Two Machine Learning Based Frameworks for Enhancing Privacy Protection

The Distinguished Speaker Webinar Series is aimed at advancing the state-of-the-art concepts and methods in artificial intelligence and cyber security areas. The series is jointly hosted by the Centers for Cyber Security and AI Research and the School of Electrical Engineering and Computer Science (SEECS) at the University of North Dakota College of Engineering & Mines.

Speaker Biography:
Dr. Chuan Yue is a Professor of Computer Science at the Colorado School of Mines. He is the founder and current point of contact (POC) of the Center for Cyber Security and Privacy (CCSP) at the Colorado School of Mines. His research focuses on (1) Web, Mobile, Cloud, CPS, IoT, and AI systems security, (2) usable security and privacy, (3) vulnerability measurement and analysis, and (4) cybersecurity education. He received BE and ME degrees in Computer Science from the Xidian University, China, in 1996 and 1999, respectively, and PhD in Computer Science from the College of William and Mary in 2010. He worked as a Member of Technical Staff at Bell Labs China, Lucent Technologies from 1999 to 2003, and worked as an Assistant Professor of Computer Science at the University of Colorado Colorado Springs from 2010 to 2015.

About the Webinar:
Websites and mobile apps often collect sensitive personal data from users, raising lots of privacy concerns. In this talk, I will introduce two machine learning based frameworks that we built for enhancing the privacy protection to web and mobile app users, respectively. The first framework is called WtaGraph, which is a web tracking and advertising detection framework built based on Graph Neural Networks (GNNs). We conducted experiments to demonstrate that WtaGraph can effectively detect web tracking and advertising HTTP/HTTPS requests in both transductive and inductive learning settings. The second framework is called PolicyChecker, which is a rule and semantic role-based framework for analyzing the GDPR completeness of mobile apps' privacy policies. Using PolicyChecker, we conducted the first large-scale GDPR-completeness violation study on over 200K privacy policies of Android apps and found that majority of them are incomplete. I will also introduce the lessons that we learned from building these two frameworks and suggest some potential future studies.