{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,14]],"date-time":"2026-06-14T07:51:54Z","timestamp":1781423514973,"version":"3.54.1"},"reference-count":141,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2018,2,20]],"date-time":"2018-02-20T00:00:00Z","timestamp":1519084800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001738","name":"Ministry of Science, Technology and Space, Israel","doi-asserted-by":"crossref","award":["3-12288"],"award-info":[{"award-number":["3-12288"]}],"id":[{"id":"10.13039\/501100001738","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Ministry of Foreign Affairs and International Cooperation, Italy"},{"name":"Israeli-Italian Scientific and Technological Cooperation program"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2019,3,31]]},"abstract":"<jats:p>Cyber-security systems, which protect networks and computers against cyber attacks, are becoming common due to increasing threats and government regulation. At the same time, the enormous amount of data gathered by cyber-security systems poses a serious threat to the privacy of the people protected by those systems. To ground this threat, we survey common and novel cyber-security technologies and analyze them according to the potential for privacy invasion. We suggest a taxonomy for privacy risks assessment of information security technologies, based on the level of data exposure, the level of identification of individual users, the data sensitivity and the user control over the monitoring, and collection and analysis of the data. We discuss our results in light of the recent technological trends and suggest several new directions for making these mechanisms more privacy-aware.<\/jats:p>","DOI":"10.1145\/3172869","type":"journal-article","created":{"date-parts":[[2018,2,23]],"date-time":"2018-02-23T15:15:22Z","timestamp":1519398922000},"page":"1-27","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":62,"title":["The Privacy Implications of Cyber Security Systems"],"prefix":"10.1145","volume":"51","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6939-5870","authenticated-orcid":false,"given":"Eran","family":"Toch","sequence":"first","affiliation":[{"name":"Tel Aviv University, Tel Aviv, Israel"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Claudio","family":"Bettini","sequence":"additional","affiliation":[{"name":"University of Milan, Milano, Italy"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Erez","family":"Shmueli","sequence":"additional","affiliation":[{"name":"Tel Aviv University, Tel Aviv, Israel"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Laura","family":"Radaelli","sequence":"additional","affiliation":[{"name":"Tel Aviv University, Tel Aviv, Israel"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Andrea","family":"Lanzi","sequence":"additional","affiliation":[{"name":"University of Milan, Milano, Italy"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Daniele","family":"Riboni","sequence":"additional","affiliation":[{"name":"University of Cagliari, Cagliari, Italy"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Bruno","family":"Lepri","sequence":"additional","affiliation":[{"name":"Fondazione Bruno Kessler, Trento, Italy"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2018,2,20]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2808138.2808146"},{"key":"e_1_2_1_2_1","volume-title":"Proceedings of the 26th USENIX Security Symposium (USENIX Security\u201917)","author":"Antonakakis Manos","year":"2017","unstructured":"Manos Antonakakis , Tim April , Michael Bailey , Matt Bernhard , Elie Bursztein , Jaime Cochran , Zakir Durumeric , J. Alex Halderman , Luca Invernizzi , Michalis Kallitsis , Deepak Kumar , Chaz Lever , Zane Ma , Joshua Mason , Damian Menscher , Chad Seaman , Nick Sullivan , Kurt Thomas , and Yi Zhou . 2017 . Understanding the mirai botnet . In Proceedings of the 26th USENIX Security Symposium (USENIX Security\u201917) . USENIX Association, Vancouver, BC, 1093--1110. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/antonakakis. Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou. 2017. Understanding the mirai botnet. In Proceedings of the 26th USENIX Security Symposium (USENIX Security\u201917). USENIX Association, Vancouver, BC, 1093--1110. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/antonakakis."},{"key":"e_1_2_1_3_1","unstructured":"Italian Data Protection Authority. 