicles with an On-Board Unit (OBU) that continuously send position readings back to a central server, which then is used to calculate the taxation. The fact that the system gather, process, and store information about where the vehicles travel introduce threats to the haulers corporate confidentiality, e.g. if the position data leak to competitors. We describe threats to various parts of the RUC system, together with protective measures. In the end of the paper we discuss the impact on corporate confidentiality if such a RUC system is introduced, e.g. how would the leakage of position data affect transports conveying sensitive goods such as medical drugs or consumer electronics.
In this paper, we discuss various types of spyware programs, their behaviour, how they typically infect computers, and the propagation of new varieties of spyware programs. In two experiments, we investigate the occurrence and impact of spyware programs found in popular P2P applications. Based on the findings from the empirical investigations, we try to lift the perspective to a more general view on spyware deriving from the theory of (virtual) network effects. In a model, we categorize in what ways spyware might decrease the utility of belonging to a large virtual network. Here, the baseline is that spyware programs intrude systems and networks, but since they profit from user data they also intrude user privacy. In the model, the intrusions are classified as moderate, severe or disastrous. We found that spyware has the potential to overthrow the positive aspects of belonging to a large network, and network owners should therefore be very careful about permitting such programs in applications and on networks.
Privacy-invasive software, loosely labeled spyware, is an increasingly common problem for today’s computer users, one to which there is no absolute cure. Most of the privacy-invasive software are positioned in a legal gray zone, as the user accepts the malicious behaviour when agreeing to the End User License Agreement. This paper proposes the use of a specialized reputation system to gather and share information regarding software behaviour between community users. A client application helps guide the user at the point of executing software on the local computer, displaying other users’ feedback about the expected behaviour of the software. We discuss important aspects to consider when constructing such a system, and propose possible solutions. Based on the observations made, we implemented a client/server based proof-of-concept tool, which allowed us to demonstrate how such a system would work. We also compare this solution to other, more conventional, protection methods such as anti-virus and anti-spyware software.
A recent study has shown that more than every fourth person in Sweden feels that they have poor knowledge and control over their energy use, and that four out of ten would like to be more aware and to have better control over their consumption [5]. A solution is to provide the householders with feedback on their energy consumption, for instance, through a smart home automation system [10]. Studies have shown that householders can reduce energy consumption with up to 20% when gaining such feedback [5] [10]. Home automation is a prime example of a smart environment built on various types of cyber-physical systems generating volumes of diverse, heterogeneous, complex, and distributed data from a multitude of applications and sensors. Thereby, home automation is also an example of an Internet of Things (IoT) scenario, where a communication network extends the present Internet by including everyday items and sensors [22]. Home automation is attracting more and more attention from commercial actors, such as, energy suppliers, infrastructure providers, and third party software and hardware vendors [8] [10]. Among the non-commercial stake-holders, there are various governmental institutions, municipalities, as well as, end-users.
The amount of spyware increases rapidly over the Internet and it is usually hard for the average user to know if a software application hosts spyware. This paper investigates the hypothesis that it is possible to detect from the End User License Agreement (EULA) whether its associated software hosts spyware or not. We generated a data set by collecting 100 applications with EULAs and classifying each EULA as either good or bad. An experiment was conducted, in which 15 popular default-configured mining algorithms were applied on the data set. The results show that 13 algorithms are significantly better than random guessing, thus we conclude that the hypothesis can be accepted. Moreover, 2 algorithms also perform significantly better than the current state-of-the-art EULA analysis method. Based on these results, we present a novel tool that can be used to prevent the installation of spyware.
In the present article, the authors investigate to what extent supervised binary classification can be used to distinguish between legitimate and rogue privacy policies posted on web pages. 15 classification algorithms are evaluated using a data set that consists of 100 privacy policies from legitimate websites (belonging to companies that top the Fortune Global 500 list) as well as 67 policies from rogue websites. A manual analysis of all policy content was performed and clear statistical differences in terms of both length and adherence to seven general privacy principles are found. Privacy policies from legitimate companies have a 98% adherence to the seven privacy principles, which is significantly higher than the 45% associated with rogue companies. Out of the 15 evaluated classification algorithms, Naïve Bayes Multinomial is the most suitable candidate to solve the problem at hand. Its models show the best performance, with an AUC measure of 0.90 (0.08), which outperforms most of the other candidates in the statistical tests used. Copyright © 2019, IGI Global.
