Global ETD Search

101	A trust framework for real-time web communications / Mécanisme de confiance pour les communications web en temps réel Javed, Ibrahim Tariq 04 October 2018 (has links) Les services de conversation Web en temps réel permettent aux utilisateurs d'avoir des appels audio et vidéo et de transférer directement des données sur Internet. Les opérateurs OTT (OTT) tels que Google, Skype et WhatsApp proposent des services de communication économiques avec des fonctionnalités de conversation évoluées. Avec l'introduction de la norme de Web Real Time Communication (WebRTC), n'importe quelle page Web peut désormais offrir des services d'appel. WebRTC est utilisé comme technologie sous-jacente pour déployer de nouvelles plateformes de communication centrées sur le Web. Ces plates-formes visent à offrir de nouvelles méthodes modernes de contact et de communication sur le web. Contrairement aux réseaux de télécommunication traditionnels, les identités sur le Web sont basées sur des profils d'utilisateur et des informations d'identification auto-affirmés. Par conséquent, les opérateurs Web sont incapables d'assurer la fiabilité de leurs abonnés. Les services de communication Web restent exposés à des menaces dans lesquelles le contexte social entre les parties communicantes est manipulé. Un attaquant se définit comme une entité de confiance pour transmettre de fausses informations à l'utilisateur ciblé. Les menaces typiques contre le contexte social comprennent la fausse représentation d'identité, l’hameçonnage, le spam et la distribution illégale de contenu. Afin d'assurer la sécurité sur les services de communication Web, la confiance entre les parties communicantes doit être établie. La première étape consiste à permettre aux utilisateurs d'identifier leurs participants communicants afin de savoir avec qui ils parlent. Cependant, l'authentification seule ne peut garantir la fiabilité d'un appelant. De nouvelles méthodes d'estimation de la réputation de l'appelant devraient également être intégrées dans les services d'appel Web. Par conséquent, dans cette thèse, nous présentons un nouveau cadre de confiance qui fournit des informations sur la fiabilité des appelants dans les réseaux de communication Web. Notre approche est organisée en quatre parties. Premièrement, nous décrivons la notion de confiance dans la communication web en temps réel. Un modèle de confiance est présenté pour identifier les relations de confiance nécessaires entre les entités d'un système de communication. Les paramètres requis pour calculer la confiance dans les services de communication Web sont officiellement introduits. Deuxièmement, nous montrons comment les protocoles Single-Sign-On (SSO) peuvent être utilisés pour authentifier les utilisateurs d'une manière Peer-to-Peer (P2P) sans dépendre de leur fournisseur de service. Nous présentons une comparaison entre trois protocoles d'authentification appropriés (OAuth, BrowserID, OpenID Connect). La comparaison montre que OpenID Connect est le meilleur candidat en termes de confidentialité des utilisateurs. Troisièmement, un modèle de calcul de confiance est proposé pour mesurer la fiabilité des appelants dans un réseau de communication. La légitimité et l'authenticité d'un appelant sont calculées à l'aide de recommandations, tandis que la popularité d'un appelant est estimée en utilisant son comportement de communication. Un abonné d'un service de communication sera capable de visualiser la confiance calculée d'autres membres avant d'initier ou d'accepter une demande d'appel. Enfin, la réputation d'un appelant est utilisée pour lutter contre les appels nuisibles générés sur les réseaux de communication. Les appels de nuisance sont décrits comme des appels de spam non sollicités en masse générés sur un réseau de communication à des fins de marketing et de tromperie. Les enregistrements de données d'appel et les commentaires reçus par les parties communicantes sont utilisés pour déterminer la réputation de l'appelant. La réputation évaluée est utilisée pour différencier les spammeurs et les appelants légitimes du réseau / Real-time web conversational services allow users to have audio and video calls over the Internet. Over-The-Top operators such as Google and Facebook offer cost-effective communication services with advanced conversational features. With the introduction of WebRTC standard, any website or web application can now have built-in communication capabilities. WebRTC technology is expected to boost Voice-Over-IP by making it more robust, flexible and accessible. Telco operators also intend to use the underlying technology to offer communication services to their subscribers over the web. Emerging web-centric communication platforms aims to offer modern methods of contacting and communicating