> Careers

> Artificial Intelligence

> Internet
> Social Media

OCTOBER 2019 www.computer.org

 Keep Your Career
Options Open
Upload Your Resume Today!
Whether your enjoy your current position or you
are ready for change, the IEEE Computer Society
Jobs Board is a valuable resource tool.
Take advantage of these special resources for
job seekers:

JOB ALERTS TEMPLATES

CAREER RESUMES VIEWED

ADVICE BY TOP EMPLOYERS No matter
your career
WEBINARS level, the
IEEE Computer
Society Jobs
Board keeps
you connected to
workplace trends
and exciting new
career prospects.

www.computer.org/jobs
 IEEE COMPUTER SOCIETY computer.org • +1 714 821 8380

STAFF
Editor Publications Portfolio Managers
Cathy Martin Carrie Clark, Kimberly Sperka

Publications Operations Project Specialist Publisher

Christine Anthony Robin Baldwin

Production & Design Senior Advertising Coordinator

Carmen Flores-Garvey Debbie Sims

Circulation: ComputingEdge (ISSN 2469-7087) is published monthly by the IEEE Computer Society. IEEE Headquarters, Three Park Avenue, 17th Floor, New
York, NY 10016-5997; IEEE Computer Society Publications Office, 10662 Los Vaqueros Circle, Los Alamitos, CA 90720; voice +1 714 821 8380; fax +1 714 821 4010;
IEEE Computer Society Headquarters, 2001 L Street NW, Suite 700, Washington, DC 20036.
Postmaster: Send address changes to ComputingEdge-IEEE Membership Processing Dept., 445 Hoes Lane, Piscataway, NJ 08855. Periodicals Postage Paid at
New York, New York, and at additional mailing offices. Printed in USA.
Editorial: Unless otherwise stated, bylined articles, as well as product and service descriptions, reflect the author’s or firm’s opinion. Inclusion in ComputingEdge
does not necessarily constitute endorsement by the IEEE or the Computer Society. All submissions are subject to editing for style, clarity, and space.
Reuse Rights and Reprint Permissions: Educational or personal use of this material is permitted without fee, provided such use: 1) is not made for profit;
2) includes this notice and a full citation to the original work on the first page of the copy; and 3) does not imply IEEE endorsement of any third-party products
or services. Authors and their companies are permitted to post the accepted version of IEEE-copyrighted material on their own Web servers without permission,
provided that the IEEE copyright notice and a full citation to the original work appear on the first screen of the posted copy. An accepted manuscript is a version
which has been revised by the author to incorporate review suggestions, but not the published version with copy-editing, proofreading, and formatting added by
IEEE. For more information, please go to: http://www.ieee.org/publications_standards/publications/rights/paperversionpolicy.html. Permission to reprint/republish
this material for commercial, advertising, or promotional purposes or for creating new collective works for resale or redistribution must be obtained from IEEE by
writing to the IEEE Intellectual Property Rights Office, 445 Hoes Lane, Piscataway, NJ 08854-4141 or [email protected]. Copyright © 2019 IEEE.
All rights reserved.
Abstracting and Library Use: Abstracting is permitted with credit to the source. Libraries are permitted to photocopy for private use of patrons, provided the per-
copy fee indicated in the code at the bottom of the first page is paid through the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923.
Unsubscribe: If you no longer wish to receive this ComputingEdge mailing, please email IEEE Computer Society Customer Service at [email protected] and
type “unsubscribe ComputingEdge” in your subject line.
IEEE prohibits discrimination, harassment, and bullying. For more information, visit www.ieee.org/web/aboutus/whatis/policies/p9-26.html.

IEEE Computer Society Magazine Editors in Chief

Computer IEEE Security & Privacy Computing in Science

David Alan Grier (Interim), David Nicol, University of Illinois & Engineering
Djaghe LLC at Urbana-Champaign Jim X. Chen, George Mason
University
IEEE Software IEEE Micro
IEEE Intelligent Systems
Ipek Ozkaya, Software Lizy Kurian John, University of
V.S. Subrahmanian, Dartmouth
Engineering Institute Texas, Austin
College

IEEE Computer Graphics IEEE MultiMedia

IEEE Internet Computing
and Applications Shu-Ching Chen, Florida
George Pallis, University of
Torsten Möller, University of International University
Cyprus
Vienna
IEEE Annals of the History
IT Professional
IEEE Pervasive Computing of Computing
Irena Bojanova, NIST
Marc Langheinrich, University of Gerardo Con Diaz, University of
Lugano California, Davis

www.computer.org/computingedge 1
OCTOBER 2019 • VOLUME 5, NUMBER 10

THEME HERE

How Do We
8 11
Service
26
Project-Based Learning
Prepare the Learning in Inspires Cybersecurity
Next Generation Engineering Students: A
for a Career in Education Scholarship-for-Service
Our Digital Era? Research Study
 Careers
8 How Do We Prepare the Next Generation for a Career
in Our Digital Era?
LOUISE M. MORMAN

11 Service Learning in Engineering Education

NICHOLAS J. KIRSCH

Artificial Intelligence
17 Are Robots Taking Our Jobs? A RoboPlatform
at a Bank
PRZEMYSLAW LEWICKI, JACEK TOCHOWICZ, AND JEROEN VAN
GENUCHTEN

21 A Budding Romance: Finance and AI

XIAO-PING STEVEN ZHANG AND DAVID KEDMEY

Internet
26 Project-Based Learning Inspires Cybersecurity
Students: A Scholarship-for-Service Research Study
ALAN T. SHERMAN, PETER A.H. PETERSON, ENIS GOLASZEWSKI,
EDWARD LAFEMINA, ETHAN GOLDSCHEN, MOHAMMED KHAN,
LAUREN MUNDY, MYKAH RATHER, BRYAN SOLIS, WUBNYONGA
TETE, EDWIN VALDEZ, BRIAN WEBER, DAMIAN DOYLE, CASEY
O’BRIEN, LINDA OLIVA, JOSEPH ROUNDY, AND JACK SUES

34 Learning to Network
STEPHEN D. CROCKER

Social Media
40 Supervised Learning for Fake News Detection
JULIO C. S. REIS, ANDRE CORREIA, FABRICIO MURAI, ADRIANO
VELOSO, AND FABRICIO BENEVENUTO

46 Thoughts on Cyberbullying
NIR KSHETRI AND JEFFREY VOAS

46
Departments
4 Magazine Roundup
7 Editor’s Note: Engineering Your Career
72 Conference Calendar
Thoughts on
Cyberbullying

Subscribe to ComputingEdge for free at

www.computer.org/computingedge.
 CS FOCUS

Magazine
Roundup
throughout their investigations,
encompassing research activi-
ties corresponding to data col-
lection, data flow, computation,
output analysis, and all the ways
these are used together to pro-
duce results. Existing infrastruc-
tures support elements of the
workflow, such as data reposito-

T
ries or computing services, but
he IEEE Computer only when all people are able to these are not integrated as inter-
Society’s lineup of 12 completely access the Internet active environments that pro-
peer-reviewed tech- can a digital society be consid- vide full investigation lifecycle
nical magazines covers cut- ered universal. The authors of support. The Digital Environ-
ting-edge topics ranging from this article from the July 2019 ment for Enabling Data-driven
software design and computer issue of Computer present a pro- Sciences (DEEDS) project
graphics to Internet comput- posal to harmonize accessibility brought together domain scien-
ing and security, from scien- standards that all countries must tists and computer scientists to
tific applications and machine adhere to. create a platform that provides
intelligence to visualization interactive end-to-end support
and microchip design. Here are Computing in Science & for diverse scientific workflows.
highlights from recent issues. Engineering Key among requirements were
preservation, provenance, cou-
Computer Lifecycle Support for pling of data and computing,
Scientific Investigations: results traceability, collabora-
The Harmonization of Integrating Data, tive sharing, exploration, and
Accessibility Standards for Computing, and Workflows publication of the full products
Public Policies Scientific workflows have of research work. This article
Today, individuals can access an emerged as a model for rep- from the July/August 2019 issue
ever-increasing number of ser- resenting the complex pro- of Computing in Science & Engi-
vices via the Internet. However, cesses carried out by scientists neering highlights use cases that