2016. Processing of personal data of employees by e-mail and other work tools. Retrieved from http:\/\/www.garanteprivacy.it\/web\/guest\/home\/docweb\/-\/docweb-display\/docweb\/5408460.  Italian Data Protection Authority. 2016. Processing of personal data of employees by e-mail and other work tools. Retrieved from http:\/\/www.garanteprivacy.it\/web\/guest\/home\/docweb\/-\/docweb-display\/docweb\/5408460."},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.pmcj.2014.09.010"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1456441.1456446"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046614.2046619"},{"key":"e_1_2_1_7_1","first-page":"101101","article-title":"SEPIA: Privacy-preserving aggregation of multi-domain network events and statistics","volume":"1","author":"Burkhart Martin","year":"2010","unstructured":"Martin Burkhart , Mario Strasser , Dilip Many , and Xenofontas Dimitropoulos . 2010 . SEPIA: Privacy-preserving aggregation of multi-domain network events and statistics . Network 1 (2010), 101101 . Martin Burkhart, Mario Strasser, Dilip Many, and Xenofontas Dimitropoulos. 2010. SEPIA: Privacy-preserving aggregation of multi-domain network events and statistics. Network 1 (2010), 101101.","journal-title":"Network"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.050113.00191"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2338965.2336768"},{"key":"e_1_2_1_10_1","volume-title":"Proceedings of the National Information Systems Security Conference. 368--81","author":"Cannady James","year":"1998","unstructured":"James Cannady . 1998 . Artificial neural networks for misuse detection . In Proceedings of the National Information Systems Security Conference. 368--81 . James Cannady. 1998. Artificial neural networks for misuse detection. In Proceedings of the National Information Systems Security Conference. 368--81."},{"key":"e_1_2_1_11_1","unstructured":"Checkpoint. 2017. Checkpoint security appliances. Retrieved from https:\/\/www.checkpoint.com\/.  Checkpoint. 2017. Checkpoint security appliances. Retrieved from https:\/\/www.checkpoint.com\/."},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1247660.1247690"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.clsr.2009.02.002"},{"key":"e_1_2_1_15_1","volume-title":"Prometheus: Analyzing webinject-based information stealers. J. Comput. Secur. Preprint","author":"Continella Andrea","year":"2017","unstructured":"Andrea Continella , Michele Carminati , Mario Polino , Andrea Lanzi , Stefano Zanero , and Federico Maggi . 2017 . Prometheus: Analyzing webinject-based information stealers. J. Comput. Secur. Preprint (2017), 1--21. Andrea Continella, Michele Carminati, Mario Polino, Andrea Lanzi, Stefano Zanero, and Federico Maggi. 2017. Prometheus: Analyzing webinject-based information stealers. J. Comput. Secur. Preprint (2017), 1--21."},{"key":"e_1_2_1_16_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS\u201907)","volume":"7","author":"Coull Scott E.","unstructured":"Scott E. Coull , Charles V. Wright , Fabian Monrose , Michael P. Collins , Michael K. Reiter et al. 2007. Playing devil\u2019s advocate: Inferring sensitive information from anonymized network traces . In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201907) , Vol. 7 . 35--47. Scott E. Coull, Charles V. Wright, Fabian Monrose, Michael P. Collins, Michael K. Reiter et al. 2007. Playing devil\u2019s advocate: Inferring sensitive information from anonymized network traces. In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201907), Vol. 7. 35--47."},{"key":"e_1_2_1_17_1","volume-title":"Proceedings of the 25th USENIX Security Symposium (USENIX Security\u201916)","author":"Cristalli Stefano","year":"2016","unstructured":"Stefano Cristalli , Mattia Pagnozzi , Mariano Graziano , Andrea Lanzi , and Davide Balzarotti . 2016 . Micro-virtualization memory tracing to detect and prevent spraying attacks . In Proceedings of the 25th USENIX Security Symposium (USENIX Security\u201916) . USENIX Association, Austin, TX, 431--446. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/stefano. Stefano Cristalli, Mattia Pagnozzi, Mariano Graziano, Andrea Lanzi, and Davide Balzarotti. 2016. Micro-virtualization memory tracing to detect and prevent spraying attacks. In Proceedings of the 25th USENIX Security Symposium (USENIX Security\u201916). USENIX Association, Austin, TX, 431--446. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/stefano."