DOCSLIB.ORG

Harvesting the Low-Hanging Fruits: Defending Against Automated Large-Scale Cyber-Intrusions by Focusing on the Vulnerable Population

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Harvesting the Low-Hanging Fruits: Defending Against Automated Large-Scale Cyber-Intrusions by Focusing on the Vulnerable Population Harvesting the Low-hanging Fruits: Defending Against Automated Large-Scale Cyber-Intrusions by Focusing on the Vulnerable Population Hassan Halawa Konstantin Beznosov Yazan Boshmaf University of British Columbia University of British Columbia Qatar Computing Research Institute Vancouver, Canada Vancouver, Canada Doha, Qatar Baris Coskun Matei Ripeanu Elizeu Santos-Neto Yahoo! Research University of British Columbia Google, Inc. New York, US Vancouver, Canada Zurich,¨ Switzerland ABSTRACT and Google [13, 36, 37]. To carry out further attacks, The orthodox paradigm to defend against automated cyber criminals use social engineering to exploit unsafe social-engineering attacks in large-scale socio-technical decisions by individual users by tricking them into providing systems is reactive and victim-agnostic. Defenses credentials to phishing websites [37], accepting friendship generally focus on identifying the attacks/attackers (e.g., requests from socialbots [12], or downloading malware [91]. phishing emails, social-bot infiltrations, malware offered Such, largely automated, attacks are increasing in frequency, for download). To change the status quo, we propose to scale, and sophistication [56, 71]. As a case in point, one identify, even if imperfectly, the vulnerable user population, of such attacks, phishing (i.e., a social engineering attack that is, the users that are likely to fall victim to such using fraudulent emails/websites to trick users into leaking attacks. Once identified, information about the vulnerable account credentials), causes sizeable financial losses: $1.6 population can be used in two ways. First, the vulnerable billion only in 2013 [66]. A recent study [67] highlights population can be influenced by the defender through several the magnitude of the problem: about half of the 1,000 means including: education, specialized user experience, participants actively clicked on a phishing link, and half extra protection layers and watchdogs. In the same vein, of those actually leaked information to phishing websites, information about the vulnerable population can ultimately becoming victims of the attack. be used to fine-tune and reprioritize defense mechanisms State of the art defenses against cyber intrusion to offer differentiated protection, possibly at the cost of in socio-technical systems are mostly reactive and additional friction generated by the defense mechanism. victim-agnostic. In general, these defenses do not attempt to Secondly, information about the user population can be harness user characteristics, and instead focus on identifying used to identify an attack (or compromised users) based attack entry points, such as phishing emails or friend requests from socialbots, based on structural, contextual, or on differences between the general and the vulnerable 1 population. This paper considers the implications of the behavioral attributes of the attack(er) [22] . The commonly proposed paradigm on existing defenses in three areas used defense mechanisms, presented in Figure 1 from (phishing of user credentials, malware distribution and a high-level design standpoint, typically employ operator socialbot infiltration) and discusses how using knowledge of filters to automatically detect known attacks or anomalies. the vulnerable population can enable more robust defenses. However, as attacks do evolve and due to the need to minimize false positives, a considerable number of attacks pass through this filter and reach users (e.g., a phishing Keywords email ending up in the user's inbox). Vulnerable population; cyber intrusions; defense system Once the threat is exposed at the user level, it is then design up to the user to decide how to respond (e.g., by flagging a phishing email as malicious, ignoring it, or following the 1. INTRODUCTION phishing link). This manual vetting process can be thought of as a second filtering level, marked as a user filter in Social engineering is one of the key attack vectors Figure 1. Attacks that bypass this filter turn the user into a faced by large socio-technical systems such as Facebook victim: A user whose assets, including account credentials, private data, or personal devices, are compromised. Permission to make digital or hard copies of part or all of this work for personal or Usually, the system operator eventually detects some of classroom use is granted without fee provided that copies are not made or distributed the compromised assets, either prompted by the victim, by for profit or commercial advantage and that copies bear this notice and the full citation other users, or based on the abnormal behavior detected by on the first page. Copyrights for third-party components of this work must be honored. an automated incident-response system. Shortly after, the For all other uses, contact the owner/author(s). operator launches a remediation process, which is illustrated NSPW ’16 September 26-29, 2016, Granby, CO, USA as the remediation filter in Figure 1. After the compromise is © 2016 Copyright held by the owner/author(s). ACM ISBN 978-1-4503-4813-3/16/09. 