Social activity indicators for groupware

Suppose you're a member of a few development teams, working with people who are geographically dispersed. You're using distributed groupware to work with your team mates. How do you decide when to work on a project and when to ignore requests to work on a project, when there are enough users on the groupware system to bother using it, who is available to answer a question, and which applications should get the most real estate on your screen? To help answer these questions, distributed groupware systems must indicate something about the social world they represent-who is on the system and what they are doing. User interfaces for groupware (or computer supported cooperative work (CSCW) applications) must therefore convey social information. It's energizing to know, for example, that your team mates are busy working away on a project. And it's nice to know when your friends or colleagues are available on a chat system. You might not need to know the semantics of the messages or documents involved, just that some activity is occurring. This is true for systems used by work groups as well as those used by an organization or a community of users. We think such social indicators should be a standard part of the CSCW user interface. On the basis of social psychology theory, we believe that a class of social indicator, which we call social activity indicators, is a simple, powerful way to improve user-interface functionality. Furthermore, social activity indicators are easy to build     

DOBNet: exploiting the discourse of deception behaviour to uncover online deception strategies

Online deception is fuelled by the escalated penetration of the Internet and social media. As the threat of online deception increases, understanding deception behaviour and underlying strategies is having a greater social impact. The verbal behaviour of online deception has recently been extended to the discourse level; nevertheless, discourse behaviours have been examined in isolation without referring to other behaviours in the discourse. By conceptualising the discourse of online behaviour as a social network (DOBNet), this research investigates possible impacts of deception intent on the central structures of DOBNet at three different levels: the discourse behaviour, subnetwork, and whole network. The empirical results of discourse network analysis and statistical tests provide partial support for each of the hypothesised effects. The findings not only demonstrate the efficacy of discourse in distinguishing deceivers from truth-tellers but also extend deception theories by confirming deception strategies from the perspective of discourse network and by uncovering unique characteristics of online deception strategies.     

Social media and credibility indicators: The effect of influence cues

Guided by the MAIN model, this study examines how individuals evaluate the source credibility of tweets and retweets based on non-content attributes. Three types of heuristics were examined, including authority, identity, and bandwagon cues. Findings suggest that all three heuristics impacted source credibility perceptions to some extent. Authority cues most strongly influenced source credibility perceptions, and cue-cumulative effects were demonstrated in which different heuristics triggered by different agency cues increased perceptions of credibility. Moreover, the presence of retweets reduced perceptions of source credibility compared to conditions with no retweets.     

Cultural determinants of media choice for deception

In today’s business environment, deception is commonplace ( and ). Historically, individuals were limited in their media options, however recent technological advances have given individuals more ways in which to communicate and deceive. The use of these new media change the communication dynamic substantially. Previous studies have found that deception detection differs across media, as media vary in their ability to transmit cues, convey emotion and reversibility, among others. Researchers are beginning to understand the dynamics between media characteristics, individual characteristics and media choice in a deceptive communication context.     

Holder functions and deception of genetic algorithms

We present a deception analysis for Holder functions. Our approach uses a decomposition on the Haar basis, which reflects in a natural way the Holder structure of the function. This allows the relation of the deception, the Holder exponent, and some parameters of the genetic algorithms (GAs). These results prove that deception is connected to the irregularity of the fitness function and shed a new light on the schema theory. In addition, this analysis may assist in understanding the influence of some of the parameters on the performance of a GA     

网络欺骗和嗅探技术研究

网络欺骗能够显著地增加攻击者的工作量、攻击复杂度以及不确定性,从而使攻击者不知道其进攻是否奏效或成功,而且它允许防护者跟踪攻击者的行为,在攻击者之前修补系统可能存在的安全漏洞。本文主要探讨网络欺骗和嗅探技术。     

The Potemkin village and the art of deception

Potemkin village is "something that appears elaborate and impressive but in actual fact lacks substance". The software analogies for the Potemkin village are ripe for exploration. Software antipatterns address problem-solution pairs in which the typical solution is more harmful than the problem it solves. In essence, an antipattern presents an identifiable problem, the accompanying harmful effects of the typical solution, and a more appropriate solution called a refactoring. In this sense, the software version of a Potemkin village is an antipattern: Problem: deliver software with an impressive interface quickly. Solution: employ a ready-made architecture that provides an impressive interface quickly; spend as little time as possible on the back-end processing. Refactoring: do it right the first time. The author doesn't want to make the case too strongly that the building of Potemkin villages is a deliberate strategy of fraud that companies perpetrate. Is a weak piece of software covered by an elaborate GUI a deliberate fraud or simply poor design? You must assume the latter in the absence of proof. When faced with a Potemkin village or an emperor's new clothes situation, you must expose it immediately. Doing so is not easy when a high-quality GUI masks the shortcomings. You can, however, detect the situation through design reviews, and code inspections, reviews, or walkthroughs. Therefore, managers who oversee software projects (and customers who buy software) should require these reviews. Testing can sometimes uncover the situation, but it might be too late at this point. Test-driven design, on the other hand, can help avoid a Potemkin village.     

