{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T14:29:47Z","timestamp":1775744987138,"version":"3.50.1"},"reference-count":42,"publisher":"Wiley","license":[{"start":{"date-parts":[[2021,5,7]],"date-time":"2021-05-07T00:00:00Z","timestamp":1620345600000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U19A2081"],"award-info":[{"award-number":["U19A2081"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61802270"],"award-info":[{"award-number":["61802270"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Communication Networks"],"published-print":{"date-parts":[[2021,5,7]]},"abstract":"<jats:p>The extensive data collection performed by the Internet of Things (IoT) devices can put users at risk of data leakage. Consequently, IoT vendors are legally obliged to provide privacy policies to declare the scope and purpose of the data collection. However, complex and lengthy privacy policies are unfriendly to users, and the lack of a machine-readable format makes it difficult to check policy compliance automatically. To solve these problems, we first put forward a purpose-aware rule to formalize the purpose-driven data collection or use statement. Then, a novel approach to identify the rule from natural language privacy policies is proposed. To address the issue of diversity of purpose expression, we present the concepts of explicit and implicit purpose, which enable using the syntactic and semantic analyses to extract purposes in different sentences. Finally, the domain adaption method is applied to the semantic role labeling (SRL) model to improve the efficiency of purpose extraction. The experiments that are conducted on the manually annotated dataset demonstrate that this approach can extract purpose-aware rules from the privacy policies with a high recall rate of 91%. The implicit purpose extraction of the adapted model significantly improves the F1-score by 11%.<\/jats:p>","DOI":"10.1155\/2021\/5552501","type":"journal-article","created":{"date-parts":[[2021,5,8]],"date-time":"2021-05-08T18:21:02Z","timestamp":1620498062000},"page":"1-11","source":"Crossref","is-referenced-by-count":6,"title":["PurExt: Automated Extraction of the Purpose-Aware Rule from the Natural Language Privacy Policy in IoT"],"prefix":"10.1155","volume":"2021","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4382-5518","authenticated-orcid":true,"given":"Lu","family":"Yang","sequence":"first","affiliation":[{"name":"College of Computer Science, Sichuan University, Chengdu 610065, China"},{"name":"Cyber Science Research Institute, Sichuan University, Chengdu 610065, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8705-2617","authenticated-orcid":true,"given":"Xingshu","family":"Chen","sequence":"additional","affiliation":[{"name":"Cyber Science Research Institute, Sichuan University, Chengdu 610065, China"},{"name":"College of Cyber Science and Engineering, Sichuan University, Chengdu 610065, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2866-3757","authenticated-orcid":true,"given":"Yonggang","family":"Luo","sequence":"additional","affiliation":[{"name":"Cyber Science Research Institute, Sichuan University, Chengdu 610065, China"},{"name":"College of Cyber Science and Engineering, Sichuan University, Chengdu 610065, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4091-5569","authenticated-orcid":true,"given":"Xiao","family":"Lan","sequence":"additional","affiliation":[{"name":"Cyber Science Research Institute, Sichuan University, Chengdu 610065, China"},{"name":"College of Cyber Science and Engineering, Sichuan University, Chengdu 610065, China"}]},{"given":"Li","family":"Chen","sequence":"additional","affiliation":[{"name":"College of Computer Science, Sichuan University, Chengdu 610065, China"},{"name":"Cyber Science Research Institute, Sichuan University, Chengdu 610065, China"}]}],"member":"311","reference":[{"key":"1","doi-asserted-by":"publisher","DOI":"10.1108\/ics-07-2019-0090<remarks>Doi_inserted_from_Crossref<\/remarks>"},{"key":"2","first-page":"159","article-title":"Understanding and improving security and privacy in multi-user smart homes: a design exploration and in-home user study","author":"E. Zeng"},{"key":"3","doi-asserted-by":"publisher","DOI":"10.1145\/3274469<remarks>Doi_inserted_from_Crossref<\/remarks>"},{"key":"4","doi-asserted-by":"publisher","DOI":"10.1007\/s00779-017-1067-4"},{"key":"5","first-page":"1330","article-title":"The creation and analysis of a website privacy policy corpus","author":"S. Wilson"},{"key":"6","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-33752-0_6"},{"key":"7","first-page":"163","article-title":"I read but don\u2019t agree: privacy policy benchmarking using machine learning and the EU GDPR","author":"W. B. Tesfay"},{"key":"8","first-page":"50","article-title":"Linked USDL privacy: describing privacy policies for services","author":"G. Kapitsaki"},{"key":"9","doi-asserted-by":"publisher","DOI":"10.1145\/3127519<remarks>Doi_inserted_from_Crossref<\/remarks>"},{"key":"10","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-95276-5_3"},{"key":"11","first-page":"159","article-title":"Semantic incompleteness in privacy policy