over the web. However, web operators are unable to ensure the trustworthiness of their subscribers, since identities are based on self-asserted user profiles and credentials. Thus, they remain exposed to many social threats in which the context between communicating parties is manipulated. An attacker usually misrepresents himself to convey false information to the targeted victim. Typical social threats include phishing, spam, fraudulent telemarketing and unlawful content distribution. To ensure user security over communication networks, trust between communicating parties needs to be established. Communicating participants should be able to verify each other’s identity to be sure of whom they are talking to. However, authentication alone cannot guarantee the trustworthiness of a caller. New methods of estimating caller’s reputation should also be built in web calling services. In this thesis, we present a novel trust framework that provides information about the trustworthiness of callers in web communication networks. Our approach is organized in four parts. Firstly, we describe the notion of trust in real-time web communication services. A trust model approach is presented to formally introduce the trust computation parameters and relationships in a communication system. Secondly, we detail the mechanism of identity provisioning that allows communicating participants to verify each other’s identity in a Peer-to-Peer fashion. The choice of authentication protocol highly impacts user privacy. We showed how OpenID Connect used for Single-Sign-On authentication purposes can be effectively used for provisioning identities while preserving user privacy. Thirdly, a trust computational model is proposed to measure the trustworthiness of callers in a communication network. The legitimacy and genuineness of a caller’s identity is computed using recommendations from members of the network. On the other hand, the popularity of a caller is estimated by analyzing its behavior in the network. Each subscriber will be able to visualize the computed trust of other members before initiating or accepting a call request. Lastly, the reputation of a caller is used to combat nuisance calls generated over communication networks. Nuisance calls are described as unsolicited bulk spam phone calls generated for marketing and deceptive purposes. Caller’s reputation is computed using the diversity of outgoing calls, call duration, recommendations from called participants, reciprocity and repetitive nature of calls. The reputation is used to differentiate between legitimate and nuisance calls generated over the network Calcul de confiance Communication web en temps réel WebRTC Spam téléphonique Gestion de confiance Gestion des identités Trust computation Real-time web communication WebRTC Spam over internet telephony Trust management Identity management
102	Spam y su regulacion en Chile. ¿Cómo obtener la protección jurídica de la intimidad de las personas, sin afectar el desarrollo legítimo de una actividad económica? Dávila Arancibia, Jorge January 2011 (has links) Tesis (magíster en derecho con mención en derecho informático y de las telecoumunicaciones) Telemercadeo Aspectos jurídicos Correo electrónico Aspectos jurídicos Derecho a la privacidad Spam
103	Information quality in online social media and big data collection : an example of Twitter spam detection / Qualité de l'information dans les médias sociaux en ligne et collection de big data : un exemple de détection de spam sur twitter Washha, Mahdi 17 July 2018 (has links) La popularité des médias sociaux en ligne (Online Social Media - OSM) est fortement liée à la qualité du contenu généré par l'utilisateur (User Generated Content - UGC) et la protection de la vie privée des utilisateurs. En se basant sur la définition de la qualité de l'information, comme son aptitude à être exploitée, la facilité d'utilisation des OSM soulève de nombreux problèmes en termes de la qualité de l'information ce qui impacte les performances des applications exploitant ces OSM. Ces problèmes sont causés par des individus mal intentionnés (nommés spammeurs) qui utilisent les OSM pour disséminer des fausses informations et/ou des informations indésirables telles que les contenus commerciaux illégaux. La propagation et la diffusion de telle information, dit spam, entraînent d'énormes problèmes affectant la qualité de services proposés par les OSM. La majorité des OSM (comme Facebook, Twitter, etc.) sont quotidiennement attaquées par un énorme nombre d'utilisateurs mal intentionnés. Cependant, les techniques de filtrage adoptées par les OSM se sont avérées inefficaces dans le traitement de ce type d'information bruitée, nécessitant plusieurs semaines ou voir plusieurs mois pour filtrer l'information spam. En effet, plusieurs