Data Flows Research Articles

Feature Engineering for a MIL-STD-1553B LSTM Autoencoder Anomaly Detector

The MIL-STD-1553B data bus protocol is used in both civilian and military aircraft to enable communications between subsystems. These interconnected subsystems are responsible for core services such as communications, flow of instrument data and aircraft control. With aircraft modernization, threat vectors are introduced through increased inter-connectivity internal and external to the aircraft. The resulting potential for exploitation introduces a requirement for an intrusion detection capability in order to maintain the integrity, availability and reliability of data transmitted using the MIL-STD-1553B protocol, safety of the aircraft and overall, to achieve mission assurance. Research in recent years has investigated signature, statistical and machine learning based solutions to detect attacks on MIL-STD-1553B buses. Of the different techniques, those based on machine learning have shown extremely good results. The aim of this research is to improve the performance of an existing Long Short-Term Memory Auto-Encoder by refining the feature engineering phase of its pipeline. The improvement in the detector’s overall effectiveness was accomplished through feature engineering focused on feature generation and selection. Five different attack datasets were used as the starting point, consisting of four different denial of service attacks and one data integrity attack. From initial feature extraction of 155 features, two feature generation techniques were employed to create over 38,000 features as a starting point. Using five different MIL-STD-1553B datasets and three feature selection techniques, fifteen different Long Short-Term Memory Auto-Encoder models were created, trained and evaluated using common performance metrics and compared to those of the original anomaly detector. This research demonstrated marked performance improvement achieved by the feature engineering refinements made in comparison to those of the original model. Equally important, this research also showed a significant reduction in the number of features required to achieve this performance gain. In the context of miliary air operations, the ability to improve detection capabilities with less data is important to the technical solutions that contribute to the achievement of cyber mission assurance.

Iran’s digital authoritarianism as the Blueprint for National Sovereignty

As the technological landscape undergoes continuous transformation, nations are seizing the combination of technology, governance, and sovereignty in their strategies. Following the Arab Spring, a movement primarily focused on overthrowing oppressive regimes in the Middle East, Iran took a distinctive turn by establishing a digital authoritarian model. Fueled by concerns stemming from democratic reforms worldwide - especially those facilitated by the Internet and social media, which have played a pivotal role in the collection and dissemination of information - the Iranian government perceived a potential threat to its national security and sovereignty as well as its political survival. In response to the above, Tehran implemented a range of strategies and measures in Internet governance, which represent a form of oppressive control. To regulate the Internet and control the flow of data, Iran established the National Information Network, known as the ‘Halal Internet’. This effort aims to safeguard national sovereignty through persistent control, shield political ideology, and promote a particular religious behavior within cyberspace. These developments have a noteworthy impact on individual rights, liberties, and privacy. This paper aims to explore the methods through which Iran exercises digital authoritarianism.

TrustHealth: Enhancing eHealth Security with Blockchain and Trusted Execution Environments

The rapid growth of electronic health (eHealth) systems has led to serious security and privacy challenges, highlighting the critical importance of protecting sensitive healthcare data. Although researchers have employed blockchain to tackle data management and sharing within eHealth systems, substantial privacy concerns persist as a primary challenge. In this paper, we introduce TrustHealth, a secure data sharing system that leverages trusted execution environment (TEE) and blockchain technology. TrustHealth leverages blockchain to design smart contracts to offer robust hashing protection for patients’ healthcare data. We provide a secure execution environment for SQLCipher, isolating all sensitive operations of healthcare data from the untrusted environment to ensure the confidentiality and integrity of the data. Additionally, we design a TEE-empowered session key generation protocol that enables secure authentication and key sharing for both parties involved in data sharing. Finally, we implement TrustHealth using Hyperledger Fabric and ARM TrustZone. Through security and performance evaluation, TrustHealth is shown to securely process massive encrypted data flows at a rate of 5000 records per second, affirming the feasibility of our proposed scheme. We believe that TrustHealth offers valuable guidelines for the design and implementation of similar systems, providing a valuable contribution to ensuring the privacy and security of eHealth systems.