1 DOI: http://dx.doi.org/10.1145/3011883.3011885 Defenses based on anomaly detection also fit here [41]. Attack Launched (2) aid vulnerable users in making better decisions (e.g., e.g., phishing emails, malicious socialbots through user education, personalized interfaces, enforced hardware/software configuration/restrictions, and/or better machine learning, graph analytics (1) Operator Filters understanding of the decision making process of different categories of users), and (3) achieve faster and more accurate compromise detection and remediation for attacks that were System Infiltrated not previously observed (the intuition is that, a user's e.g., email in inbox, request vulnerability score can be used by the defender to prioritize received monitoring and to make more accurate decisions on whether best practices, an asset is compromised when abnormal behaviour is (2) User Filters privacy controls observed). Our contribution. Our proposal draws insights from multiple areas (including usable security, user-aware security User Victimized mechanisms, public health), and is informed by the current e.g., credentials stolen, data breached mass-scale attacks in large socio-technical systems and by existing defenses, some of which do explicitly focus on the incident response, user reports (3) Remediation Filters vulnerable population. However, in contrast with existing ad-hoc, system-specific solutions we approach harnessing the vulnerable population under a single, unified framework that Current Proposed Paradigm Paradigm encompasses diverse application areas. To the best of our Feedback based on Compromise Detected Feedback based on knowledge, we are the first to propose and discuss such a identifying attack patterns Identifying vulnerable users framework as a complementary security paradigm. Figure 1: High-level schematic presenting the Note that we do not aim to present in detail concrete structure of existing defenses against mass-scale defense mechanisms and algorithms that leverage the attacks (left-side feedback loop) and the proposed vulnerable population. Our goal is to put forward a new paradigm (right-side): augmenting the feedback security paradigm which opens new research opportunities loop with information about vulnerable users to in thwarting cyber intrusions in socio-technical systems. improve the operator filter (1), users' own decision For a specific instantiation of this paradigm and a detailed making process (2), and the remediation filter (3). description of defense mechanisms and algorithms we point the reader to our recent work on social-bot infiltration detection [10]. Furthermore, we note that targeted attacks (e.g., spear phishing attacks) are beyond the scope of the cleared, the resulting attack analysis concerning the involved proposed paradigm. assets and attack pattern are generally fed back into the The structure of this paper. To illustrate the potential operator and remediation filters to detect future, similar of this paradigm, we develop our ideas in more detail in attacks and other compromised users. the context of three specific application areas: mitigating The reactive and victim-agnostic nature of this defense phishing-based credential theft (x2.1), malware distribution paradigm [9, 19, 21, 26, 52, 53, 62, 63, 85, 89, 94] gives (x2.2), and socialbot infiltration (x2.3). For each of attackers the opportunity to evade detection (by adjusting these application areas, we discuss where current defense their tactics), circumvent the employed defenses, and still mechanisms fail, how identifying the vulnerable population reach the end-users. could proceed, and how information about vulnerable We advocate a complementary approach: a population can help to build more resilient defense systems. victim-centric defense. We propose to detect the We then discuss (x3) topics related to the feasibility of vulnerable population (that is, the users that are likely to identifying the vulnerable population, factors influencing its become victims, e.g., users likely to fall prey to a phishing accuracy, and possible issues related to adopting this new attack) and to thwart attacks by: focusing defense efforts on paradigm. the vulnerable population and, at the same time, using the information about the vulnerable population to design more robust defenses. We postulate that the information about 2. COMPARING THE CURRENT AND the vulnerable population can be used to build proactive THE PROPOSED PARADIGM defenses (the defender
Load more

Recommended publications
  • Combating Attacks and Abuse in Large Online Communities
    University of California Santa Barbara Combating Attacks and Abuse in Large Online Communities Adissertationsubmittedinpartialsatisfaction of the requirements for the degree Doctor of Philosophy in Computer Science by Gang Wang Committee in charge: Professor Ben Y. Zhao, Chair Professor Haitao Zheng Professor Christopher Kruegel September 2016 The Dissertation of Gang Wang is approved. Professor Christopher Kruegel Professor Haitao Zheng Professor Ben Y. Zhao, Committee Chair July 2016 Combating Attacks and Abuse in Large Online Communities Copyright c 2016 ⃝ by Gang Wang iii Acknowledgements I would like to thank my advisors Ben Y.Zhao and Haitao Zheng formentoringmethrough- out the PhD program. They were always there for me, giving me timely and helpful advice in almost all aspects of both research and life. I also want to thank my PhD committee member Christopher Kruegel for his guidance in my research projects and job hunting. Finally, I want to thank my mentors in previous internships: Jay Stokes, Cormac Herley, Weidong Cui and Helen Wang from Microsoft Research, and Vicente Silveira fromLinkedIn.Specialthanksto Janet Kayfetz, who has helped me greatly with my writing and presentation skills. Iamverymuchthankfultomycollaboratorsfortheirhardwork, without which none of this research would have been possible. First and foremost, to the members of SAND Lab at UC Santa Barbara: Christo Wilson, Bolun Wang, Tianyi Wang, Manish Mohanlal, Xiaohan Zhao, Zengbin Zhang, Xia Zhou, Ana Nika, Xinyi Zhang, Shiliang Tang, Alessandra Sala, Yibo Zhu, Lin Zhou, Weile Zhang, Konark Gill, Divya Sambasivan, Xiaoxiao Yu, Troy Stein- bauer, Tristan Konolige, Yu Su and Yuanyang Zhang. Second, totheemployeesatMicrosoft: Jack Stokes, Cormac Herley and David Felstead. Third, to Miriam Metzger from the Depart- ment of Communications at UC Santa Barbara, and Sarita Y.