défis doivent être surmontées pour réaliser une méthode de filtrage de l'information bruitée . Les défis majeurs sous-jacents à cette problématique peuvent être résumés par : (i) données de masse ; (ii) vie privée et sécurité ; (iii) hétérogénéité des structures dans les réseaux sociaux ; (iv) diversité des formats du UGC ; (v) subjectivité et objectivité. Notre travail s'inscrit dans le cadre de l'amélioration de la qualité des contenus en termes de messages partagés (contenu spam) et de profils des utilisateurs (spammeurs) sur les OSM en abordant en détail les défis susmentionnés. Comme le spam social est le problème le plus récurant qui apparaît sur les OSM, nous proposons deux approches génériques pour détecter et filtrer le contenu spam : i) La première approche consiste à détecter le contenu spam (par exemple, les tweets spam) dans un flux en temps réel. ii) La seconde approche est dédiée au traitement d'un grand volume des données relatives aux profils utilisateurs des spammeurs (par exemple, les comptes Twitter). / The popularity of OSM is mainly conditioned by the integrity and the quality of UGC as well as the protection of users' privacy. Based on the definition of information quality as fitness for use, the high usability and accessibility of OSM have exposed many information quality (IQ) problems which consequently decrease the performance of OSM dependent applications. Such problems are caused by ill-intentioned individuals who misuse OSM services to spread different kinds of noisy information, including fake information, illegal commercial content, drug sales, mal- ware downloads, and phishing links. The propagation and spreading of noisy information cause enormous drawbacks related to resources consumptions, decreasing quality of service of OSM-based applications, and spending human efforts. The majority of popular social networks (e.g., Facebook, Twitter, etc) over the Web 2.0 is daily attacked by an enormous number of ill-intentioned users. However, those popular social networks are ineffective in handling the noisy information, requiring several weeks or months to detect them. Moreover, different challenges stand in front of building a complete OSM-based noisy information filtering methods that can overcome the shortcomings of OSM information filters. These challenges are summarized in: (i) big data; (ii) privacy and security; (iii) structure heterogeneity; (iv) UGC format diversity; (v) subjectivity and objectivity; (vi) and service limitations In this thesis, we focus on increasing the quality of social UGC that are published and publicly accessible in forms of posts and profiles over OSNs through addressing in-depth the stated serious challenges. As the social spam is the most common IQ problem appearing over the OSM, we introduce a design of two generic approaches for detecting and filtering out the spam content. The first approach is for detecting the spam posts (e.g., spam tweets) in a real-time stream, while the other approach is dedicated for handling a big data collection of social profiles (e.g., Twitter accounts). Spam social Spammeur social Qualité de l'information Médias sociaux en ligne Apprentissage automatique Apprentissage supervisé Apprentissage non supervisé Twitter
104	Unsolicited Commercial E-mails : A study of the consumer’s perceptions about unsolicited commercial e-mails and the implications it has for Internet user groups Trasobares, Mario, Tretjakova, Anna January 2010 (has links) <p>The rapid development of Internet technologies has led to the emergence of new communication means. E-mail has become a new powerful tool used by millions with the main purpose of exchanging information. Considering its large scope, marketers have been using the e-mail as an important direct marketing force and it has become a popular choice for many companies. The e-mail has therefore constituted a new form of on-line marketing coined “E-mail marketing”. However, the increasing use of the e-mail marketing has been adversely affected by the appearance of non-traditional marketing communication media such as unsolicited commercial e-mails (UCEs). The main reasons behind the alarming growth of the UCEs are those explained by the low-cost structure of the e-mail and, thus, a small number of responses are required for generating a profit (Moustakas <em>et al.</em>, 2006; p.45; Shenoy, 2008; p.32). This unsolicited medium used for reaching consumers has evolved from mere nuisance to actual threat (Mendleson, 2010; p.38), which has brought a new complexity into consumers’ daily lives. This in its turn calls for examination of consumer’s perception about the unsolicited commercial e-mails.