Center Project Reports

A Study of Web Privacy Policies Across Industries, R. Nokhbeh Zaeem and K. Suzanne Barber, Journal of Information Privacy and Security 13(4), pp. 169--185, Nov. 2017.

Abstract
Show Abstract

Today, more than ever, companies collect their customers’ Personally Identifiable Information (PII) over the Internet. The alarming rate of PII misuse drives the need for improving companies’ privacy practices. We thoroughly study privacy policies of 600 companies (10% of all listings on NYSE, Nasdaq, and AMEX stock markets) across industries and investigate ten different privacy pertinent factors in them. The study reveals interesting trends: for example, more than 30% of the companies still lack privacy policies, and the rest tend to collect users’ information but claim to use it only for the intended purpose. Furthermore, almost one out of every two companies provides the collected information to law
enforcement without asking for a warrant or subpoena. We found that the majority of the companies do not collect children’s PII, one out of every three companies let users correct their PII but do not allow complete deletion, and the majority post new policies online and expect the user to check the privacy policy frequently. The findings of this study can help companies improve their privacy policies, enable lawmakers to create better regulations and evaluate their effectiveness, and finally educate users with respect to the current state of privacy practices in an industry.

CITATION
Nokhbeh Zaeem, R. and K. Suzanne Barber, “A Study of Web Privacy Policies Across Industries,” Journal of Information Privacy and Security 13(4), pp. 169--185, Nov. 2017.

Tournament Models for Authority Identification in Online Communities
S. Budalakoti, R. Nokhbeh Zaeem, and K. Suzanne Barber, International Journal of Computer and Information Technology (IJCIT) (ISSN: 2279 – 0764) 6 (2), pp. 75--83, 2017.

Abstract
Show Abstract

Authority identification is an important problem in online information sharing communities such as question answer (Q&A) forums and online social networks (OSNs), where users
care as much about the quality of information being accessed, as its alignment with their interests. This paper investigates a tournament model based approachto authority identification, where interactions between users are modeled as generated by a Bradley-Terry model. We derive a new measure of user authority, the average winnings score, for authority identification in Q&A forums, and evaluate it on data derived from the Stack Exchange Q&A forum. We also show how the log fair bets measure, which has been successfully used for authority identification in OSNs in the past, can be derived from tournament models. We also prove some key results related to a co-ranking framework, for combining information from multiple preference expression graphs based on the same OSN. We then demonstrate the empirical effectiveness of tournament model based approaches, in conjunction with the co-ranking framework.

CITATION
Budalakoti, S., R. Nokhbeh Zaeem, and K.S. Barber, “Tournament Models for Authority Identification in Online Communities,” International Journal of Computer and Information Technology (IJCIT) (ISSN: 2279 – 0764) 6 (2), pp. 75--83, 2017.

Modeling and Analysis of Identity Threat Behaviors through Text Mining of Identity Theft Stories
R. Nokhbeh Zaeem, M. Manoharan, M., Y. Yang, and K. Suzanne Barber, Journal of Computers and Security Vol. 65 pp. 50-63, 2017.  

Abstract
Show Abstract

Identity theft, fraud, and abuse are problems affecting the entire society. Identity theft is often a “gateway” crime, as criminals use stolen or fraudulent identities to steal money, claim eligibility for services, hack into networks without authorization, and so on. The available data describing identity crimes and their aftermath are often in the form of recorded stories and reports by the news press, fraud examiners, and law enforcement. All of these sources are unstructured. In order to analyze identity theft data, this research proposes an approach which involves the novel collection of online news stories and reports on the topic of identity theft. Our approach pre-processes the raw text and extracts semi-structured information automatically, using text mining techniques. This paper presents statistical analysis of behavioral patterns and resources used by thieves and fraudsters to commit identity theft, including the identity attributes commonly linked to identity crimes, resources thieves employ to conduct identity crimes, and temporal patterns of criminal behavior. Furthermore, the automatically extracted information is validated against manually investigated news stories. Analyses of these results increase empirical understanding of identity threat behaviors, offer early warning signs of identity theft, and thwart future identity theft crimes.

CITATION:
Nokhbeh Zaeem, R., M. Manoharan, M., Y. Yang, and K. Suzanne Barber, “Modeling and Analysis of Identity Threat Behaviors through Text Mining of Identity Theft Stories,” Journal of Computers and Security Vol. 65 pp. 50-63, 2017.  

