Security and privacy issues are magnified by velocity,volume,and variety of big data.User's privacy is an even more sensitive topic attracting most people's attention.While XcodeGhost,a malware of i OS emergin...Security and privacy issues are magnified by velocity,volume,and variety of big data.User's privacy is an even more sensitive topic attracting most people's attention.While XcodeGhost,a malware of i OS emerging in late 2015,leads to the privacy-leakage of a large number of users,only a few studies have examined XcodeGhost based on its source code.In this paper we describe observations by monitoring the network activities for more than 2.59 million i Phone users in a provincial area across 232 days.Our analysis reveals a number of interesting points.For example,we propose a decay model for the prevalence rate of Xcode Ghost and we find that the ratio of the infected devices is more than 60%;that a lot of popular applications,such as Wechat,railway 12306,didi taxi,Youku video are also infected;and that the duration as well as the traffic volume of most Xcode Ghost-related HTTP-requests is similar with usual HTTP-request which makes it difficult to be found.Besides,we propose a heuristic model based on fingerprint and its web-knowledge to identify the infected applications.The identifying result shows the efficiency of this model.展开更多
Top-k ranking of websites according to traffic volume is important for Internet Service Providers(ISPs) to understand network status and optimize network resources. However, the ranking result always has a big deviati...Top-k ranking of websites according to traffic volume is important for Internet Service Providers(ISPs) to understand network status and optimize network resources. However, the ranking result always has a big deviation with actual rank for the existence of unknown web traffic, which cannot be identified accurately under current techniques. In this paper, we introduce a novel method to approximate the actual rank. This method associates unknown web traffic with websites according to statistical probabilities. Then, we construct a probabilistic top-k query model to rank websites. We conduct several experiments by using real HTTP traffic traces collected from a commercial ISP covering an entire city in northern China. Experimental results show that the proposed techniques can reduce the deviation existing between the ground truth and the ranking results vastly. In addition, we find that the websites providing video service have higher ratio of unknown IP as well as higher ratio of unknown traffic than the websites providing text web page service. Specifically, we find that the top-3 video websites have more than 90% of unknown web traffic. All these findings are helpful for ISPs understanding network status and deploying Content Distributed Network(CDN).展开更多
The widespread use of Location-Based Services (LBSs), which allows untrusted service providers to collect large quantities of information regarding users' locations, has raised serious privacy concerns. In response...The widespread use of Location-Based Services (LBSs), which allows untrusted service providers to collect large quantities of information regarding users' locations, has raised serious privacy concerns. In response to these issues, a variety of LBS Privacy Protection Mechanisms (LPPMs) have been recently proposed. However, evaluating these LPPMs remains problematic because of the absence of a generic adversarial model for most existing privacy metrics. In particular, the relationships between these metrics have not been examined in depth under a common adversarial model, leading to a possible selection of the inappropriate metric, which runs the risk of wrongly evaluating LPPMs. In this paper, we address these issues by proposing a privacy quantification model, which is based on Bayes conditional privacy, to specify a general adversarial model. This model employs a general definition of conditional privacy regarding the adversary's estimation error to compare the different LBS privacy metrics. Moreover, we present a theoretical analysis for specifying how to connect our metric with other popular LBS privacy metrics. We show that our privacy quantification model permits interpretation and comparison of various popular LBS privacy metrics under a common perspective. Our results contribute to a better understanding of how privacy properties can be measured, as well as to the better selection of the most appropriate metric for any given LBS application.展开更多
With the rapid development of mobile technology and smart devices,crowdsensing has shown its large potential to collect massive data.Considering the limitation of calculation power,edge computing is introduced to rele...With the rapid development of mobile technology and smart devices,crowdsensing has shown its large potential to collect massive data.Considering the limitation of calculation power,edge computing is introduced to release unnecessary data transmission.In edge-computing-enabled crowdsensing,massive data is required to be preliminary processed by edge computing devices(ECDs).Compared with the traditional central platform,these ECDs are limited by their own capability so they may only obtain part of relative factors and they can’t process data synthetically.ECDs involved in one task are required to cooperate to process the task data.The privacy of participants is important in crowdsensing,so blockchain is used due to its decentralization and tamperresistance.In crowdsensing tasks,it is usually difficult to obtain the assessment criteria in advance so reinforcement learning is introduced.As mentioned before,ECDs can’t process task data comprehensively and they are required to cooperate quality assessment.Therefore,a blockchain-based framework for data quality in edge-computing-enabled crowdsensing(BFEC)is proposed in this paper.DPoR(Delegated Proof of Reputation),which is proposed in our previous work,is improved to be suitable in BFEC.Iteratively,the final result is calculated without revealing the privacy of participants.Experiments on the open datasets Adult,Blog,and Wine Quality show that our new framework outperforms existing methods in executing sensing tasks.展开更多
基金supported by 111 Project of China under Grant No.B08004
文摘Security and privacy issues are magnified by velocity,volume,and variety of big data.User's privacy is an even more sensitive topic attracting most people's attention.While XcodeGhost,a malware of i OS emerging in late 2015,leads to the privacy-leakage of a large number of users,only a few studies have examined XcodeGhost based on its source code.In this paper we describe observations by monitoring the network activities for more than 2.59 million i Phone users in a provincial area across 232 days.Our analysis reveals a number of interesting points.For example,we propose a decay model for the prevalence rate of Xcode Ghost and we find that the ratio of the infected devices is more than 60%;that a lot of popular applications,such as Wechat,railway 12306,didi taxi,Youku video are also infected;and that the duration as well as the traffic volume of most Xcode Ghost-related HTTP-requests is similar with usual HTTP-request which makes it difficult to be found.Besides,we propose a heuristic model based on fingerprint and its web-knowledge to identify the infected applications.The identifying result shows the efficiency of this model.
