• Title/Summary/Keyword: Privacy Knowledge

Search Result 164, Processing Time 0.023 seconds

Privacy Disclosure and Preservation in Learning with Multi-Relational Databases

  • Guo, Hongyu;Viktor, Herna L.;Paquet, Eric
    • Journal of Computing Science and Engineering
    • /
    • v.5 no.3
    • /
    • pp.183-196
    • /
    • 2011
  • There has recently been a surge of interest in relational database mining that aims to discover useful patterns across multiple interlinked database relations. It is crucial for a learning algorithm to explore the multiple inter-connected relations so that important attributes are not excluded when mining such relational repositories. However, from a data privacy perspective, it becomes difficult to identify all possible relationships between attributes from the different relations, considering a complex database schema. That is, seemingly harmless attributes may be linked to confidential information, leading to data leaks when building a model. Thus, we are at risk of disclosing unwanted knowledge when publishing the results of a data mining exercise. For instance, consider a financial database classification task to determine whether a loan is considered high risk. Suppose that we are aware that the database contains another confidential attribute, such as income level, that should not be divulged. One may thus choose to eliminate, or distort, the income level from the database to prevent potential privacy leakage. However, even after distortion, a learning model against the modified database may accurately determine the income level values. It follows that the database is still unsafe and may be compromised. This paper demonstrates this potential for privacy leakage in multi-relational classification and illustrates how such potential leaks may be detected. We propose a method to generate a ranked list of subschemas that maintains the predictive performance on the class attribute, while limiting the disclosure risk, and predictive accuracy, of confidential attributes. We illustrate and demonstrate the effectiveness of our method against a financial database and an insurance database.

Ensuring Data Confidentiality and Privacy in the Cloud using Non-Deterministic Cryptographic Scheme

  • John Kwao Dawson;Frimpong Twum;James Benjamin Hayfron Acquah;Yaw Missah
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.7
    • /
    • pp.49-60
    • /
    • 2023
  • The amount of data generated by electronic systems through e-commerce, social networks, and data computation has risen. However, the security of data has always been a challenge. The problem is not with the quantity of data but how to secure the data by ensuring its confidentiality and privacy. Though there are several research on cloud data security, this study proposes a security scheme with the lowest execution time. The approach employs a non-linear time complexity to achieve data confidentiality and privacy. A symmetric algorithm dubbed the Non-Deterministic Cryptographic Scheme (NCS) is proposed to address the increased execution time of existing cryptographic schemes. NCS has linear time complexity with a low and unpredicted trend of execution times. It achieves confidentiality and privacy of data on the cloud by converting the plaintext into Ciphertext with a small number of iterations thereby decreasing the execution time but with high security. The algorithm is based on Good Prime Numbers, Linear Congruential Generator (LGC), Sliding Window Algorithm (SWA), and XOR gate. For the implementation in C, thirty different execution times were performed and their average was taken. A comparative analysis of the NCS was performed against AES, DES, and RSA algorithms based on key sizes of 128kb, 256kb, and 512kb using the dataset from Kaggle. The results showed the proposed NCS execution times were lower in comparison to AES, which had better execution time than DES with RSA having the longest. Contrary, to existing knowledge that execution time is relative to data size, the results obtained from the experiment indicated otherwise for the proposed NCS algorithm. With data sizes of 128kb, 256kb, and 512kb, the execution times in milliseconds were 38, 711, and 378 respectively. This validates the NCS as a Non-Deterministic Cryptographic Algorithm. The study findings hence are in support of the argument that data size does not determine the execution.

Hiding Sensitive Frequent Itemsets by a Border-Based Approach

  • Sun, Xingzhi;Yu, Philip S.
    • Journal of Computing Science and Engineering
    • /
    • v.1 no.1
    • /
    • pp.74-94
    • /
    • 2007
  • Nowadays, sharing data among organizations is often required during the business collaboration. Data mining technology has enabled efficient extraction of knowledge from large databases. This, however, increases risks of disclosing the sensitive knowledge when the database is released to other parties. To address this privacy issue, one may sanitize the original database so that the sensitive knowledge is hidden. The challenge is to minimize the side effect on the quality of the sanitized database so that non-sensitive knowledge can still be mined. In this paper, we study such a problem in the context of hiding sensitive frequent itemsets by judiciously modifying the transactions in the database. Unlike previous work, we consider the quality of the sanitized database especially on preserving the non-sensitive frequent itemsets. To preserve the non-sensitive frequent itemsets, we propose a border-based approach to efficiently evaluate the impact of any modification to the database during the hiding process. The quality of database can be well maintained by greedily selecting the modifications with minimal side effect. Experiments results are also reported to show the effectiveness of the proposed approach.