2017 ITAP Report, J. Zaiss, R. Nohkbeh Zaeem, R. Anderson, K. Suzanne Barber, UT CID Report #17-06, March, 2017

Abstract
Show Abstract

As identity theft, fraud, and abuse continue to grow in terms of both scope and impact, individuals and organizations alike demand a deeper understanding of their vulnerabilities, risks, and resulting consequences. The Identity Threat Assessment and Prediction (ITAP) model provides unique, research-based insights into the habits and methods of identity threats, and to the various factors associated with higher levels of risk for PII compromise and abuse. ITAP uncovers the identity attributes most vulnerable to theft, assesses their importance, and determines the personally identifiable information (PII) most frequently targeted by thieves and fraudsters. The analytical repository of ITAP offers unique insights into people, organizations, and devices across multiple domains, including financial services, consumer services, healthcare, education, defense, energy, and government. ITAP characterizes the current identity threat landscape and aims to predict future identity threats. Using a wealth of data and analytics, the ITAP delivers some concrete guidance for consumers, businesses, and government agencies on how to avoid or lessen the impact of identity theft, fraud, and abuse. Ultimately, ITAP delivers actionable knowledge grounded in analyses of past threats and countermeasures, current threats and solutions, and evidence-driven forecasts.

Access Publication: Download PDF of Report

Understanding victim-enabled identity theft, D. Lacey, J. Zaiss and K. S. Barber, 14th Annual Conference on Privacy, Security and Trust (PST), Auckland, 2016, pp. 196-202.

Abstract
Show Abstract

Victim-enabled identity theft is a crime in which an individual victim is deceived into providing their personally identifying information (PII) to a criminal to facilitate its theft and/or misuse. In this paper we analyze a particular victim-enabled tax-related identity theft scheme recently reported in Australia, which has also been reported, in a slightly different guise, in the US. We find that this scheme, and others like it, are best understood when studied from both the perpetrator’s and the victim’s points of view. The criminal perspective and business practices have been captured and analysed in the Identity Threat Assessment and Prediction (ITAP) model developed by the Center for Identity at The University of Texas (UT CID). The victim perspective has been captured from multiple victim case files captured by IDCARE. The research findings support the view that combining perspectives enhances the analytical value of a threat assessment and prediction model. The multi-actor nature of victim-enabled identity theft complements the methodological approach adopted in the paper, and provides new insights on a growing form of identity theft.

CITATION
D. Lacey, J. Zaiss and K. S. Barber, "Understanding victim-enabled identity theft," 2016 14th Annual Conference on Privacy, Security and Trust (PST), Auckland, 2016, pp. 196-202.

Towards a Metric for Confidence in Identity, B. A. Soeder, and , K. Suzanne Barber, Proceedings of the 6th International Conference on Agents and Artificial Intelligence (ICAART), Vol. 2, pp. 201-208. 2014

Abstract
Show Abstract

Determining Identity of a person or system can be a difficult task given the size and complexity of the space. Automated agents can assist Identity providers in their efforts to verify a user’s identity before issuing a “credential” (e.g. username, email, ID#, etc.) required to participate in the given network. This paper describes an algorithm designed to contribute additional confidence to an Identity used in distributed interactions. Despite currently available best efforts to guarantee the veracity of these credentials, there are still gaps exemplified in use of identities for compromise. This is a critical problem to distributed online interactions. By defining an approach to gain confidence in the Identity of each user in the network, the entire large-scale network can be made more secure.

Link to publication

CITATION:
Soeder, B. A., and Barber, K. S., Proceedings of the 6th International Conference on Agents and Artificial Intelligence (ICAART), Vol. 2, pp. 201-208. 2014.

Supporting Identity Risk Identification and Analysis Through News Story Text Mining, R. Golden and K. Suzanne Barber, International Journal of Computer and Information Technology (IJCIT), Vol. 3(5), pp. 850-859, 2014.