4 October 2019 Published by the IEEE Computer Society 2469-7087/19 © 2019 IEEE
contributed to DEEDS develop- for every user. In this article from faced in developing ASTs and les-
ment and concludes with lessons the July/August 2019 issue of IEEE sons learned for future and current
learned from a process that joined Computer Graphics and Applica- developers.
experiences and perspectives from tions, the authors propose an inno-
diverse science domains. vative framework that offers the IEEE Internet Computing
user opportunities to improve the
IEEE Annals of the History brushing technique while using it. Seamless Virtualized
of Computing They realized this framework with Controller Migration for Drone
a CNN-based brushing technique, Applications
Polish Text Editors during the and the result shows that with The authors of this article from
Fall of the Iron Curtain additional data from a particular the March/April 2019 issue of
The Polish economic transforma- user, the model can be refined (bet- IEEE Internet Computing consider
tion of the 1990s created an appe- ter performance in terms of accu- a virtualized edge-computing infra-
tite for software that was only racy), eventually converging to a structure for drone applications,
partially satisfied by piracy. This personalized model based on a in which a virtualized container
market was yet to be taken seri- moderate amount of retraining. running on an edge node controls
ously by Western companies, so drones and a software-defined
local developers stepped up to fill IEEE Intelligent Systems network provides a network con-
the void. They translated obscure nectivity between the drones and
foreign applications, created weird Autonomous Intelligent their virtualized controllers. The
character encoding standards, and Agents for Team Training: authors propose a seamless migra-
built complex business software Making the Case for Synthetic tion scheme that migrates a virtu-
from scratch, shaping the local IT Teammates alized drone controller to an edge
market for years to come. Read The rise in autonomous system node that is close to its associated
more in the April–June 2019 issue research and development com- drone without suspending the
of IEEE Annals of the History of bined with the maturation of com- drone control in the edge-comput-
Computing. putational cognitive architectures ing infrastructure.
holds the promise of high-cogni-
IEEE Computer Graphics tive-fidelity agents capable of oper- IEEE Micro
and Applications ating as team members for training.
In this article from the March/April Composable Building Blocks
Personalized Sketch-Based 2019 issue of IEEE Intelligent Sys- to Open Up Processor Design
Brushing in Scatterplots tems, the authors report an ACT-R In this article from the May/June
Brushing is at the heart of most model capable of operating as a 2019 issue of IEEE Micro, the
modern visual analytics solu- team member within a remotely authors present a framework called
tions, and effective and efficient piloted aerial system. They provide Composable Modular Design
brushing is crucial for successful results from a first-of-its-kind con- (CMD) to facilitate the design of
interactive data exploration and trolled, randomized empirical eval- out-of-order processors. In CMD,
analysis. As the user plays a cen- uation in which teams that worked 1) the interface methods of mod-
tral role in brushing, several data- with an AST were compared ules provide instantaneous access
driven brushing tools have been against all-human teams. The and perform atomic updates to the
designed that are based on predict- results demonstrate that ASTs can state elements inside the mod-
ing the user’s brushing goal. All be incorporated into human teams, ule; 2) every interface method is
of these general brushing models providing training opportunities guarded, i.e., it cannot be applied
learn the user’s average brushing when teammates are unavailable. unless it is ready; and 3) modules
preference, which is not optimal The authors conclude with issues are composed by atomic rules that

www.computer.org/computingedge 5
MAGAZINE ROUNDUP

call interface methods of different the April–June 2019 issue of IEEE the Internet of Things’ physical-
modules. A rule either success- MultiMedia. ity. The authors of this article from
fully updates the state of all the the May/June 2019 issue of IEEE
called modules or does nothing. IEEE Pervasive Computing Security & Privacy propose a cog-
The atomicity properties of inter- nitive protection system capable
faces in CMD ensure compos- A User Study of Semi- of using system models to ensure
ability when modules are refined Autonomous and Autonomous command safety while monitoring
selectively. The authors show the Highway Driving: An system performance. They develop
efficacy of CMD by building an out- Interactive Simulation Study and test a cognitive firewall and
of-order RISC-V processor, which The aim of the study presented in cognitive supervisor. This system
boots Linux. Modules designed this article from the January–March is tested in theory and practice for
using CMD (e.g., ROB, load-store 2019 issue of IEEE Pervasive Com- three threat models.
unit, etc.) can be used and refined puting is to explore user acceptance
by other implementations. of semi-autonomous and fully IEEE Software
autonomous vehicles on a high-
IEEE MultiMedia way through the use of an interac- User Engagement in the Era of
tive simulator. Participants were Hybrid Agile Methodology
ToothPic: Camera-Based asked to experience driving modes Contemporary software develop-
Image Retrieval on Large with three levels of autonomy and ment and implementation projects
Scales complete questionnaires with items are increasingly adopting agile
Being able to reliably link a picture selected from traditional and auto- methods by tailoring and blending
to the device that shot it is of para- motive-specific technology accep- agile techniques into a traditional
mount importance to give credit or tance models. The three levels of project framework. Common tai-
assign responsibility to the author automation were manual driving loring methods employed by proj-
of the picture itself. However, this (no automation as a baseline con- ect teams emphasize flexibility
task needs to be performed at large dition), semi-autonomous driving to embrace local project context.
scales due to the recent explosion where drivers were able to indicate Read more in the July/August 2019
in the number of photos taken and lane-change decisions, and fully issue of IEEE Software.
shared. Existing methods cannot autonomous driving. Results indi-
satisfy those requirements. Meth- cate that, within the limited experi- IT Professional
ods based on the photo response ence of the interactive simulation,
nonuniformity (PRNU) of digital users grew to like the automated Exploiting Edge Computing
sensors are able to link a photo system as much as manual control for Privacy-Aware Tourism
to the device that shot it and have during later portions of the study. Demand Forecasting
already been used as proof in the Overall, this work suggests that the Taking advantage of the process-
court of law. Such methods are driver will quickly grow to like auto- ing power that modern smart-
reliable but so far, they can only mated driving features and may phones possess, the authors of
be used for small-scale forensic rapidly become less anxious about this article from the May/June 2019
tasks involving few cameras and the loss of control experienced. issue of IT Professional advocate
pictures. ToothPic, an acronym for a privacy-aware approach to
for “Who Took This Picture?,” is IEEE Security & Privacy predict and suggest places of inter-
a novel image retrieval engine that est for travelers. This approach
allows for finding all the pictures A Cognitive Protection System solves a significant privacy flaw
in a large-scale database shot by a for the Internet of Things that exists in prevalent tourism
given query camera. Read more in Conventional cybersecurity neglects applications.

6 ComputingEdge October 2019

 EDITOR’S NOTE

Engineering Your Career

A ccording to the US Bureau of Labor

Statistics, employment in the fields of
computing and information technology
is expected to grow faster than most other occupa-
tions, with thousands of new jobs created every
software performs administrative work faster and
more accurately than employees do. “A Budding
Romance: Finance and AI,” from IEEE MultiMedia,
covers the ways in which the financial industry
is using AI to create operational efficiencies and
year. To meet such large workforce demands, we make market predictions.
need to encourage young people to build a career Knowledge of the Internet is necessary in many
in the field and help set them up for success in the of today’s occupations. IEEE Security & Privacy’s
workplace. This issue of ComputingEdge focuses “Project-Based Learning Inspires Cybersecurity
on accomplishments and challenges in computing Students: A Scholarship-for-Service Research
education and job training. Study” details a student project that exposed
In Computer’s “How Do We Prepare the Next security vulnerabilities in a university’s network.
Generation for a Career in Our Digital Era?,” the The author of “Learning to Network,” from IEEE
author asserts that soft skills such as adaptabil- Annals of the History of Computing, recounts his
ity and creativity are just as important as technical role in developing the Internet.
skills in modern work environments. Meanwhile, Finally, this ComputingEdge issue includes two
IEEE Pervasive Computing’s “Service Learning articles on social media. IEEE Intelligent Systems’
in Engineering Education” describes a teaching “Supervised Learning for Fake News Detection”
method that aims to motivate students to choose discusses approaches for identifying fake news
computer-engineering careers. stories that are disseminated on social media.
Many people wonder how artificial intelli- Computer’s “Thoughts on Cyberbullying” pushes
gence (AI) will affect the careers of the future. for increased efforts to address online harassment
IEEE Software’s “Are Robots Taking Our Jobs? A from regulators, law enforcement, educators, and
RoboPlatform at a Bank” describes how banking tech companies.

2469-7087/19 © 2019 IEEE Published by the IEEE Computer Society October 2019 7
 COMPUTING EDUCATION

How Do We Prepare
the Next Generation
for a Career in Our
Digital Era?
Louise M. Morman, Lockheed Martin Leadership Institute
transformation” of organizations.
Technical skills alone won’t be enough for Digital transformation is not frag-
mented digitization; it is a complete
career success in the digital age. It’s much more rethinking of the overall business
model with a customer-driven em-
than teaching people to code. Instead, success phasis supported by the use of digi-
tal technologies throughout the
will hinge on critical soft skills and the RISC— business process.
resiliency, inner strength, strategic thinking, and Are businesses prepared for
this transition? In a 2016 MIT Sloan
a collaborative spirit—digital mind-set abilities. Management Review/Deloitte Uni-
versity Press study1 of more than
3,700 executives, managers, and

W
analysts around the globe, 90% of
respondents recognized that digi-
hether it is at the World Economic Forum tal trends would moderately or greatly disrupt their in-
or in the suites of CEOs, there is strong dustries. Only 44%, however, believed that their organi-
agreement that artificial intelligence, zations were prepared for the disruption.
machine learning, mobile technologies, Another insight from the MIT/Deloitte report is that
robotics, biological technologies, quantum computing, the companies that appear more successful in their dig-
and other technological innovations require the “digital ital transformation efforts put their focus on soft skills.
In response to a question about the most important skill
Digital Object Identifier 10.1109/MC.2019.2903328
for leaders to succeed in a digital environment, only
Date of publication: 14 May 2019 18% of respondents listed technological skills as most

