• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권3호
• /
• pp.1722-1737
• /
• 2019

We developed an insider threat detection model to be used by organizations that repeat tasks at regular intervals. The model identifies the best combination of different feature selection algorithms, unsupervised learning algorithms, and standard scores. We derive a model specifically optimized for the organization by evaluating each combination in terms of accuracy, AUC (Area Under the Curve), and TPR (True Positive Rate). In order to validate this model, a four-year log was applied to the system handling sensitive information from public institutions. In the research target system, the user log was analyzed monthly based on the fact that the business process is processed at a cycle of one year, and the roles are determined for each person in charge. In order to classify the behavior of a user as abnormal, the standard scores of each organization were calculated and classified as abnormal when they exceeded certain thresholds. Using this method, we proposed an optimized model for the organization and verified it.

• 한국전자거래학회지
• /
• 제21권1호
• /
• pp.131-145
• /
• 2016

최근 빅데이터와 같은 디지털 환경으로 다양한 정보 매체를 통해 정보와 지식을 생산되고 있는 반면 이렇게 생산된 정보가 법적인 테두리를 벗어나 무분별하게 확대되고 재생산 되는등 정보의 역기능 역시 커지고 있다. 특히, 개인정보의 경우 기존의 목적 외에 사용되거나 잘못된 형태로 사용이 되면 피해가 발생된다. 일반적으로 사용자가 위험을 감수하더라도 개인 스스로 자신의 정보를 제공하거나 공유하고 있는 이유는 기업이나 조직이 개인정보를 안전하게 지켜줄 것이라고 믿기 때문이다. 본 연구는 정보 프라이버시에 대한 위험과 이를 억제하는 정책이 개인정보 제공의도에 어떠한 영향을 미치는지 분석하여 검증하고자 하였다. 이를 위해 정보 프라이버시 위험과 정책이 정보 프라이버시 염려와 신뢰, 개인정보 제공의도에 어떠한 영향을 미치는지에 대한 영향도를 분석하였다. 연구결과, 빅데이터 시대에 정보 프라이버시 위험을 낮추고 정책을 명확하게 제시한다면 정보 프라이버시 염려는 낮아지고 기업에 대한 신뢰가 높아져 개인정보를 제공할 것이라는 것을 밝혔다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제7권3호
• /
• pp.558-575
• /
• 2013

The purpose of a data leakage prevention system is to protect corporate information assets. The system monitors the packet exchanges between internal systems and the Internet, filters packets according to the data security policy defined by each company, or discretionarily deletes important data included in packets in order to prevent leakage of corporate information. However, the problem arises that the system may monitor employees' personal information, thus allowing their privacy to be violated. Therefore, it is necessary to find not only a solution for detecting leakage of significant information, but also a way to minimize the leakage of internal users' personal information. In this paper, we propose two models for representing the level of personal information disclosure during data leakage detection. One model measures only the disclosure frequencies of keywords that are defined as personal data. These frequencies are used to indicate the privacy violation level. The other model represents the context of privacy violation using a private data matrix. Each row of the matrix represents the disclosure counts for personal data keywords in a given time period, and each column represents the disclosure count of a certain keyword during the entire observation interval. Using the suggested matrix model, we can represent an abstracted context of the privacy violation situation. Experiments on the privacy violation situation to demonstrate the usability of the suggested models are also presented.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제5권9호
• /
• pp.1653-1667
• /
• 2011

Privacy is one of the most important and difficult research issues in ubiquitous computing. It is qualitative rather than quantitative. Privacy preserving mainly relies on policy based rules of the system, and users cannot adjust their privacy disclosure rules dynamically based on their wishes. To make users understand and control their privacy measurement, we present a scheme to quantize the personal privacy. We aim to configure the person's privacy based on the numerical privacy level which can be dynamically adjusted. Instead of using the traditional simple rule engine, we implement this scheme in a complex way. In addition, we design the scenario to explain the implementation of our scheme. To the best of our knowledge, we are the first to assess personal privacy numerically to achieve precision privacy computing. The privacy measurement and disclosure model will be refined in the future work.