},{"key":"e_1_2_1_18_1","volume-title":"Proceedings of the 50th Hawaii International Conference on System Sciences.","author":"Robert","unstructured":"Robert E. Crossler and France B\u00e9langer. 2017. The mobile privacy-security knowledge gap model: Understanding behaviors . In Proceedings of the 50th Hawaii International Conference on System Sciences. Robert E. Crossler and France B\u00e9langer. 2017. The mobile privacy-security knowledge gap model: Understanding behaviors. In Proceedings of the 50th Hawaii International Conference on System Sciences."},{"key":"e_1_2_1_19_1","volume-title":"Information Systems Design and Intelligent Applications","author":"Reddy Danda Jagan Mohan","unstructured":"Jagan Mohan Reddy Danda and Chittaranjan Hota . 2016. Attack identification framework for IoT devices . In Information Systems Design and Intelligent Applications . Springer , 505--513. Jagan Mohan Reddy Danda and Chittaranjan Hota. 2016. Attack identification framework for IoT devices. In Information Systems Design and Intelligent Applications. Springer, 505--513."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/CERMA.2009.47"},{"key":"e_1_2_1_21_1","volume-title":"Blondel","author":"de Montjoye Yves-Alexandre","year":"2013","unstructured":"Yves-Alexandre de Montjoye , C\u00e9sar A. Hidalgo , Michel Verleysen , and Vincent D . Blondel . 2013 . Unique in the crowd: The privacy bounds of human mobility. Sci. Rep . 3 (2013). Yves-Alexandre de Montjoye, C\u00e9sar A. Hidalgo, Michel Verleysen, and Vincent D. Blondel. 2013. Unique in the crowd: The privacy bounds of human mobility. Sci. Rep. 3 (2013)."},{"key":"e_1_2_1_22_1","volume-title":"Vivek Kumar Singh et al","author":"de Montjoye Yves-Alexandre","year":"2015","unstructured":"Yves-Alexandre de Montjoye , Laura Radaelli , Vivek Kumar Singh et al . 2015 . Unique in the shopping mall: On the reidentifiability of credit card metadata. Science 347, 6221 (2015), 536--539. Yves-Alexandre de Montjoye, Laura Radaelli, Vivek Kumar Singh et al. 2015. Unique in the shopping mall: On the reidentifiability of credit card metadata. Science 347, 6221 (2015), 536--539."},{"key":"e_1_2_1_23_1","volume-title":"Encyclopedia of Cryptography and Security","author":"Desmedt Yvo","unstructured":"Yvo Desmedt . 2011. Man-in-the-middle attack . In Encyclopedia of Cryptography and Security . Springer , 759--759. Yvo Desmedt. 2011. Man-in-the-middle attack. In Encyclopedia of Cryptography and Security. Springer, 759--759."},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2835776.2835803"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/11787006_1"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2702123.2702251"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.03.007"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.5555\/829515.830554"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-013-0208-7"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242660"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2008.08.003"},{"key":"e_1_2_1_33_1","volume-title":"Proceedings of the International Conference on Weblogs and Social Media. 130--137","author":"Goel Sharad","unstructured":"Sharad Goel , J. M. Hofman , and M. Irmak Sirer . 2012. Who does what on the web: Studying web browsing behavior at scale . In Proceedings of the International Conference on Weblogs and Social Media. 130--137 . Sharad Goel, J. M. Hofman, and M. Irmak Sirer. 2012. Who does what on the web: Studying web browsing behavior at scale. In Proceedings of the International Conference on Weblogs and Social Media. 130--137."},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_1"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1049\/ic:20040382"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jalz.2008.07.004"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3046676"},{"key":"e_1_2_1_38_1","volume-title":"Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks (IJCNN\u201900)","volume":"5","author":"Hoglund Albert J.","unstructured":"Albert J. Hoglund , Kimmo Hatonen , and Antti S. Sorvari . 2000. A computer host-based user anomaly detection system using the self-organizing map . In Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks (IJCNN\u201900) , Vol. 5 . IEEE, 411--416. Albert J. Hoglund, Kimmo Hatonen, and Antti S. Sorvari. 2000. A computer host-based user anomaly detection system using the self-organizing map. In Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks (IJCNN\u201900), Vol. 5. IEEE, 411--416."