Scalable concept drift adaptation for stream data mining

Stream data mining aims to handle the continuous and ongoing generation of data flows (e.g. weather, stock and traffic data), which often encounters concept drift as time progresses. Traditional offline algorithms struggle with learning from real-time data, making online algorithms more fitting for mining the stream data with dynamic concepts. Among families of the online learning algorithms, single pass stands out for its efficiency in processing one sample point at a time, and inspecting it only once at most. Currently, there exist online algorithms tailored for single pass over the stream data by converting the problems of classification into minimum enclosing ball. However, these methods mainly focus on expanding the ball to enclose the new data. An excessively large ball might overwrite data of the new concept, creating difficulty in triggering the model updating process. This paper proposes a new online single pass framework for stream data mining, namely Scalable Concept Drift Adaptation (SCDA), and presents three distinct online methods (SCDA-I, SCDA-II and SCDA-III) based on that framework. These methods dynamically adjust the ball by expanding or contracting when new sample points arrive, thereby effectively avoiding the issue of excessively large balls. To evaluate their performance, we conduct the experiments on 7 synthetic and 5 real-world benchmark datasets and compete with the state-of-the-arts. The experiments demonstrate the applicability and flexibility of the SCDA methods in stream data mining by comparing three aspects: predictive performance, memory usage and scalability of the ball. Among them, the SCDA-III method performs best in all these aspects.

Data localization as contested and narrated security in the age of digital sovereignty: the case of Switzerland

ABSTRACT The construction and effects on national boundaries have become central topics in public and academic debates on digital sovereignty. Both state and non-state actors increasingly consider jurisdictions and traditional governing structures as means to capture and regulate digital data flows. This article delves into the intricate phenomenon of ‘data localization’, conceptualizing it as a socio-technical assemblage reflecting the evolving expectations surrounding Internet architecture and national boundaries. Interviewing the users of Threema – a Swiss secure messaging app – this study unravels data localization practices as a hybrid black box, intertwining technical changes, political discourses, socio-technical imaginaries, and shifting social norms. Drawing on the field of Science and Technology Studies, we mobilize the analytical tools of controversy and discourse to highlight data localization as a locus of political contestation in Switzerland, where imaginaries of national boundaries are often mobilized to symbolize security and reliability. The article provides three key contributions to the discourse on digital sovereignty, fragmentation, and governance. Firstly, it argues for the usefulness of Science and Technology Studies in understanding Internet governance, emphasizing the need for analyses grounded in specific socio-technical contexts. Secondly, it advocates for a social perspective on digital sovereignty, emphasizing user agency, social movements, and collective action as crucial factors shaping the governance of data flows. Lastly, the article sheds light on users resorting to state jurisdictions as a means to reinforce control over data flows, exploring the discursive mobilization of national boundaries in the digital public sphere.

SIAT: A systematic inter-component communication real-time analysis technique for detecting data leak threats on Android

This paper presents the design and implementation of a systematic Inter-Component Communications (ICCs) dynamic Analysis Technique (SIAT) for detecting privacy-sensitive data leak threats. SIAT’s specific approach involves the identification of malicious ICC patterns by actively tracing both data flows and implicit control flows within ICC processes during runtime. This is achieved by utilizing the taint tagging methodology, a technique utilized by TaintDroid. As a result, it can discover the malicious intent usage pattern and further resolve the coincidental malicious ICCs and bypass cases without incurring performance degradation. SIAT comprises two key modules: Monitor and Analyzer. The Monitor makes the first attempt to revise the taint tag approach named TaintDroid by developing the built-in intent service primitives to help Android capture the intent-related taint propagation at multi-level for malicious ICC detection. Specifically, we enable the Monitor to perform systemwide tracking of intent with five abstraction functionalities embedded in the interactive workflow of components. By analyzing the taint logs offered by the Monitor, the Analyzer can build the accurate and integrated ICC patterns adopted to identify the specific leak threat patterns with the identification algorithms and predefined rules. Meanwhile, we employ the patterns’ deflation technique to improve the efficiency of the Analyzer. We implement the SIAT with Android Open Source Project and evaluate its performance through extensive experiments on a particular dataset consisting of well-known datasets and real-world apps. The experimental results show that, compared to state-of-the-art approaches, the SIAT can achieve about 25% ∼200% accuracy improvements with 1.0 precision and 0.98 recall at negligible runtime overhead. Apart from that, the SIAT can identify two undisclosed cases of bypassing that prior technologies cannot detect and quite a few malicious ICC threats in real-world apps with lots of downloads on the Google Play market.