一种面向指纹探测欺骗的智能博弈对抗机制

指纹探测作为网络侦察的重要组成部分,是攻击者成功实施网络攻击的先决条件。针对攻防双方在指纹探测过程中的博弈对抗特征,设计了一种新型对抗攻击者指纹探测的欺骗机制,并通过建立不完全信息动态博弈模型有效刻画指纹探测欺骗过程,在此基础上讨论了欺骗指纹生成的基本方法。针对扩展指纹库规模导致的解空间爆炸问题,提出了一种基于遗传算法思想的智能指纹混淆算法,即两阶段最优策略选取算法（two-stage optimal strategy selection algorithm,TSOSA）,并建立了仿真实验环境。结果表明,与传统的贪婪算法相比,TSOSA更加有效地隐藏了网络资产的真实指纹特征,降低了攻击者的成功探测概率,进而增强了网络的安全防护能力。     

基于诱捕的软件异常检测综述

高级持续威胁（APT,advanced persistent threats）会使用漏洞实现攻击代码的自动加载和攻击行为的隐藏,并通过复用代码攻击绕过堆栈的不可执行限制,这是网络安全的重要威胁。传统的控制流完整性和地址随机化技术虽然有效抑制了APT的步伐,但软件的复杂性和攻击演化使软件仍存在被攻击的时间窗口。为此,以资源为诱饵的诱捕防御是确保网络安全的必要补充。诱捕机制包含诱饵设计和攻击检测两部分,通过感知与诱饵的交互行为,推断可能的未授权访问或者恶意攻击。针对文件、数据、代码3种诱饵类型,设计诱饵的自动构造方案并进行部署,从真实性、可检测性、诱惑性等方面对诱饵的有效程度进行度量。基于诱捕防御的勒索软件检测注重诱饵文件的部署位置,在漏洞检测领域,通过注入诱饵代码来检测代码复用攻击。介绍了在APT攻击各个阶段实施诱捕防御的相关研究工作,从诱饵类型、诱饵生成、诱饵部署、诱饵度量方面刻画了诱捕防御的机理;同时,剖析了诱捕防御在勒索软件检测、漏洞检测、Web安全方面的应用。针对现有的勒索软件检测研究在诱饵文件设计与部署方面的不足,提出了用于检测勒索软件的诱饵动态更新方法。讨论了诱捕防御面临的挑...     

Automatic deception detection in Italian court cases

Effective methods for evaluating the reliability of statements issued by witnesses and defendants in hearings would be an extremely valuable support to decision-making in court and other legal settings. In recent years, methods relying on stylometric techniques have proven most successful for this task; but few such methods have been tested with language collected in real-life situations of high-stakes deception, and therefore their usefulness outside lab conditions still has to be properly assessed. In this study we report the results obtained by using stylometric techniques to identify deceptive statements in a corpus of hearings collected in Italian courts. The defendants at these hearings were condemned for calumny or false testimony, so the falsity of (some of) their statements is fairly certain. In our experiments we replicated the methods used in previous studies but never before applied to high-stakes data, and tested new methods. We also considered the effect of a number of variables including in particular the homogeneity of the dataset. Our results suggest that accuracy at deception detection clearly above chance level can be obtained with real-life data as well.     

Information, decision-making and deception in games

Modeling deception in a real-world conflict situation is usually difficult. For a better understanding, we study deception through a fundamental relationship between information and decision-making. Under a probabilistic framework, we consider a zero-sum game with an asymmetrical structure, where player 1 receives additional information and player 2 has the potential to inject deception. We derive accuracy conditions on the information obtained by player 1, which can lead to a better decision. The feasibility of deception is further explored, which is conditioned on the quality of deceptive signals generated by player 2. We classify deception into passive and active deception.     

The positivity bias and prosocial deception on facebook

Can the positivity bias, observed across various Social Network Sites (SNSs), predict the use of prosocial lies in a SNS such as Facebook? The positivity bias may be a product of politeness norms (i.e., positive face concern) that have influenced communication phenomena before these sites existed. In addition, positive face concern may also be affected by unconscious cues or primes that promote prosocial behavior on Facebook. We conducted an online experiment using current Facebook users to examine how positive face concern and surveillance primes affect prosocial lying in public and private Facebook contexts. Although positive face concern and publicness predicted the use of prosocial lying, positive face concern was not affected by the publicness and surveillance primes did not affect positive face concern or the use of prosocial lies in our study. This hints towards the nuance of positive face concern and the potential limitations of surveillance primes on prosocial lying behavior.     

基于网络欺骗的操作系统抗识别模型

针对传统主机操作系统抗识别技术整体防御能力不足的问题,提出一种基于网络欺骗的操作系统抗识别模型(NDAF)。首先,介绍模型的基本工作原理,由网络内的欺骗服务器制定欺骗指纹模板,各主机根据欺骗模板动态改变自己的协议栈指纹特征,实现对攻击者操作系统识别过程的欺骗;其次,给出一种信任管理机制,依据威胁大小不同,有选择地对外部主机开展欺骗。实验测试表明,NDAF会给其网络通信带来一定的影响,但所产生的额外开销相对稳定,约为11%~15%,与典型的操作系统抗识别工具OSfuscate和IPmorph相比,NDAF操作系统抗识别能力较强。所提模型通过网络的一体化、欺骗性防御,能够有效提高目标网络防御水平。     

欺骗攻击下弹性自触发模型预测控制

针对在欺骗攻击下自触发模型预测控制系统的安全控制问题, 本文提出一种基于关键数据保护的弹性自 触发模型预测控制(MPC)策略. 对比现有的自触发MPC, 该方法仅需对少量关键控制样本进行保护, 则可保证闭环 系统稳定运行, 从而有效节省系统资源. 首先, 基于自触发MPC和欺骗攻击的特征推导标称系统与被攻击系统状态之间的误差上界, 从而定量分析出欺骗攻击对系统的损害. 然后, 通过所获得误差上界和李雅普诺夫定理建立关键数据的选取条件并对其实施保护. 最后, 严格证明了在仅对关键控制样本实施保护后, 被控系统仍可在欺骗攻击下保持稳定. 此外, 基于移动机器人和弹簧小车系统对所提算法进行了仿真实验, 结果表明所提算法能够显著节省保护资源, 验证了算法的有效性