Topic: Security
Published:
2025
- DetailsCampanile, L., de Biase, M. S., & Marulli, F. (2025). Edge-Cloud Distributed Approaches to Text Authorship Analysis: A Feasibility Study [Book chapter]. Lecture Notes on Data Engineering and Communications Technologies, 250, 284–293. https://doi.org/10.1007/978-3-031-87778-0_28
Abstract
Automatic authorship analysis, often referred to as stylometry, is a captivating yet contentious field that employs computational techniques to determine the authorship of textual artefacts. In recent years, the importance of author profiling has grown significantly due to the proliferation of automatic text generation systems. These include both early-generation bots and the latest generative AI-based models, which have heightened concerns about misinformation and content authenticity. This study proposes a novel approach to evaluate the feasibility and effectiveness of contemporary distributed learning methods. The approach leverages the computational advantages of distributed systems while preserving the privacy of human contributors, enabling the collection and analysis of extensive datasets of “human-written” texts in contrast to those generated by bots. More specifically, the proposed method adopts a Federated Learning (FL) framework, integrating readability and stylometric metrics to deliver a privacy-preserving solution for Authorship Attribution (AA). The primary objective is to enhance the accuracy of AA processes, thus achieving a more robust “authorial fingerprint”. Experimental results reveal that while FL effectively protects privacy and mitigates data exposure risks, the combined use of readability and stylometric features significantly increases the accuracy of AA. This approach demonstrates promise for secure and scalable AA applications, particularly in privacy-sensitive contexts and real-time edge computing scenarios. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2025. - DetailsCampanile, L., Iacono, M., Mastroianni, M., & Riccio, C. (2025). Performance Evaluation of an Edge-Blockchain Architecture for Smart City [Conference paper]. Proceedings - European Council for Modelling and Simulation, ECMS, 2025-June, 620–627. https://doi.org/10.7148/2025-0620
Abstract
This paper presents a simulation-based methodology to evaluate the performance of a privacy-compliant edge-blockchain architecture for smart city environments. The proposed model combines edge computing with a private, permissioned blockchain to ensure low-latency processing, secure data management, and verifiable transactions. Using a discrete-event simulation framework, we analyze the behavior of the system under realistic workloads and time-varying traffic conditions. The model captures edge operations, including preprocessing and cryptographic tasks, as well as blockchain validation using Proof of Stake consensus. Several experiments explore saturation thresholds, resource utilization, and latency dynamics, under both synthetic and realistic traffic profiles. Results reveal how architectural bottlenecks shift depending on resource allocation and input rate, and demonstrate the importance of balanced dimensioning between edge and blockchain layers. © ECMS Marco Scarpa, Salvatore Cavalieri, Salvatore Serrano, Fabrizio De Vita (Editors) 2025.
2023
- DetailsBobbio, A., Campanile, L., Gribaudo, M., Iacono, M., Marulli, F., & Mastroianni, M. (2023). A cyber warfare perspective on risks related to health IoT devices and contact tracing [Article]. Neural Computing and Applications, 35(19), 13823–13837. https://doi.org/10.1007/s00521-021-06720-1
Abstract
The wide use of IT resources to assess and manage the recent COVID-19 pandemic allows to increase the effectiveness of the countermeasures and the pervasiveness of monitoring and prevention. Unfortunately, the literature reports that IoT devices, a widely adopted technology for these applications, are characterized by security vulnerabilities that are difficult to manage at the state level. Comparable problems exist for related technologies that leverage smartphones, such as contact tracing applications, and non-medical health monitoring devices. In analogous situations, these vulnerabilities may be exploited in the cyber domain to overload the crisis management systems with false alarms and to interfere with the interests of target countries, with consequences on their economy and their political equilibria. In this paper we analyze the potential threat to an example subsystem to show how these influences may impact it and evaluate a possible consequence. © 2021, The Author(s), under exclusive licence to Springer-Verlag London Ltd., part of Springer Nature.