Peer-to-Peer (P2P) tools are used exclusively when their users are connected to the Internet, thus constituting a good foundation for online commercials to help finance further tool development. Although software that displays ads (adware) is very common, activity monitoring or information collecting software that spies on the users (spyware) may be installed together with the P2P tool. This paper will present a method for examining P2P tool installations and present test results from a few of the most common P2P tools. It will also discuss whether these tools, with their bundled software, make any privacy intrusions. Finally, the method itself will be evaluated and suggestions of refinements will be proposed.
Context: Cloud computing is an emerging and growing field in an IT industry. Cost minimization, fast processing, easy accessibility and scalability are found to be the main attracting features of cloud computing. Cloud computing is known to be as robust authentication and enhanced security provider technology and it is increasing its scope in many sensitive areas like health sectors where data privacy and security hold the key position. Some of the issues when applying cloud solution is; trust of the new system, data confidentiality, security, storage and most importantly data sharing between different data centers locating in different geographical locations. Objectives: The aim of this thesis is to explore the limitations and find the opportunities and barriers between cloud computing and e-Health and finally suggest guidelines for adoption of cloud computing in an e-Health based sectors based on associates concerns. In the context of this research work, the authors have studied issues involved in the deployment of cloud computing, associates concerns and factors regarding adoption of cloud computing in e-Health and finally suggestion of future of cloud computing in e-Health. Methods: In order to identify and to get a deeper understanding of those issues, the author performed literature review, conducted interview with health care personnel and cloud computing associates and finally backed up with a web-based survey from the associates of cloud computing and e-Health. Results: Finally after the completion of entire analysis authors purposed suitable deployment model and guidelines for adoption of cloud computing in e-Health. Conclusions: Authors concluded that most people’s concerns can be due to lack of knowledge about cloud computing and the trust of vendor. However, authors also observed that people are facing problems with data security, data integrity and too much dependency to the technology and vendors.
You are walking in the Sweetwater Creek State Park near Atlanta and using the Augmented Reality (AR) Trail Guide, a mobile application designed by Isaac Kulka for the Argon Browser (Figure 1). The application offers two views: a now familiar Google-style map, with points of interest marked on its surface, and an AR view, which shows these points located in space. You see the map view when you hold the screen parallel to the ground; when you turn the phone up to look at the world, you get the AR view with the points of interest floating in space in front of you. This simple gesture of raising the phone changes your relationship to the information. You pass from a fully symbolic form of representation to a form of perceiving symbolic information as part of your visual environment. The AR Trail Guide, developed in the Augmented Environments Lab at Georgia Tech [1], illustrates a new realm in AR design that goes beyond current commercial applications. In this article, we discuss some of these new areas, such as designing for experiences in cultural heritage, personal expression, and entertainment. At the same time, we want to address a larger issue. ACM interactions has often been a place for exploring new paradigms and the relevance for interaction design of unusual approaches from other disciplines. In that spirit, we pose the question: Can the humanistic discipline of media studies play a useful role in interaction design? Media studies looks at the history of media and their relationship to culture, and we will focus here on digital media and their relationship to other media, both present and past. Looking at digital media in a historical context is relevant because of the dynamic relationship between "traditional" media (film, television, radio, print) and their digital remediations. How can media studies be made to contribute to the productive work of interaction design? We believe one answer lies in using the historical understanding gained through media studies to develop a kind of media aesthetics that can guide designers as they explore new forms of digital media such as the mobile augmented reality application described above.