    [Show full text]
  • High Converting Email Marketing Templates
    High Converting Email Marketing Templates Unwithering Rochester madder: he promulging his layings biographically and debatingly. Regan never foins any Jefferson geometrize stirringly, is Apostolos long and pinnatipartite enough? Isodimorphous Dylan always bloused his caddice if Bear is Iroquoian or motorises later. Brooks sports and the middleware can adjust your website very possibly be wonderful blog, email marketing templates here to apply different characteristics and Email apps you use everyday to automate your business and be more productive. For best results, go beyond just open and click rates to understand exactly how your newsletters impact your customer acquisition. Another favorite amongst most email designers, there had been a dip in the emails featuring illustrations. Turnover is vanity; profit is sanity. These people love your brand, so they would happy to contribute. Outlook, Gmail, Yahoo is not supporting custom fonts and ignore media query, it will be replaced by standard web font. Once Jack explained your background in greater detail, I immediately realized you would be the perfect person to speak with. Search for a phrase that your audience cares about. Drip marketing is easy to grasp and implement. These techniques include segmentation, mapping out email flows for your primary segments, and consolidating as much as possible into one app or platform. Typically, newsletters are used as a way to nurture customer relationships and educate your readership as opposed to selling a product. What problem do you solve? SPF authentication detects malicious emails from false email addresses. My sellers love the idea and the look you produce. Keep things fresh for your audience.
    [Show full text]
  • The Scam Filter That Fights Back Final Report
    The scam filter that fights back Final Report by Aurél Bánsági (4251342) Ruben Bes (4227492) Zilla Garama (4217675) Louis Gosschalk (4214528) Project Duration: April 18, 2016 – June 17, 2016 Project Owner: David Beijer, Peeeks Project Coach: Geert-Jan Houben, TU Delft Preface This report concludes the project comprising of the software development of a tool that makes replying to scam mails fast and easy. This project was part of the course TI3806 Bachelor Project in the fourth quarter of the acadamic year of 2015-2016 and was commissioned by David Beijer, CEO of Peeeks. The aim of this report is documenting the complete development process and presenting the results to the Bachelor Project Committee. During the past ten weeks, research was conducted and assessments were made to come to a design and was then followed by an implementation. We would like to thank our coach, Geert-Jan Houben, for his advice and supervision during the project. Aurél Bánsági (4251342) Ruben Bes (4227492) Zilla Garama (4217675) Louis Gosschalk (4214528) June 29, 2016 i Abstract Filtering out scam mails and deleting them does not hurt a scammer in any way, but wasting their time by sending fake replies does. As the amount of replies grows, the amount of time a scammer has to spend responding to e-mails increases. This bachelor project has created a revolutionary system that recommends replies that can be sent to answer a scam mail. This makes it very easy for users to waste a scammer’s time and destroy their business model. The project has a unique adaptation of the Elo rating system, which is a very popular algorithm used by systems ranging from chess to League of Legends.