2022
- DetailsCampanile, L., Forgione, F., Mastroianni, M., Palmiero, G., & Sanghez, C. (2022). Evaluating the Impact of Data Anonymization in a Machine Learning Application [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 13380 LNCS, 389–400. https://doi.org/10.1007/978-3-031-10542-5_27
Abstract
The data protection impact assessment is used to verify the necessity, proportionality and risks of data processing. Our work is based on the data processed by the technical support of a Wireless Service Provider. The team of WISP tech support uses a machine learning system to predict failures. The goal of our the experiments was to evaluate the DPIA with personal data and without personal data. In fact, in a first scenario, the experiments were conducted using a machine learning application powered by non-anonymous personal data. Instead in the second scenario, the data was anonymized before feeding the machine learning system. In this article we evaluate how much the Data Protection Impact Assessment changes when moving from a scenario with raw data to a scenario with anonymized data. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG. - DetailsCampanile, L., Marrone, S., Marulli, F., & Verde, L. (2022). Challenges and Trends in Federated Learning for Well-being and Healthcare [Conference paper]. Procedia Computer Science, 207, 1144–1153. https://doi.org/10.1016/j.procs.2022.09.170
Abstract
Currently, research in Artificial Intelligence, both in Machine Learning and Deep Learning, paves the way for promising innovations in several areas. In healthcare, especially, where large amounts of quantitative and qualitative data are transferred to support studies and early diagnosis and monitoring of any diseases, potential security and privacy issues cannot be underestimated. Federated learning is an approach where privacy issues related to sensitive data management can be significantly reduced, due to the possibility to train algorithms without exchanging data. The main idea behind this approach is that learning models can be trained in a distributed way, where multiple devices or servers with decentralized data samples can provide their contributions without having to exchange their local data. Recent studies provided evidence that prototypes trained by adopting Federated Learning strategies are able to achieve reliable performance, thus by generating robust models without sharing data and, consequently, limiting the impact on security and privacy. This work propose a literature overview of Federated Learning approaches and systems, focusing on its application for healthcare. The main challenges, implications, issues and potentials of this approach in the healthcare are outlined. © 2022 The Authors. Published by Elsevier B.V. - DetailsConference Sensitive Information Detection Adopting Named Entity Recognition: A Proposed MethodologyCampanile, L., de Biase, M. S., Marrone, S., Marulli, F., Raimondo, M., & Verde, L. (2022). Sensitive Information Detection Adopting Named Entity Recognition: A Proposed Methodology [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 13380 LNCS, 377–388. https://doi.org/10.1007/978-3-031-10542-5_26
Abstract
Protecting and safeguarding privacy has become increasingly important, especially in recent years. The increasing possibilities of acquiring and sharing personal information and data through digital devices and platforms, such as apps or social networks, have increased the risks of privacy breaches. In order to effectively respect and guarantee the privacy and protection of sensitive information, it is necessary to develop mechanisms capable of providing such guarantees automatically and reliably. In this paper we propose a methodology able to automatically recognize sensitive data. A Named Entity Recognition was used to identify appropriate entities. An improvement in the recognition of these entities is achieved by evaluating the words contained in an appropriate context window by assessing their similarity to words in a domain taxonomy. This, in fact, makes it possible to refine the labels of the recognized categories using a generic Named Entity Recognition. A preliminary evaluation of the reliability of the proposed approach was performed. In detail, texts of juridical documents written in Italian were analyzed. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
2021
- DetailsCampanile, L., Iacono, M., Marulli, F., & Mastroianni, M. (2021). Designing a GDPR compliant blockchain-based IoV distributed information tracking system [Article]. Information Processing and Management, 58(3). https://doi.org/10.1016/j.ipm.2021.102511
Abstract