8 October 2019 Published by the IEEE Computer Society  2469-7087/19 © 2019 IEEE
72 COM PUTE R PUBLISHED BY THE IEEE COMPUTER SOCIET Y 0018-9162/19©2019IEEE
 EDITOR ANN E.K. SOBEL
Miami University; [email protected]

important. Instead, they highlighted change is a talent that takes time and in an uncertain work world. They have
attributes such as having a transfor- effort for an individual to develop. been conditioned to expect clear direc-
mative vision (22%), being a forward The RISC mindset is very personal tion, which has shielded them from the
thinker (20%), having a change-ori- and a l i felong development ef for t. messiness of the real world. Universi-
ented mind-set (18%), or other lead- My belief is that we should start that ties must be accountable for the resil-
ership and collaborative skills (22%). transformational leadership develop- iency of the students they graduate,
Employers are realizing more and ment in undergraduate postsecond- now more than ever. Technical skills
more that career success hinges on ary education. alone cannot guarantee a successful
critical soft skills—the things that The fact that millennials and Gen- employee in the digital age.
computers don’t do as well as humans. eration Z grew up in a digital environ- What can be done to address ob-
Changes in what Klaus Schwab, ex- ment does not mean that they embrace taining these abilities in colleges? One
ecutive chair of the World Economic change and are equipped to navigate way to incorporate transformational
Forum, calls the Fourth Industrial
Revolution will impact a very broad
range of the workforce. Work in the
future will be altered in ways we hav-
en’t seen in the past, and changes will
reach well beyond hourly workers. All
kinds of occupations will see change,
RISC DIGITAL MINDSET
including engineers, accountants,
coders, and surgeons. Computers are
very effective at handling logical and
process-oriented activities. The work
R esiliency—Adaptability

» comfort in uncertainty and unstructured environments

» navigating through complexity, volatility, and ambiguity
of knowledge workers and college
» embracing change, especially when the change isn’t our idea
graduates will be changed, so peo-
» curiosity and growth mind-set
ple will have to constantly reinvent
» reinventing ourselves as a way of life
t h e m s e lve s a nd de a l w it h a ne v-
» learning from failure.
er-ending change journey throughout
their careers.
It is often said that difficulties im-
plementing digital transformation
Inner strength—Being your best evolved self

» self-awareness
» open mindedness and inclusion
have been more about people dealing
» courage
with change than with the techno-
» humility—keeps us in touch with all we don’t know
logical tools. And I believe this may
» embodying our humanity
be the most significant issue of all.
» overcoming fear of conflict and risk.
We will need to find answers to the
following questions. What kinds of
mind-sets do people need to thrive
in the digital era? How do they need
S trategic thinker—Holistic

» creative thinking
» big picture and systems thinking
to be? And what are we doing to pre-
» customer obsessed
pare now?
» forward thinker with transformative vision
These answers will incorporate
» ideas based on intuition and insights as well as data and history
abilities in what I call the RISC digital
» openness to new ideas and possibilities.
mindset, which focuses on Resiliency,
Inner strength, Strategic thinking,
and Collaborative spirit (see “RISC Dig-
ital Mindset”).
C ollaborative spirit

» collaborative problem solving

» emotional intelligence
Many people talk about culture
» heart.
change as something that happens
only in big companies. But welcoming

www.computer.org/computingedge 9
M AY 2 0 1 9 73
COMPUTING EDUCATION

learning is by partnering with lead- It is also important for the uni- REFERENCE
ership development professionals versity to invest in transformational 1. G.C. Kane, D. Palmer, A. N. Phillips,
from industry and executive coaches. leadership development for faculty D. Kiron, and N. Buckley, “Align-
Transformation is intensely personal, and staff. If faculty members have en- ing the organization for its digital
takes time, and requires coaching gaged in their own transformational future,” MIT Sloan Management Rev.,
from people with the proper train- process, they will be better able to July 2016. [Online]. Available: https://
ing and experience. More than seven understand the changes the students sloanreview.mit.edu/digital2016
years ago, we created the Lockheed experience and can remain relevant in
Martin Leadership Institute in the Col- the future.
lege of Engineering and Computing LOUISE M. MORMAN is the execu-

M
at Miami University to do just that. tive director of the Lockheed Martin
Ours is an example of an intensive Leadership Institute. Contact her at
y hope is that universities
[email protected].
three-year program for a targeted will make this a priority and
group of students. And there are other start preparing the next gen-
universities that have created excel- eration today for the resiliency and
lent large-scale programs, such as adaptability, inner strength, strategic
This article originally appeared in
the Doerr Institute for New Leaders at thinking, and collaborative spirit that
Computer, vol. 52, no. 5, 2019.
Rice University. are essential for the coming digital era.

stay
on the Cutting Edge
IEEE MultiMedia July–September 2016

http://www.computer.org july–september 2016

of Artificial Intelligence
❚ Quality Modeling

J a n ua ry/ f E b r ua ry 2 016

IEEE Intelligent Systems provides peer-

IEEE

Also in this issue:

aI’s 10 to Watch 56
real-Time Taxi Dispatching 68
IEEE
January/FEBruary 2016

from flu Trends to Cybersecurity 84

P U T T I N G A I I N T O P R A C T I C E

reviewed, cutting-edge articles on the

Volume 23 Number 3

theory and applications of systems mult-22-03-c1 Cover-1 July 12, 2016 4:40 PM
Online BehAviOrAl AnAlysis

IEEE MultiMedia serves the community of

that perceive, reason, learn, and scholars, developers, practitioners, and students
who are interested in multiple media types and
act intelligently.
VOLuME 31

work in fields such as image and video processing,

nuMBEr 1

www.computer.org/intelligent

audio analysis, text retrieval, and data fusion.

IS-31-01-C1 Cover-1 January 11, 2016 6:06 PM

Read It Today!
www.computer.org/multimedia
The #1 AI Magazine
www.computer.org/intelligent
IEEE

Digital Object Identifier 10.1109/MC.2019.2911840

Digital Object Identifier 10.1109/MC.2019.2911839

10 ComputingEdge October 2019

74 COMPUTER W W W.CO M P U T E R .O R G /CO M P U T E R
 DEPARTMENT: EDUCATION AND TRAINING

Service Learning in
Engineering Education
Nicholas J. Kirsch EPICS in IEEE empowers students to work with local
University of New
Hampshire service organizations to apply technical knowledge to
implement solutions for a community’s unique
Department editor:
Andrew L. Kun; challenges. In this way, EPICS in IEEE not only
[email protected]
assists communities in achieving their specific local
improvement goals but also encourages students to
pursue engineering for community improvement as a career.

There are efforts throughout the world to broaden participation in science, technology, engineer-
ing, and mathematics (STEM) to meet increasing workforce demands. Possibly an even greater
benefit of these efforts is that a diverse workforce will be able to propose a diverse set of ideas to
solve future problems.1 However, broadening participation in engineering is a challenge because
people associate many negative stereotypes with engineering, which discourages some students
from choosing the field. Further, engineering is a challenging topic to study. As such, there are
many programs and pedagogies in place to overcome these challenges.2-4 Service learning is one
approach that has tremendous potential to broaden participation, break down stereotypes, and
increase student performance.
Service learning is an experiential-based teaching method that couples academic work with com-
munity service projects. Students go out in their community to solve a real-world problem.5 The
problem becomes the basis for a project, which in turn provides hands-on experiences for stu-
dents to hone theoretic and practical skills. At the same time, the community partners receive a
solution to a problem. Service learning projects are opportunities for engineers to solve problems
outside of traditional topics and, similarly, demonstrate to communities that engineers do not just
do stereotypical work.

EPICS IN IEEE
While many academic programs have implemented service learning, Purdue University in 1995
created Engineering Projects in Community Service (https://engineering.purdue.edu/EPICS),
which includes curriculum and service learning best practices for engineering education.6 In
EPICS projects, students work on engineering-related, interdisciplinary projects with local non-
profit organizations (NPOs). There is typically a multidisciplinary approach to broadly solve
problems and vertically integrate learners; students with a range of knowledge and abilities learn

IEEE Pervasive Computing Published by the IEEE Computer Society

2469-7087/19
April–June © 2019 IEEE
2018 Published by the IEEE Computer
57Society October 2019
1536-1268/18/$33.00 11
©2018 IEEE
 IEEE PERVASIVE COMPUTING

from one another. This approach benefits students by giving them a more diverse group of peo-
ple to teach and learn from. Finally, EPICS projects aim to have start-to-finish design: they do
not terminate at a proof-of-concept but rather can be multiyear efforts that go through many iter-
ations and design cycles.
In 2009, IEEE leveraged its more than 400,000 members to expand this service learning educa-
tion model throughout the world by starting EPICS in IEEE. This program encourages student
branches to partner with local NPOs to provide a solution to a challenge within their community.
Projects can be proposed by a student branch but are typically advised by a university professor
or another IEEE member. The student volunteers then work directly with the NPO and their ad-
visors to use their engineering skills to solve the problem. EPICS in IEEE has a unique approach
in encouraging the participation of K–12 grade students to work alongside university students
(see Figure 1). This approach, known as vertical integration, has been shown to lead to positive
outcomes for participants of all ages.7 Younger learners get exposed to real-world applications of
engineering and basic technical skills, while the university participants can refine their skills by
teaching the younger learners.

