Advertisement

DeepSeq: learning browsing log data based personalized security vulnerabilities and counter intelligent measures

  • Chiranjib Sur
Original Research
  • 58 Downloads

Abstract

Personalization security is a concern with the rising ability to monitor and access public and personal data by organizations, mainly with gradual integration of human life with their devices. In this paper we have shown how simple browsing log data can jeopardize the identity and the personal integrity of a person along with analysis of preventive measures to protect them. As people get digitally enslaved, unknowingly browsing logs inherited certain unique behaviors of the people. It can be characterized and used for monitoring them and their aligned social, professional and organizational counterparts. It is quite a challenge for modern systems to keep attackers at bay and prevent them from gathering and analyzing activity data which can be used to identify specific, easy and valuable targets. Our analysis is based on modeling efficient systems for justification of the possible vulnerabilities and counter-measures through data driven approaches to learn and analyze such data and derive the extent these data can be exploited. Overall, we achieved an accuracy of 85% for identification of targeted characteristics using log data features using deep learning models, which achieved better than other learning models, thus effectively pointing out to the fact that there is severe non-linearity and combination possibilities in the data.

Keywords

Browsing Logs Behavioural biometrics Deep learning Profiling noise 

Notes

References

  1. Al-Gburi A, Al-Hasnawi A, Lilien L (2018) Differentiating security from privacy in internet of things: a survey of selected threats and controls. In: Daimi K (ed) Computer and network security essentials. Springer, Cham, pp 153–172CrossRefGoogle Scholar
  2. Andersen A, Karlsen R (2018) Privacy preserving personalization in complex ecosystems. In: Linnhoff-Popien C, Schneider R, Zaddach M (eds) Digital marketplaces unleashed. Springer, Berlin, Heidelberg, pp 247–261CrossRefGoogle Scholar
  3. Anshari M, Almunawar MN, Lim SA, Al-mudimigh A (2018) Customer relationship management and big data enabled: personalization and customization of services. App Comput Inform.  https://doi.org/10.1016/j.aci.2018.05.004 CrossRefGoogle Scholar
  4. Atli BG, Miche Y, Kalliola A, Oliver I, Holtmanns S, Lendasse A (2018) Anomaly-based intrusion detection using extreme learning machine and aggregation of network traffic statistics in probability space. Cogn Comput 10:848–863.  https://doi.org/10.1007/s12559-018-9564-y CrossRefGoogle Scholar
  5. Atote B, Zahoor S, Bedekar M, Panicker S (2018) Proposed use of information dispersal algorithm in user profiling. In: Mishra D, Nayak M, Joshi A (eds) Information and communication technology for sustainable development, vol 9. Springer, Singapore, pp 77–86CrossRefGoogle Scholar
  6. Azimi I, Rahmani AM, Liljeberg P, Tenhunen H (2017) Internet of things for remote elderly monitoring: a study from user-centered perspective. J Ambient Intell Human Comput 8(2):273–289CrossRefGoogle Scholar
  7. Baglioni M, Ferrara U, Romei A, Ruggieri S, Turini F (2003) Preprocessing and mining web log data for web personalization. In: Cappelli A, Turini F (eds) AI*IA 2003: advances in artificial intelligence. Lecture Notes in Computer Science, vol 2829. Springer, Berlin, Heidelberg, pp 237–249CrossRefGoogle Scholar
  8. Brar A, Kay J (2004) Privacy and security in ubiquitous personalized applications. School of Information Technologies. University of Sydney, SydneyGoogle Scholar
  9. Castellano G, Fanelli AM, Torsello MA, Jain LC (2009) Innovations in web personalization. In: Castellano G, Jain LC, Fanelli AM (eds) Web personalization in intelligent environments, vol 229. Springer, Berlin, Heidelberg, pp 1–26CrossRefGoogle Scholar