Eight European Workshop on Modelling Autonomous Agents in a Multi-Agent World
Law enforcement agencies regularly collect crime scene information. There exists, however, no detailed, systematic procedure for this. The data collected is affected by the experience or current condition of law enforcement officers. Consequently, the data collected might differ vastly between crime scenes. This is especially problematic when investigating volume crimes. Law enforcement officers regularly do manual comparison on crimes based on the collected data. This is a time-consuming process; especially as the collected crime scene information might not always be comparable. The structuring of data and introduction of automatic comparison systems could benefit the investigation process. This thesis investigates descriptive and predictive models for automatic comparison of crime scene data with the purpose of aiding law enforcement investigations. The thesis first investigates predictive and descriptive methods, with a focus on data structuring, comparison, and evaluation of methods. The knowledge is then applied to the domain of crime scene analysis, with a focus on detecting serial residential burglaries. This thesis introduces a procedure for systematic collection of crime scene information. The thesis also investigates impact and relationship between crime scene characteristics and how to evaluate the descriptive model results. The results suggest that the use of descriptive and predictive models can provide feedback for crime scene analysis that allows a more effective use of law enforcement resources. Using descriptive models based on crime characteristics, including Modus Operandi, allows law enforcement agents to filter cases intelligently. Further, by estimating the link probability between cases, law enforcement agents can focus on cases with higher link likelihood. This would allow a more effective use of law enforcement resources, potentially allowing an increase in clear-up rates.
To identify series of residential burglaries, detecting linked crimes performed by the same constellations of criminals is necessary. Comparison of crime reports today is difficult as crime reports traditionally have been written as unstructured text and often lack a common information-basis. Based on a novel process for collecting structured crime scene information, the present study investigates the use of clustering algorithms to group similar crime reports based on combined crime characteristics from the structured form. Clustering quality is measured using Connectivity and Silhouette index (SI), stability using Jaccard index, and accuracy is measured using Rand index (RI) and a Series Rand index (SRI). The performance of clustering using combined characteristics was compared with spatial characteristic. The results suggest that the combined characteristics perform better or similar to the spatial characteristic. In terms of practical significance, the presented clustering approach is capable of clustering cases using a broader decision basis.
A majority of crimes are committed by a minority of offenders. Previous research has provided some support for the theory that serial offenders leave behavioral traces on the crime scene which could be used to link crimes to serial offenders. The aim of this work is to investigate to what extent it is possible to use geographic route estimations and behavioral data to detect serial offenders. Experiments were conducted using behavioral data from authentic burglary reports to investigate if it was possible to find crime routes with high similarity. Further, the use of burglary reports from serial offenders to investigate to what extent it was possible to detect serial offender crime routes. The result show that crime series with the same offender on average had a higher behavioral similarity than random crime series. Sets of crimes with high similarity, but without a known offender would be interesting for law enforcement to investigate further. The algorithm is also evaluated on 9 crime series containing a maximum of 20 crimes per series. The results suggest that it is possible to detect crime series with high similarity using analysis of both geographic routes and behavioral data recorded at crime scenes.
Spyware detection can be achieved by using machinelearning techniques that identify patterns in the End User License Agreements (EULAs) presented by application installers. However, solutions have required manual input from the user with varying degrees of accuracy. We have implemented an automatic prototype for extraction and classification and used it to generate a large data set of EULAs. This data set is used to compare four different machine learning algorithms when classifying EULAs. Furthermore, the effect of feature selection is investigated and for the top two algorithms, we investigate optimizing the performance using parameter tuning. Our conclusion is that feature selection and performance tuning are of limited use in this context, providing limited performance gains. However, both the Bagging and the Random Forest algorithms show promising results, with Bagging reaching an AUC measure of 0.997 and a False Negative Rate of 0.062. This shows the applicability of License Agreement Categorization for realizing informed software installation.
