| 1. |
- Boldt, Martin, et al.
(författare)
-
Analysis and text classification of privacy policies from rogue and top-100 fortune global companies
- 2019
-
Ingår i: International Journal of Information Security and Privacy. - : IGI Global. - 1930-1650 .- 1930-1669. ; 13:2, s. 47-66
-
Tidskriftsartikel (refereegranskat)abstract
- In the present article, the authors investigate to what extent supervised binary classification can be used to distinguish between legitimate and rogue privacy policies posted on web pages. 15 classification algorithms are evaluated using a data set that consists of 100 privacy policies from legitimate websites (belonging to companies that top the Fortune Global 500 list) as well as 67 policies from rogue websites. A manual analysis of all policy content was performed and clear statistical differences in terms of both length and adherence to seven general privacy principles are found. Privacy policies from legitimate companies have a 98% adherence to the seven privacy principles, which is significantly higher than the 45% associated with rogue companies. Out of the 15 evaluated classification algorithms, Naïve Bayes Multinomial is the most suitable candidate to solve the problem at hand. Its models show the best performance, with an AUC measure of 0.90 (0.08), which outperforms most of the other candidates in the statistical tests used. Copyright © 2019, IGI Global.
|
|
| 2. |
- Boldt, Martin, et al.
(författare)
-
Exploring Spyware Effects
- 2007
-
Ingår i: Spyware. - Hyderabad : ICFAI University Press. - 9788131407264 ; , s. 39-58
-
Bokkapitel (övrigt vetenskapligt/konstnärligt)
|
|
| 3. |
- Boldt, Martin, et al.
(författare)
-
Preventing Privacy-Invasive Software using Online Reputations
- 2008
-
Konferensbidrag (refereegranskat)abstract
- Privacy-invasive software, loosely labeled spyware, is an increasingly common problem for today’s computer users, one to which there is no absolute cure. Most of the privacy-invasive software are positioned in a legal gray zone, as the user accepts the malicious behaviour when agreeing to the End User License Agreement. This paper proposes the use of a specialized reputation system to gather and share information regarding software behaviour between community users. A client application helps guide the user at the point of executing software on the local computer, displaying other users’ feedback about the expected behaviour of the software. We discuss important aspects to consider when constructing such a system, and propose possible solutions. Based on the observations made, we implemented a client/server based proof-of-concept tool, which allowed us to demonstrate how such a system would work. We also compare this solution to other, more conventional, protection methods such as anti-virus and anti-spyware software.
|
|
| 4. |
- Boldt, Martin
(författare)
-
Privacy-Invasive Software : Exploring Effects and Countermeasures
- 2007
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- As computers are increasingly more integrated into our daily lives, we need aiding mechanisms for separating legitimate software from their unwanted counterparts. We use the term Privacy-Invasive Software (PIS) to refer to such illegitimate software, sometimes loosely labelled as spyware. In this thesis, we include an introduction to PIS, and how it differs from both legitimate and traditionally malicious software. We also present empirical measurements indicating the effects that PIS have on infected computers and networks. An important contribution of this work is a classification of PIS in which we target both the level of user consent, as well as the degree of user consequences associated with PIS. These consequences, affecting both users and their computers, form a global problem that deteriorates a vast number of users’ computer experiences today. As a way to hinder, or at least mitigate, this development we argue for more user-oriented countermeasures that focus on informing users about the behaviour and consequences associated with using a particular software. In addition to current reactive countermeasures, we also need preventive tools dealing with the threat of PIS before it enters users’ computers. Collaborative reputation systems present an interesting way forward towards such preventive and user-oriented countermeasures against PIS. Moving the software reputations from old channels (such as computer magazines or friends’ recommendations) into an instantly fast reputation system would be beneficial for the users when distinguishing unwanted software from legitimate. It is important that such a reputation system is designed to address antagonistic intentions from both individual users and groups thereof, so that users could depend on the reputations. This would allow users to reach more informed decisions by taking the reported consequences into account when deciding whether they want a specific software to enter their computer or not.
|
|
| 5. |
- Boldt, Martin, et al.
(författare)
-
Automated Spyware Detection Using End User License Agreements
- 2008
-
Konferensbidrag (refereegranskat)abstract
- The amount of spyware increases rapidly over the Internet and it is usually hard for the average user to know if a software application hosts spyware. This paper investigates the hypothesis that it is possible to detect from the End User License Agreement (EULA) whether its associated software hosts spyware or not. We generated a data set by collecting 100 applications with EULAs and classifying each EULA as either good or bad. An experiment was conducted, in which 15 popular default-configured mining algorithms were applied on the data set. The results show that 13 algorithms are significantly better than random guessing, thus we conclude that the hypothesis can be accepted. Moreover, 2 algorithms also perform significantly better than the current state-of-the-art EULA analysis method. Based on these results, we present a novel tool that can be used to prevent the installation of spyware.
|
|