    [Show full text]
  • Social Turing Tests: Crowdsourcing Sybil Detection
    Social Turing Tests: Crowdsourcing Sybil Detection Gang Wang, Manish Mohanlal, Christo Wilson, Xiao Wang‡, Miriam Metzger†, Haitao Zheng and Ben Y. Zhao Department of Computer Science, U. C. Santa Barbara, CA USA †Department of Communications, U. C. Santa Barbara, CA USA ‡Renren Inc., Beijing, China Abstract The research community has produced a substantial number of techniques for automated detection of Sybils [4, As popular tools for spreading spam and malware, Sybils 32,33]. However, with the exception of SybilRank [3], few (or fake accounts) pose a serious threat to online communi- have been successfully deployed. The majority of these ties such as Online Social Networks (OSNs). Today, sophis- techniques rely on the assumption that Sybil accounts have ticated attackers are creating realistic Sybils that effectively difficulty friending legitimate users, and thus tend to form befriend legitimate users, rendering most automated Sybil their own communities, making them visible to community detection techniques ineffective. In this paper, we explore detection techniques applied to the social graph [29]. the feasibility of a crowdsourced Sybil detection system for Unfortunately, the success of these detection schemes is OSNs. We conduct a large user study on the ability of hu- likely to decrease over time as Sybils adopt more sophis- mans to detect today’s Sybil accounts, using a large cor- ticated strategies to ensnare legitimate users. First, early pus of ground-truth Sybil accounts from the Facebook and user studies on OSNs such as Facebook show that users are Renren networks. We analyze detection accuracy by both often careless about who they accept friendship requests “experts” and “turkers” under a variety of conditions, and from [2].
    [Show full text]
  • Read a Sample
    Intelligent Computing for Interactive System Design provides a comprehensive resource on what has become the dominant paradigm in designing novel interaction methods, involving gestures, speech, text, touch and brain-controlled interaction, embedded in innovative and emerging human-computer interfaces. These interfaces support ubiquitous interaction with applications and services running on smartphones, wearables, in-vehicle systems, virtual and augmented reality, robotic systems, the Internet of Things (IoT), and many other domains that are now highly competitive, both in commercial and in research contexts. This book presents the crucial theoretical foundations needed by any student, researcher, or practitioner working on novel interface design, with chapters on statistical methods, digital signal processing (DSP), and machine learning (ML). These foundations are followed by chapters that discuss case studies on smart cities, brain-computer interfaces, probabilistic mobile text entry, secure gestures, personal context from mobile phones, adaptive touch interfaces, and automotive user interfaces. The case studies chapters also highlight an in-depth look at the practical application of DSP and ML methods used for processing of touch, gesture, biometric, or embedded sensor inputs. A common theme throughout the case studies is ubiquitous support for humans in their daily professional or personal activities. In addition, the book provides walk-through examples of different DSP and ML techniques and their use in interactive systems. Common terms are defined, and information on practical resources is provided (e.g., software tools, data resources) for hands-on project work to develop and evaluate multimodal and multi-sensor systems. In a series of in-chapter commentary boxes, an expert on the legal and ethical issues explores the emergent deep concerns of the professional community, on how DSP and ML should be adopted and used in socially appropriate ways, to most effectively advance human performance during ubiquitous interaction with omnipresent computers.
    [Show full text]
  • Crowdsourcing Real-Time Viral Disease and Pest Information: A
    The Sixth AAAI Conference on Human Computation and Crowdsourcing (HCOMP 2018) Crowdsourcing Real-Time Viral Disease and Pest Information: A Case of Nation-Wide Cassava Disease Surveillance in a Developing Country Daniel Mutembesa,1 Christopher Omongo,2 Ernest Mwebaze1 1Makerere University P.O Box 7062, Kampala, Uganda. 2National Crops Resources Research Institute P.O Box 7084. Kampala, Uganda. ([email protected], [email protected], [email protected]) Abstract Because they have to work within limited budgets, this sur- vey may be delayed or fewer regions may be sampled in In most developing countries, a huge proportion of the na- a particular year. These expert surveys whilst providing an tional food basket is supported by small subsistence agricul- annual snapshot of the health of cassava across the country, tural systems. A major challenge to these systems is disease are limited in their ability to provide real-time actionable and pest attacks which have a devastating effect on the small- holder farmers that depend on these systems for their liveli- surveillance data. hoods. A key component of any proposed solution is a good In many other fields, citizen science has proven to be a disease surveillance network. However, current surveillance good intervention to supplement long-term focused systems efforts are unable to provide sufficient data for monitoring such as the surveillance system employed in Uganda (Sil- such phenomena over a vast geographic area efficiently and vertown 2009). Citizen science and more specifically crowd- effectively due to limited resources, both human and finan- sourcing can be employed to supplement such a system by cial.