Figure 1. University of New Hampshire students and local high school volunteers test a water flow
sensor for “A Wireless Sensor Network to Restore Oysters in the Great Bay of New Hampshire.”
This EPICS in IEEE project exemplifies the vertical integration of learners.

Over the last eight years, EPICS in IEEE has provided more than $500,000 to fund 96 projects in
34 countries. More than 200,000 people have been impacted by this program, either directly as
volunteers or indirectly as community members. Further, more than 1,500 of the pre-university
students are women.
Typically, EPICS in IEEE provides about $5,000 per project to cover the cost of materials, sup-
plies, and equipment, though some projects receive more than $20,000. The program funds a
wide variety of projects on a rolling basis year-round, and generally the projects fall into one of
four categories:

• Access and Abilities—Access and Abilities projects help enable adaptive services, clin-
ics for those in need (such as children with disabilities), programs for adults, and assis-
tive technologies.
• Education and Outreach—EPICS in IEEE strives to help young students discover the
benefits of STEM for their futures. Many projects give students hands-on experiences to
stimulate interest in those fields. Through these projects, communities and schools lack-
ing strong engineering programs gain new curriculums along with new facilities to ex-
plore new areas of a topic.

12
April–June 2018 ComputingEdge 58 October 2019
www.computer.org/pervasive
 EDUCATION AND TRAINING

• Environment—Engineering and science are key to meeting environmental challenges. In

communities around the world, environments change with the evolution of technology
and the need for sustainability. Many EPICS in IEEE projects concern themselves with
recycling, as well as with new ways to create electricity and energy, including the use of
renewable energy sources. Through these projects, young students learn about the im-
pact of environmental issues and how engineering can help resolve them. They also gain
exposure to potential jobs given the growing demand for alternative energy and environ-
mental solutions.
• Human Services—Through their experiences in these EPICS in IEEE projects, students
find connections between engineering and the tremendous scope of community needs
globally. This includes homelessness prevention, affordable housing, family and chil-
dren agencies, neighborhood revitalization, and local government. Even after Human
Services project is complete, lasting impact continues to be felt through the local non-
profit organization’s involvement.

Administratively, running EPICS in IEEE can be challenging given IEEE’s global reach. The
diverse collection of countries and education systems involved in the program requires flexible
administration. Seemingly “simple” tasks such as project reporting become more complex when
considering the differences in academic year calendars throughout the world. However, due to
IEEE’s established framework, the various financial and bureaucratic mechanisms for research
funding projects are streamlined by directly funding the parent IEEE Section in which the project
is administered.
The following is a sample of EPICS in IEEE projects that have had an impact in different re-
gions of the world.

Virtual Reality Vision Therapy

Binocular dysfunction, the inability of both eyes to work together, has been called the hidden
learning disability. This condition drastically affects children’s academic performance and rivals
other disabling physical conditions, including brain injury. Treatment is expensive, not typically
covered by insurance, and requires visiting a therapist. A team of four biomedical engineering
students from the New Jersey Institute of Technology (NJIT) and two high school students col-
laborated with The Eye Institute, a nonprofit organization, to create a significantly less expensive
solution: a virtual reality (VR), home-based device designed to make therapy sessions both ef-
fective and fun.

Figure 2. An image of the VR system developed by students at NJIT to rehabilitate children with
binocular dysfunction.

www.computer.org/computingedge
April–June 2018 59 13
www.computer.org/pervasive
 IEEE PERVASIVE COMPUTING

With the help of an EPICS in IEEE grant, the group transformed at-home vision therapy into a
high-quality, 3D video game that appeals to children. Patients undergo therapy sessions wearing
a head-mounted display that provides a colorful, engrossing VR experience. By correctly align-
ing and maintaining eye position for an amount of time set by the clinician, the patient “de-
stroys” 3D digital models of alien creatures (see Figure 2).
As they take part in the overall design process, the student volunteers on this project gain practi-
cal, hands-on experiences that expand their knowledge of engineering principles. Once com-
pleted and validated, the game will cost about $600—a much more affordable option for families
with limited financial resources. Ultimately, the students want to make it available to all children
who need vision therapy.

Enabling “Casual Talk” with the Deaf

In India, the creative blending of three technologies provided the framework for empowering
people with hearing disabilities to have “casual” or simple conversations with those who can
hear. The IEEE Student Branch at National Engineering College in Kovilpatti, Tamil Nadu, used
an EPICS in IEEE grant of $7,900 to develop “CasTalk.” The project relied on smart mobile de-
vices with 3G or 4G technologies, an animated video streamer, and cloud resources. The even-
tual result will be simple, natural communication between the hearing disabled and people with
normal hearing who live in South India where the regional sign language is a combination of
English and Tamil (see Figures 3 and 4).

Figure 3. One of the IEEE student volunteers developing the CasTalk system.

Figure 4. A screenshot from CasTalk analyzing different attributes of a video feed.

14
April–June 2018 ComputingEdge 60 October 2019
www.computer.org/pervasive
 EDUCATION AND TRAINING

Controlling Insect Infestations with Sensor Networks

While talking with local farmers about insects that were destroying their crops, IEEE students at
the University of Johannesburg in South Africa had an idea: they wanted to develop a method to
help farmers detect and track the movements of insects to help increase the effectiveness of pes-
ticides.
Partnering with the South African Subtropical Growers Association, which represents farmers
who grow avocados, mangos, and litchi and macadamia nuts, the students designed and built a
harmonic radar system that tracks small insects by attaching an RFID tag to a captured bug and
releasing it. The radar can determine the RFID tag’s location even in a cluttered environment.
The tag uses the original radar signal as an energy source, reemitting a harmonic of the transmit-
ting signal. Tuning the receiver to the harmonic frequency distinguishes the tagged target—and
the others in its cluster—from background clutter. The students analyzed signal propagation and
harmonic effects of the system to increase the range. This project directly benefited the nonprofit
partner by creating a solution to its problem.

CONCLUSION
EPICS in IEEE is having a unique impact across the globe, not only helping educate young
learners and university students through service learning but providing technological solutions
for communities and NPOs with varying needs. The program truly exemplifies IEEE’s motto:
“Advancing Technology for Humanity.” We encourage participation in our program to improve
learning and to solve community problems. For more information on EPICS in IEEE, visit
http://epics.ieee.org.

REFERENCES
1. N. Dasgupta and J.G. Stout, “Girls and Women in Science, Technology, Engineering,
and Mathematics: STEMing the Tide and Broadening Participation in STEM Careers,”
Policy Insights from the Behavioral and Brain Sciences, vol. 1, no. 1, 2014, pp. 21–29.
2. N.L. Fortenberry and J.J. Powlik, “Helping to Shape the Future of Education,” IEEE
Trans. Education, vol. 40, no. 4, 1997; doi.org/10.1109/13.759675.
3. K.W. Jablokow, “Engineers as Problem-Solving Leaders: Embracing the Humanities,”
IEEE Technology and Society Mag., vol. 26, no. 4, 2007, pp. 29–35.
4. P.M. Jansson et al., “Creating an Agile ECE Learning Environment through
Engineering Clinics,” IEEE Trans. Education, vol. 53, no. 3, 2010, pp. 455–462.
5. R.G. Bringle and J.A. Hatcher, “Implementing Service Learning in Higher Education,”
J. Higher Education, vol. 67, no. 2, 1996, pp. 221–239.
6. W.C. Oakes, E.J. Coyle, and L.H. Jamieson, “EPICS: A Model of Service-Learning in
an Engineering Curriculum,” Proc. 2000 ASEE Ann. Conf. and Exposition, 2000, pp.
2623–2636.
7. F. Giralt et al., “Two Way Integration of Engineering Education through a Design
Project,” J. Engineering Education, vol. 89, no. 2, 2000, pp. 219–229.

ABOUT THE AUTHOR

Nicholas J. Kirsch is an associate professor in the Department of Electrical and Computer
Engineering at the University of New Hampshire. Contact him at [email protected].