Blockchain technologies and distributed ledgers enable the design and implementation of trustable data logging systems that can be used by multiple parties to produce a non-repudiable database. The case of Internet of Vehicles may greatly benefit of such a possibility to track the chain of responsibility in case of accidents or damages due to bad or omitted maintenance, improving the safety of circulation and helping granting a correct handling of related legal issues. However, there are privacy issues that have to be considered, as tracked information potentially include data about private persons (position, personal habits), commercially relevant information (state of the fleet of a company, freight movement and related planning, logistic strategies), or even more critical knowledge (e.g., considering vehicles belonging to police, public authorities, governments or officers in sensible positions). In the European Union, all this information is covered by the General Data Protection Regulation (GDPR). In this paper we propose a reference model for a system that manages relevant information to show how blockchain can support GDPR compliant solutions for Internet of Vehicles, taking as a reference an integrated scenario based on Italy, and analyze a subset of its use cases to show its viability with reference to privacy issues. © 2021 Elsevier Ltd - DetailsCampanile, L., Cantiello, P., Iacono, M., Marulli, F., & Mastroianni, M. (2021). Risk Analysis of a GDPR-Compliant Deletion Technique for Consortium Blockchains Based on Pseudonymization [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 12956 LNCS, 3–14. https://doi.org/10.1007/978-3-030-87010-2_1
Abstract
Blockchains provide a valid and profitable support for the implementation of trustable and secure distributed ledgers, in support to groups of subjects that are potentially competitors in conflict of interest but need to share progressive information recording processes. Blockchains prevent data stored in blocks from being altered or deleted, but there are situations in which stored information must be deleted or made inaccessible on request or periodically, such as the ones in which GDPR is applicable. In this paper we present literature solutions and design an implementation in the context of a traffic management system for the Internet of Vehicles based on the Pseudonymization/Cryptography solution, evaluating its viability, its GDPR compliance and its level of risk. © 2021, Springer Nature Switzerland AG. - DetailsJournal Privacy regulations, smart roads, blockchain, and liability insurance: Putting technologies to workCampanile, L., Iacono, M., Levis, A. H., Marulli, F., & Mastroianni, M. (2021). Privacy regulations, smart roads, blockchain, and liability insurance: Putting technologies to work [Article]. IEEE Security and Privacy, 19(1), 34–43. https://doi.org/10.1109/MSEC.2020.3012059
Abstract
Smart streets promise widely available traffic information to help improve people’s safety. Unfortunately, gathering that data may threaten privacy. We describe an architecture that exploits a blockchain and the Internet of Vehicles and show its compliance with the General Data Protection Regulation. © 2003-2012 IEEE. - DetailsCampanile, L., Gribaudo, M., Iacono, M., & Mastroianni, M. (2021). Hybrid Simulation of Energy Management in IoT Edge Computing Surveillance Systems [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 13104 LNCS, 345–359. https://doi.org/10.1007/978-3-030-91825-5_21
Abstract
Internet of Things (IoT) is a well established approach used for the implementation of surveillance systems that are suitable for monitoring large portions of territory. Current developments allow the design of battery powered IoT nodes that can communicate over the network with low energy requirements and locally perform some computing and coordination task, besides running sensing and related processing: it is thus possible to implement edge computing oriented solutions on IoT, if the design encompasses both hardware and software elements in terms of sensing, processing, computing, communications and routing energy costs as one of the quality indices of the system. In this paper we propose a modeling approach for edge computing IoT-based monitoring systems energy related characteristics, suitable for the analysis of energy levels of large battery powered monitoring systems with dynamic and reactive computing workloads. © 2021, Springer Nature Switzerland AG. - DetailsCampanile, L., Forgione, F., Marulli, F., Palmiero, G., & Sanghez, C. (2021). Dataset Anonimyzation for Machine Learning: An ISP Case Study [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 12950 LNCS, 589–597. https://doi.org/10.1007/978-3-030-86960-1_42
Abstract
Internet Service Providers technical support needs personal data to predict potential anomalies. In this paper, we performed a comparative study of forecasting performance using raw data and anonymized data, in order to assess how much performance may vary, when plain personal data are replaced by anonymized personal data. © 2021, Springer Nature Switzerland AG. - DetailsMarulli, F., Verde, L., & Campanile, L. (2021). Exploring data and model poisoning attacks to deep learning-based NLP systems [Conference paper]. Procedia Computer Science, 192, 3570–3579. https://doi.org/10.1016/j.procs.2021.09.130
Abstract
Natural Language Processing (NLP) is being recently explored also to its application in supporting malicious activities and objects detection. Furthermore, NLP and Deep Learning have become targets of malicious attacks too. Very recent researches evidenced that adversarial attacks are able to affect also NLP tasks, in addition to the more popular adversarial attacks on deep learning systems for image processing tasks. More precisely, while small perturbations applied to the data set adopted for training typical NLP tasks (e.g., Part-of-Speech Tagging, Named Entity Recognition, etc..) could be easily recognized, models poisoning, performed by the means of altered data models, typically provided in the transfer learning phase to a deep neural networks (e.g., poisoning attacks by word embeddings), are harder to be detected. In this