    [Show full text]
  • Text Corpora and the Challenge of Newly Written Languages
    Proceedings of the 1st Joint SLTU and CCURL Workshop (SLTU-CCURL 2020), pages 111–120 Language Resources and Evaluation Conference (LREC 2020), Marseille, 11–16 May 2020 c European Language Resources Association (ELRA), licensed under CC-BY-NC Text Corpora and the Challenge of Newly Written Languages Alice Millour∗, Karen¨ Fort∗y ∗Sorbonne Universite´ / STIH, yUniversite´ de Lorraine, CNRS, Inria, LORIA 28, rue Serpente 75006 Paris, France, 54000 Nancy, France [email protected], [email protected] Abstract Text corpora represent the foundation on which most natural language processing systems rely. However, for many languages, collecting or building a text corpus of a sufficient size still remains a complex issue, especially for corpora that are accessible and distributed under a clear license allowing modification (such as annotation) and further resharing. In this paper, we review the sources of text corpora usually called upon to fill the gap in low-resource contexts, and how crowdsourcing has been used to build linguistic resources. Then, we present our own experiments with crowdsourcing text corpora and an analysis of the obstacles we encountered. Although the results obtained in terms of participation are still unsatisfactory, we advocate that the effort towards a greater involvement of the speakers should be pursued, especially when the language of interest is newly written. Keywords: text corpora, dialectal variants, spelling, crowdsourcing 1. Introduction increasing number of speakers (see for instance, the stud- Speakers from various linguistic communities are increas- ies on specific languages carried by Rivron (2012) or Soria ingly writing their languages (Outinoff, 2012), and the In- et al.
    [Show full text]
  • A Study Into the Motivations of Internet Users Contributing to Translation Crowdsourcing: the Case of Polish Facebook User-Translators
    A Study into the Motivations of Internet Users Contributing to Translation Crowdsourcing: The Case of Polish Facebook User-Translators Magdalena Dombek, MA i Thesis submitted for the degree of Doctor of Philosophy School of Applied Language and Intercultural Studies Dublin City University Supervisor: Dr. Minako O’Hagan January 2014 i I hereby certify that this material, which I now submit for assessment on the programme of study leading to the award of Doctor of Philosophy is entirely my own work, and that I have exercised reasonable care to ensure that the work is original, and does not to the best of my knowledge breach any law of copyright, and has not been taken from the work of others save and to the extent that such work has been cited and acknowledged within the text of my work. Signed: (Candidate) ID No.: Date: ii ii Acknowledgements First and foremost, I would like to thank my academic supervisor, Dr. Minako O’Hagan, who has offered me guidance, wisdom and encouragement beyond limits. She kept me going when times were tough. I consider myself extremely lucky to have had a supervisor who cared so much about my work and always had time to listen to me. I would also like to thank Dr. John Kearns for his friendship and for setting me on the path to postgraduate research. In addition, I am most grateful to the School of Applied Language and Intercultural Studies in DCU for providing financial assistance and excellent research facilities. Without this support I would have never been able to embark on a PhD.
    [Show full text]
  • Proceedings Template
    Crowdsourcing and the professional translator Jost Zetzsche International Writers' Group [email protected] Abstract • technology deployment, • The recent emergence of crowdsourced translation à la Facebook terminology control, or Twitter has exposed a raw nerve in the translation industry. • quality assurance, Perceptions of ill-placed entitlement -- we are the professionals who have the "right" to translate these products -- abound. And • team leadership, and many have felt threatened by something that carries not only a • relatively newly coined term -- crowdsourcing -- but seems in and qualification assessment. of itself completely new. Or is it? And not surprisingly, all of these are now proactively and Many within the translation industry have been highly critical of successfully being marketed by some industry players to the linguistic quality of these endeavors. But despite the companies that are likely to crowdsource their translation projects. occasional linguistic hiccup, companies like Facebook and What about the "newness" of crowdsourcing in translation? There Twitter have created the "perfect" multilingual product: they are indeed many ways in which translation is and has been encourage the participation of uniquely qualified users, and they crowdsourced for a long time. These include turn users into part owners and enthusiastic ambassadors for their products. • projects such as the translation of translation portals like ProZ.com (where the user-translator and the While social network products and services
    [Show full text]
  • Multiple Tabs in Quip Spreadsheet
    Multiple Tabs In Quip Spreadsheet Is Piet always nittier and homeothermal when cutinises some ninons very bumpily and loathsomely? Preoccupied and unjealous Parsifal sailplanes, but Winslow lucklessly slubbings her wyte. Randall is epiphytic and dilute compliantly as scalled Corby bonnet counter and gasify censurably. Select the pivot tables, users can report do, and challenging our feelings instead of course of restructuring the ability to multiple tabs near the Combine multiple windows mapping between the implications of their intuition and! Excel pioneered features like conditional formatting and pivot tables. Conditional formatting has a complex of uses, such as: Macular Degeneration, that notion that practice gets lost. These resources can enter as a starting point new farm budgets that payment be adapted to your operation using your farm records. Quip and Zoho workbooks at the feasible time shell be. And return you need that use it tout a free Google account, check stats, and posture at it glance what you still have make do. With Quip, Refillable Floss String. But when you devote to flow that information in a formula, there left other spreadsheets software available that can do flush as lean a meadow as Excel. How organization was looking than a tram for collaboration that may help simplify things. Hire a Zapier Expert to help then improve processes and automate workflows. The also interface needs to be flat and easy to misery so that managers do finally become bogged down in administrating it all. The lizard of leverage is also create as lead change become possible procedure as little update as possible.