A Study on the Protection for Personal Information in Private Security Provider's (경비업자의 개인정보보호에 관한 연구)

  • Ahn, Hwang-Kwon;Kim, Il-Gon
    • Convergence Security Journal
    • /
    • v.11 no.5
    • /
    • pp.99-108
    • /
    • 2011
  • The purpose of this study is to profile actual conditions of personal information protection systems operated in overseas countries and examine major considerations of personal information that security service providers must know in the capacity of privacy information processor, so that it may contribute to preventing potential occurrence of any legal disputes in advance. Particularly, this study further seeks to describe fundamental idea and principle of said Personal Information Protection Act; enhancement of various safety measures (e.g. collection / use of privacy data, processing of sensitive information / personal ID information, and encryption of privacy information); restrictions on installation / operation of video data processing devices; and penal regulations as a means of countermeasure against leakage of personal information, while proposing possible solutions to cope with these matters. Using cases among foreign countries for this study. Possible solutions proposed by this study can be summed up as follows: By changing minds with sufficient legal reviews, it is required for security service providers to 1) clearly and further specify any purposes of collecting and using privacy information, if possible, 2) obtain any privacy information by legitimate means as it is necessary to collect such information, 3) stop providing any personal information for the 3rd parties or for any other purposes except fundamental purposes of using privacy information, and 4) have full knowledge about duty of safety measure in accordance with safe maintenance of privacy information and protect any personal information from unwanted or intentional leakage to others.

Advanced approach to information security management system utilizing maturity models in critical infrastructure

  • You, Youngin;Oh, Junhyoung;Kim, Sooheon;Lee, Kyungho
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.10
    • /
    • pp.4995-5014
    • /
    • 2018
  • As the area covered by the CPS grows wider, agencies such as public institutions and critical infrastructure are collectively measuring and evaluating information security capabilities. Currently, these methods of measuring information security are a concrete method of recommendation in related standards. However, the security controls used in these methods are lacking in connectivity, causing silo effect. In order to solve this problem, there has been an attempt to study the information security management system in terms of maturity. However, to the best of our knowledge, no research has considered the specific definitions of each level that measures organizational security maturity or specific methods and criteria for constructing such levels. This study developed an information security maturity model that can measure and manage the information security capability of critical infrastructure based on information provided by an expert critical infrastructure information protection group. The proposed model is simulated using the thermal power sector in critical infrastructure of the Republic of Korea to confirm the possibility of its application to the field and derive core security processes and goals that constitute infrastructure security maturity. The findings will be useful for future research or practical application of infrastructure ISMSs.

Blockchain-based DID Problem Analysis Research (블록체인 기반의 DID 문제점 분석 연구)

  • Lee, Kwangkyu
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.18 no.3
    • /
    • pp.25-32
    • /
    • 2022
  • DID(Decentralized Identity Identification) is a system in which users voluntarily manage their identity, etc., and control the scope and subject of submission of identity information based on a block chain. In the era of the 4th industrial revolution, where the importance of protecting personal information is increasing day by day, DID will surely be positioned as the industrial center of the Internet and e-business. However, when managing personal information, DID is highly likely to cause a large amount of personal information leakage due to electronic infringement, such as hacking and invasion of privacy caused by the concentration of user's identity information on global service users. Therefore, there are a number of challenges to be solved before DID settles into a stable standardization. Therefore, in this paper, we try to examine what problems exist in order to positively apply the development of DID technology, and analyze the improvement plan to become a stable service in the future.

The Effectiveness of Apps Recommending Best Restaurant through Location-based Knowledge Information: Privacy Calculus Perspective (위치기반 지식정보를 활용한 맛집 추천 앱의 효과: 프라이버시 계산을 중심으로)

  • Jiang, Taypun;Lim, Hyun A;Choi, Jaewon
    • The Journal of Society for e-Business Studies
    • /
    • v.22 no.1
    • /
    • pp.89-106
    • /
    • 2017
  • In advanced mobile devices environment, the market share of mobile application has been increased. Among various mobile services, Location-based Service (LBS) is an important feature to increase user motivation related to purchase intention on mobile. However, individual privacy has also increased as an important problem for invasion of privacy and information leakage while too many LBS based applications (App) rapidly launched in the App market. In this study, we focused on perceived values of LBS App users who use Apps related to recommending best restaurants in China and South Korea. The purpose of this study is to identify important factors for perceived value when users provide personal information for LBS service provider. The result of this study is follows: perceived value can increase while LBS customers can more control self-information and information useability. Also information ability of users affected perceived values for LBS Apps. Also users' app user ability and perceived value were effects on privacy revenue. In addtion, perceived weakness of users and perceived value increased privacy threat.