Pred-Pol-Pov: Visibility, Data Flows, and the Predictive Policing of Poverty

Predictive and data-driven policing systems continue to proliferate around the world, enticing police forces with promises of improvements in efficiency and the ability to offer various ways of addressing the future to pre-empt, predict, or prevent crime. As more of these systems become operationalised in England and Wales, this paper takes up Duarte’s (2021) observation that there is a lack of description as to what such systems actually are. This paper adapts a social network methodology to explore what is a data-driven policing system. Using a police force in England, UK, as a case study, we provide a visualisation of a data-driven policing system based on the data flows it requires to operate. The paper shows how a disparate network of affiliate organisations act as collators of specific data types that are then used in a range of policing applications. We make visible how data travels from its source through various nodes and the various potential points of translation that occur. We show, as others have argued before us, the data points used are proxies for poverty, making certain groups and sections of society highly visible to the digital system whilst other groups and crimes become less visible—and sometimes even hidden.

Enhancing Cybersecurity in Smart Manufacturing: A Comprehensive Approach

The industry 4.0 defines a new era of much efficient and intelligent manufacturing processes that works in integration with other advanced technologies like AI, Big data, Block chain, etc. The smart manufacturing industry has remarkably evolved due to integration of advanced technologies like cyber-physical systems (CPS), Internet of Things (IoT), digital twins that makes up a highly connected infrastructure where data flows in real time. However, the involvement of these technologies has also significantly increased the exposure of manufacturing industry to the cyber threats. This article investigates several security challenges and major threats that are associated with the manufacturing industry. It evaluates various security implementations including digital twins, machine learning, and block chain based on their effectiveness, scalability, and feasibility in terms of security. Through a comprehensive literature review, case study analysis of notable cyberattacks and qualitative exploratory methods, this study explores the best line of defence against the cyber threats. Our findings highlight the critical role of robust and adaptive multiple line of defense mechanisms in mitigating cyber risks. The research concludes by emphasizing the need for an effective security strategy that combines advanced technological solutions with continuous employee education and proactive threat management to safeguard smart manufacturing processes against evolving cyber threats.

Revealing the Unseen: AI Chain on LLMs for Predicting Implicit Data Flows to Generate Data Flow Graphs in Dynamically-Typed Code

Data flow graphs (DFGs) capture definitions (defs) and uses across program blocks, which is a fundamental program representation for program analysis, testing and maintenance. However, dynamically-typed programming languages like Python present implicit data flow issues that make it challenging to determine def-use flow information at compile time. Static analysis methods like Soot and WALA are inadequate for handling these issues, and manually enumerating comprehensive heuristic rules is impractical. Large pre-trained language models (LLMs) offer a potential solution, as they have powerful language understanding and pattern matching abilities, allowing them to predict implicit data flow by analyzing code context and relationships between variables, functions, and statements in code. We propose leveraging LLMs’ in-context learning ability to learn implicit rules and patterns from code representation and contextual information to solve implicit data flow problems. To further enhance the accuracy of LLMs, we design a five-step Chain of Thought (CoT) and break it down into an AI chain, with each step corresponding to a separate AI unit to generate accurate DFGs for Python code. Our approach’s performance is thoroughly assessed, demonstrating the effectiveness of each AI unit in the AI Chain. Compared to static analysis, our method achieves 82% higher def coverage and 58% higher use coverage in DFG generation on implicit data flow. We also prove the indispensability of each unit in the AI Chain. Overall, our approach offers a promising direction for building software engineering tools by utilizing foundation models, eliminating significant engineering and maintenance effort, but focusing on identifying problems for AI to solve.