work, we preliminary explore the effectiveness of a poisoned word embeddings attack aimed at a deep neural network trained to accomplish a Named Entity Recognition (NER) task. By adopting the NER case study, we aimed to analyze the severity of such a kind of attack to accuracy in recognizing the right classes for the given entities. Finally, this study represents a preliminary step to assess the impact and the vulnerabilities of some NLP systems we adopt in our research activities, and further investigating some potential mitigation strategies, in order to make these systems more resilient to data and models poisoning attacks. © 2021 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0) Peer-review under responsibility of the scientific committee of KES International. - DetailsMarulli, F., Balzanella, A., Campanile, L., Iacono, M., & Mastroianni, M. (2021). Exploring a Federated Learning Approach to Enhance Authorship Attribution of Misleading Information from Heterogeneous Sources [Conference paper]. Proceedings of the International Joint Conference on Neural Networks, 2021-July. https://doi.org/10.1109/IJCNN52387.2021.9534377
Abstract
Authorship Attribution (AA) is currently applied in several applications, among which fraud detection and anti-plagiarism checks: this task can leverage stylometry and Natural Language Processing techniques. In this work, we explored some strategies to enhance the performance of an AA task for the automatic detection of false and misleading information (e.g., fake news). We set up a text classification model for AA based on stylometry exploiting recurrent deep neural networks and implemented two learning tasks trained on the same collection of fake and real news, comparing their performances: one is based on Federated Learning architecture, the other on a centralized architecture. The goal was to discriminate potential fake information from true ones when the fake news comes from heterogeneous sources, with different styles. Preliminary experiments show that a distributed approach significantly improves recall with respect to the centralized model. As expected, precision was lower in the distributed model. This aspect, coupled with the statistical heterogeneity of data, represents some open issues that will be further investigated in future work. © 2021 IEEE.
2020
- DetailsCampanile, L., Iacono, M., Marrone, S., & Mastroianni, M. (2020). On Performance Evaluation of Security Monitoring in Multitenant Cloud Applications [Article]. Electronic Notes in Theoretical Computer Science, 353, 107–127. https://doi.org/10.1016/j.entcs.2020.09.020
Abstract
In this paper we present a modeling approach suitable for practical evaluation of the delays that may affect security monitoring systems in (multitenant) cloud based architecture, and in general to support professionals in planning and evaluating relevant parameters in dealing with new designs or migration projects. The approach is based on modularity and multiformalism techniques to manage complexity and guide designers in an incremental process, to help transferring technical knowledge into modeling practice and to help easing the use of simulation. We present a case study based on a real experience, triggered by a new legal requirement that Italian Public Administration should comply about their datacenters. © 2020 The Author(s) - DetailsConference Privacy regulations challenges on data-centric and iot systems: A case study for smart vehiclesCampanile, L., Iacono, M., Marulli, F., & Mastroianni, M. (2020). Privacy regulations challenges on data-centric and iot systems: A case study for smart vehicles [Conference paper]. IoTBDS 2020 - Proceedings of the 5th International Conference on Internet of Things, Big Data and Security, 507–520. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85089476036&partnerID=40&md5=c18dd73c221ec312a330521bf03d332e
Abstract
Internet of Things (IoTs) services and data-centric systems allow smart and efficient information exchanging. Anyway, even if existing IoTs and cyber security architectures are enforcing, they are still vulnerable to security issues, as unauthorized access, data breaches, intrusions. They can’t provide yet sufficiently robust and secure solutions to be applied in a straightforward way, both for ensuring privacy preservation and trustworthiness of transmitted data, evenly preventing from its fraudulent and unauthorized usage. Such data potentially include critical information about persons’ privacy (locations, visited places, behaviors, goods, anagraphic data and health conditions). So, novel approaches for IoTs and data-centric security are needed. In this work, we address IoTs systems security problem focusing on the privacy preserving issue. Indeed, after the European Union introduced the General Data Protection Regulation (GDPR), privacy data protection is a mandatory requirement for systems producing and managing sensible users’ data. Starting from a case study for the Internet of Vehicles (IoVs), we performed a pilot study and DPIA assessment to analyze possible mitigation strategies for improving the compliance of IoTs based systems to GDPR requirements. Our preliminary results evidenced that the introduction of blockchains in IoTs systems architectures can improve significantly the compliance to privacy regulations. Copyright © 2020 by SCITEPRESS - Science and Technology Publications, Lda. All rights reserved.