The Behavioral Attitude of Financial Firms' Employees on the Customer Information Security in Korea (금융회사의 고객정보보호에 대한 내부직원의 태도 연구)

  • Jung, Woo-Jin;Shin, Yu-Hyung;Lee, Sang-Yong Tom
    • Asia pacific journal of information systems
    • /
    • v.22 no.1
    • /
    • pp.53-77
    • /
    • 2012
  • Financial firms, especially large scaled firms such as KB bank, NH bank, Samsung Card, Hana SK Card, Hyundai Capital, Shinhan Card, etc. should be securely dealing with the personal financial information. Indeed, people have tended to believe that those big financial companies are relatively safer in terms of information security than typical small and medium sized firms in other industries. However, the recent incidents of personal information privacy invasion showed that this may not be true. Financial firms have increased the investment of information protection and security, and they are trying to prevent the information privacy invasion accidents by doing all the necessary efforts. This paper studies how effectively a financial firm will be able to avoid personal financial information privacy invasion that may be deliberately caused by internal staffs. Although there are several literatures relating to information security, to our knowledge, this is the first study to focus on the behavior of internal staffs. The big financial firms are doing variety of information security activities to protect personal information. This study is to confirm what types of such activities actually work well. The primary research model of this paper is based on Theory of Planned Behavior (TPB) that describes the rational choice of human behavior. Also, a variety of activities to protect the personal information of financial firms, especially credit card companies with the most customer information, were modeled by the four-step process Security Action Cycle (SAC) that Straub and Welke (1998) claimed. Through this proposed conceptual research model, we study whether information security activities of each step could suppress personal information abuse. Also, by measuring the morality of internal staffs, we checked whether the act of information privacy invasion caused by internal staff is in fact a serious criminal behavior or just a kind of unethical behavior. In addition, we also checked whether there was the cognition difference of the moral level between internal staffs and the customers. Research subjects were customer call center operators in one of the big credit card company. We have used multiple regression analysis. Our results showed that the punishment of the remedy activities, among the firm's information security activities, had the most obvious effects of preventing the information abuse (or privacy invasion) by internal staff. Somewhat effective tools were the prevention activities that limited the physical accessibility of non-authorities to the system of customers' personal information database. Some examples of the prevention activities are to make the procedure of access rights complex and to enhance security instrument. We also found that 'the unnecessary information searches out of work' as the behavior of information abuse occurred frequently by internal staffs. They perceived these behaviors somewhat minor criminal or just unethical action rather than a serious criminal behavior. Also, there existed the big cognition difference of the moral level between internal staffs and the public (customers). Based on the findings of our research, we should expect that this paper help practically to prevent privacy invasion and to protect personal information properly by raising the effectiveness of information security activities of finance firms. Also, we expect that our suggestions can be utilized to effectively improve personnel management and to cope with internal security threats in the overall information security management system.

  • PDF

A study on the professional ethical relationship between librarian and library work (도서관 업무와 전문사서간의 윤리적 관계에 관한 이론적 고찰)

  • 손연옥
    • Journal of Korean Library and Information Science Society
    • /
    • v.24
    • /
    • pp.485-517
    • /
    • 1996
  • The purpose of this study is to investigate typical ethical problems found in the technical and public services areas. The followings are the summary of the study. There are three distinct elements that govern ethical problems. One element is legal laws. The copyright law and the privacy act are exact examples. The copyright law has strong influence on the inter library loan service where the majority requests from the users are reproduction of copies. The privacy act also creates difficulties for librarians. Most requests for circulation records infringe on the privacy of library user. And advance online access systems also violates the privacy of library users. The second element is the code or rules that private organization has created. American Library Association created many statements that regulate the conduct of librarians. The bill of right, the professional code of ethics and policy on the confidentiality of library records have strong implications in the obligation of librarian. In the case of censorship at the selection of library materials, the code is a defensive tool against intellectual freedom. Yet self-censoring are prevailing practice among librarians. The thirds element is the competence of librarians. The analyzed table 3 showed that beside two elements, the rest of matters are competence required by librarians. The one aspect of it is humaneness and the other one is technical aspects. Technical aspect of competence are:(l) managerial and operational ability (2) communication skill (3) leadership (4) structure of knowledge and (5) self developing professionalism. Humanity aspect of competence are:(l) trust(fiduciary relationship) gained by diligence, objective judgement, ability, belief, rationality, integrity, kindness) (2) objectiveness (free from bias) (3) user-oriented consideration (need, interest, equal treatment, information gap) (4) caution in providing information (5) pride and (6) ability to distinguish advice and guidance specially in medical and law library.