},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242594"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/352600.353052"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jcss.2014.02.005"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3055305.3055311"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/1572532.1572538"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2016.7497768"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1073\/pnas.1218772110"},{"key":"e_1_2_1_46_1","unstructured":"Brian Krebs. 2017. Breach at DocuSign Led to Targeted Email Malware Campaign. Retrieved from https:\/\/krebsonsecurity.com\/2017\/05\/breach-at-docusign-led-to-targeted-email-malware-campaign\/.  Brian Krebs. 2017. Breach at DocuSign Led to Targeted Email Malware Campaign. Retrieved from https:\/\/krebsonsecurity.com\/2017\/05\/breach-at-docusign-led-to-targeted-email-malware-campaign\/."},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2014.09.005"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948144"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2015-0027"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2012.013012.00028"},{"key":"e_1_2_1_51_1","unstructured":"RSA FraudAction Research Labs. 2011. Anatomy of an attack. Retrieved from http:\/\/blogs.rsa.com\/anatomy-of-an-attack\/.  RSA FraudAction Research Labs. 2011. Anatomy of an attack. Retrieved from http:\/\/blogs.rsa.com\/anatomy-of-an-attack\/."},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/3468.935047"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2013.161"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866353"},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/MPAE.2003.1192027"},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2012.12.020"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE.2007.367856"},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2015.2419186"},{"key":"e_1_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.08.002"},{"key":"e_1_2_1_60_1","volume-title":"Proceedings of the USENIX Security Symposium. 239--254","author":"Lincoln Patrick","year":"2004","unstructured":"Patrick Lincoln , Phillip A. Porras , and Vitaly Shmatikov . 2004 . Privacy-preserving sharing and correlation of security alerts . In Proceedings of the USENIX Security Symposium. 239--254 . Patrick Lincoln, Phillip A. Porras, and Vitaly Shmatikov. 2004. Privacy-preserving sharing and correlation of security alerts. In Proceedings of the USENIX Security Symposium. 239--254."},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2011.122111.00145"},{"key":"e_1_2_1_62_1","volume-title":"Proceedings from the 6th Annual IEEE SMC Information Assurance Workshop (IAW\u201905)","author":"Locasto Michael E.","unstructured":"Michael E. Locasto , Janak J. Parekh , Angelos D. Keromytis , and Salvatore J. Stolfo . 2005. Towards collaborative security and p2p intrusion detection . In Proceedings from the 6th Annual IEEE SMC Information Assurance Workshop (IAW\u201905) . IEEE, 333--339. Michael E. Locasto, Janak J. Parekh, Angelos D. Keromytis, and Salvatore J. Stolfo. 2005. Towards collaborative security and p2p intrusion detection. In Proceedings from the 6th Annual IEEE SMC Information Assurance Workshop (IAW\u201905). IEEE, 333--339."},{"key":"e_1_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/1557019.1557153"},{"key":"e_1_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE.2006.1"},{"key":"e_1_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2013.06.013"},{"key":"e_1_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04474-8_37"},{"key":"e_1_2_1_67_1","first-page":"131","article-title":"SafeBox: Adaptable spatio-temporal generalization for location privacy protection","volume":"7","author":"Mascetti Sergio","year":"2014","unstructured":"Sergio Mascetti , Letizia Bertolaja , and Claudio Bettini . 2014 . SafeBox: Adaptable spatio-temporal generalization for location privacy protection . Trans. Data Priv. 7 , 2 (2014), 131 -- 163 . Sergio Mascetti, Letizia Bertolaja, and Claudio Bettini. 2014. SafeBox: Adaptable spatio-temporal generalization for location privacy protection. Trans. Data Priv. 7, 2 (2014), 131--163.","journal-title":"Trans. Data Priv."},{"key":"e_1_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00778-010-0213-7"},{"key":"e_1_2_1_69_1","first-page":"543","article-title":"The cost of reading privacy policies","volume":"4","author":"McDonald Aleecia M.","year":"2008","unstructured":"Aleecia M. McDonald and Lorrie Faith Cranor . 