Despite the development of new technologies in order to prevent the stealing of cars, the number of car thefts is sharply increasing. With the advent of electronics, new ways to steal cars were found. In order to avoid auto-theft attacks, in this paper we propose a machine learning based method to silently and continuously profile the driver by analyzing built-in vehicle sensors. We consider a dataset composed by 51 different features extracted by 10 different drivers, evaluating the efficiency of the proposed method in driver identification. We also find the most relevant features able to discriminate the car owner by an impostor. We obtain a precision and a recall equal to 99% evaluating a dataset containing data extracted from real vehicle.

Process mining is the set of techniques to retrieve a process model starting from available logging data. The discovered process model has to be analyzed to verify whether it respects the defined properties, i.e., the so-called compliance checking. Our aim is to use a model checking based approach to verify compliance. First, we propose an integrated-tool approach using existing tools as ProM (a framework supporting process mining techniques) and CADP (a formal verification environment). More precisely, the execution traces from a software system are extracted. Then, using the "Mine Transition System" plugin in ProM, we obtain a labelled transition system, that can be easily used to verify formal properties through CADP. However, this choice presents the "state explosion" problem, i.e., models discovered through the classical process mining techniques tend to be large and complex. In order to solve this problem, another custom-made approach is shown, which accomplishes a pre-processing on the traces to obtain abstract traces, where abstraction is based on the set of temporal logic formulae specifying the system properties. Then, from the set of abstracted traces, we discover a system described in Lotos, a process algebra specification language; in this way we do not build an operational model for the system, but we produce only a language description from which a model checking environment will automatically obtain the reduced corresponding transition system. Real systems have been used as case studies to evaluate the proposed methodologies.

In the last decades companies worldwide are facing a new kind of risk, namely cyber risk, that has emerged as one of the top challenges in risk management. Insurance was only recently applied to cyber world and it is increasingly becoming part of the risk management process, posing many challenges to actuaries. One of the main issues is the lack of data, in particular nancial ones. The aim of the paper is to point out the peculiarities of cyber insurance contracts with respect to the classical non life insurance ones both from the insurer and the insured's perspective. Therefore, the main actuarial principles that are fundamental to any valu- ation in cyber context are discussed. An illustrative example is proposed where the Chronology of Data Breaches provided by the Privacy Rights Clearing House is deeply analyzed. The most suitable distributions to represent the frequency and the severity of the reported cyber incidents are examined and the value at risk measure is estimated. Then, two ex- emplifying cases oer the assessment of both the premium required by the insurer and the indierence premium that the insured is willing to pay. Even though this research is still preliminary and shows some limits highlighted by the authors, it could offer useful information to better un- derstand this peculiar kind of insurance policies.

As discussed in the recent literature, several innovative car insurance concepts are proposed in order to gain advantages both for insurance companies and for drivers. In this context, the "pay-how-you-drive" paradigm is emerging, but it is not thoroughly discussed and much less implemented. In this paper, we propose an approach in order to identify the driver behavior exploring the usage of unsupervised machine learning techniques. A real-world case study is performed to evaluate the effectiveness of the proposed solution. Furthermore, we discuss how the proposed model can be adopted as risk indicator for car insurance companies.

In the last years, several safety automotive concepts have been proposed, for instance the cruise control and the automatic brakes systems. The proposed systems are able to take the control of the vehicle when a dangerous situation is detected. Less effort was produced in driver aggressiveness in order to mitigate the dangerous situation. In this paper we propose an approach in order to identify the driver aggressiveness exploring the usage of unsupervised machine learning techniques. A real world case study is performed to evaluate the effectiveness of the proposed method.

Several techniques have been developed in last years by automotive industry in order to protect drivers and car passengers. These methods, for instance the automatic brake systems and the cruise control, are able to intervene when there is a dangerous situation. With the aim to minimize these risks, in this paper we propose a method able to suggest to the driver the driving style to adopt in order to avoid dangerous situations. Our method is basically a two-level fuzzy systems: the first one is related to the driver under analysis, while the second one is a centralized server with the responsibility to send suggestions to drivers in order to prevent traffic incidents. We carried out a preliminary evaluation to demonstrate the effectiveness of the proposed method: we obtain of percentage variation ranging from 85.48% to 88.99% in the number of traffic incidents between the scenarios we considered using the proposed method and the scenario without the proposed method applied.

A specific kind of insurance that is emerging within the domain of cyber-systems is that of cyber-insurance. Cyber-insurance is the transfer of financial risk associated with network and computer incidents to a third party. Insurance companies are increasingly offering such policies, in particular in the USA, but also in Europe. The emerging trends in cyber insurance raise a number of unique challenges and force actuaries to reconsider how to think about underwriting, pricing and aggregation risk. Aim of this contribution is to offer a review of the recent literature on cyber risk management in the actuarial field. Moreover, basing on the most significant results in IT domain, we outline possible synergies between the two lines of research.

The rapid development of cyber insurance market brings forward the question about the effect of cyber insurance on cyber security. Some researchers believe that the effect should be positive as organisations will be forced to maintain a high level of security in order to pay lower premiums. On the other hand, other researchers conduct a theoretical analysis and demonstrate that availability of cyber insurance may result in lower investments in security. In this paper we propose a mathematical analysis of a cyber-insurance model in a non-competitive market. We prove that with a right pricing strategy it is always possible to ensure that security investments are at least as high as without insurance. Our general theoretical analysis is confirmed by specific cases using CARA and CRRA utility functions.