This article originally appeared in

IEEE Pervasive Computing, vol. 17, no. 2, 2018.

www.computer.org/computingedge
April–June 2018 61 15
www.computer.org/pervasive
PURPOSE: The IEEE Computer Society is the world’s largest EXECUTIVE COMMITTEE
association of computing professionals and is the leading provider
President: Cecilia Metra
of technical information in the field.
President-Elect: Leila De Floriani
MEMBERSHIP: Members receive the monthly magazine Past President: Hironori Kasahara
Computer, discounts, and opportunities to serve (all activities First VP: Forrest Shull; Second VP: Avi Mendelson;
are led by volunteer members). Membership is open to all IEEE
Secretary: David Lomet; Treasurer: Dimitrios Serpanos;
members, affiliate society members, and others interested in the
VP, Member & Geographic Activities: Yervant Zorian;
computer field.
VP, Professional & Educational Activities: Kunio Uchiyama;
COMPUTER SOCIETY WEBSITE: www.computer.org VP, Publications: Fabrizio Lombardi; VP, Standards Activities:
OMBUDSMAN: Direct unresolved complaints to Riccardo Mariani; VP, Technical & Conference Activities:
[email protected]. William D. Gropp
2018–2019 IEEE Division V Director: John W. Walz
CHAPTERS: Regular and student chapters worldwide provide the
opportunity to interact with colleagues, hear technical experts, 2019 IEEE Division V Director Elect: Thomas M. Conte
and serve the local professional community. 2019–2020 IEEE Division VIII Director: Elizabeth L. Burd

AVAILABLE INFORMATION: To check membership status, report BOARD OF GOVERNORS

an address change, or obtain more information on any of the
Term Expiring 2019: Saurabh Bagchi, Gregory T. Byrd,
following, email Customer Service at [email protected] or call
David S. Ebert, Jill I. Gostin, William Gropp, Sumi Helal
+1 714 821 8380 (international) or our toll-free number,
Term Expiring 2020: Andy T. Chen, John D. Johnson,
+1 800 272 6657 (US):
Sy-Yen Kuo, David Lomet, Dimitrios Serpanos, Hayato Yamana
• Membership applications
• Publications catalog Term Expiring 2021: M. Brian Blake, Fred Douglis,
• Draft standards and order forms Carlos E. Jimenez-Gomez, Ramalatha Marimuthu,
• Technical committee list Erik Jan Marinissen, Kunio Uchiyama
• Technical committee application
• Chapter start-up procedures EXECUTIVE STAFF
• Student scholarship information Executive Director: Melissa A. Russell
• Volunteer leaders/staff directory Director, Governance & Associate Executive Director:
• IEEE senior member grade application (requires 10 years Anne Marie Kelly
practice and significant performance in five of those 10) Director, Finance & Accounting: Sunny Hwang
Director, Information Technology & Services: Sumit Kacker
PUBLICATIONS AND ACTIVITIES Director, Marketing & Sales: Michelle Tubb
Director, Membership Development: Eric Berkowitz
Computer: The flagship publication of the IEEE Computer Society,
Computer publishes peer-reviewed technical content that covers
COMPUTER SOCIETY OFFICES
all aspects of computer science, computer engineering,
Washington, D.C.: 2001 L St., Ste. 700, Washington, D.C.
technology, and applications.
20036-4928; Phone: +1 202 371 0101; Fax: +1 202 728 9614;
Periodicals: The society publishes 12 magazines, 15 transactions, Email: [email protected]
and two letters. Refer to membership application or request
Los Alamitos: 10662 Los Vaqueros Cir., Los Alamitos, CA 90720;
information as noted above.
Phone: +1 714 821 8380; Email: [email protected]
Conference Proceedings & Books: Conference Publishing
Services publishes more than 275 titles every year.
MEMBERSHIP & PUBLICATION ORDERS
Standards Working Groups: More than 150 groups produce IEEE Phone: +1 800 678 4333; Fax: +1 714 821 4641;
standards used throughout the world. Email: [email protected]
Technical Committees: TCs provide professional interaction in
more than 30 technical areas and directly influence computer IEEE BOARD OF DIRECTORS
engineering conferences and publications.
President & CEO: Jose M.D. Moura
Conferences/Education: The society holds about 200 conferences
President-Elect: Toshio Fukuda
each year and sponsors many educational activities, including
Past President: James A. Jefferies
computing science accreditation.
Secretary: Kathleen Kramer
Certifications: The society offers three software developer Treasurer: Joseph V. Lillie
credentials. For more information, visit Director & President, IEEE-USA: Thomas M. Coughlin
www.computer.org/certification. Director & President, Standards Association: Robert S. Fish
Director & VP, Educational Activities: Witold M. Kinsner
2019 BOARD OF GOVERNORS MEETING Director & VP, Membership and Geographic Activities:
Francis B. Grosz, Jr.
25 – 27 October: Hilton McLean Tysons Corner, McLean, VA Director & VP, Publication Services & Products: Hulya Kirkici
Director & VP, Technical Activities: K.J. Ray Liu

revised 14 August 2019

 Editor: Michiel van Genuchten
VitalHealth Sof tware

IMPACT
genuchten@ ieee.org

Editor: Les Hatton

Oakwood Computing Associates
[email protected]

Are Robots Taking

Our Jobs? A RoboPlatform
at a Bank
Przemysław Lewicki, Jacek Tochowicz, and Jeroen van Genuchten

From the Editors

Robots dominate some Hollywood movies and economic journals.
This article describes the impact of software robots in a Polish bank.
— Michiel van Genuchten and Les Hatton

AUTOMATION HAS BEEN replacing The software robot receives a digital As is the case for other companies,
manual activities in workplace for de- form or email and processes the re- I NG wants to increase the speed
cades. Robots had been most active in quests by following a script. It reads and accuracy of its processes, en-
blue-collar industrial manufacturing. the incoming data, opens screens, and hance the customer experience, and
Now that they are entering white-col- enters data, just as a human would. reduce costs. In business processes,
lar jobs, in the form of software tak- The robots can operate in the follow- system limitations are difficult to over-
ing over administrative work, it is time ing two modes. come and stretch across many appli-
to ask the following questions. cations in the organization. ING is
• Attended: A robotic digital assis- investing in global core banking plat-
• Are these real robots? tant resides on the desktop, and forms, but these complex transition
• Why do we need them? the human employee can trigger programs take years to accomplish. In
• Are they going to take over all it to work on repetitive, mun- the meantime, you can deliver digital
jobs once self-learning algo- dane tasks while he or she works solutions with RPA, and leave your
rithms mature? on other things. legacy software and business pro-
• Unattended: The robot works cesses largely untouched.
We will try to answer these ques- autonomously under its own cre-
tions by analyzing the deployment of dentials on scheduled tasks. Use Cases
the self-build RoboPlatform at ING ING Slaski, a bank in Poland that has
Slaski Bank in Poland. RPA is a booming business. Ever- 4.5 million customers, started to use
est Group2 states that RPA adop- RPA 10 years ago. Back then, the need
Robotic Process Automation tion exceeded 100% growth in 2017, for an end-user computing platform
Robotic process automation (RPA) buoyed by new buyers of all sizes led to the implementation of Macro-
mimics human administrative actions. and industries. Forrester3 predicted Platform. From then on, staff at Slaski
that the RPA market, which was could outsource the task of retyp-
Digital Object Identifier 10.1109/MS.2019.2897337
only US$250 million in 2016, would ing the details for a personal loan or
Date of publication: 16 April 2019 grow to US$2.9 billion in 2021. current account from the mainframe

2469-7087/19
0 7 4 0 - 7 4©
5 92019
/ 1 9 ©IEEE
2019IEEE Published by the IEEE Computer Society M AY / J U N E 2 0 1 9 |October
I E E E 2019
SOFTWARE 17
101
 IMPACT