2008 . The cost of reading privacy policies . ISJLP 4 (2008), 543 . Aleecia M. McDonald and Lorrie Faith Cranor. 2008. The cost of reading privacy policies. ISJLP 4 (2008), 543.","journal-title":"ISJLP"},{"key":"e_1_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/1851182.1851199"},{"key":"e_1_2_1_71_1","volume-title":"Proceedings of the 1st Conference on Email and Anti-spam.","author":"Michelakis Eirinaios","year":"2004","unstructured":"Eirinaios Michelakis , Ion Androutsopoulos , Georgios Paliouras , George Sakkis , and Panagiotis Stamatopoulos . 2004 . Filtron: A Learning-Based Anti-Spam Filter . In Proceedings of the 1st Conference on Email and Anti-spam. Eirinaios Michelakis, Ion Androutsopoulos, Georgios Paliouras, George Sakkis, and Panagiotis Stamatopoulos. 2004. Filtron: A Learning-Based Anti-Spam Filter. In Proceedings of the 1st Conference on Email and Anti-spam."},{"key":"e_1_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1109\/MITP.2012.93"},{"key":"e_1_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11227-012-0831-5"},{"key":"e_1_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2012.05.003"},{"key":"e_1_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-01718-6_6"},{"key":"e_1_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.33"},{"key":"e_1_2_1_77_1","volume-title":"Proceedings of the 25th USENIX Security Symposium (USENIX Security\u201916)","author":"Nelms Terry","year":"2016","unstructured":"Terry Nelms , Roberto Perdisci , Manos Antonakakis , and Mustaque Ahamad . 2016 . Towards measuring and mitigating social engineering software download attacks . In Proceedings of the 25th USENIX Security Symposium (USENIX Security\u201916) . USENIX Association, 773--789. Terry Nelms, Roberto Perdisci, Manos Antonakakis, and Mustaque Ahamad. 2016. Towards measuring and mitigating social engineering software download attacks. In Proceedings of the 25th USENIX Security Symposium (USENIX Security\u201916). USENIX Association, 773--789."},{"key":"e_1_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.43"},{"key":"e_1_2_1_79_1","first-page":"119","article-title":"Privacy as contextual integrity","volume":"79","author":"Nissenbaum Helen","year":"2004","unstructured":"Helen Nissenbaum . 2004 . Privacy as contextual integrity . Wash. Law Rev. 79 (2004), 119 . Helen Nissenbaum. 2004. Privacy as contextual integrity. Wash. Law Rev. 79 (2004), 119.","journal-title":"Wash. Law Rev."},{"key":"e_1_2_1_80_1","volume-title":"Cybersecurity and information sharing: Legal challenges and solutions. Andrew Nolan Legislative Attorney CRS","author":"Nolan Andrew","year":"2015","unstructured":"Andrew Nolan . 2015. Cybersecurity and information sharing: Legal challenges and solutions. Andrew Nolan Legislative Attorney CRS ( 2015 ). Andrew Nolan. 2015. Cybersecurity and information sharing: Legal challenges and solutions. Andrew Nolan Legislative Attorney CRS (2015)."},{"key":"e_1_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.2013.18"},{"key":"e_1_2_1_82_1","unstructured":"Office of the Australian Information Commissioner. 2014. Guide to undertaking privacy impact assessments. Retrieved from https:\/\/www.oaic.gov.au\/agencies-and-organisations\/guides\/guide-to-undertaking-privacy-impact-assessments.  Office of the Australian Information Commissioner. 2014. Guide to undertaking privacy impact assessments. Retrieved from https:\/\/www.oaic.gov.au\/agencies-and-organisations\/guides\/guide-to-undertaking-privacy-impact-assessments."},{"key":"e_1_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1016\/J.ENG.2016.01.014"},{"key":"e_1_2_1_84_1","unstructured":"Paloalto. 2017. Paloalto security platform. Retrieved from https:\/\/www.paloalto.com\/.  Paloalto. 2017. Paloalto security platform. Retrieved from https:\/\/www.paloalto.com\/."},{"key":"e_1_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1145\/1111322.1111330"},{"key":"e_1_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00112-7"},{"key":"e_1_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1515\/jhsem-2014-0035"},{"key":"e_1_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.1145\/1284621.1284627"},{"key":"e_1_2_1_89_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920313"},{"key":"e_1_2_1_90_1","unstructured":"Qualcomm. 2017. Qualcomm Snapdragon Smart Protect. Retrieved from https:\/\/www.qualcomm.com\/.  Qualcomm. 