  10. Chang CC, Chen PL, Chiu FR, Chen YK (2009) Application of neural networks and kanos method to content recommendation in web personalization. Expert Syst Appl 36(3):5310–5316CrossRefGoogle Scholar
  11. Chen HH (2018) Behavior2vec: generating distributed representations of users behaviors on products for recommender systems. ACM Trans Knowl Discov Data 12(4):43Google Scholar
  12. Davidson D, Fredrikson M, Livshits B (2014) Morepriv: mobile OS support for application personalization and privacy. In: Proceedings of the 30th annual computer security applications conference. ACM, New York, pp 236–245Google Scholar
  13. Duarte Torres S, Weber I, Hiemstra D (2014) Analysis of search and browsing behavior of young users on the web. ACM Trans Web 8(2):7CrossRefGoogle Scholar
  14. Egelman S, Peer E (2015) The myth of the average user: improving privacy and security systems through individualization. In: Proceedings of the 2015 new security paradigms workshop. ACM, New York, pp 16–28Google Scholar
  15. Eirinaki M, Vazirgiannis M (2003) Web mining for web personalization. ACM Trans Internet Technol 3(1):1–27CrossRefGoogle Scholar
  16. Flesca S, Greco S, Masciari E, Saccà D (2018) A comprehensive guide through the italian database research over the last 25 years. Springer, New YorkCrossRefGoogle Scholar
  17. Freeman D, Jain S, Dürmuth M, Biggio B, Giacinto G (2016) Who are you? A statistical approach to measuring user authenticity. In: NDSS, pp 1–15Google Scholar
  18. García-Dorado JL, Ramos J, Rodríguez M, Aracil J (2018) Dns weighted footprints for web browsing analytics. J Netw Comput Appl 111:35–48CrossRefGoogle Scholar
  19. Gulyás GG, Acs G, Castelluccia C (2016) Near-optimal fingerprinting with constraints. Proc Priv Enhanc Technol 2016(4):470–487CrossRefGoogle Scholar
  20. Jiang JY, Li CL, Yang CP, Su CT (2014) Poster: scanning-free personalized malware warning system by learning implicit feedback from detection logs. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security. ACM, New York, pp 1436–1438Google Scholar
  21. Karataş F, Korkmaz SA (2018) Big data: controlling fraud by using machine learning libraries on spark. Int J Appl Math Electron Comput 6(1):1–5CrossRefGoogle Scholar
  22. Kasanoff B (2002) Making it Personal: how to profit from personalization without invading privacy. Perseus Publishing, New YorkGoogle Scholar
  23. Kobsa A (2007) Privacy-enhanced web personalization, the adaptive web: methods and strategies of web personalization. Springer, Berlin, Heidelberg, pp 628–670Google Scholar
  24. Koh B, Raghunathan S, Nault BR (2015) Is voluntary profiling welfare enhancing? Management Information Systems Quarterly. p 52Google Scholar
  25. Komiak SY, Benbasat I (2006) The effects of personalization and familiarity on trust and adoption of recommendation agents. MIS Q 30(4):941–960CrossRefGoogle Scholar
  26. Kosmides P, Demestichas K, Adamopoulou E, Remoundou C, Loumiotis I, Theologou M, Anagnostou M (2016) Providing recommendations on location-based social networks. J Ambient Intell Human Comput 7(4):567–578CrossRefGoogle Scholar
  27. Lebiednik B, Abadal S, Kwon H, Krishna T (2018) Spoofing prevention via rf power profiling in wireless network-on-chip. In: Proceedings of the 3rd international workshop on advanced interconnect solutions and technologies for emerging computing systems. ACM, New York, p 2Google Scholar
  28. Leon P, Ur B, Shay R, Wang Y, Balebako R, Cranor L (2012) Why Johnny can’t opt out: a usability evaluation of tools to limit online behavioral advertising. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, New York, pp 589–598Google Scholar
  29. Lin H, Yan Z, Chen Y, Zhang L (2018) A survey on network security-related data collection technologies. IEEE Access 6:18345–18365CrossRefGoogle Scholar
  30. Liu C, Park EM, Jiang F (2018) Examining effects of context-awareness on ambient intelligence of logistics service quality: user awareness compatibility as a moderator. J Ambient Intell Human Comput.  https://doi.org/10.1007/s12652-018-1004-z CrossRefGoogle Scholar