2025
- DetailsCampanile, L., de Biase, M. S., & Marulli, F. (2025). Edge-Cloud Distributed Approaches to Text Authorship Analysis: A Feasibility Study [Book chapter]. Lecture Notes on Data Engineering and Communications Technologies, 250, 284–293. https://doi.org/10.1007/978-3-031-87778-0_28
Abstract
Automatic authorship analysis, often referred to as stylometry, is a captivating yet contentious field that employs computational techniques to determine the authorship of textual artefacts. In recent years, the importance of author profiling has grown significantly due to the proliferation of automatic text generation systems. These include both early-generation bots and the latest generative AI-based models, which have heightened concerns about misinformation and content authenticity. This study proposes a novel approach to evaluate the feasibility and effectiveness of contemporary distributed learning methods. The approach leverages the computational advantages of distributed systems while preserving the privacy of human contributors, enabling the collection and analysis of extensive datasets of “human-written” texts in contrast to those generated by bots. More specifically, the proposed method adopts a Federated Learning (FL) framework, integrating readability and stylometric metrics to deliver a privacy-preserving solution for Authorship Attribution (AA). The primary objective is to enhance the accuracy of AA processes, thus achieving a more robust “authorial fingerprint”. Experimental results reveal that while FL effectively protects privacy and mitigates data exposure risks, the combined use of readability and stylometric features significantly increases the accuracy of AA. This approach demonstrates promise for secure and scalable AA applications, particularly in privacy-sensitive contexts and real-time edge computing scenarios. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2025. - DetailsCampanile, L., Iacono, M., Mastroianni, M., & Riccio, C. (2025). Performance Evaluation of an Edge-Blockchain Architecture for Smart City [Conference paper]. Proceedings - European Council for Modelling and Simulation, ECMS, 2025-June, 620–627. https://doi.org/10.7148/2025-0620
Abstract
This paper presents a simulation-based methodology to evaluate the performance of a privacy-compliant edge-blockchain architecture for smart city environments. The proposed model combines edge computing with a private, permissioned blockchain to ensure low-latency processing, secure data management, and verifiable transactions. Using a discrete-event simulation framework, we analyze the behavior of the system under realistic workloads and time-varying traffic conditions. The model captures edge operations, including preprocessing and cryptographic tasks, as well as blockchain validation using Proof of Stake consensus. Several experiments explore saturation thresholds, resource utilization, and latency dynamics, under both synthetic and realistic traffic profiles. Results reveal how architectural bottlenecks shift depending on resource allocation and input rate, and demonstrate the importance of balanced dimensioning between edge and blockchain layers. © ECMS Marco Scarpa, Salvatore Cavalieri, Salvatore Serrano, Fabrizio De Vita (Editors) 2025.
2023
- DetailsBobbio, A., Campanile, L., Gribaudo, M., Iacono, M., Marulli, F., & Mastroianni, M. (2023). A cyber warfare perspective on risks related to health IoT devices and contact tracing [Article]. Neural Computing and Applications, 35(19), 13823–13837. https://doi.org/10.1007/s00521-021-06720-1
Abstract
The wide use of IT resources to assess and manage the recent COVID-19 pandemic allows to increase the effectiveness of the countermeasures and the pervasiveness of monitoring and prevention. Unfortunately, the literature reports that IoT devices, a widely adopted technology for these applications, are characterized by security vulnerabilities that are difficult to manage at the state level. Comparable problems exist for related technologies that leverage smartphones, such as contact tracing applications, and non-medical health monitoring devices. In analogous situations, these vulnerabilities may be exploited in the cyber domain to overload the crisis management systems with false alarms and to interfere with the interests of target countries, with consequences on their economy and their political equilibria. In this paper we analyze the potential threat to an example subsystem to show how these influences may impact it and evaluate a possible consequence. © 2021, The Author(s), under exclusive licence to Springer-Verlag London Ltd., part of Springer Nature.