A specific kind of insurance that is emerging within the domain of cyber-systems is that of cyber-insurance. Cyber-insurance is the transfer of financial risk associated with network and computer incidents to a third party. Insurance companies are increasingly offering such policies, in particular in the USA, but also in Europe. The emerging trends in cyber insurance raise a number of unique challenges and force actuaries to reconsider how to think about underwriting, pricing and aggregation risk. Aim of this contribution is to offer a review of the recent literature on cyber risk management in the actuarial field. Moreover, basing on the most significant results in IT domain, we outline possible synergies between the two lines of research.

Despite the development of new technologies, in order to prevent the stealing of cars, the number of car thefts is sharply increasing. With the advent of electronics, new ways to steal cars were found. To avoid auto-theft attacks, in this paper we propose a machine leaning based method to silently e continuously profile the driver by analyzing built-in vehicle sensors. We evaluate the efficiency of the proposed method in driver identification using 10 different drivers. Results are promising, as a matter of fact we obtain a high precision and a recall evaluating a dataset containing data extracted from real vehicle.

Cyber insurance is a rapidly developing area which draws more and more attention of practitioners and researchers. Insurance, an alternative way to deal with residual risks, was only recently applied to the cyber world. The immature cyber insurance market faces a number of unique challenges on the way of its development.In this paper we summarise the basic knowledge about cyber insurance available so far from both market and scientific perspectives. We provide a common background explaining basic terms and formalisation of the area. We discuss the issues which make this type of insurance unique and show how different technologies are affected by these issues. We compare the available scientific approaches to analysis of cyber insurance market and summarise their findings with a common view. Finally, we propose directions for further advances in the research on cyber insurance.

The increasing need for performing expensive computations has motivated outsourced computing, as in crowdsourced applications leveraging worker cloud nodes. However, these outsourced computing nodes can potentially misbehave or fail. Exploiting the redundancy of nodes can help guaranteeing correctness and availability of results. This entails that reliable distributed computing can be achieved at the expense of convenience. In this paper, we provide a solution for a generic class of problems that distribute a parallel computation over a set of nodes where trustworthiness of the outsourced computation is important. In particular, we discuss AntiCheetah, an approach modeling the assignment of input elements to cloud nodes as a multi-round system. AntiCheetah is resilient to node cheating, even in scenarios where smart cheaters return the same fake values. To this end, cost-efficient redundancy is used to detect and correct anomalies. Furthermore, we discuss the benefits and pitfalls of the proposed approach over different scenarios, especially with respect to cheaters' behavior. Extensive experimental results are analyzed, showing the effectiveness and viability of our approach.

Cloud computing offers unprecedented ways to split and offload the workload of parallel algorithms to remote computing nodes. However, such remote parties can potentially misbehave, for instance by providing fake computation results in order to save resources. In turn, these erroneous partial results can affect the timeliness and correctness of the overall outcome of the algorithm. The widely successful cloud approach increases the economic feasibility of leveraging computational redundancy to enforce some degree of assurance about the results. However, naïve solutions that dumbly replicate the same computation over several sets of nodes are not cost-efficient. In this paper, we provide several contributions as for the distribution of workload over (heterogeneous) cloud nodes. In particular, we first formalize the problem of computing a parallel function over a set of nodes; later, we introduce CheR (for Cheating Resilience), a novel approach based upon modelling the assignment of input elements to cloud nodes as a linear integer programming problem aimed at minimizing cost while being resilient against misbehaving nodes. Further, we describe the CheR approach in different scenarios and highlight the novelty with respect to other state-of-the-art solutions. Finally, we present and discuss some experimental results showing the viability and quality of our proposal. © 2014 Springer International Publishing Switzerland.

Social Web Services (SWSs) constitute a novel paradigm of service-oriented computing, where Web services, just like humans, sign up in social networks that guarantee, e.g., better service discovery for users and faster replacement in case of service failures. In past work, composition of SWSs was mainly supported by specialised social networks of competitor services and cooperating ones. In this work, we continue this line of research, by proposing a novel SWSs composition procedure driven by the SWSs reputation. Making use of a well-known formal language and associated tools, we specify the composition steps and we prove that such reputation-driven approach assures better results in terms of the overall quality of service of the compositions, with respect to randomly selecting SWSs.

In this paper, we analyze the above issues and provide a solution for a specific problem that, nevertheless, is quite representative for a generic class of problems in the above setting: computing a vectorial function over a set of nodes. In particular, we introduce AntiCheetah, a novel autonomic multi-round approach performing the assignment of input elements to cloud nodes as an autonomic, self-configuring and self-optimizing cloud system. AntiCheetah is resilient against misbehaving nodes, and it is effective even in worst-case scenarios and against smart cheaters that behave according to complex strategies. Further, we discuss benefits and pitfalls of the AntiCheetah approach in different scenarios. Preliminary experimental results over a custom-built, scalable, and flexible simulator (SofA) show the quality and viability of our solution. Outsourced computing is increasingly popular thanks to the effectiveness and convenience of cloud computing *-as-a-Service offerings. However, cloud nodes can potentially misbehave in order to save resources. As such, some guarantee over the correctness and availability of results is needed. Exploiting the redundancy of cloud nodes can be of help, even though smart cheating strategies render the detection and correction of fake results much harder to achieve in practice.