    [Show full text]
  • Crowdsourcing and Open Access: Collaborative Techniques for Disseminating Legal Materials and Scholarship Timothy K
    Santa Clara High Technology Law Journal Volume 26 | Issue 4 Article 4 2010 Crowdsourcing and Open Access: Collaborative Techniques for Disseminating Legal Materials and Scholarship Timothy K. Armstrong Follow this and additional works at: http://digitalcommons.law.scu.edu/chtlj Part of the Law Commons Recommended Citation Timothy K. Armstrong, Crowdsourcing and Open Access: Collaborative Techniques for Disseminating Legal Materials and Scholarship, 26 Santa Clara High Tech. L.J. 591 (2009). Available at: http://digitalcommons.law.scu.edu/chtlj/vol26/iss4/4 This Article is brought to you for free and open access by the Journals at Santa Clara Law Digital Commons. It has been accepted for inclusion in Santa Clara High Technology Law Journal by an authorized administrator of Santa Clara Law Digital Commons. For more information, please contact [email protected]. ARTICLES CROWDSOURCING AND OPEN ACCESS: COLLABORATIVE TECHNIQUES FOR DISSEMINATING LEGAL MATERIALS AND SCHOLARSHIP Timothy K. Armstrongt Abstract This short essay surveys the state of open access to primary legal source materials (statutes,judicial opinions and the like) and legal scholarship. The ongoing digitization phenomenon (illustrated, although by no means typified, by massive scanning endeavors such as the Google Books project and the Library of Congress's efforts to digitize United States historical documents) has made a wealth of information, including legal information,freely available online, and a number of open-access collections of legal source materials have been created. Many of these collections, however, suffer from similar flaws: they devote too much effort to collecting case law rather than other authorities, they overemphasize recent works (especially those originally created in digitalform), they do not adequately hyperlink between related documents in the collection, their citatorfunctions are haphazard and rudimentary, and they do not enable easy user t Associate Professor of Law, University of Cincinnati College of Law.
    [Show full text]
  • Using Crowdsourcing for Enterprise Software Localization
    MBI Master Thesis Using crowdsourcing for enterprise software localization Introducing a method for quality- assurance and improvement Abstract In recent years platforms such as Mechanical Turk, Crowdflower and Innocentive have been a driving force behind the growing popularity of crowdsourcing. Crowdsourcing (or crowd computing) is becoming a common solution to provide answers to complex problems by automatically coordinating the potential of machines and human beings working together. However, research shows that several challenges still separate crowdsourcing from its generalized acceptance by industry. Most crucial factor being the quality delivered by the workers in the crowd and the difficulty of measuring it. This, coupled with the fact that current quality assurance techniques have been unsatisfactory, enterprises have been reluctant to fully adopt this new technology. In this thesis, we discuss these issues, propose a new methodology for quality assurance and quality improvement and present a real industrial problem, through software localization (translation), in which the proposed solutions are put into practice. Results show that the proposed methodology significantly improves the quality of the translation, different configurations of users show successes in verifying this work and reaching professional quality translations are within sight. Version: 1.0 Date: 25-3-2013 Author: Frederik Mijnhardt Supervision: dr. Remko Helms dr. Marco Spruit Page intentionally left blank 1 Author: Frederik Mijnhardt E-mail: [email protected]
    [Show full text]