According to the Swedish National Council for Crime Prevention, law enforcement agencies solved approximately three to five percent of the reported residential burglaries in 2012. Internationally, studies suggest that a large proportion of crimes are committed by a minority of offenders. Law enforcement agencies, consequently, are required to detect series of crimes, or linked crimes. Comparison of crime reports today is difficult as no systematic or structured way of reporting crimes exists, and no ability to search multiple crime reports exist. This study presents a systematic data collection method for residential burglaries. A decision support system for comparing and analysing residential burglaries is also presented. The decision support system consists of an advanced search tool and a plugin-based analytical framework. In order to find similar crimes, law enforcement officers have to review a large amount of crimes. The potential use of the cut-clustering algorithm to group crimes to reduce the amount of crimes to review for residential burglary analysis based on characteristics is investigated. The characteristics used are modus operandi, residential characteristics, stolen goods, spatial similarity, or temporal similarity. Clustering quality is measured using the modularity index and accuracy is measured using the rand index. The clustering solution with the best quality performance score were residential characteristics, spatial proximity, and modus operandi, suggesting that the choice of which characteristic to use when grouping crimes can positively affect the end result. The results suggest that a high quality clustering solution performs significantly better than a random guesser. In terms of practical significance, the presented clustering approach is capable of reduce the amounts of cases to review while keeping most connected cases. While the approach might miss some connections, it is also capable of suggesting new connections. The results also suggest that while crime series clustering is feasible, further investigation is needed.
For any corporation the interaction with its customers is an important business process. This is especially the case for resolving various business-related issues that customers encounter. Classifying the type of such customer service e-mails to provide improved customer service is thus important. The classification of e-mails makes it possible to direct them to the most suitable handler within customer service. We have investigated the following two aspects of customer e-mail classification within a large Swedish corporation. First, whether a multi-label classifier can be introduced that performs similarly to an already existing multi-class classifier. Second, whether conformal prediction can be used to quantify the certainty of the predictions without loss in classification performance. Experiments were used to investigate these aspects using several evaluation metrics. The results show that for most evaluation metrics, there is no significant difference between multi-class and multi-label classifiers, except for Hamming loss where the multi-label approach performed with a lower loss. Further, the use of conformal prediction did not introduce any significant difference in classification performance for neither the multi-class nor the multi-label approach. As such, the results indicate that conformal prediction is a useful addition that quantifies the certainty of predictions without negative effects on the classification performance, which in turn allows detection of statistically significant predictions. © Springer Nature Switzerland AG 2019.
A majority of E-mail is suspected to be spam. Traditional spam detection fails to differentiate between user needs and evolving social relationships. Online Social Networks (OSNs) contain more and more social information, contributed by users. OSN information may be used to improve spam detection. This paper presents a method that can use several social networks for detecting spam and a set of metrics for representing OSN data. The paper investigates the impact of using social network data extracted from an E-mail corpus to improve spam detection. The social data model is compared to traditional spam data models by generating and evaluating classifiers from both model types. The results show that accurate spam detectors can be generated from the low-dimensional social data model alone, however, spam detectors generated from combinations of the traditional and social models were more accurate than the detectors generated from either model in isolation.
Virtual environments where users can interact with each other as well as with the environment are today used in many application areas ranging from military simulations to massive multiplayer online games. But no matter the application area, as soon as the number of users reaches a certain threshold, hosting a virtual environment on a single machine can become problematic. Speed and quality of the network connection will limit the number of concurrently connected users in terms of acceptable visual quality and hardware requirements of the server will be strict. With a single point of failure, system reliability could easily be compromised by means of network or host failure. Distribution of the virtual environment therefore seems a reasonable approach in order to address this problem. Hardware and network requirements would not be so critical and it would increase reliability by having no single point of failure. Unfortunately distribution introduces new problems dealing with synchronization of the world state within the distribution network. A possible solution to these problems with the focus on reliability will be presented in this thesis. The solution uses a peer to peer platform that is able to adapt to changes in the network infrastructure as a base for all communication. To improve synchronization efficiency the network will be dynamically divided into multicast groups based on synchronization needs. The solution will be tested for performance with the network fully functioning and in a number of more of less broken states to determine the reliability. The results from the tests conclude that the system is able to perform with what must be seen as acceptable performance levels even in very problematic network environments. The scalability of the system did also meet the expectations but the results would have benefited from more experimentation with larger user populations.