2017. Qualcomm Snapdragon Smart Protect. Retrieved from https:\/\/www.qualcomm.com\/."},{"key":"e_1_2_1_91_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23234"},{"key":"e_1_2_1_92_1","volume-title":"Regulation 679 of the European parliament and of the council of","author":"Regulation","year":"2016","unstructured":"Regulation (EU). 2016. Regulation 679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95\/46\/EC (general data protection regulation). Offic. J. Eur. Union L 119\/59 (May 2016). Regulation (EU). 2016. Regulation 679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95\/46\/EC (general data protection regulation). Offic. J. Eur. Union L119\/59 (May 2016)."},{"key":"e_1_2_1_93_1","volume-title":"Proceedings of the 15th Network and Distributed Systems Security Symposium (NDSS\u201908)","author":"Ribeiro Bruno F.","unstructured":"Bruno F. Ribeiro , Weifeng Chen , Gerome Miklau , and Donald F. Towsley . 2008. Analyzing privacy in enterprise packet trace anonymization . In Proceedings of the 15th Network and Distributed Systems Security Symposium (NDSS\u201908) . Bruno F. Ribeiro, Weifeng Chen, Gerome Miklau, and Donald F. Towsley. 2008. Analyzing privacy in enterprise packet trace anonymization. In Proceedings of the 15th Network and Distributed Systems Security Symposium (NDSS\u201908)."},{"key":"e_1_2_1_94_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2012.19"},{"key":"e_1_2_1_95_1","first-page":"229","article-title":"Snort: Lightweight intrusion detection for networks","volume":"99","author":"Roesch Martin","year":"1999","unstructured":"Martin Roesch and others. 1999 . Snort: Lightweight intrusion detection for networks . In Proceedings of LISA , Vol. 99. 229 -- 238 . Martin Roesch and others. 1999. Snort: Lightweight intrusion detection for networks. In Proceedings of LISA, Vol. 99. 229--238.","journal-title":"Proceedings of LISA"},{"key":"e_1_2_1_96_1","doi-asserted-by":"publisher","DOI":"10.1145\/2744769.2747942"},{"key":"e_1_2_1_97_1","first-page":"1503","article-title":"Regulating cyber-security","volume":"107","author":"Sales Nathan Alexander","year":"2013","unstructured":"Nathan Alexander Sales . 2013 . Regulating cyber-security . Northwest. Univ. Law Rev. 107 , 4 (2013), 1503 -- 1568 . Nathan Alexander Sales. 2013. Regulating cyber-security. Northwest. Univ. Law Rev. 107, 4 (2013), 1503--1568.","journal-title":"Northwest. Univ. Law Rev."},{"key":"e_1_2_1_98_1","doi-asserted-by":"publisher","DOI":"10.1109\/69.971193"},{"key":"e_1_2_1_99_1","volume-title":"Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS\u201915)","author":"Schaub Florian","year":"2015","unstructured":"Florian Schaub , Rebecca Balebako , Adam L. Durity , and Lorrie Faith Cranor . 2015 . A design space for effective privacy notices . In Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS\u201915) . USENIX Association, 1--17. Florian Schaub, Rebecca Balebako, Adam L. Durity, and Lorrie Faith Cranor. 2015. A design space for effective privacy notices. In Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS\u201915). USENIX Association, 1--17."},{"key":"e_1_2_1_100_1","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2015.2409877"},{"key":"e_1_2_1_101_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.29"},{"key":"e_1_2_1_102_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2014.11.005"},{"key":"e_1_2_1_103_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2011.12.020"},{"key":"e_1_2_1_104_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2015.2398363"},{"key":"e_1_2_1_105_1","volume-title":"Proceedings of the 9th International Conference on Software, Knowledge, Information Management and Applications (SKIMA\u201915)","author":"Smadi Sami","unstructured":"Sami Smadi , Nauman Aslam , Li Zhang , Rafe Alasem , and M. A. Hossain . 2015. Detection of phishing emails using data mining algorithms . In Proceedings of the 9th International Conference on Software, Knowledge, Information Management and Applications (SKIMA\u201915) . IEEE, 1--8. Sami Smadi, Nauman Aslam, Li Zhang, Rafe Alasem, and M. A. Hossain. 2015. Detection of phishing emails using data mining algorithms. In Proceedings of the 9th International Conference on Software, Knowledge, Information Management and Applications (SKIMA\u201915). IEEE, 1--8."},{"key":"e_1_2_1_106_1","doi-asserted-by":"crossref","unstructured":"Daniel J. Solove. 2006. A taxonomy of privacy. Univ. Penn. Law Rev. (2006) 477--564.  Daniel J. Solove. 