</p><p> </p><p>Hence, the aim of this thesis is to examine consumer’s perceptions about the mentioned unsolicited marketing communication medium. This will provide increased awareness of the profound implications that the UCEs have on e-commerce and the e-mail marketing on the whole and, particularly, on Internet user groups such as companies, e-mail service providers and policy makers. The study was conducted with a positivistic position and followed a deductive approach, taking known theories as point of departure. The theories presented are mainly concerned with: privacy, ethical and legislation issues; consumer’s reactions and motives behind the opening of the e-mail; the impact of the UCEs on the brand image and overall implications of the UCEs.</p><p> </p><p>A self-completion questionnaire was used as method of data collection. The results indicate that the UCEs are perceived as slightly unethical and neither intrusive nor nonintrusive by the respondents. There is also no clear perceived protection by the anti-spam law, which claims the need for improvement of the policy makers’ work. The results also reveal that the most common consumer’s reaction is to disregard and delete the UCEs, although a small but considerable percentage of the consumers respond. The findings show that the different contents of the UCEs are perceived with low levels of interest by the respondents. Also, the motives behind the opening of the UCEs by the respondents are distributed nearly equal: the credibility of the sender, simply the curiosity and the attractiveness of the subject line. This study reveals a fairly negative perceived image of the companies advertised by the UCEs, which proves the associated cost of sending the UCEs. Furthermore, it has been found that the respondents are concerned about sharing their e-mail addresses with e-companies because of the UCEs and that the latter hinder the accessibility to solicited commercial e-mails in the e-mail inboxes. The e-mail service providers have been also affected since a quarter of the respondents have changed them as a consequence of receiving the UCEs. Thus, the results of this thesis show the adverse implications of the UCEs on electronic commerce, e-mail marketing and on Internet user groups.</p> unsolicited commercial e-mail consumer´s perceptions implications of UCEs e-mail marketing spam Business studies Företagsekonomi
105	Unwanted Traffic and Information Disclosure in VoIP Networks : Threats and Countermeasures Zhang, Ge January 2012 (has links) The success of the Internet has brought significant changes to the telecommunication industry. One of the remarkable outcomes of this evolution is Voice over IP (VoIP), which enables realtime voice communications over packet switched networks for a lower cost than traditional public switched telephone networks (PSTN). Nevertheless, security and privacy vulnerabilities pose a significant challenge to hindering VoIP from being widely deployed. The main object of this thesis is to define and elaborate unexplored security and privacy risks on standardized VoIP protocols and their implementations as well as to develop suitable countermeasures. Three research questions are addressed to achieve this objective: Question 1: What are potential unexplored threats in a SIP VoIP network with regard to availability, confidentiality and privacy by means of unwanted traffic and information disclosure? Question 2: How far are existing security and privacy mechanisms sufficient to counteract these threats and what are their shortcomings? Question 3: How can new countermeasures be designed for minimizing or preventing the consequences caused by these threats efficiently in practice? Part I of the thesis concentrates on the threats caused by "unwanted traffic", which includes Denial of Service (DoS) attacks and voice spam. They generate unwanted traffic to consume the resources and annoy users. Part II of this thesis explores unauthorized information disclosure in VoIP traffic. Confidential user data such as calling records, identity information, PIN code and data revealing a user's social networks might be disclosed or partially disclosed from VoIP traffic. We studied both threats and countermeasures by conducting experiments or using theoretical assessment. Part II also presents a survey research related to threats and countermeasures for anonymous VoIP communication. SIP VoIP security Denial of Service Vulnerability analysis timing attacks Spam DTMF SIP RTP
