• Journal of the Korea Society of Computer and Information
• /
• v.26 no.4
• /
• pp.1-9
• /
• 2021

In this paper, we propose a training algorithm of support vector machine (SVM) with a sensitive variable. Although machine learning models enable automatic decision making in the real world applications, regulations prohibit sensitive information from being used to protect privacy. In particular, the privacy protection of the legally protected attributes such as race, gender, and disability is compulsory. We present an efficient least square SVM (LSSVM) training algorithm using a fully homomorphic encryption (FHE) to protect a partial sensitive attribute. Our framework posits that data owner has both non-sensitive attributes and a sensitive attribute while machine learning service provider (MLSP) can get non-sensitive attributes and an encrypted sensitive attribute. As a result, data owner can obtain the encrypted model parameters without exposing their sensitive information to MLSP. In the inference phase, both non-sensitive attributes and a sensitive attribute are encrypted, and all computations should be conducted on encrypted domain. Through the experiments on real data, we identify that our proposed method enables to implement privacy-preserving sensitive LSSVM with FHE that has comparable performance with the original LSSVM algorithm. In addition, we demonstrate that the efficient sensitive LSSVM with FHE significantly improves the computational cost with a small degradation of performance.

• Journal of Internet Computing and Services
• /
• v.14 no.5
• /
• pp.101-117
• /
• 2013

As the number of online game user has been rapidly increased thanks to the recent vitalization of online contents market, not only new business opportunity but also the opportunity to create high profits have been provided as well. However, the increase of the number of online game user and the rapid expansion of the market evoke a cutthroat completion among online game service providers, and also high barriers to entry to online game market have been erected. Thus, what kinds of efforts need for the business success and sales increase in online game market? In lots of researches regarding online contents business, the deepening of loyalty was considered as a critical factor for the business success. According to the study on user's behavior in online environment, users would experience the Flow while using online service, and then, if they were in state of the Flow, they would use the service constantly. High customer loyalty to online game means high will to use the online game too. The purpose of this research was i) to examine what factors enable users to be naturally immersed in online game while playing it, ii) to examine what properties of online game can make game more interesting and exciting, iii) to verify that such factors are critical in deepening customer loyalty, and iv) to suggest some essential factors to be fun and exciting games, on where the focus should be put, and the directionality for the development for sales expansion of online game developer or online game service provider. The research results are as below: First, the involvement and the perceived quality which were characteristics of brand appeared to be factors most affecting Flow. This shows that once game user get interested in online game that user has played frequently, even though new games are released, user will continuously flow the game not moving to new games, and also shows that users not only get more interested but also put more trust in games in the site to where users are frequently going than games in other sites, and consequently user can increasingly flow the game. Second, the compensation and graphics which are the characteristics of contents appeared to be factors affecting Flow. Proper compensation which is given to game users triggers fun and interests in game and makes them flow more and more. And graphics make users to feel game space as if real space and let them flow in game with more reality. Third, challenges, support, and the stability which are technical characteristics appeared to be factors affecting Flow. Challenges enable users to not only experience new virtual world but also solve various difficulties and obstacles. Once users feel fun and interests through this challenge, they can naturally flow games. In addition, the stability of network provides reliability in security and hacking. By doing so, it can induce users to flow more and more. Lastly, when aforementioned characteristics including contents characteristics, technical characteristics, and brand characteristics are organically combined each other, game users feel fun and total minutes are naturally increased, so that game users experience Flow, and consequently the customer loyalty will be deepened as well.

• Journal of Internet Computing and Services
• /
• v.15 no.3
• /
• pp.79-90
• /
• 2014

User authentication based on ID and PW has been widely used. As the Internet has become a growing part of people' lives, input times of ID/PW have been increased for a variety of services. People have already learned enough to perform the authentication procedure and have entered ID/PW while ones are unconscious. This is referred to as the adaptive unconscious, a set of mental processes incoming information and producing judgements and behaviors without our conscious awareness and within a second. Most people have joined up for various websites with a small number of IDs/PWs, because they relied on their memory for managing IDs/PWs. Human memory decays with the passing of time and knowledges in human memory tend to interfere with each other. For that reason, there is the potential for people to enter an invalid ID/PW. Therefore, these characteristics above mentioned regarding of user authentication with ID/PW can lead to human vulnerabilities: people use a few PWs for various websites, manage IDs/PWs depending on their memory, and enter ID/PW unconsciously. Based on the vulnerability of human factors, a variety of information leakage attacks such as phishing and pharming attacks have been increasing exponentially. In the past, information leakage attacks exploited vulnerabilities of hardware, operating system, software and so on. However, most of current attacks tend to exploit the vulnerabilities of the human factors. These attacks based on the vulnerability of the human factor are called social-engineering attacks. Recently, malicious social-engineering technique such as phishing and pharming attacks is one of the biggest security problems. Phishing is an attack of attempting to obtain valuable information such as ID/PW and pharming is an attack intended to steal personal data by redirecting a website's traffic to a fraudulent copy of a legitimate website. Screens of fraudulent copies used for both phishing and pharming attacks are almost identical to those of legitimate websites, and even the pharming can include the deceptive URL address. Therefore, without the supports of prevention and detection techniques such as vaccines and reputation system, it is difficult for users to determine intuitively whether the site is the phishing and pharming sites or legitimate site. The previous researches in terms of phishing and pharming attacks have mainly studied on technical solutions. In this paper, we focus on human behaviour when users are confronted by phishing and pharming attacks without knowing them. We conducted an attack experiment in order to find out how many IDs/PWs are leaked from pharming and phishing attack. We firstly configured the experimental settings in the same condition of phishing and pharming attacks and build a phishing site for the experiment. We then recruited 64 voluntary participants and asked them to log in our experimental site. For each participant, we conducted a questionnaire survey with regard to the experiment. Through the attack experiment and survey, we observed whether their password are leaked out when logging in the experimental phishing site, and how many different passwords are leaked among the total number of passwords of each participant. Consequently, we found out that most participants unconsciously logged in the site and the ID/PW management dependent on human memory caused the leakage of multiple passwords. The user should actively utilize repudiation systems and the service provider with online site should support prevention techniques that the user can intuitively determined whether the site is phishing.