2022
- DetailsCampanile, L., Forgione, F., Mastroianni, M., Palmiero, G., & Sanghez, C. (2022). Evaluating the Impact of Data Anonymization in a Machine Learning Application [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 13380 LNCS, 389–400. https://doi.org/10.1007/978-3-031-10542-5_27
Abstract
The data protection impact assessment is used to verify the necessity, proportionality and risks of data processing. Our work is based on the data processed by the technical support of a Wireless Service Provider. The team of WISP tech support uses a machine learning system to predict failures. The goal of our the experiments was to evaluate the DPIA with personal data and without personal data. In fact, in a first scenario, the experiments were conducted using a machine learning application powered by non-anonymous personal data. Instead in the second scenario, the data was anonymized before feeding the machine learning system. In this article we evaluate how much the Data Protection Impact Assessment changes when moving from a scenario with raw data to a scenario with anonymized data. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG. - DetailsCampanile, L., Marrone, S., Marulli, F., & Verde, L. (2022). Challenges and Trends in Federated Learning for Well-being and Healthcare [Conference paper]. Procedia Computer Science, 207, 1144–1153. https://doi.org/10.1016/j.procs.2022.09.170
Abstract
Currently, research in Artificial Intelligence, both in Machine Learning and Deep Learning, paves the way for promising innovations in several areas. In healthcare, especially, where large amounts of quantitative and qualitative data are transferred to support studies and early diagnosis and monitoring of any diseases, potential security and privacy issues cannot be underestimated. Federated learning is an approach where privacy issues related to sensitive data management can be significantly reduced, due to the possibility to train algorithms without exchanging data. The main idea behind this approach is that learning models can be trained in a distributed way, where multiple devices or servers with decentralized data samples can provide their contributions without having to exchange their local data. Recent studies provided evidence that prototypes trained by adopting Federated Learning strategies are able to achieve reliable performance, thus by generating robust models without sharing data and, consequently, limiting the impact on security and privacy. This work propose a literature overview of Federated Learning approaches and systems, focusing on its application for healthcare. The main challenges, implications, issues and potentials of this approach in the healthcare are outlined. © 2022 The Authors. Published by Elsevier B.V. - DetailsConference Sensitive Information Detection Adopting Named Entity Recognition: A Proposed MethodologyCampanile, L., de Biase, M. S., Marrone, S., Marulli, F., Raimondo, M., & Verde, L. (2022). Sensitive Information Detection Adopting Named Entity Recognition: A Proposed Methodology [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 13380 LNCS, 377–388. https://doi.org/10.1007/978-3-031-10542-5_26
Abstract
Protecting and safeguarding privacy has become increasingly important, especially in recent years. The increasing possibilities of acquiring and sharing personal information and data through digital devices and platforms, such as apps or social networks, have increased the risks of privacy breaches. In order to effectively respect and guarantee the privacy and protection of sensitive information, it is necessary to develop mechanisms capable of providing such guarantees automatically and reliably. In this paper we propose a methodology able to automatically recognize sensitive data. A Named Entity Recognition was used to identify appropriate entities. An improvement in the recognition of these entities is achieved by evaluating the words contained in an appropriate context window by assessing their similarity to words in a domain taxonomy. This, in fact, makes it possible to refine the labels of the recognized categories using a generic Named Entity Recognition. A preliminary evaluation of the reliability of the proposed approach was performed. In detail, texts of juridical documents written in Italian were analyzed. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
2021
- DetailsCampanile, L., Iacono, M., Marulli, F., & Mastroianni, M. (2021). Designing a GDPR compliant blockchain-based IoV distributed information tracking system [Article]. Information Processing and Management, 58(3). https://doi.org/10.1016/j.ipm.2021.102511
Abstract
