Biblio

The purpose of the General Data Protection Regulation (GDPR) is to provide improved privacy protection. If an app controls personal data from users, it needs to be compliant with GDPR. However, GDPR lists general rules rather than exact step-by-step guidelines about how to develop an app that fulfills the requirements. Therefore, there may exist GDPR compliance violations in existing apps, which would pose severe privacy threats to app users. In this paper, we take mobile health applications (mHealth apps) as a peephole to examine the status quo of GDPR compliance in Android apps. We first propose an automated system, named HPDROID, to bridge the semantic gap between the general rules of GDPR and the app implementations by identifying the data practices declared in the app privacy policy and the data relevant behaviors in the app code. Then, based on HPDROID, we detect three kinds of GDPR compliance violations, including the incompleteness of privacy policy, the inconsistency of data collections, and the insecurity of data transmission. We perform an empirical evaluation of 796 mHealth apps. The results reveal that 189 (23.7%) of them do not provide complete privacy policies. Moreover, 59 apps collect sensitive data through different measures, but 46 (77.9%) of them contain at least one inconsistent collection behavior. Even worse, among the 59 apps, only 8 apps try to ensure the transmission security of collected data. However, all of them contain at least one encryption or SSL misuse. Our work exposes severe privacy issues to raise awareness of privacy protection for app users and developers.

The behavior of modern power systems is becoming more stochastic and dynamic, due to the increased penetration of variable generation, demand response, new power market structure, extreme weather conditions, contingencies, and unexpected events. It is critically important to predict potential system operational issues so that grid planners and operators can take preventive actions to mitigate the impact, e.g., lack of operational reserves. In this paper, an innovative software tool is presented to assist power grid operators in a balancing authority in predicting the grid stress level over the next operating day. It periodically collects necessary information from public domain such as weather forecasts, electricity demand, and automatically estimates the stress levels on a daily basis. Advanced Neural Network and regression tree algorithms are developed as the prediction engines to achieve this goal. The tool has been tested on a few key balancing authorities and successfully predicted the growing system peak load and increased stress levels under extreme heat waves.

With the rapid development of the smart grid, a large number of intelligent sensors and meters have been introduced in distribution network, which will inevitably increase the integration of physical networks and cyber networks, and bring potential security threats to the operating system. In this paper, the functions of the information system on distribution network are described when cyber attacks appear at the intelligent electronic devices (lED) or at the distribution main station. The effect analysis of the distribution network under normal operating condition or in the fault recovery process is carried out, and the reliability assessment model of the distribution network considering cyber attacks is constructed. Finally, the IEEE-33-bus distribution system is taken as a test system to presented the evaluation process based on the proposed model.

The analysis of multiple Android malware families indicates malware instances within a common malware family always have similar call graph structures. Based on the isomorphism of sensitive API call graph, we propose a method which is used to construct malware family features via combining static analysis approach with graph similarity metric. The experiment is performed on a malware dataset which contains 1326 malware samples from 16 different malware families. The result shows that the method can differentiate distinct malware family features and divide suspect malware samples into corresponding families with a high accuracy of 96.77% overall and even defend a certain extent of obfuscation.

With the repaid growth of social tagging users, it becomes very important for social tagging systems how the required resources are recommended to users rapidly and accurately. Firstly, the architecture of an agent-based intelligent social tagging system is constructed using agent technology. Secondly, the design and implementation of user interest mining, personalized recommendation and common preference group recommendation are presented. Finally, a self-adaptive recommendation strategy for social tagging and its implementation are proposed based on the analysis to the shortcoming of the personalized recommendation strategy and the common preference group recommendation strategy. The self-adaptive recommendation strategy achieves equilibrium selection between efficiency and accuracy, so that it solves the contradiction between efficiency and accuracy in the personalized recommendation model and the common preference recommendation model.