Developing China's Approaches to Regulate Cross-border Data Transfer:Relaxation and Integration

This article illustrates the developing Chinese cross-border data flow regulation regime deriving from a holistic national security conception to its balance with personal information protection and digital economic development. Under the pressuring demand of digital economy development and an increasing appeal to global data governance, China is progressively improving and modifying its original government-led and restrictive cross-border data regulations. Subsequent practices and the publication of the Provisions on Promoting and Regulating Cross-border Data Transfer (PPR) in March 2024 deliver a clear sign of relaxation on restrictions on cross-border data flow, especially on the subject of personal information outbound transfer. Detailed comparison with data provisions in the Regional Comprehensive Economic Partnership (RCEP), the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), and the Digital Economy Partnership Agreement (DEPA) demonstrates that global governance of cross-border data flows is unshaped but not unrealistic, even with current fragmented national approaches. China has established a complete personal information protection legal regime and is very close to integrating into transnational cooperation for a broader framework. In addition, by coordinating national provisions regarding cross-data transfer with international rules and piloting lenient cross-border data supervision mechanisms in numerous Pilot Free Trade Zone (PFTZ), China is ready to evolve its cross-border data flow regulations and contribute to global data governance step-by-step.

An automated consistency management approach for a privacy-aware electric vehicle architecture

Modern vehicles contain a number of highly connected embedded systems that generate, store, and process information and exchange it with their environment. Since a large part of this information is privacy-critical, privacy laws such as the GDPR of the European Union apply to it. In this work, we evaluate the privacy-criticality of exemplary data and data flows of the electric driving domain on a reference architecture. We categorize the ECUs of the architecture based on the criticality of the data they process and propose measures and technologies as building blocks that provide adequate privacy protection according to the requirements given by the GDPR.To ensure that all requirements are met by the reference architecture, we propose a more principled solution that simplifies the mapping between an architecture and the measures. For this purpose, we propose an architecture description template in JSON and an algorithm for automated consistency checks that outputs the measures and the security extension needed per Electronic Control Unit (ECU) to comply with derived privacy requirements.

The Googlization of the classroom: Is the UK effective in protecting children's data and rights?

There has been an explosion in uses of educational technology (EdTech) to support schools’ teaching, learning, assessment and administration. This article asks whether UK EdTech and data protection policies protect children's rights at school. It adopts a children's rights framework to explore how EdTech impacts children's rights to education, privacy and freedom from economic exploitation, taking Google Classroom as a case study. The research methods integrate legal research, interviews with UK data protection experts and education professionals working at various levels from national to local, and a socio-technical investigation of the flow of children's data through Google Classroom. The findings show that Google Classroom undermines children's privacy and data protection, potentially infringing children's other rights. However, they also show that regulation has impacted on Google's policy and practice. Specifically, we trace how various governments’ deployment of a range of legal arguments has enabled them to regulate Google's relationship with schools to improve its treatment of children's data. Although the UK government has not brought such actions, the data flow investigation shows that Google has also improved its protection of children's data in UK schools as a result of these international actions. Nonetheless, multiple problems remain, due both to Google's non-compliance with data protection regulations and schools’ practices of using Google Classroom. We conclude with a blueprint for the rights-respecting treatment of children's education data that identifies needed actions for the UK Department for Education, data protection authority, and industry, to mitigate against harmful practices and better support schools.

GraphPyRec: A novel graph-based approach for fine-grained Python code recommendation

Artificial intelligence has been widely applied in software engineering areas such as code recommendation. Significant progress has been made in code recommendation for static languages in recent years, but it remains challenging for dynamic languages like Python as accurately determining data flows before runtime is difficult. This limitation hinders data flow analysis, affecting the performance of code recommendation methods that rely on code analysis. In this study, a graph-based Python recommendation approach (GraphPyRec) is proposed by converting source code into a graph representation that captures both semantic and dynamic information. Nodes represent semantic information, with unique rules defined for various code statements. Edges depict control flow and data flow, utilizing a child-sibling-like process and a dedicated algorithm for data transfer extraction. Alongside the graph, a bag of words is created to include essential names, and a pre-trained BERT model transforms it into vectors. These vectors are integrated into a Gated Graph Neural Network (GGNN) process of the code recommendation model, enhancing its effectiveness and accuracy. To validate the proposed method, we crawled over a million lines of code from GitHub. Experimental results show that GraphPyRec outperforms existing mainstream Python code recommendation methods, achieving Top-1, 5, and 10 accuracy rates of 68.52%, 88.92%, and 94.05%, respectively, along with a Mean Reciprocal Rank (MRR) of 0.772.