106	Unsolicited Commercial E-mails : A study of the consumer’s perceptions about unsolicited commercial e-mails and the implications it has for Internet user groups Trasobares, Mario, Tretjakova, Anna January 2010 (has links) The rapid development of Internet technologies has led to the emergence of new communication means. E-mail has become a new powerful tool used by millions with the main purpose of exchanging information. Considering its large scope, marketers have been using the e-mail as an important direct marketing force and it has become a popular choice for many companies. The e-mail has therefore constituted a new form of on-line marketing coined “E-mail marketing”. However, the increasing use of the e-mail marketing has been adversely affected by the appearance of non-traditional marketing communication media such as unsolicited commercial e-mails (UCEs). The main reasons behind the alarming growth of the UCEs are those explained by the low-cost structure of the e-mail and, thus, a small number of responses are required for generating a profit (Moustakas et al., 2006; p.45; Shenoy, 2008; p.32). This unsolicited medium used for reaching consumers has evolved from mere nuisance to actual threat (Mendleson, 2010; p.38), which has brought a new complexity into consumers’ daily lives. This in its turn calls for examination of consumer’s perception about the unsolicited commercial e-mails. Hence, the aim of this thesis is to examine consumer’s perceptions about the mentioned unsolicited marketing communication medium. This will provide increased awareness of the profound implications that the UCEs have on e-commerce and the e-mail marketing on the whole and, particularly, on Internet user groups such as companies, e-mail service providers and policy makers. The study was conducted with a positivistic position and followed a deductive approach, taking known theories as point of departure. The theories presented are mainly concerned with: privacy, ethical and legislation issues; consumer’s reactions and motives behind the opening of the e-mail; the impact of the UCEs on the brand image and overall implications of the UCEs. A self-completion questionnaire was used as method of data collection. The results indicate that the UCEs are perceived as slightly unethical and neither intrusive nor nonintrusive by the respondents. There is also no clear perceived protection by the anti-spam law, which claims the need for improvement of the policy makers’ work. The results also reveal that the most common consumer’s reaction is to disregard and delete the UCEs, although a small but considerable percentage of the consumers respond. The findings show that the different contents of the UCEs are perceived with low levels of interest by the respondents. Also, the motives behind the opening of the UCEs by the respondents are distributed nearly equal: the credibility of the sender, simply the curiosity and the attractiveness of the subject line. This study reveals a fairly negative perceived image of the companies advertised by the UCEs, which proves the associated cost of sending the UCEs. Furthermore, it has been found that the respondents are concerned about sharing their e-mail addresses with e-companies because of the UCEs and that the latter hinder the accessibility to solicited commercial e-mails in the e-mail inboxes. The e-mail service providers have been also affected since a quarter of the respondents have changed them as a consequence of receiving the UCEs. Thus, the results of this thesis show the adverse implications of the UCEs on electronic commerce, e-mail marketing and on Internet user groups. unsolicited commercial e-mail consumer´s perceptions implications of UCEs e-mail marketing spam Business studies Företagsekonomi
107	Computing with Granular Words Hou, Hailong 07 May 2011 (has links) Computational linguistics is a sub-field of artificial intelligence; it is an interdisciplinary field dealing with statistical and/or rule-based modeling of natural language from a computational perspective. Traditionally, fuzzy logic is used to deal with fuzziness among single linguistic terms in documents. However, linguistic terms may be related to other types of uncertainty. For instance, different users search ‘cheap hotel’ in a search engine, they may need distinct pieces of relevant hidden information such as shopping, transportation, weather, etc. Therefore, this research work focuses on studying granular words and developing new algorithms to process them to deal with uncertainty globally. To precisely describe the granular words, a new structure called Granular Information Hyper Tree (GIHT) is constructed. Furthermore, several technologies are developed to cooperate with computing with granular words in spam filtering and query recommendation. Based on simulation results, the GIHT-Bayesian algorithm can get more accurate spam filtering rate than conventional method Naive Bayesian and SVM; computing with granular word also generates better recommendation results based on users’ assessment when applied it to search engine. Computing with word Granular word Granular information hyper tree Spam filtering Recommendation system Collaborative intelligence.