goals","author":"J. Bhatia"},{"key":"12","doi-asserted-by":"crossref","first-page":"370","DOI":"10.1007\/978-3-030-58201-2_25","article-title":"Establishing a strong baseline for privacy policy classification","volume-title":"IFIP International Conference on ICT Systems Security and Privacy Protection","author":"N. M. Nejad","year":"2020"},{"key":"13","first-page":"133","article-title":"Crowdsourcing annotations for websites\u2019 privacy policies: can it really work?","author":"S. Wilson"},{"key":"14","first-page":"585","article-title":"Policylint: investigating internal privacy policy contradictions on google play","author":"B. Andow"},{"issue":"9","key":"15","doi-asserted-by":"crossref","first-page":"834","DOI":"10.1109\/TSE.2017.2730198","article-title":"Enhancing the description-to-behavior fidelity in android apps with privacy policy","volume":"44","author":"L. Yu","year":"2017","journal-title":"IEEE Transactions on Software Engineering"},{"key":"16","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40203-6_34<remarks>Doi_inserted_from_Crossref<\/remarks>"},{"key":"17","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-58387-6_2"},{"key":"18","article-title":"Automated approach to improve iot privacy policies","author":"P. Shayegh","year":"2019"},{"key":"19","first-page":"94","article-title":"Contextual privacy policy modeling in iot","author":"E. Onu"},{"key":"20","first-page":"531","article-title":"Polisis: automated analysis and presentation of privacy policies using deep learning","author":"H. Harkous"},{"key":"21","first-page":"100","article-title":"Ensuring compliance of IoT devices with their privacy policy agreement","author":"A. Subahi"},{"key":"22","doi-asserted-by":"crossref","article-title":"Automated analysis of privacy requirements for mobile apps","author":"S. Zimmeck","DOI":"10.14722\/ndss.2017.23034"},{"key":"23","first-page":"985","article-title":"Actions speak louder than words: entity-sensitive privacy policy and data flow analysis with policheck","author":"B. Andow"},{"key":"24","article-title":"Natural language processing for mobile app privacy compliance","author":"P. Story"},{"key":"25","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2019-0037"},{"key":"26","doi-asserted-by":"publisher","DOI":"10.1007\/s00766-019-00315-y<remarks>Doi_inserted_from_Crossref<\/remarks>"},{"key":"27","first-page":"1","article-title":"Automated extraction of security policies from natural-language software documents","author":"X. Xiao"},{"key":"28","first-page":"366","article-title":"Relation extraction for inferring access control rules from natural language artifacts","author":"J. Slankas"},{"key":"29","first-page":"435","article-title":"Access control policy extraction from unconstrained natural language text","author":"J. Slankas"},{"key":"30","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-61176-1_5"},{"issue":"3","key":"31","first-page":"506","article-title":"Automatic extraction of access control policies from natural language documents","volume":"17","author":"M. Narouei","year":"2018","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"32","doi-asserted-by":"publisher","DOI":"10.1162\/coli.2008.34.2.257"},{"key":"33","first-page":"1444","article-title":"Joint a\u2217 ccg parsing and semantic role labelling","author":"M. Lewis"},{"key":"34","first-page":"43","article-title":"Multilingual semantic role labeling","author":"A. Bj\u00f6rkelund"},{"key":"35","first-page":"2493","article-title":"Natural language processing (almost) from scratch","volume":"12","author":"R. Collobert","year":"2011","journal-title":"Journal of Machine Learning Research"},{"key":"36","first-page":"221","article-title":"Semantic role labeling using complete syntactic analysis","author":"M. Surdeanu"},{"key":"37","doi-asserted-by":"publisher","DOI":"10.1145\/1272516.1272522"},{"key":"38","first-page":"502","article-title":"Security policy refinement: high-level specification to low-level implementation","author":"X. Yang"},{"issue":"1","key":"39","article-title":"Spacy 2: Natural language understanding with bloom embeddings","volume":"7","author":"M. Honnibal","year":"2017","journal-title":"Convolutional Neural Networks and Incremental Parsing"},{"key":"40","first-page":"152","article-title":"Introduction to the CoNLL-2005 shared task: semantic role labeling","author":"X. Carreras"},{"key":"41"},{"key":"42","doi-asserted-by":"publisher","DOI":"10.1016\/j.ipm.2009.03.002"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/5552501.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/5552501.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/5552501.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,8]],"date-time":"2021-05-08T18:21:14Z","timestamp":1620498074000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/scn\/2021\/5552501\/"}},"subtitle":[],"editor":[{"given":"Ahmed","family":"Meddahi","sequence":"additional","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2021,5,7]]},"references-count":42,"alternative-id":["5552501","5552501"],"URL":"https:\/\/doi.org\/10.1155\/2021\/5552501","relation":{},"ISSN":["1939-0122","1939-0114"],"issn-type":[{"value":"1939-0122","type":"electronic"},{"value":"1939-0114","type":"print"}],"subject":[],"published":{"date-parts":[[2021,5,7]]}}}