Machine learning‐based streamflow forecasting using CMIP6 scenarios: Assessing performance and improving hydrological projections and climate change

AbstractWater is essential for humans as well as for all living organisms to sustain their lives. Therefore, any climate‐driven change in available resources has significant impacts on the environment and life. Global climate models (GCMs) are one of the most practical methods to evaluate climate change. Based on this, this research evaluated the capability of GCMs from the Coupled Model Intercomparison Project 6 (CMIP6) to reproduce the historical flow of climate prediction centre data for the Konya Closed basin and to project the climate of the basin using the selected GCMs. Global climate models based on the CMIP6 under the scenario of common socioeconomic pathways (SSP245 and SSP 585) were used to analyse the climate change effect on streamflow of the study area by Bias Correction of GCM Models using Long Short‐Term Memory (LSTM), Bidirectional LSTM (BiLSTM), AdaBoost, Gradient Boosting, Regression Tree, and Random Forest methods. The coefficient of determination (R2), mean square error (MSE), mean absolute error (MAE), root mean square error (RMSE) were used to assess the performance of the methods. Findings show that the Random Forest Model consistently outperformed other models in both the testing and training phases. A significant downward in the volume of water flowing through the region's rivers and streams in the next decades. It is critical to enhance climate‐resilient water infrastructure financing, establish an early warning system for drought, introduce best management practices, implement integrated water resource management, public awareness, and support water research to alleviate the negative consequences of drought and increase resilience against the effects of climate change on Turkey's water resources.

Analysis and design of smart food packaging monitoring model based on chipless RFID sensor

Abstract Logistics plays a crucial role in shaping the efficiency and effectiveness of business operations. The manual monitoring approach often entails labor-intensive procedures, leading to inefficiencies and ineffectiveness within the logistics sector. The incorporation of sensors into product packaging holds the potential to benefit consumers by ensuring freshness and quality. Simultaneously, it enables retail industries to manage their inventory and verify product authenticity more effectively. Chipless RFID sensors, a wireless technology, offer advantages as a data input medium in the series of activities involved in product distribution systems. The amalgamation of sensor technology and RFID introduces novel prospects for overseeing and controlling perishable products. This study introduces an intelligent radio frequency label equipped with a sensor capable of measuring temperature and humidity. The purpose of this research is to analyze and design a chipless RFID-based product quality monitoring system. The research methodology begins with an identification system, an analysis of the interaction between stakeholders, and analysis and design using SAP Power Design. The implementation of chipless RFID involves industry, chipless RFID architecture, and buyers, as well as the primary environment of the system. Business Process Modeling and Notation Diagrams describe the flow of material and data between actors and describe their processing to produce quality data and information.

The data quality problem (in the European Financial Data Space)

Abstract By creating the European Financial Data Space (EFDS), the European Commission aims to foster the development of data-driven innovation in the financial sector. Artificial intelligence (AI) is the most notable innovation that could benefit from enhanced access to data through the EFDS. However, the current policy framework establishing the EFDS suffers from a major limitation—it neglects the question of data quality or whether the data shared in the EFDS will be fit for the purpose of the development of AI applications. The AI Act and General Data Protection Regulation could play a role in fostering data quality in this area, but the two frameworks are also unlikely to do that to a satisfactory extent. To address the data quality problem, this article proposes policymakers should develop a framework for data quality that encompasses both a conceptual and an organizational dimension aimed at promoting the free flow of high-quality data in the EFDS.