Utförandet av projektet har varit att implementera två stycken fightingspels Artificiell Intelligens (kommer att förkortas AI). En oadaptiv och mer deterministisk AI och en adaptiv dynamisk AI som använder reinforcement learning. Detta har utförts med att skripta beteendet av AI:n i en gratis 2D fightingsspels motor som heter ”MUGEN”. AI:n använder sig utav skriptade sekvenser som utförs med MUGEN’s egna trigger och state system. Detta system kollar om de skriptade specifierade kraven är uppfyllda för AI:n att ska ”trigga”, utföra den bestämda handlingen. Den mer statiska AI:n har blivit uppbyggd med egen skapade sekvenser och regler som utförs delvis situationsmässigt och delvis slumpmässigt. För att försöka uppnå en reinforcement learning AI så har sekvenserna tilldelats en variabel som procentuellt ökar chansen för utförandet av handlingen när handlingen har givit något positivt och det motsatta minskar när handlingen har orsakat något negativt.
This thesis provides an overview of Web Services technology. The concept of Web Services and Service Oriented Architecture are explained. The thesis focuses on the mechanisms for transporting and addressing messages in web services, especially SOAP. It presents the development history of SOAP, an overview of the SOAP 1.2 specification, and the differences between SOAP in version 1.1 and 1.2. Further, the thesis presents two web servers for development and deployment of web services using Java and .NET technology, i.e. Bea Weblogic Server 9.2 and Internet Information Services 7.0. The web server implementations are evaluated both in terms of conformance to the SOAP specifications as well as their performance (response time and throughput). The results showed that the servers performed very similar both for SOAP 1.2 and SOAP 1.1 messages. The response times and throughput are similar for both servers in most cases. There are, however, situations when Weblogic perform significantly worse than IIS, and when IIS is noticeable worse than Weblogic. The thesis presents also general security aspects of sending messages.
The requirements on real-time systems are changing. Traditionally, reliability and predictability of, especially hard, real-time systems were the main requirements. This lead to systems that were stand-alone, embedded and static. Future real-time systems, but also current systems, still require reliability and predictability, but also distribution of the real-time system, integration with non real-time systems and the ability to dynamically change the components of the system at runtime. Traditional approaches to real-time system development have difficulties in addressing these additional requirements. Therefore, new ways of constructing real-time systems have to be explored. In this article, we develop a real-time object-oriented model that facilitates the requirements of flexibility without sacrificing the predictability, integration and dynamicity aspects.
Measurement systems are of increasing importance for manufacturing, due to high automation level of production processes. Although most measurement systems have much in common and are expensive to construct, these systems are often developed from scratch, hardly reusing the available designs and implementations. To address this, we have designed and implemented an object-oriented framework for the domain of measurement systems that can be used as the core of measurement systems. Evaluations of the framework show that it captures the main concepts in the domain and that the required extensions for individual applications are limited. In this paper, a number of example framework instantiations are presented. The lessons we learned during the framework design and an evaluation of the object-oriented modelling paradigm are presented.
The work done concerning object oriented frameworks is in its beginning and most of it tend to concentrate on object oriented frameworks that has been built and how these were built and documented. But there is one question that remains unsatisfactorily answered, i.e. what is a object oriented framework? This is still one of the most common questions and there still exists no answer that is generally agreed on. In this paper some important characteristics of object oriented frameworks are presented, existing definitions discussed and an improved definition is suggested.
Design patterns have proven to be useful for the design of object-oriented systems. The power of a design pattern lies in its ability to provide generic solutions that can be specialised for particular situations. The implementation of design patterns has received only little attention and we have identified two relevant problems associated with the implementation. First, the traceability of a design pattern in the implementation is often insufficient; often the design pattern is `lost'. Second, implementing design patterns may present significant implementation overhead for the software engineer. Often, a, potentially large, number of simple methods has to be implemented with trivial behaviour, e.g. forwarding a message to another object. In this paper, the layered object model (LayOM) is presented. LayOM provides language support for the explicit representation of design patterns in the programming language. LayOM is an extended object-oriented language in that it contains several components that are not part of the conventional object model, such as states, categories and layers. Layers are used to represent design patterns at the level of the programming language and example layer types for four design patterns are presented. LayOM is supported by a development environment that translates LayOM code into C++. The generated C++ code can be used as any C++ code for the development of applications. An important aspect of LayOM is that the language itself is extensible. This allows new design patterns to be added to the language model.