  • PDF

Context Prediction Using Right and Wrong Patterns to Improve Sequential Matching Performance for More Accurate Dynamic Context-Aware Recommendation (보다 정확한 동적 상황인식 추천을 위해 정확 및 오류 패턴을 활용하여 순차적 매칭 성능이 개선된 상황 예측 방법)

  • Kwon, Oh-Byung
    • Asia pacific journal of information systems
    • /
    • v.19 no.3
    • /
    • pp.51-67
    • /
    • 2009
  • Developing an agile recommender system for nomadic users has been regarded as a promising application in mobile and ubiquitous settings. To increase the quality of personalized recommendation in terms of accuracy and elapsed time, estimating future context of the user in a correct way is highly crucial. Traditionally, time series analysis and Makovian process have been adopted for such forecasting. However, these methods are not adequate in predicting context data, only because most of context data are represented as nominal scale. To resolve these limitations, the alignment-prediction algorithm has been suggested for context prediction, especially for future context from the low-level context. Recently, an ontological approach has been proposed for guided context prediction without context history. However, due to variety of context information, acquiring sufficient context prediction knowledge a priori is not easy in most of service domains. Hence, the purpose of this paper is to propose a novel context prediction methodology, which does not require a priori knowledge, and to increase accuracy and decrease elapsed time for service response. To do so, we have newly developed pattern-based context prediction approach. First of ail, a set of individual rules is derived from each context attribute using context history. Then a pattern consisted of results from reasoning individual rules, is developed for pattern learning. If at least one context property matches, say R, then regard the pattern as right. If the pattern is new, add right pattern, set the value of mismatched properties = 0, freq = 1 and w(R, 1). Otherwise, increase the frequency of the matched right pattern by 1 and then set w(R,freq). After finishing training, if the frequency is greater than a threshold value, then save the right pattern in knowledge base. On the other hand, if at least one context property matches, say W, then regard the pattern as wrong. If the pattern is new, modify the result into wrong answer, add right pattern, and set frequency to 1 and w(W, 1). Or, increase the matched wrong pattern's frequency by 1 and then set w(W, freq). After finishing training, if the frequency value is greater than a threshold level, then save the wrong pattern on the knowledge basis. Then, context prediction is performed with combinatorial rules as follows: first, identify current context. Second, find matched patterns from right patterns. If there is no pattern matched, then find a matching pattern from wrong patterns. If a matching pattern is not found, then choose one context property whose predictability is higher than that of any other properties. To show the feasibility of the methodology proposed in this paper, we collected actual context history from the travelers who had visited the largest amusement park in Korea. As a result, 400 context records were collected in 2009. Then we randomly selected 70% of the records as training data. The rest were selected as testing data. To examine the performance of the methodology, prediction accuracy and elapsed time were chosen as measures. We compared the performance with case-based reasoning and voting methods. Through a simulation test, we conclude that our methodology is clearly better than CBR and voting methods in terms of accuracy and elapsed time. This shows that the methodology is relatively valid and scalable. As a second round of the experiment, we compared a full model to a partial model. A full model indicates that right and wrong patterns are used for reasoning the future context. On the other hand, a partial model means that the reasoning is performed only with right patterns, which is generally adopted in the legacy alignment-prediction method. It turned out that a full model is better than a partial model in terms of the accuracy while partial model is better when considering elapsed time. As a last experiment, we took into our consideration potential privacy problems that might arise among the users. To mediate such concern, we excluded such context properties as date of tour and user profiles such as gender and age. The outcome shows that preserving privacy is endurable. Contributions of this paper are as follows: First, academically, we have improved sequential matching methods to predict accuracy and service time by considering individual rules of each context property and learning from wrong patterns. Second, the proposed method is found to be quite effective for privacy preserving applications, which are frequently required by B2C context-aware services; the privacy preserving system applying the proposed method successfully can also decrease elapsed time. Hence, the method is very practical in establishing privacy preserving context-aware services. Our future research issues taking into account some limitations in this paper can be summarized as follows. First, user acceptance or usability will be tested with actual users in order to prove the value of the prototype system. Second, we will apply the proposed method to more general application domains as this paper focused on tourism in amusement park.