  31. Logesh R, Subramaniyaswamy V, Vijayakumar V, Li X (2018) Efficient user profiling based intelligent travel recommender system for individual and group of users. Mob Netw Appl.  https://doi.org/10.1007/s11036-018-1059-2 CrossRefGoogle Scholar
  32. Malandrino D, Scarano V, Spinelli R (2013) How increased awareness can impact attitudes and behaviors toward online privacy protection. In: 2013 international conference on social computing (SocialCom). IEEE, pp 57–62Google Scholar
  33. Maleki-Dizaji S, Siddiqi J, Soltan-Zadeh Y, Rahman F (2014) Adaptive information retrieval system via modelling user behaviour. J Ambient Intell Human Comput 5(1):105–110CrossRefGoogle Scholar
  34. Marella A, Pan C, Hu Z, Schaub F, Ur B, Cranor LF (2014) Assessing privacy awareness from browser plugins. In: Poster at the symposium on usable privacy and security (SOUPS)Google Scholar
  35. Marforio C, Masti RJ, Soriente C, Kostiainen K, Capkun S (2015) Personalized security indicators to detect application phishing attacks in mobile platforms. arXiv:150206824 (preprint)
  36. McAteer O (2016) This creepy new google feature lets you stalk your entire life’s history. Elite DailyGoogle Scholar
  37. Mcdaniel PD, Sen S, Spatscheck O, van der Merwe JE, Aiello W, Kalmanek CR (2006) Enterprise security: a community of interest based approach. NDSS 6:1–3Google Scholar
  38. Mcdonald AM, Reeder RW, Kelley PG, Cranor LF (2009) A comparative study of online privacy policies and formats. In: Goldberg I, Atallah MJ (eds) Privacy enhancing technologies, vol 5672. Springer, Berlin, Heidelberg, pp 37–55CrossRefGoogle Scholar
  39. Meng W, Li W, Wang Y, Au MH (2018) Detecting insider attacks in medical cyber-physical networks based on behavioral profiling. Fut Gener Comput Syst.  https://doi.org/10.1016/j.future.2018.06.007 CrossRefGoogle Scholar
  40. Mobasher B (2007) Data mining for web personalization. In: Brusilovsky P, Kobsa A, Nejdl W (eds) The adaptive web, vol 4321. Springer, Berlin, Heidelberg, pp 90–135CrossRefGoogle Scholar
  41. Mobasher B, Dai H, Luo T, Nakagawa M (2002) Discovery and evaluation of aggregate usage profiles for web personalization. Data Min Knowl Discov 6(1):61–82MathSciNetCrossRefGoogle Scholar
  42. Mulvenna MD, Anand SS, Büchner AG (2000) Personalization on the net using web mining: introduction. Commun ACM 43(8):122–125CrossRefGoogle Scholar
  43. Nguyen TT, Armitage G (2008) A survey of techniques for internet traffic classification using machine learning. IEEE Commun Surv Tutor 10(4):56–76CrossRefGoogle Scholar
  44. Nicol J, Li C, Chen P, Feng T, Ramachandra H (2018) Odp: an infrastructure for on-demand service profiling. In: Proceedings of the 2018 ACM/SPEC international conference on performance engineering. ACM, New York, pp 139–144Google Scholar
  45. Nogueira A, de Oliveira MR, Salvador P, Valadas R, Pacheco A (2005) Classification of internet users using discriminant analysis and neural networks. In: Next generation internet networks. IEEE, pp 341–348Google Scholar
  46. Nowak J, Korytkowski M, Nowicki R, Scherer R, Siwocha A (2018) Random forests for profiling computer network users. In: Rutkowski L, Scherer R, Korytkowski M, Pedrycz W, Tadeusiewicz R, Zurada J (eds) Artificial intelligence and soft computing, vol 10842. Springer, Cham, pp 734–739CrossRefGoogle Scholar
  47. Olivarez-Giles N (2016) How to use google’s new my activity privacy tool: search giant offers users a glimpse of the data it collects from web searches and other services. Wall Str J 1Google Scholar
  48. Otebolaku AM, Andrade MT (2015) Context-aware media recommendations for smart devices. J Ambient Intell Human Comput 6(1):13–36CrossRefGoogle Scholar
  49. Park JH (2017) Resource recommender system based on psychological user type indicator. J Ambient Intell Human Comput.  https://doi.org/10.1007/s12652-017-0583-4 CrossRefGoogle Scholar