Blockchain technologies and distributed ledgers enable the design and implementation of trustable data logging systems that can be used by multiple parties to produce a non-repudiable database. The case of Internet of Vehicles may greatly benefit of such a possibility to track the chain of responsibility in case of accidents or damages due to bad or omitted maintenance, improving the safety of circulation and helping granting a correct handling of related legal issues. However, there are privacy issues that have to be considered, as tracked information potentially include data about private persons (position, personal habits), commercially relevant information (state of the fleet of a company, freight movement and related planning, logistic strategies), or even more critical knowledge (e.g., considering vehicles belonging to police, public authorities, governments or officers in sensible positions). In the European Union, all this information is covered by the General Data Protection Regulation (GDPR). In this paper we propose a reference model for a system that manages relevant information to show how blockchain can support GDPR compliant solutions for Internet of Vehicles, taking as a reference an integrated scenario based on Italy, and analyze a subset of its use cases to show its viability with reference to privacy issues. © 2021 Elsevier Ltd - DetailsCampanile, L., Cantiello, P., Iacono, M., Marulli, F., & Mastroianni, M. (2021). Risk Analysis of a GDPR-Compliant Deletion Technique for Consortium Blockchains Based on Pseudonymization [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 12956 LNCS, 3–14. https://doi.org/10.1007/978-3-030-87010-2_1
Abstract
Blockchains provide a valid and profitable support for the implementation of trustable and secure distributed ledgers, in support to groups of subjects that are potentially competitors in conflict of interest but need to share progressive information recording processes. Blockchains prevent data stored in blocks from being altered or deleted, but there are situations in which stored information must be deleted or made inaccessible on request or periodically, such as the ones in which GDPR is applicable. In this paper we present literature solutions and design an implementation in the context of a traffic management system for the Internet of Vehicles based on the Pseudonymization/Cryptography solution, evaluating its viability, its GDPR compliance and its level of risk. © 2021, Springer Nature Switzerland AG. - DetailsJournal Privacy regulations, smart roads, blockchain, and liability insurance: Putting technologies to workCampanile, L., Iacono, M., Levis, A. H., Marulli, F., & Mastroianni, M. (2021). Privacy regulations, smart roads, blockchain, and liability insurance: Putting technologies to work [Article]. IEEE Security and Privacy, 19(1), 34–43. https://doi.org/10.1109/MSEC.2020.3012059
Abstract
Smart streets promise widely available traffic information to help improve people’s safety. Unfortunately, gathering that data may threaten privacy. We describe an architecture that exploits a blockchain and the Internet of Vehicles and show its compliance with the General Data Protection Regulation. © 2003-2012 IEEE. - DetailsCampanile, L., Gribaudo, M., Iacono, M., & Mastroianni, M. (2021). Hybrid Simulation of Energy Management in IoT Edge Computing Surveillance Systems [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 13104 LNCS, 345–359. https://doi.org/10.1007/978-3-030-91825-5_21
Abstract
Internet of Things (IoT) is a well established approach used for the implementation of surveillance systems that are suitable for monitoring large portions of territory. Current developments allow the design of battery powered IoT nodes that can communicate over the network with low energy requirements and locally perform some computing and coordination task, besides running sensing and related processing: it is thus possible to implement edge computing oriented solutions on IoT, if the design encompasses both hardware and software elements in terms of sensing, processing, computing, communications and routing energy costs as one of the quality indices of the system. In this paper we propose a modeling approach for edge computing IoT-based monitoring systems energy related characteristics, suitable for the analysis of energy levels of large battery powered monitoring systems with dynamic and reactive computing workloads. © 2021, Springer Nature Switzerland AG. - DetailsCampanile, L., Forgione, F., Marulli, F., Palmiero, G., & Sanghez, C. (2021). Dataset Anonimyzation for Machine Learning: An ISP Case Study [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 12950 LNCS, 589–597. https://doi.org/10.1007/978-3-030-86960-1_42
Abstract
Internet Service Providers technical support needs personal data to predict potential anomalies. In this paper, we performed a comparative study of forecasting performance using raw data and anonymized data, in order to assess how much performance may vary, when plain personal data are replaced by anonymized personal data. © 2021, Springer Nature Switzerland AG. - DetailsMarulli, F., Verde, L., & Campanile, L. (2021). Exploring data and model poisoning attacks to deep learning-based NLP systems [Conference paper]. Procedia Computer Science, 192, 3570–3579. https://doi.org/10.1016/j.procs.2021.09.130
Abstract
Natural Language Processing (NLP) is being recently explored also to its application in supporting malicious activities and objects detection. Furthermore, NLP and Deep Learning have become targets of malicious attacks too. Very recent researches evidenced that adversarial attacks are able to affect also NLP tasks, in addition to the more popular adversarial attacks on deep learning systems for image processing tasks. More precisely, while small perturbations applied to the data set adopted for training typical NLP tasks (e.g., Part-of-Speech Tagging, Named Entity Recognition, etc..) could be easily recognized, models poisoning, performed by the means of altered data models, typically provided in the transfer learning phase to a deep neural networks (e.g., poisoning attacks by word embeddings), are harder to be detected. In this