application into an Excel file to a Mac- in Pascal, C#, or Visual Basic, and Json, Caliburn.Micro, SimpleInjector,
roPlatform script. With the successor the RoboPlatform is 140 KLOC. LightInject, and Accord.
RoboPlatform, the customer support When Slaski decided to rebuild RoboPlatform consists of three
specialist can have an engaging con- MacroPlatform into RoboPlatform, main modules.
versation with the customer on the we took a close look at the solutions
phone while the robot retrieves all the that were available to purchase. The • MachineHeartbeat: This Windows
customer data from various applica- biggest disadvantage of moving to an service is responsible for managing
tions and presents it in one overview. external vendor was that there was no the machines on which the robots
RoboPlatform increases efficiency and way to incorporate the existing Mac- are running. It keeps track of the
reaction speed; on average, it com- roPlatform scripts into these external machines’ activity status and moni-
pletes scripts 5.5 times faster than an products without rebuilding them al- tors queued tasks that need to be
employee would. With more than most completely. Since our business processed in unattended mode, to
1,600 scripts in production, the im- is banking, the highest standards make sure that the machines are
pact for Slaski’s operations is consider- for security and credential manage- ready and available. It manages
able. More than 700 of Slaski’s 1,100 ment are necessary. The new product logging into the Robot account,
total operations and customer sup- should be enterprise ready, such as and the password that is down-
port employees use RoboPlatform as supporting role-based access by in- loaded from the password vault.
part of their daily activities. Since the tegrating with our central directory • Engine: The console applica-
robotic capacity is the same as 70 full- services (Microsoft Active Directory). tion is responsible for the correct
time equivalents’ manual work, the We concluded that the external RPA execution of C#, VB, Pascal, and
bank was able to grow its business and vendors were not mature enough at Workflow scripts. The engine
comply with increasing regulatory de- the time. Also, the yearly license fees also sends logs to BotSlave.
mands without hiring additional staff. for the large number of robots needed • BotSlave: This console applica-
In addition to the improved speed and could be more than US$1 million, tion starts Bots (a script or set of
efficiency, the robots are more accurate which would destroy our return on scripts) after a successful login.
also, assuming the virtual machines investment. Therefore, we decided to Its task is to start the Engine
are running and the scripts were devel- leverage on our RPA experience. application in a timely manner,
oped correctly. Robots work on cus- We built most of the RoboPlatform to log the actions performed by
tomer due diligence tasks dutifully and components inhouse, including state running the script, and to log
can log and store all required auditable machine implementation and work- out of the robot account after
data without mistakes. The robots do flow implementation. We built a full the task has been completed.
not have bad days, let alone hangovers debugger as well as a simple code re-
or broken hearts. RoboPlatform also is view tool. We developed components Robot Resource System
an integration solution between appli- for multisession mode, for when the Our unattended robots do not get a
cations. Output products from applica- scripts do not require a graphical inter- salary, access badge, or holidays, but
tions can be passed on to the business face. There is risk assessment and mon- they need authorization to be able
lending backoffice application using itoring of scripts to identify errors and to work in specific applications, just
RoboPlatform. irregularities, and a screenshot captur- like humans. They also need a man-
ing tool is active during the session. ager who is accountable for their ac-
Make or Buy? We use about 200 open libraries. tions. Therefore, we introduced the
There were no standard RPA prod- The most important are FreeRDP, Robot Resource System (RRS), built
ucts on the market 10 years ago. AvalonDock, CefGlue, MaterialDe- in .NET, where all robot accounts
The initial version used Pascal as a sign + MahApps.Metro, Selenium, that are in use within ING globally
programming language for the prod- Microsoft.Build, Rolsyn, NRefactory, are registered (Figure 1). The RRS
uct and the scripts. Two years ago, Fusion, Microsoft IUIAutomation, feeds all of the applications that are
MacroPlatform was fully rebuilt Reactive Extensions, FluentSched- already in place for identity access
using .NET technology and trans- uler, Vault, EntityFramework, Dap- management. The RRS connects
ferred into the RoboPlatform RPA per, JQuery, Bootstrap, Bootstrap, to a password vault where the ro-
product. Scripting can now be done SinglarR, AutoMapper, Newtonsoft. bots’ passwords are securely stored.

18
102 I E E E S O F ComputingEdge
T W A R E | W W W. C O M P U T E R . O R G / S O F T W A R E | @ I E E E S O F T WA R E October 2019
 IMPACT

RoboPlatform will fetch the pass-

words from the vault when the script
requires a login into the network. In
this way, no human needs to know Workflow Front/Back
the password for the robot account, System Office System
unless there is an emergency (e.g., a
robot malfunctioning).
External
RRS
Agile Systems
Multiple roles within the organization
use the RoboPlatform ecosystem. The
end user triggers scripts, the IT custo- Office Core Banking
dian and operations manager monitor Automation System
performance by using the dashboard,
and the scheduler plans the work of
unattended robots. The process owner
promotes new scripts to production, FIGURE 1. The robots within context.
while the software engineer develops
and tests new features and functional- a machine-learning model that simpli- Taking Robots Global
ities of the core product, and the script fies plain unstructured text can be eas- ING decided to form a global RPA
developer uses the environment to de- ily transformed into vectors and then community two years ago. In this
velop and test the scripts. This process classified by statistical methods, such way, the bank can build toward global
intensifies the collaboration among as term frequency–inversed document standards and global solutions for
all the disciplines and promotes an ag- frequency. In this way, we can dissect RPA. ING Slaski created the Robotics
ile way of working, making sure that the required data points of items such as a Service platform and the Robot
RoboPlatform improves continuously. as annual reports, salary slips, invoices, Resource System in the bank’s private
Adding a new feature to RoboPlat- and income statements and then feed cloud. The IT custodian and scripting
form can take a few hours up to few them to the robot in a structured file teams can now provide RPA services
months. To speed the script develop- for further processing. We are enabling globally. A good example of best of
ment process up, we have added the the use of the Python programming breed is integrating the RoboPlatform
ability to create reusable components language to RoboPlatform, allowing and a workload manager that ING
(called metabots) that the software de- developers to add data analytics to the Netherlands developed to manage the
velopers can develop and that the script scripts. We recently developed the com- 3 million annual customer requests
developers can use easily and quickly. plaints analyzer, a machine-learning that 100 unattended robots pro-
module that supports customer advi- cess. This so-called Spider manages
Recent Developments sors by prompting answers from past the workload based on service-level
The current generation of robots still conversations. We are experimenting agreements, ensures secure storage of
are, for the most part, unintelligent with natural language processing, to audit trails and log files, and enables
virtual employees that dutifully follow be able to interpret unstructured input robots and humans to interact. When-
rule-based scripts. RPA robots only such as legal contracts. ever a robot is not able to finish a task
work with bite-sized chunks of struc- Talking about jobs in danger, we that Spider assigned, the robot will
tured digital input. They cannot do introduced the so-called blocks pass the unfinished requests back to
much with a piece of paper or a pdf. functionality in the newest Robo- Spider, who then assigns the task to a
We currently are making RoboPlat- Platform version: by simply dragging human employee.
form smarter by letting it understand and dropping prebuilt metabots,
semistructured data, so the product users can build robot scripts them- Beyond Banking
can extract relevant data points for fur- selves. For simple scripts, there is no To remain competitive in software,
ther processing. Self-learning classifica- need to ask a software developer to volume is the key. 5 Many businesses
tion algorithms are used; for example, do the work anymore. and applications can apply R PA.

www.computer.org/computingedge M AY / J U N E 2 0 1 9 | I E E E S O F T WA R E 19
103
 IMPACT

This article originally appeared in

IEEE Software, vol. 36, no. 3, 2019.

what data to use and how to inter-

ABOUT THE AUTHORS

pret it. This robot model also ap-

PRZEMYSŁAW LEWICKI is a director of the Operational Digital plies to the software engineers and
Transformation Center and head of Robotics at ING Bank S’la˛ski. software: the end user will be more
Contact him at [email protected]. accustomed to building its own soft-
ware using prebuilt blocks. How-
ever, software engineers will create
the building blocks in years to come
and, for the complicated scripts, we
will need human intelligence in the
JACEK TOCHOWICZ is a manager of the Robotic Process Auto- foreseeable future.
mation Team at ING Bank S’la˛ski. Contact him at jacek.tochowicz@
ingbank.pl. References
1. Gartner. Accessed on: Oct. 3, 2018.
[Online]. Available: https://www
.gartner.com/en/newsroom/press-relea
ses/2018-10-03-gartner-says-robotics-
to-become-mainstream-in-finance-
JEROEN VAN GENUCHTEN is the global robotics product departments-by-2020
owner at ING Bank, The Netherlands. Contact him at jeroen.van 2. Everest Group, “Enterprise adoption of
[email protected]. RPA exceeds 100% growth in 2017,
buoyed by new buyers of all sizes,
industries,” Accessed on: Apr. 2018.
[Online]. Available: https://markets
.businessinsider.com/news/stocks
/enterprise-adoption-of-rpa-exceeds-
100-growth-in-2017-buoyed-by-
As a bank, we can help customers have discussed one example of what is new-buyers-of-all-sizes-industries-
with our knowledge of and expe- happening today and what we expect everest-group-1027389360
rience with RPA and the product in the near future. The final question 3. C. L. Clair, A. Cullen, and M. King,
RoboPlatform that comes with it. to answer is whether robots will take “The RPA market will reach $2.9
We are now implementing a proof over our jobs. Robots will replace billion by 2021,” Cambridge, MA:
of concept with a number of cor- some jobs, and some new tasks will be Forrester Research, Inc., Feb. 13,
porate customers by allowing Ro- assigned to robots from the start. At 2017. [Online]. Available: https://
boPlatform to improve their own the same time, humans will be needed www.forrester.com/report/The+RP
administrative processes. Applica- to build and control the robots. We A+Market+Will+Reach+29+Billion
tions are plentiful. We imagine ex- believe that the combination of hu- +By+2021/-/E-RES137229#
panding our robots’ role s to b e man beings and robots is the stron- 4. E. Brynjolfsson and A. McAfee,
effective employees in other finan- gest model, in which employees can The Second Machine Age: Work,
cial industries, medical applications, focus on customer-oriented activities Progress, and Prosperity in a Time
and public systems. while the robot does the mundane of Brilliant Technologies. New York:
work. With the rise of smarter artifi- W.W. Norton, 2016.

R
cial intelligence algorithms, the por- 5. M. Genuchten and L. Hatton, “Soft-
ogue robots and robots build- tion of work that robots can do will ware mileage,” IEEE Softw., vol. 28,
ing robots have inspired increase, enabling humans to focus no. 5, pp. 24–26, 2011.
many Hollywood movies. increasingly on important things. We 6. A.-F. Rutkowski, “Work substitu-
Their impact on the economy and em- hope employees can be trained to be- tion: A neo-Luddite look at software
ployment is a topic of attention in sci- come business translators, supervis- growth,” IEEE Softw., vol. 33, no. 3,
ence and policy making.4,6 Here we ing the algorithms and telling them pp. 101–104, 2016.

