MLSEC 8 Flashcards
Privacy
Control and protection of personal information
Privacy Protection
Data minimization
Data protection
Anonymity
Anonymity ensures that a user may use a resource or service without disclosing the user’s identity
Pseudonymity
Pseudonymity ensures that a user may use a resource or service without disclosing its user identity, but can still be accountable for that use
Privacy-Enhancing Technologies (PETs)
Anonymity services
Digital currencies
Data reduction
Attacking Privacy with Machine Learning
De-pseudonymization
= Linking of pseudonyms with identities or pseudonyms
De-anonymization
= Identification of parties in anonymous communication
Onion Routing
Routing of message through chain of relays
Tor Network
Onion routing with random routes through network
Weak point Tor Network
entry and exit of network
Website Fingerprinting
Identification of visited websites at entry nodes
timing, direction, and size of packets
One-vs-all Multi-class classification
discrimination of one class from all other
n classes → n classifiers
all-vs-all Multi-class classification
discrimination of each pair of classes
n classes → n2 classifiers
Defense strategies for anonymization
Padding of packet payloads to fixed sizes
Randomized retrieval of web objects by browser
Injection of incoming and outgoing packets
Threats to Pseudonymization
Linking by behavioral patterns (two-class SVM)
Linking by anomalies
(center of mass)
Code Stylometry
Study of stylistic patterns in program code