• 정보과학회 논문지
• /
• 제44권2호
• /
• pp.195-207
• /
• 2017

최근 다양한 분야에서 데이터들이 활발하게 활용되고 있다. 이에 따라 데이터의 공유나 배포를 요구하는 목소리가 높아지고 있다. 그러나 공유된 데이터에 개인과 관련된 민감한 정보가 있을 경우, 개인의 민감한 정보가 드러나는 프라이버시 유출이 발생할 수 있다. 개인 정보가 포함된 데이터를 배포하기 위해 개인의 프라이버시를 보호하면서 데이터를 최소한으로 변형하는 프라이버시 보호 데이터 배포(privacy-preserving data publishing, PPDP)가 연구되어 왔다. 프라이버시 보호 데이터 배포 연구는 다양한 공격자 모델을 가정하고 이러한 공격자의 프라이버시 유출 공격으로부터 프라이버시를 보호하기 위한 원칙인 프라이버시 모델에 따라 발전해왔다. 본 논문에서는 먼저 프라이버시 유출 공격에 대해 알아본다. 그리고 프라이버시 모델들을 프라이버시 유출 공격에 따라 분류하고 각 프라이버시 모델들 간의 차이점과 요구 조건에 대해 알아본다.

• Asia pacific journal of information systems
• /
• 제28권4호
• /
• pp.258-273
• /
• 2018

What is individuals' privacy notion, and does it change with the social roles taken up by them? We explored these questions using a qualitative interpretive research approach. We found that individuals have mixed notion of privacy. Individuals view privacy either as a commodity or as a control. Further, we found that an individual's privacy notion is a function of their social role within the society and their privacy preferences. Our research points to the importance of expanding the notion of privacy to encompass a broader understanding of privacy preferences. We theorize our findings using social penetration theory and presents a privacy model which provides the logical framework for interpreting people's views on privacy.

• Asia pacific journal of information systems
• /
• 제22권4호
• /
• pp.7-29
• /
• 2012

Smartphone and its applications (i.e. apps) are increasingly penetrating consumer markets. According to a recent report from Korea Communications Commission, nearly 50% of mobile subscribers in South Korea are smartphone users that accounts for over 25 million people. In particular, the importance of smartphone has risen as a geospatially-aware device that provides various location-based services (LBS) equipped with GPS capability. The popular LBS include map and navigation, traffic and transportation updates, shopping and coupon services, and location-sensitive social network services. Overall, the emerging location-based smartphone apps (LBA) offer significant value by providing greater connectivity, personalization, and information and entertainment in a location-specific context. Conversely, the rapid growth of LBA and their benefits have been accompanied by concerns over the collection and dissemination of individual users' personal information through ongoing tracking of their location, identity, preferences, and social behaviors. The majority of LBA users tend to agree and consent to the LBA provider's terms and privacy policy on use of location data to get the immediate services. This tendency further increases the potential risks of unprotected exposure of personal information and serious invasion and breaches of individual privacy. To address the complex issues surrounding LBA particularly from the user's behavioral perspective, this study applied the privacy calculus model (PCM) to explore the factors that influence the adoption of LBA. According to PCM, consumers are engaged in a dynamic adjustment process in which privacy risks are weighted against benefits of information disclosure. Consistent with the principal notion of PCM, we investigated how individual users make a risk-benefit assessment under which personalized service and locatability act as benefit-side factors and information privacy risks act as a risk-side factor accompanying LBA adoption. In addition, we consider the moderating role of trust on the service providers in the prohibiting effects of privacy risks on user intention to adopt LBA. Further we include perceived ease of use and usefulness as additional constructs to examine whether the technology acceptance model (TAM) can be applied in the context of LBA adoption. The research model with ten (10) hypotheses was tested using data gathered from 98 respondents through a quasi-experimental survey method. During the survey, each participant was asked to navigate the website where the experimental simulation of a LBA allows the participant to purchase time-and-location sensitive discounted tickets for nearby stores. Structural equations modeling using partial least square validated the instrument and the proposed model. The results showed that six (6) out of ten (10) hypotheses were supported. On the subject of the core PCM, H2 (locatability ${\rightarrow}$ intention to use LBA) and H3 (privacy risks ${\rightarrow}$ intention to use LBA) were supported, while H1 (personalization ${\rightarrow}$ intention to use LBA) was not supported. Further, we could not any interaction effects (personalization X privacy risks, H4 & locatability X privacy risks, H5) on the intention to use LBA. In terms of privacy risks and trust, as mentioned above we found the significant negative influence from privacy risks on intention to use (H3), but positive influence from trust, which supported H6 (trust ${\rightarrow}$ intention to use LBA). The moderating effect of trust on the negative relationship between privacy risks and intention to use LBA was tested and confirmed by supporting H7 (privacy risks X trust ${\rightarrow}$ intention to use LBA). The two hypotheses regarding to the TAM, including H8 (perceived ease of use ${\rightarrow}$ perceived usefulness) and H9 (perceived ease of use ${\rightarrow}$ intention to use LBA) were supported; however, H10 (perceived effectiveness ${\rightarrow}$ intention to use LBA) was not supported. Results of this study offer the following key findings and implications. First the application of PCM was found to be a good analysis framework in the context of LBA adoption. Many of the hypotheses in the model were confirmed and the high value of $R^2$ (i.,e., 51%) indicated a good fit of the model. In particular, locatability and privacy risks are found to be the appropriate PCM-based antecedent variables. Second, the existence of moderating effect of trust on service provider suggests that the same marginal change in the level of privacy risks may differentially influence the intention to use LBA. That is, while the privacy risks increasingly become important social issues and will negatively influence the intention to use LBA, it is critical for LBA providers to build consumer trust and confidence to successfully mitigate this negative impact. Lastly, we could not find sufficient evidence that the intention to use LBA is influenced by perceived usefulness, which has been very well supported in most previous TAM research. This may suggest that more future research should examine the validity of applying TAM and further extend or modify it in the context of LBA or other similar smartphone apps.