20
104 I E E E S O F ComputingEdge
T W A R E | W W W. C O M P U T E R . O R G / S O F T W A R E | @ I E E E S O F T WA R E October 2019
 COLUMN: STARTUPS

A Budding Romance:
Finance and AI
Xiao-Ping (Steven) Zhang Enthusiasm for artificial intelligence and multimedia
David Kedmey
information in the financial industry is at an all time high.
EidoSearch
Every leader in finance now feels the pressure to answer
the question, “What is your AI strategy?” Start-ups are
playing a key role in helping the financial sector determine
what AI can do and how humans and machines can work together. In this essay, we describe
emerging trends and attempts by FinTech start-ups to apply AI and multimedia information
processing techniques across a wide range of business needs.

Enthusiasm for artificial intelligence in the financial industry is at an all-time high.1 The trend began
approximately ten years ago when a small cohort of startups sensed an opportunity to apply machine
learning and multimedia processing to finance. It began with an explosion of digitized multimedia data
and cheap computing power—driving forces that are still underway to this day.
These conditions provided fertile ground for entrepreneurs who imagined entirely new and automated
workflows. They envisioned products that combined domain expertise in finance with knowledge of
machine learning.
Awareness of this trend spread slowly, lurking under the radar, until grassroots activity crossed a
threshold with the spontaneous arrival of its own name: “FinTech” (financial technology) entered our
lexicon. The inaugural class of the FinTech Innovation Lab2 in New York City in 2011 was an
auspicious introduction. According to CBInsights, global FinTech deals in 2018 are on pace for a
record year, reaching $20.3 billion in VC-backed equity funding in the second quarter alone.3
In the last several years, a surge of interest in the promise of AI joined up with FinTech, kicking off a
new phase of exponential growth. From a technologist’s perspective, long-standing machine learning
techniques were simply folded into the catchall phrase of AI. But then a major cultural shift occurred.
The breakthrough successes of deep learning in multimedia, i.e., speech and image recognition, and
AlphaGo, captured the imagination of people in finance and the general public.
Every leader in finance now feels the pressure to answer the question, “What is your AI strategy?” To
provide answers, major resources are flowing to data science and AI groups within institutions and to
the FinTech startups looking to serve them. Strategy depends on what aspect of the business you are
addressing and the specific problem you are trying to solve. Financial institutions, like institutions in

IEEE MultiMedia Published by the IEEE Computer Society

2469-7087/19 © 2019
October-December IEEE
2018 Published by the IEEE Computer
79Society October 2019
1070-986X/18/$33.00 21
2018 IEEE
 IEEE MULTIMEDIA

any other industry, seek efficiencies in their operations: communications, customer service, human
resource management, regulatory compliance, and fraud detection.
In this essay, we describe attempts by FinTech start-ups to automate aspects of business operations. We
also address an intriguing problem that is in some ways unique to finance: the challenge of prediction
in financial markets. The central challenge here—in a highly noisy and nonstationary system—is
finding regularities in data that emerge from millions of traders and investors reacting to one another’s
decisions.

UNPACKING THE FINANCIAL INDUSTRY

Modern economies depend on a thriving financial sector, which in the U.S. accounts for 20 percent
of GDP. Tens of thousands of banks, mutual funds, and hedge funds employ a vast army of financial
professionals and technologists. This complex ecosystem serves one ultimate purpose that is to
facilitate the flow of resources throughout the entire economy.
To understand the financial ecosystem, it helps to divide activities into two main functions. The brain
of the ecosystem is an information-processing engine that detects where resources in the economy
reside and where they should go. The body of the ecosystem is the infrastructure that supports this
transfer. Below we organize the discussion by specific problems in operations (the body of the
industry) and in making market predictions (the distributed brain) and the FinTech opportunities to
address these challenges using AI.

A WORLD OF MULTIMEDIA SIGNALS

The financial industry continuously appraises signals in multimedia data: words spoken in audio and
text recordings, consumer activity in the form of digital footprints, and economic dynamics from
sensors and satellites that capture movement of goods and people. Processing this datum from raw
form to actionable insight engages all of our multimedia techniques to help financial firms find relevant
signals hiding in our midst. The proliferation of affordable drones and satellites is generating
geospatial imagery that the company Orbital Insight processes to monitor and track global oil
inventories—a key determinant of oil prices. Foursquare entered the arena of the Wall Street analysts
several years ago, by translating its foot traffic data to accurately predict a new threshold of iPhone
sales volumes. Foursquare was also able to anticipate plummeting sales at Chipotle.4 With daily check-
ins at 8 million locations—a total of 12 billion over the past nine years—traditional prognosticators
must adopt new forms of data cleaning, automation, and analysis to keep up.5
Entirely new ecosystems of data vendors and data analyzers are emerging. ExtractAlpha, partnering
with alternative data vendors such as alpha-DNA, processes data for use in systematic money
management. Online consumer behavior information across multiple websites and search and social
media platforms is compiled and organized by alpha-DNA in near real-time, and transformed by
ExtractAlpha into The Digital Revenue Signal, a stock selection score designed to forecast revenue
surprises based on changes in consumer demand. And, lest you think politics has avoided algorithmic
scrutiny, new measures of company behavior in the environmental, social, and governance domain are
being devised and modeled.
The hunt is on to find out what information these datasets hold to improve decision-making and which
new sources of data can be brought into the fold. AI experts, as well as the multimedia techniques we
have applied in so many other domains, must play a central role in finance.

MERGING HUMANS AND BOTS

AI, machine learning, and natural language processing cannot replace people—at least not yet. But
humans and bots can work together in harmony to automate tedious tasks and enhance the human
connection between business professionals and their customers. Let us consider three examples in the
financial industry: wealth management, banking, and research.

22
October-December ComputingEdge
2018 80 October 2019
www.computer.org/multimedia
 STARTUPS

Wealth management. The impact of AI in wealth management will not be wealth creation for the
typical investor. Sorry to disappoint. In the article To the Victor Go the Spoils: AI in Financial Markets,
it is argued from first principles that the “vast majority of people—no matter their level of AI
expertise—will not achieve large excess returns.”6 However, AI does bring efficiencies to operations.
Wealth managers can serve more clients in less time and, in an increasingly digitized world, still
deliver a personalized experience. To answer clients’ questions and make informed recommendations,
wealth managers must consider hundreds of data points: a client’s investment portfolio holdings and
transactions, trending market events, unexpected personal events, and evolving client needs. Start-ups
such as Forwardlane address this need via AI, which prioritizes client Q&A from a natural language
conversation interface, which helps wealth managers find precise answers to client questions.
Banking. Similar to wealth management, customers demand convenience and speed for banking
services and loathe time spent searching for answers. How can banks offer these services at scale?
A start-up at the forefront in this domain is Kasisto, which handles frequent banking tasks and, in
a CoBot-like approach, knows when to hand-off to a live agent for services that need a human touch.
The goal is to power “human-like conversations” through a conversational AI platform fluent in
finance. Banks are eager to deploy these types of intelligent virtual assistants that can care for
customers at a fraction of the cost and reduce call center volume.
Research. In order to assess the value of stocks, analysts scour reams of unstructured news and
structured data that streams in from the web and accumulates within an organization. This human
activity of processing data itself generates information, specifically, trails of search activity,
discussions over email, and written reports. Machine intelligence algorithms that watch what a
research analyst is reading and writing can track these unfolding events, offering fertile ground for
Bots to learn and make recommendations to analysts of what to research. For example, the start-up
Diffeo has collaborative agents that on their own might not know where to look, but by watching
research teams do their work can help direct research efforts. One application is to discover entity
connections between companies and people that emerge from such activity. Backed up by contextual
evidence, these connections could be critical in assessing the likelihood of important events in the life
of a company, for example, an impending merger or acquisition.

DETECTING BAD BEHAVIOR

Financial institutions are highly regulated and are expected to scrutinize the knowledge and intentions
of their traders. The survival and success of a financial institution, regardless of size, comes down in
large part to effective risk mitigation. This requires meaningful alerts and noise reduction for false
alarms through automatic analysis of communications data. These efforts are costly and require
technology to operate at scale. McKinsky & Company estimates that CEO fraud, where imposters gain
access to business email accounts and fool unsuspecting employees to send funds to bogus accounts
has led to losses of more than $2.3 billion over the past few years.7
Business leaders are held responsible for the actions of their employees’ actions. Take the following
example given by the FinTech start-up, Digital Reasoning. When one trader messages “Let’s take this
offline” to another, is this an innocuous request to advance a meeting agenda, or an attempt to collude
in secrecy? It depends on semantics and context. Using a private knowledge graph and natural
language understanding technology, digital reasoning helps financial firms combine analysis of
behaviors, intentions, and emotions. By transforming multimedia communications data, including text
and audio, firms attempt to identify threats and mitigate reputational risk.