work, we preliminary explore the effectiveness of a poisoned word embeddings attack aimed at a deep neural network trained to accomplish a Named Entity Recognition (NER) task. By adopting the NER case study, we aimed to analyze the severity of such a kind of attack to accuracy in recognizing the right classes for the given entities. Finally, this study represents a preliminary step to assess the impact and the vulnerabilities of some NLP systems we adopt in our research activities, and further investigating some potential mitigation strategies, in order to make these systems more resilient to data and models poisoning attacks. © 2021 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0) Peer-review under responsibility of the scientific committee of KES International. - DetailsMarulli, F., Balzanella, A., Campanile, L., Iacono, M., & Mastroianni, M. (2021). Exploring a Federated Learning Approach to Enhance Authorship Attribution of Misleading Information from Heterogeneous Sources [Conference paper]. Proceedings of the International Joint Conference on Neural Networks, 2021-July. https://doi.org/10.1109/IJCNN52387.2021.9534377
Abstract
Authorship Attribution (AA) is currently applied in several applications, among which fraud detection and anti-plagiarism checks: this task can leverage stylometry and Natural Language Processing techniques. In this work, we explored some strategies to enhance the performance of an AA task for the automatic detection of false and misleading information (e.g., fake news). We set up a text classification model for AA based on stylometry exploiting recurrent deep neural networks and implemented two learning tasks trained on the same collection of fake and real news, comparing their performances: one is based on Federated Learning architecture, the other on a centralized architecture. The goal was to discriminate potential fake information from true ones when the fake news comes from heterogeneous sources, with different styles. Preliminary experiments show that a distributed approach significantly improves recall with respect to the centralized model. As expected, precision was lower in the distributed model. This aspect, coupled with the statistical heterogeneity of data, represents some open issues that will be further investigated in future work. © 2021 IEEE.
2020
- DetailsCampanile, L., Iacono, M., Marrone, S., & Mastroianni, M. (2020). On Performance Evaluation of Security Monitoring in Multitenant Cloud Applications [Article]. Electronic Notes in Theoretical Computer Science, 353, 107–127. https://doi.org/10.1016/j.entcs.2020.09.020
Abstract
In this paper we present a modeling approach suitable for practical evaluation of the delays that may affect security monitoring systems in (multitenant) cloud based architecture, and in general to support professionals in planning and evaluating relevant parameters in dealing with new designs or migration projects. The approach is based on modularity and multiformalism techniques to manage complexity and guide designers in an incremental process, to help transferring technical knowledge into modeling practice and to help easing the use of simulation. We present a case study based on a real experience, triggered by a new legal requirement that Italian Public Administration should comply about their datacenters. © 2020 The Author(s) - DetailsConference Privacy regulations challenges on data-centric and iot systems: A case study for smart vehiclesCampanile, L., Iacono, M., Marulli, F., & Mastroianni, M. (2020). Privacy regulations challenges on data-centric and iot systems: A case study for smart vehicles [Conference paper]. IoTBDS 2020 - Proceedings of the 5th International Conference on Internet of Things, Big Data and Security, 507–520. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85089476036&partnerID=40&md5=c18dd73c221ec312a330521bf03d332e
Abstract
Internet of Things (IoTs) services and data-centric systems allow smart and efficient information exchanging. Anyway, even if existing IoTs and cyber security architectures are enforcing, they are still vulnerable to security issues, as unauthorized access, data breaches, intrusions. They can’t provide yet sufficiently robust and secure solutions to be applied in a straightforward way, both for ensuring privacy preservation and trustworthiness of transmitted data, evenly preventing from its fraudulent and unauthorized usage. Such data potentially include critical information about persons’ privacy (locations, visited places, behaviors, goods, anagraphic data and health conditions). So, novel approaches for IoTs and data-centric security are needed. In this work, we address IoTs systems security problem focusing on the privacy preserving issue. Indeed, after the European Union introduced the General Data Protection Regulation (GDPR), privacy data protection is a mandatory requirement for systems producing and managing sensible users’ data. Starting from a case study for the Internet of Vehicles (IoVs), we performed a pilot study and DPIA assessment to analyze possible mitigation strategies for improving the compliance of IoTs based systems to GDPR requirements. Our preliminary results evidenced that the introduction of blockchains in IoTs systems architectures can improve significantly the compliance to privacy regulations. Copyright © 2020 by SCITEPRESS - Science and Technology Publications, Lda. All rights reserved.