Abstract
Show Abstract

Individuals, organizations, and devices are now interconnected to an unprecedented degree, forcing identity risk analysts to redefine “identity” in such contexts and explore new techniques for analyzing expanding threat contexts. Major hurdles to modeling in this field include a lack of publicly available data due to privacy and safety concerns, as well as the unstructured nature of incident reports. Thus, this report uses news story text mining to develop a new system for strengthening identity risk models. The NewsFerret system collects and analyzes stories about identity theft, establishes semantic relatedness measures between identity concept pairs, and supports analysis of those measures with reports, visualizations, and relevant news stories. Risk analysts can utilize the resulting analytical models to define and validate identity risk models.

Link to publication

CITATION:
Golden, R. and K.S. Barber, International Journal of Computer and Information Technology (IJCIT), Vol. 3(5), pp. 850-859, 2014.

Incentives for Online Communities,  D. DeAngelis, and K.S. Barber, International Journal of Computer and Information Technology (IJCIT), vol. 3(6), pp. 1229-1240, 2014.

Abstract
Show Abstract

Online communities promote wide access to a vast range of skills and knowledge from a heterogeneous group of users. Yet implementations of various online communities lack consistent participation by the most qualified users. Encouraging such expert participation is crucial to the social welfare and widespread adoption of online community systems. Thus, this research proposes techniques for rewarding the most valuable contributors to several classes of online communities, including question and answer (QA) forums and other content-oriented social networks. Overall, novel quantitative incentives can be used to encourage their participation. Using a game theory approach, this research designs and tests an incentive mechanism for QA systems. Based on survey data gathered from online community users, the proposed mechanism relies on systemic rewards, or rewards that have tangible value within the framework of the online community. This research shows that human users have a strong preference for reciprocal systemic rewards over traditional rewards. Furthermore, this research shows that it is possible to motivate participation from the most valuable contributors to an online community.

Link to publication

CITATION:
DeAngelis, D. and K.S. Barber, International Journal of Computer and Information Technology (IJCIT), vol. 3(6), pp. 1229-1240, 2014.

Trustworthiness of identity attributes, B. Soeder, & Barber, K. Suzanne Barber, Proceedings of the 7th International Conference on Security of Information and Networks, (SIN 2014), vol. 2014-September, pp. 4-8, 2014.

Abstract
Show Abstract

Individuals declare their identities to online network providers with credentials such as usernames, passwords, and email addresses. To obtain these credentials from providers, users enroll by providing identity attributes, or collections of personal identifiable information (PII), such as phone numbers. Credentials vary in trustworthiness, and thus, so do identities. In search of better methods for increasing trustworthiness, we present a computational model of identity attributes described as an Identity Ecosystem to determine which are most vulnerable to malicious users. Using existing data from the U.S. Army and Department of Defense, wecmodel relationships between attributes as transition probabilities and analyze the long-run probability of all connected attributes being affected by one compromised attribute. This approach allows the provider to determine how best to weight relationships between attributes and thereby become more secure. Copyright is held by the owner/author(s). Publication rights licensed to ACM.

Link to publication

CITATION:
Soeder, B., & Barber, K. S. . Trustworthiness of identity attributes. In Proceedings of the 7th International Conference on Security of Information and Networks, (SIN 2014), vol. 2014-September, pp. 4-8, 2014.

Systematic Reciprocal Rewards: Motivating Expert Participation in Online Communities with a Novel Class of Incentives, D. DeAngelis, and K.Suzanne Barber, International Journal of Agent Technologies and Systems (IJATS), Vol. 6(2), pp. 30-50, 2014

Abstract
Show Abstract

Online communities such as question and answer (QA) systems are growing rapidly and we increasingly rely on them for valuable information and entertainment. However, finding meaningful rewards to motivate participation from the most qualified users, or experts, presents researchers with two main challenges: identifying these users and (2) rewarding their participation. Using an interdisciplinary theoretical framework, we illustrate possibilities for identifying and motivating the most valuable contributors to online communities. We suggest that access to peer-generated content can directly motivate people to apply their own expertise, thereby generating more content. Survey data from 380 participants suggests that users strongly prefer a novel class of incentives—reciprocal systemic rewards—to traditional achievement-based rewards. Overall, this research presents important considerations for many different types of online communities, including social networking and news aggregation sites.

CITATION:
DeAngelis, D. and K.S. Barber, “Systematic Reciprocal Rewards: Motivating Expert Participation in Online Communities with a Novel Class of Incentives,” International Journal of Agent Technologies and Systems (IJATS), Vol. 6(2), pp. 30-50, 2014

Get Center for Identity Updates