108	Spam filter for SMS-traffic Fredborg, Johan January 2013 (has links) Communication through text messaging, SMS (Short Message Service), is nowadays a huge industry with billions of active users. Because of the huge userbase it has attracted many companies trying to market themselves through unsolicited messages in this medium in the same way as was previously done through email. This is such a common phenomenon that SMS spam has now become a plague in many countries. This report evaluates several established machine learning algorithms to see how well they can be applied to the problem of filtering unsolicited SMS messages. Each filter is mainly evaluated by analyzing the accuracy of the filters on stored message data. The report also discusses and compares requirements for hardware versus performance measured by how many messages that can be evaluated in a fixed amount of time. The results from the evaluation shows that a decision tree filter is the best choice of the filters evaluated. It has the highest accuracy as well as a high enough process rate of messages to be applicable. The decision tree filter which was found to be the most suitable for the task in this environment has been implemented. The accuracy in this new implementation is shown to be as high as the implementation used for the evaluation of this filter. Though the decision tree filter is shown to be the best choice of the filters evaluated it turned out the accuracy is not high enough to meet the specified requirements. It however shows promising results for further testing in this area by using improved methods on the best performing algorithms. Spam filtering Machine Learning C45 Support Vector Machine Dynamic Markov Coding Naïve Bayes
109	Spam as an Advertising Tool : Possibilities in drawing people’s attention using carefully thought-out and aimed at the right market spam advertisement Ormane, Elina January 2012 (has links) It has been considered that spam is one of the worst advertising tools in the Internet because of wide range of porno, Viagra, luxury brands’ replicas and other unwanted mailings all over the world; nevertheless, a lot of companies continue to use this tool for products’ or services’ introduction to their potential clients and partners. According to the author’s personal four-year-experience in marketing field, the mostly asked question by companies is how to advertise the product or service to new potential partners or clients using spam without losing the reputation of the company. The author wishes to investigate whether it is possible by carefully thought-out and aimed at the right market spam advertisement to draw people’s attention. This study employs partly quantitative and partly qualitative research approach. Empirical data collection is organized through questionnaires and personal mailing experiment. Random people who filled in the first questionnaire were from the author’s personal network all over the world. Regarding the second questionnaire the author has chosen to research Commonwealth of Independent States (CIS) as the area of medium-sized companies’ location. The author used 2 million American e-mail addresses in her personal mailing experiment. In order to analyze the findings through a set of graphical techniques exploratory data analysis was used. Both questionnaires consisted from dichotomous (Yes-no) questions, alternative questions, wh-questions and descriptive questions, analysis of which incorporated through the literature review. In addition to this, personal mailing experiment is present in the study where the author tests the attitude towards spam and the perception of advertisement based on the literature review as well. It became clear that it is possible by carefully thought-out and aimed at the right market spam advertisement to draw people’s attention. The author’s experiment has proved that there are some people or the e-mail users who actually buy products advertised in spam e-mails. One of the factors that influence attitude towards e-mails might be because of the particular spam usefulness or low time consumption but the success of the online advertisement depends on people’s perception. In the particular case the attitude towards advertisement was determined by advertisement’s execution and feelings transferred by it. It is important to remember that advertisers have to take main nuances into account when introducing products or services to new clients or partners, such as clear understanding of spam mailing goals, topics of interest, perception of visual information, time of advertisement, and trust. marketing direct marketing e-mail spam advertising technique advertising tool mailing attitude and perception