• International Journal of Computer Science & Network Security
• /
• 제22권4호
• /
• pp.119-130
• /
• 2022

Crime is a common social problem that affects the quality of life. As the number of crimes increases, it is necessary to build a model to predict the number of crimes that may occur in a given period, identify the characteristics of a person who may commit a particular crime, and identify places where a particular crime may occur. Data privacy is the main challenge that organizations face when building this type of predictive models. Federated learning (FL) is a promising approach that overcomes data security and privacy challenges, as it enables organizations to build a machine learning model based on distributed datasets without sharing raw data or violating data privacy. In this paper, a federated long short- term memory (LSTM) model is proposed and compared with a traditional LSTM model. Proposed model is developed using TensorFlow Federated (TFF) and the Keras API to predict the number of crimes. The proposed model is applied on the Boston crime dataset. The proposed model's parameters are fine tuned to obtain minimum loss and maximum accuracy. The proposed federated LSTM model is compared with the traditional LSTM model and found that the federated LSTM model achieved lower loss, better accuracy, and higher training time than the traditional LSTM model.

• 한국컴퓨터정보학회논문지
• /
• 제19권10호
• /
• pp.175-184
• /
• 2014

본 연구의 목적은 위치기반서비스에서 구매의도에 영향을 미치는 요인을 프라이버시-신뢰-행동의도 모형을 이용하여 분석하는 것이다. 연구의 목적을 달성하기 위해 위치기반서비스, 프라이버시-신뢰-행동의도 모형, 프라이버시 염려의 측정모형(CFIP)에 대한 이론적 배경을 바탕으로 연구모형과 가설을 설정하였다. 본 연구의 조사기간은 2014년 1월 21부터 3월 20일까지이며, 위치기반서비스 이용자들을 대상으로 설문지를 배포하였다. 설문지는 231개가 회수되었고, 이 중 불성실하게 응답한 21개를 제외한 210개의 설문지를 분석에 이용하였다. 분석결과, 첫째, 위치인지는 프라이버시 염려에 정(+)의 영향을 미치는 것으로 나타났다. 둘째, 프라이버시 염려는 신뢰에 부(-)의 영향을 미치는 것으로 나타났으며, 마지막으로, 신뢰는 구매의도에 정(+)의 영향을 미치는 것으로 나타났다. 본 연구의 결과는 위치기반서비스에서 프라이버시 염려 및 구매의도에 관한 다양한 시사점을 제공할 것이다.

• 한국정보시스템학회지:정보시스템연구
• /
• 제26권1호
• /
• pp.93-123
• /
• 2017

Purpose The purpose of this study is to deduct the factors for explaining the economic behavior of an Internet user who provides personal information notwithstanding the concern about an invasion of privacy based on the Information Privacy Calculus Theory and Communication Privacy Management Theory. Design/methodology/approach This study made a design of the research model by integrating the factors deducted from the computation theory of information privacy with the factors deducted from the management theory of communication privacy on the basis of the Dual-Process Theory. In addition, this study, did empirical analysis of the path difference between groups by dividing Internet users into a group having experience in personal information spill and another group having no experience. Findings According to the empirical analysis result, this study confirmed that the Privacy Concern about forms through the Perceived Privacy Risk derived from the Disposition to value Privacy. In addition, this study confirmed that the behavior of an Internet user involved in personal information offering occurs due to the Perceived Benefits contradicting the Privacy Concern.