2006. A taxonomy of privacy. Univ. Penn. Law Rev. (2006) 477--564.","DOI":"10.2307\/40041279"},{"key":"e_1_2_1_107_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2008.88"},{"key":"e_1_2_1_108_1","doi-asserted-by":"publisher","DOI":"10.1145\/2370216.2370266"},{"key":"e_1_2_1_109_1","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2015-0028"},{"key":"e_1_2_1_110_1","doi-asserted-by":"crossref","unstructured":"M. Sumeeth R. Singh and J. Miller. 2012. Are online privacy policies readable. Optim. Info. Secur. Adv. Priv. Assur.: New Technol. (2012) 91.  M. Sumeeth R. Singh and J. Miller. 2012. Are online privacy policies readable. Optim. Info. Secur. Adv. Priv. Assur.: New Technol. (2012) 91.","DOI":"10.4018\/978-1-4666-0026-3.ch005"},{"key":"e_1_2_1_111_1","doi-asserted-by":"publisher","DOI":"10.1142\/S0218488502001648"},{"key":"e_1_2_1_112_1","unstructured":"Symantec. 2015a. Insecurity in the Internet of Things. Retrieved from http:\/\/www.symantec.com\/content\/en\/us\/enterprise\/media\/security_response\/whitepapers\/insecurity-in-the-internet-of-things.pdf.  Symantec. 2015a. Insecurity in the Internet of Things. Retrieved from http:\/\/www.symantec.com\/content\/en\/us\/enterprise\/media\/security_response\/whitepapers\/insecurity-in-the-internet-of-things.pdf."},{"key":"e_1_2_1_114_1","unstructured":"Symantec. 2016a. An Internet of Things Reference Architecture. Retrieved from http:\/\/wso2.com\/whitepapers\/a-reference-architecture-for-the-internet-of-things\/.  Symantec. 2016a. An Internet of Things Reference Architecture. Retrieved from http:\/\/wso2.com\/whitepapers\/a-reference-architecture-for-the-internet-of-things\/."},{"key":"e_1_2_1_115_1","unstructured":"Symantec. 2016b. Device Protection for the Internet of Things. Retrieved from https:\/\/www.symantec.com\/content\/dam\/symantec\/docs\/data-sheets\/embedded-security-critical-system-protection-en.pdf.  Symantec. 2016b. Device Protection for the Internet of Things. Retrieved from https:\/\/www.symantec.com\/content\/dam\/symantec\/docs\/data-sheets\/embedded-security-critical-system-protection-en.pdf."},{"key":"e_1_2_1_116_1","unstructured":"Symantec. 2016c. EndPoint Protection. Retrieved from https:\/\/www.symantec.com\/content\/dam\/symantec\/docs\/data-sheets\/endpoint-protection-en.pdf.  Symantec. 2016c. EndPoint Protection. Retrieved from https:\/\/www.symantec.com\/content\/dam\/symantec\/docs\/data-sheets\/endpoint-protection-en.pdf."},{"key":"e_1_2_1_117_1","doi-asserted-by":"publisher","DOI":"10.1109\/MDT.2010.7"},{"key":"e_1_2_1_118_1","first-page":"391","article-title":"New harm matrix for cybersecurity surveillance","volume":"12","author":"Tene Omer","year":"2014","unstructured":"Omer Tene . 2014 . New harm matrix for cybersecurity surveillance , A. Colo. Tech. LJ 12 (2014), 391 . Omer Tene. 2014. New harm matrix for cybersecurity surveillance, A. Colo. Tech. LJ 12 (2014), 391.","journal-title":"A. Colo. Tech. LJ"},{"key":"e_1_2_1_119_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-10-0557-2_72"},{"key":"e_1_2_1_120_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11257-011-9110-z"},{"key":"e_1_2_1_121_1","unstructured":"Tripwire. 2017. File Integrity and Change ManagementFIM. Retrieved from https:\/\/www.tripwire.com\/.  Tripwire. 2017. File Integrity and Change ManagementFIM. Retrieved from https:\/\/www.tripwire.com\/."},{"key":"e_1_2_1_122_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2014.09.001"},{"key":"e_1_2_1_123_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.csi.2013.12.008"},{"key":"e_1_2_1_124_1","first-page":"2920","article-title":"Engineering security into distributed systems: A survey of methodologies","volume":"18","author":"Uzunov Anton V.","year":"2012","unstructured":"Anton V. Uzunov , Eduardo B. Fernandez , and Katrina Falkner . 2012 . Engineering security into distributed systems: A survey of methodologies . J. Univ. Comput. Sci. 18 , 20 (2012), 2920 -- 3006 . Anton V. Uzunov, Eduardo B. Fernandez, and Katrina Falkner. 2012. Engineering security into distributed systems: A survey of methodologies. J. Univ. Comput. Sci. 18, 20 (2012), 2920--3006.","journal-title":"J. Univ. Comput. Sci."},{"key":"e_1_2_1_125_1","doi-asserted-by":"publisher","DOI":"10.1145\/2716260"},{"key":"e_1_2_1_126_1","doi-asserted-by":"publisher","DOI":"10.1109\/PCCC.2015.7410282"},{"key":"e_1_2_1_127_1","volume-title":"Proceedings of the 19th Annual Computer Security Applications Conference. IEEE Computer Society, 34","author":"Vigna Giovanni","unstructured":"Giovanni Vigna , William Robertson , Vishal Kher , and Richard A. Kemmerer . 