基金supported by 111 Project of China under Grant No.B08004
文摘Top-k ranking of websites according to traffic volume is important for Internet Service Providers(ISPs) to understand network status and optimize network resources. However, the ranking result always has a big deviation with actual rank for the existence of unknown web traffic, which cannot be identified accurately under current techniques. In this paper, we introduce a novel method to approximate the actual rank. This method associates unknown web traffic with websites according to statistical probabilities. Then, we construct a probabilistic top-k query model to rank websites. We conduct several experiments by using real HTTP traffic traces collected from a commercial ISP covering an entire city in northern China. Experimental results show that the proposed techniques can reduce the deviation existing between the ground truth and the ranking results vastly. In addition, we find that the websites providing video service have higher ratio of unknown IP as well as higher ratio of unknown traffic than the websites providing text web page service. Specifically, we find that the top-3 video websites have more than 90% of unknown web traffic. All these findings are helpful for ISPs understanding network status and deploying Content Distributed Network(CDN).
基金supported in part by the National Science and Technology Major Project (No. 2012ZX03002001004)the National Natural Science Foundation of China (Nos. 61172090, 61163009, and 61163010)+1 种基金the PhD Programs Foundation of Ministry of Education of China (No. 20120201110013)the Scientific and Technological Project in Shaanxi Province (Nos. 2012K06-30 and 2014JQ8322)
文摘The widespread use of Location-Based Services (LBSs), which allows untrusted service providers to collect large quantities of information regarding users' locations, has raised serious privacy concerns. In response to these issues, a variety of LBS Privacy Protection Mechanisms (LPPMs) have been recently proposed. However, evaluating these LPPMs remains problematic because of the absence of a generic adversarial model for most existing privacy metrics. In particular, the relationships between these metrics have not been examined in depth under a common adversarial model, leading to a possible selection of the inappropriate metric, which runs the risk of wrongly evaluating LPPMs. In this paper, we address these issues by proposing a privacy quantification model, which is based on Bayes conditional privacy, to specify a general adversarial model. This model employs a general definition of conditional privacy regarding the adversary's estimation error to compare the different LBS privacy metrics. Moreover, we present a theoretical analysis for specifying how to connect our metric with other popular LBS privacy metrics. We show that our privacy quantification model permits interpretation and comparison of various popular LBS privacy metrics under a common perspective. Our results contribute to a better understanding of how privacy properties can be measured, as well as to the better selection of the most appropriate metric for any given LBS application.
基金supported by the Key Science and Technology Project of Henan Province(201300210400)National Key Research and Development Project(2018YFB1800304)+1 种基金National Natural Science Foundation of China(61762058),Fundamental Research Funds for the Central Universities(xzy012020112)Natural Science Foundation of Gansu Province(21JR7RA282).
文摘With the rapid development of mobile technology and smart devices,crowdsensing has shown its large potential to collect massive data.Considering the limitation of calculation power,edge computing is introduced to release unnecessary data transmission.In edge-computing-enabled crowdsensing,massive data is required to be preliminary processed by edge computing devices(ECDs).Compared with the traditional central platform,these ECDs are limited by their own capability so they may only obtain part of relative factors and they can’t process data synthetically.ECDs involved in one task are required to cooperate to process the task data.The privacy of participants is important in crowdsensing,so blockchain is used due to its decentralization and tamperresistance.In crowdsensing tasks,it is usually difficult to obtain the assessment criteria in advance so reinforcement learning is introduced.As mentioned before,ECDs can’t process task data comprehensively and they are required to cooperate quality assessment.Therefore,a blockchain-based framework for data quality in edge-computing-enabled crowdsensing(BFEC)is proposed in this paper.DPoR(Delegated Proof of Reputation),which is proposed in our previous work,is improved to be suitable in BFEC.Iteratively,the final result is calculated without revealing the privacy of participants.Experiments on the open datasets Adult,Blog,and Wine Quality show that our new framework outperforms existing methods in executing sensing tasks.