  50. Park S, Matic A, Garg K, Oliver N (2018) When simpler data does not imply less information: a study of user profiling scenarios with constrained view of mobile http (s) traffic. ACM Trans Web 12(2):9CrossRefGoogle Scholar
  51. Petrosyan D (2018) The dilemmas of surveillance profiling: the case of the united states. Fakulta sociálních věd. Univerzita Karlova, PragueGoogle Scholar
  52. Purewal S (2016) Everything you need to know about google’s my activity page: yes, google does know everything about you. CNET 10Google Scholar
  53. Rafferty J, Nugent C, Liu J, Chen L (2016) An approach to provide dynamic, illustrative, video-based guidance within a goal-driven smart home. J Ambient Intell Human Comput.  https://doi.org/10.1007/s12652-016-0421-0 CrossRefGoogle Scholar
  54. Ren Y, Tomko M, Salim FD, Chan J, Sanderson M (2018) Understanding the predictability of user demographics from cyber-physical-social behaviours in indoor retail spaces. EPJ Data Sci 7(1):1CrossRefGoogle Scholar
  55. Rieck K, Trinius P, Willems C, Holz T (2011) Automatic analysis of malware behavior using machine learning. J Comput Secur 19(4):639–668CrossRefGoogle Scholar
  56. Riecken D (2000) Personalized views of personalization. Commun ACM 43(8):26–26CrossRefGoogle Scholar
  57. Sackmann S, Strüker J, Accorsi R (2006) Personalization in privacy-aware highly dynamic systems. Commun ACM 49(9):32–38CrossRefGoogle Scholar
  58. Salem B, Lino JA, Rauterberg M (2010) Smartex: a case study on user profiling and adaptation in exhibition booths. J Ambient Intell Human Comput 1(3):185–198CrossRefGoogle Scholar
  59. Sathe G (2016) Google’s my activity page is a scary reminder that google knows everything about you. Gadgets360Google Scholar
  60. Schaub F, Marella A, Kalvani P, Ur B, Pan C, Forney E, Cranor LF (2016) Watching them watching me: browser extensions impact on user privacy awareness and concern. In: NDSS workshop on usable securityGoogle Scholar
  61. Song Y, Salem MB, Hershkop S, Stolfo SJ (2013) System level user behavior biometrics using fisher features and Gaussian mixture models. In: Security and privacy workshops (SPW), 2013 IEEE. IEEE, pp 52–59Google Scholar
  62. Stolfo SJ, Fan W, Prodromidis A, Chan PK, Lee W (2000) Cost-sensitive modeling for fraud and intrusion detection: results from the jam project. In: Proceedings of the 2000 DARPA information survivability conference and exposition. CiteseerGoogle Scholar
  63. Sur C (2018) Ensemble one-vs-all learning technique with emphatic rehearsal training for phishing email classification using psychology. J Exp Theor Artif Intell.  https://doi.org/10.1080/0952813X.2018.1467496 CrossRefGoogle Scholar
  64. Su KW, Huang PH, Chen PH, Li YT (2016) The impact of formats and interactive modes on the effectiveness of mobile advertisements. J Ambient Intell Human Comput 7(6):817–827CrossRefGoogle Scholar
  65. Taylor DG, Davis DF, Jillapalli R (2009) Privacy concern and online personalization: the moderating effects of information control and compensation. Electron Commer Res 9(3):203–223CrossRefGoogle Scholar
  66. Wang K, Stolfo SJ (2004) Anomalous payload-based network intrusion detection. In: Jonsson E, Valdes A, Almgren M (eds) Recent advances in intrusion detection, vol 3224. Springer, Berlin, Heidelberg, pp 203–222CrossRefGoogle Scholar
  67. Wang T, Goldberg I (2016) On realistically attacking tor with website fingerprinting. Proc Priv Enhanc Technol 2016(4):21–36CrossRefGoogle Scholar
  68. Yang C, Zhang C, Chen X, Ye J, Han J (2018) Did you enjoy the ride: understanding passenger experience via heterogeneous network embedding. ICDE IEEEGoogle Scholar
  69. Yang J, Qiao Y, Zhang X, He H, Liu F, Cheng G (2015) Characterizing user behavior in mobile internet. IEEE Trans Emerg Top Comput 3(1):95–106CrossRefGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Computer and Information Science and Engineering DepartmentUniversity of FloridaGainesvilleUSA

Personalised recommendations