2003. A stateful intrusion detection system for world-wide web servers . In Proceedings of the 19th Annual Computer Security Applications Conference. IEEE Computer Society, 34 . Retrieved from http:\/\/dl.acm.org\/citation.cfm?id&equals;956415.956437. Giovanni Vigna, William Robertson, Vishal Kher, and Richard A. Kemmerer. 2003. A stateful intrusion detection system for world-wide web servers. In Proceedings of the 19th Annual Computer Security Applications Conference. IEEE Computer Society, 34. Retrieved from http:\/\/dl.acm.org\/citation.cfm?id&equals;956415.956437."},{"key":"e_1_2_1_128_1","volume-title":"The state of the art in societal impact assessment for security research.Sci. Public Pol. (SPP) 42, 3","author":"Wadhwa Kush","year":"2015","unstructured":"Kush Wadhwa , David Barnard-Wills , and David Wright . 2015. The state of the art in societal impact assessment for security research.Sci. Public Pol. (SPP) 42, 3 ( 2015 ). Kush Wadhwa, David Barnard-Wills, and David Wright. 2015. The state of the art in societal impact assessment for security research.Sci. Public Pol. (SPP) 42, 3 (2015)."},{"key":"e_1_2_1_129_1","doi-asserted-by":"publisher","DOI":"10.1145\/1150402.1150449"},{"key":"e_1_2_1_130_1","volume-title":"Stolfo","author":"Wang Ke","year":"2004","unstructured":"Ke Wang and Salvatore J . Stolfo . 2004 . Anomalous payload-based network intrusion detection. In Proceedings of the International Workshop on Recent Advances in Intrusion Detection. Springer , 203--222. Ke Wang and Salvatore J. Stolfo. 2004. Anomalous payload-based network intrusion detection. In Proceedings of the International Workshop on Recent Advances in Intrusion Detection. Springer, 203--222."},{"key":"e_1_2_1_131_1","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.2009.12"},{"key":"e_1_2_1_132_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.clsr.2009.11.008"},{"key":"e_1_2_1_133_1","volume-title":"Engels","author":"Weis Stephen A.","year":"2004","unstructured":"Stephen A. Weis , Sanjay E. Sarma , Ronald L. Rivest , and Daniel W . Engels . 2004 . Security and privacy aspects of low-cost radio frequency identification systems. In Security in Pervasive Computing. Springer , 201--212. Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest, and Daniel W. Engels. 2004. Security and privacy aspects of low-cost radio frequency identification systems. In Security in Pervasive Computing. Springer, 201--212."},{"key":"e_1_2_1_134_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.clsr.2011.11.007"},{"key":"e_1_2_1_135_1","volume-title":"Privacy Impact Assessment","author":"Wright David","unstructured":"David Wright and Paul De Hert . 2011. Privacy Impact Assessment . Vol. 6 . Springer Science 8 Business Media. David Wright and Paul De Hert. 2011. Privacy Impact Assessment. Vol. 6. Springer Science 8 Business Media."},{"key":"e_1_2_1_136_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.clsr.2012.09.003"},{"key":"e_1_2_1_137_1","doi-asserted-by":"publisher","DOI":"10.1145\/1247480.1247556"},{"key":"e_1_2_1_138_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2015.2512609"},{"key":"e_1_2_1_139_1","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2012.010912.00035"},{"key":"e_1_2_1_140_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.pmcj.2011.01.004"},{"key":"e_1_2_1_141_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2009.06.008"},{"key":"e_1_2_1_142_1","doi-asserted-by":"publisher","DOI":"10.1109\/SKG.2010.19"},{"key":"e_1_2_1_143_1","doi-asserted-by":"publisher","DOI":"10.1002\/sec.795"}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3172869","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3172869","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T21:15:18Z","timestamp":1750281318000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3172869"}},"subtitle":["A Technological Survey"],"short-title":[],"issued":{"date-parts":[[2018,2,20]]},"references-count":141,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2019,3,31]]}},"alternative-id":["10.1145\/3172869"],"URL":"https:\/\/doi.org\/10.1145\/3172869","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,2,20]]},"assertion":[{"value":"2016-08-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2017-12-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-02-20","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}