Legal Regulation of Transnational Data Flows: International Experience and Chinese Solutions

The arrival of the big data era has made most countries realize the importance of data resources for economic development. On the one hand, data flow promotes trade between countries, and on the other hand, the rapid expansion of the scale of multinational business giants has led to a proliferation of incidents of illegal collection and utilization of user privacy, putting national security at risk.In 2019, WTO members of the e-commerce negotiations put forward proposals for cross-border data flow based on their own positions, and major countries such as China, the United States, Russia and other major countries have all put forward different proposals.It can be seen that data flow regulation has become a key topic in the international arena nowadays, with sufficient necessity and practical significance. As a result, this paper adopts the comparative analysis method, normative analysis method and other research methods to analyze the issue and make suggestions on the direction of China's legislation.

Minimising unnecessary restrictions on cross-border data flows? Indonesia’s position and challenges post personal data protection act enactment

ABSTRACT In the era of massive digital development, data plays an essential role as a ‘fuel’ in reshaping and creating new opportunities in the digital landscape, especially in the digital economy. The significance of data for Indonesia can be seen from the amount of data created, collected, and analysed in various sectors. However, Indonesia also faces problems of data breaches that happened in recent years, which harm society and need immediate attention. This article examined Indonesia’s data and cross-border data flow regulatory and institutional frameworks and its implementation challenges, especially with the recent enactment of a comprehensive Personal Data Protection Act (PDP Act), mainly inspired by the EU GDPR. This article shows that Indonesia is moving to less restrictive data-flow regulations than the previous regulatory regime but is still between the prescriptive and restrictive spectrum of data-flow regulation. This article argues that the enactment of the PDP Act can be momentum for Indonesia to evaluate the current regulatory framework to ensure that Indonesia’s regulation is not providing unnecessary restrictions that lead to complexity of implementation and will hinder from benefiting the utilisation of data.

REGULATION OF CROSS-BORDER DATA FLOW AND ITS PRIVACY IN THE DIGITAL ERA

We are living in a world where information systems are becoming a new weapon to control the future. When the data flows across national borders, it becomes an invaluable resource for economic and informational development in any nation. Today, cross-border data flows are an important component of international trade because companies are frequently transfer customer’s and employee’s data across different countries. This paper will examine the importance of the free flow of cross-border data and its privacy concerns. It also examines the failure of the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023, to provide protection from cross-border data transfer; specifically, the Digital Personal Data Protection Act, 2023, is silent on the criteria of listing countries for data transfer and the processing of personal data of those data principals who are living outside India. Some countries have implemented laws pertaining to “data localization” as a means to restrict the movement of data outside their respective borders, but it affects international trade and development. So, it raises a question: What kind of and how much data do nations have to restrict for cross-border data transfer internationally? This paper analyse the General Data Protection Regulation of the European Union, the Cross-Border Privacy Rules of the Asia-Pacific Economic Cooperation of the United States, and the Privacy Shield Framework between the EU and the US. In the end this paper concludes with suggestions for the privacy of cross-border data and the need of uniform law for its worldwide applicability.

Data infrastructuring in schools: New forms of professional edu-data expertise and agency

The digitalisation and datafication of education has raised profound questions about the changing role of teachers’ educational expertise and agency, as automated processes, data-driven analytics and accountability regimes produce new forms of knowledge and governance. Increasingly, research is paying greater attention to the significant role of digital intermediaries, ‘in-between’ edtech or State authorities and the classroom itself, in educational transformations. School data infrastructures, understood as comprising diverse sociomaterial elements including teachers, data, software, standards and pedagogical practices, is one such intermediary through which teacher expertise and agency is reconfigured. In this paper, I focus on teachers’ involvement in processes of data infrastructuring in which people, platforms, systems and tools come together to create, enable and maintain data flows. Drawing on a sociomaterial ethnography of a secondary school in England, I analyse the work of a school data office in the behind-the-scenes work of data infrastructuring. The findings detail the significant labour and expertise involved in data infrastructuring, the dynamic, expanding and bespoke nature of the school data infrastructures that emerged, and processes of decontextualising and recontextualising numbers. The paper argues that the work of data infrastructuring undertaken by and through the school data office was an intermediary process which worked to both de-professionalise and re-professionalise teachers in new ways. In the process, this created new kinds of educational data experts and expertise, who gained significant influence and power within and beyond the school, both challenging and reinforcing existing organisational and governing power flows.