110	Toward Attack-Resistant Distributed Information Systems by Means of Social Trust Sirivianos, Michael January 2010 (has links) <p>Trust has played a central role in the design of open distributed systems that span distinct administrative domains. When components of a distributed system can assess the trustworthiness of their peers, they are in a better position to interact with them. There are numerous examples of distributed systems that employ trust inference techniques to regulate the interactions of their components including peer-to-peer file sharing systems, web site and email server reputation services and web search engines.</p> <p>The recent rise in popularity of Online Social Networking (OSN) services has made an additional dimension of trust readily available to system designers: social trust. By social trust, we refer to the trust information embedded in social links as annotated by users of an OSN. This thesis' overarching contribution is methods for employing social trust embedded in OSNs to solve two distinct and significant problems in distributed information systems. </p> <p>The first system proposed in this thesis assesses the ability of OSN users to correctly classify online identity assertions. The second system assesses the ability of OSN users to correctly configure devices that classify spamming hosts. In both systems, an OSN user explicitly ascribes to his friends a value that reflects how trustworthy he considers their classifications. In addition, both solutions compare the classification input of friends to obtain a more accurate measure of their pairwise trust. Our solutions also exploit trust transitivity over the social network to assign trust values to the OSN users. These values are used to weigh the classification input by each user in order to derive an aggregate trust score for the identity assertions or the hosts.</p> <p>In particular, the first problem involves the assessment of the veracity of assertions on identity attributes made by online users. Anonymity is one of the main virtues of the Internet. It protects privacy and freedom of speech, but makes it hard to assess the veracity of assertions made by online users concerning their identity attributes (e.g, age or profession.) We propose FaceTrust, the first system that uses OSN services to provide lightweight identity credentials while preserving a user's anonymity. FaceTrust employs a ``game with a purpose'' design to elicit the</p> <p>opinions of the friends of a user about the user's self-claimed identity attributes, and uses attack-resistant trust inference to compute veracity scores for the attributes. FaceTrust then provides credentials, which a user can use to corroborate his online identity assertions. </p> <p>We evaluated FaceTrust using a crawled social network graph as well as a real-world deployment. The results show that our veracity scores strongly correlate with the ground truth, even when a large fraction of the social network users are dishonest. For example, in our simulation over the sample social graph, when 50% of users were dishonest and each user employed 1000 Sybils, the false assertions obtained approximately only 10% of the veracity score of the true assertions. We have derived the following lessons from the design and deployment of FaceTrust: a) it is plausible to obtain a relatively reliable measure of the veracity of identity assertions by relying on the friends of the user that made the assertion to classify them, and by employing social trust to determine the trustworthiness of the classifications; b) it is plausible to employ trust inference over the social graph to effectively mitigate Sybil attacks; c) users tend to mostly correctly classify their friends' identity assertions.</p> <p>The second problem in which we apply social trust involves assessing the trustworthiness of reporters (detectors) of spamming hosts in a collaborative spam mitigation system. Spam mitigation can be broadly classified into two main approaches: a) centralized security infrastructures that rely on a limited number of trusted monitors (reporters) to detect and report malicious traffic; and b) highly distributed systems that leverage the experiences of multiple nodes within distinct trust domains. The first approach offers limited threat coverage and slow response times, and it is often proprietary. The second approach is not widely adopted, partly due to the </p> <p>lack of assurances regarding the trustworthiness of the reporters. </p> <p>Our proposal, SocialFilter, aims to achieve the trustworthiness of centralized security services and the wide coverage, responsiveness, and inexpensiveness of large-scale collaborative spam mitigation. It enables nodes with no email classification functionality to query the network on whether a host is a spammer. SocialFilter employs trust inference to weigh the reports concerning spamming hosts that collaborating reporters submit to the system. To the best of our knowledge, </p> <p>it is the first collaborative threat mitigation system that assesses the trustworthiness of the reporters by both auditing their reports and by leveraging the social network of the reporters' human administrators. Subsequently, SocialFilter weighs the spam reports according to the trustworthiness of their reporters to derive a measure of the system's belief that a host is a spammer. </p> <p>We performed a simulation-based evaluation of SocialFilter, which indicates its potential: </p> <p>during a simulated spam campaign, SocialFilter classified correctly 99% of spam, while yielding no false positives. The design and evaluation of SocialFilter offered us the following lessons: a) it is plausible to introduce Sybil-resilient OSN-based trust inference mechanisms to improve the reliability and the attack-resilience of collaborative spam mitigation; b) using social links to obtain the trustworthiness of reports concerning spammers (spammer reports) can result in comparable spam-blocking effectiveness with approaches that use social links to rate-limit spam (e.g., Ostra); c) unlike Ostra, SocialFilter yields no false positives. We believe that the design lessons from SocialFilter are applicable to other collaborative entity classification systems.</p> / Dissertation Computer Science Identity Assertion Social Networks Spam Sybil-resilient Trust Veracity

Search results