Paper Type

ERF

Description

Privacy leakage has become prevalent and severe with the increasing adoption of the internet of things (IoT), artificial intelligence (AI), and blockchain technologies. Such data-intensive systems are vulnerable to side-channel attacks in which hackers can extract sensitive information from a digital device without actively manipulating the target system. Nevertheless, there is a scarcity of IS research on how businesses can effectively detect and safeguard against side-channel attacks. This study adopts the design science paradigm and lays the groundwork for systematic inquiry into the assessment of privacy risks related to side-channels. In this paper, we a) highlight the privacy threats posed by side-channel attacks, b) propose a machine learning-driven design framework to identify side-channel privacy risks, and c) contribute to the literature on privacy analytics using machine learning techniques. We demonstrate a use case of the proposed framework with a text classification model that uses keystroke timings as side-channel.

Paper Number

1223

Comments

SIG SEC

Share

COinS
 
Aug 10th, 12:00 AM

Detecting Privacy Threats with Machine Learning: A Design Framework for Identifying Side-Channel Risks of Illegitimate User Profiling

Privacy leakage has become prevalent and severe with the increasing adoption of the internet of things (IoT), artificial intelligence (AI), and blockchain technologies. Such data-intensive systems are vulnerable to side-channel attacks in which hackers can extract sensitive information from a digital device without actively manipulating the target system. Nevertheless, there is a scarcity of IS research on how businesses can effectively detect and safeguard against side-channel attacks. This study adopts the design science paradigm and lays the groundwork for systematic inquiry into the assessment of privacy risks related to side-channels. In this paper, we a) highlight the privacy threats posed by side-channel attacks, b) propose a machine learning-driven design framework to identify side-channel privacy risks, and c) contribute to the literature on privacy analytics using machine learning techniques. We demonstrate a use case of the proposed framework with a text classification model that uses keystroke timings as side-channel.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.