INSURANCE AND AI
Insurance companies have been in the business of evaluating risk for centuries. Yet many businesses
in need of insurance find the process of obtaining quotes painfully inefficient. McKinsey & Company
forecasts that “in 2030, manual underwriting ceases to exist for most personal and small-business
products across life and property and casualty insurance.”8 We are not there yet. Each year insurance
underwriters receive applications from over 7.5 million small-medium sized businesses that fail to get
an automatic quote. To solve this bottleneck, start-ups are ingesting data sources of a more granular

www.computer.org/computingedge
October-December 2018 81 23
www.computer.org/multimedia
 IEEE MULTIMEDIA

nature and applying machine learning techniques to permit analysis a la carte by geography and
business classes. For example, Open Data Nation (ODN) aggregates billions of records published by
city governments about commercial businesses and individual behaviors and builds machine learning
models to anticipate issues. Insurance underwriters can then query ODN for an on-demand risk score
better tailored to the unique risks of each business applicant.

USE MACHINES TO HIRE HUMANS

The most valuable asset of a financial firm is its workforce, so there is no more important process than
the way a company attracts, selects, and retains talent. Pymetrics is a start-up that addresses this
problem through the application of neuroscience games, which gather more insight about candidates
and feeds this information through machine learning algorithms to increase the efficiency of hiring.
More than ever before, financial institutions are in competition for tech talent. The firm Untapt is
supplying AI algorithms to supplement human recruiters that review tech resumes. Using natural
language processing, words on a resume are mapped relative to each other, each resume is sorted in
a space with other resumes and their engine uses feedback to distinguish matches and nonmatches.
By process millions of job scenarios, these algorithms learn to identify what qualities make for a
successful candidate.

MARKET PREDICTION
The lifeblood of finance is information. Knowledge that provides more accurate and more informative
predictions in financial markets translates directly into profit. Markets, however, are inherently noisy—
much more so than traditional domains for AI. Changing relationships in markets pose unique
challenges for AI researchers and, therefore, require unique solutions.
In addition to the inherent challenge of market prediction, data analysis needs have grown
exponentially with the rise of alternative data. Investment banks and hedge funds are building new
teams of data scientists to clean, structure, and analyze the fire hose of data streaming from every
corner of the economy. Hundreds of alternative data start-ups are offering this new content. The list is
long. It includes sentiment from social media, mobile data content, online reviews, and web searches;
transaction data from e-commerce and credit cards; and new data from sensors such as satellite and
geolocation data.
The basic question money managers are trying to answer is “what and how much can traditional and
alternative data tell us about the future?” Also, an equally important question required to generate
profit: “Is it unique? Does the information tell me something about the markets that others do not
know?”
Helping to answer these questions, the start-up EidoSearch is a probability intelligence company that
created a new type of AI to systematize the investment process and quantify prediction uncertainty.1 Its
numeric search engine finds conditions in data through a technique called data-incident based
modeling, which takes advantage of multimedia signal processing and content-based retrieval
technologies and is uniquely suited for nonstationary systems such as financial markets. Where deep
learning and other forms of machine learning have fallen short, the EidoSearch method jettisons the
need for a model with functional form. Instead, current events are automatically matched to similar
data incidents, and their associated outcomes are used to generate a dynamic, model-free distribution
forecast. This method, subjected to historical testing, has enabled hedge funds to detect new sources of
profit. Each scenario tested is a “ProBot,” which is a probability forecasting robot. Also, new
evaluation measures for accuracy and informational uniqueness have been developed to select the
most skilled (and profitable) forecasters among the ProBots.

PLANNING FOR THE UNFORESEEN

The growth of knowledge is inherently unpredictable, and awareness of what is unforeseen needs to be
considered. The financial industry has great enthusiasm for AI and is wisely investing for the long term
by bringing in experts from academia and the tech industry to help lead the way. These new hires are

24
October-December ComputingEdge
2018 82 October 2019
www.computer.org/multimedia
 STARTUPS

critical points of contact for start-ups to market their AI services and to work collaboratively with
in-house teams to both define and solve the pressing problems named in this essay. Using state-of-the
art techniques is imperative. Two recent examples: Dr. Li Deng, a former chief scientist of AI at
Microsoft, was recently hired as a Chief AI Officer at Citadel, one of the largest hedge funds in the
world; and Dr. Manuela Veloso, on leave from Carnegie Mellon University, where she was the Head of
the Machine Learning Department, recently joined the world’s largest financial institution, JP Morgan
Chase, to create and head an AI Research Center.
Dr. Deng is a leader in the speech recognition industry using large-scale deep learning—the successes
of which served as a major impetus for the massive wave of interest in AI. Dr. Veloso, coming from the
world of autonomous robots, is a particularly interesting and revealing choice. A CoBot, as her group
defines it, is a robot that “follows a novel symbiotic autonomy, in which the robots are aware of their
perceptual, physical, and reasoning limitations and proactively ask for help from humans.”6
How is this relevant to finance? Replace the concept of navigating the physical world with the
demands of navigating information flows within finance, i.e., a “virtual” overlay of our physical
economy. New paths ahead in the world of finance are being forged—in concurrence with creative
start-ups—as humans and machines learn to work symbiotically.

REFERENCES
1. M. Kolanovic and R. T. Krishnamachari, “Big data and AI strategies: Machine learning and
alternative data approach to investing,” JP Morgan Chase & Co., New York, NY, USA, Tech.
Rep., May 2017.
2. FinTech Innovation Lab. [Online]. Available: http://www.fintechinnovationlab.com/
3. CBInsights, “Global Fintech report Q2 2018,” New York, NY, USA, 2018.
4. J. Wieczner, “Foursquare just predicted Chipotle’s sales Will plummet 30%,” Fortune,
Apr. 15, 2016.
5. E. Stinson, “Foursquare may have grown up, but the check-in still matters,” Wired,
Aug. 9, 2017.
6. X.-P. Zhang, “To the victor go the spoils: AI in financial markets,” IEEE Signal Process.
Mag., vol. 34, no. 6, pp. 171–176, Nov. 2017.
7. J. Corbo, C. Giovine, and C. Wigley, “Applying analytics in financial institutions’ fight
against fraud,” McKinsey & Company, New York, NY, USA, Apr. 2017. [Online]. Available:
https://www.mckinsey.com/business-functions/mckinsey-analytics/our-insights/applying-
analytics-in-financial-institutions-fight-against-fraud.
8. R. Balasubramanian, A. Libarikian, and D. McElhaney, “Insurance 2030—The impact of AI
on the future of insurance,” McKinsey & Company, New York, NY, USA, Apr. 2018.
[Online]. Available: https://www.mckinsey.com/industries/financial-services/our-insights/
insurance-2030-the-impact-of-ai-on-the-future-of-insurance.
9. CoBot Robots. [Online]. Available: http://www.cs.cmu.edu/~coral/projects/cobot/

ABOUT THE AUTHORS

Xiao-Ping (Steven) Zhang is a Co-Founder of EidoSearch. Contact him at
[email protected].

David Kedmey is a Co-Founder of EidoSearch. Contact him at dkedmey@eidosearch.

com.

This article originally appeared in

IEEE MultiMedia, vol. 25, no. 4, 2018.

www.computer.org/computingedge
October-December 2018 83 25
www.computer.org/multimedia
EDUCATION
Editors: Jelena Mirkovic, [email protected] | Bill Newhouse, [email protected]

Project-Based Learning Inspires

Cybersecurity Students:
A Scholarship-for-Service Research Study

Alan T. Sherman | University of Maryland, Baltimore County

Peter A.H. Peterson | University of Minnesota Duluth
Enis Golaszewski, Edward LaFemina, and Ethan Goldschen | University of Maryland, Baltimore County
Mohammed Khan | Prince George’s Community College
Lauren Mundy | Montgomery College
Mykah Rather | Prince George’s Community College
Bryan Solis | Montgomery College
Wubnyonga Tete | Prince George’s Community College
Edwin Valdez | Montgomery College
Brian Weber and Damian Doyle | University of Maryland, Baltimore County
Casey O’Brien | Prince George’s Community College
Linda Oliva | University of Maryland, Baltimore County
Joseph Roundy | Montgomery College
Jack Suess | University of Maryland, Baltimore County

O ver four summer days in

2017, cybersecurity students
at the University of Maryland, Bal-
and information systems and the
master of professional studies degree
in cybersecurity. UMBC is also a
one of the authors of this article),
organized a four-day SFS summer
research study at UMBC in the
timore County (UMBC) analyzed Cybercorps: Scholarship for Service summer of 2017. Prof. Sherman
the security of a targeted portion (SFS) school, where students are also invited professors, research-
of the UMBC campus network, supported for up to three years on ers, UMBC graduate students, and
discovering numerous flaws, creat- the condition that, after graduation, National Security Agency (NSA)
ing proof-of-concept exploits, and they will work for federal, state, local, personnel to interact with the stu-
providing practical recommenda- or tribal governments one year for dents as technical experts.
tions for mitigation. We report on each year of support. Everyone worked as a team
this novel summer research study; In the fall of 2016, with support on the same challenge: to ana-
its technical findings; and takeaways from the National Science Founda- lyze the network administration
for students, educators, and Infor- tion, UMBC was one of 10 schools system’s (NetAdmin’s) web front
mation Technology Departments. that pioneered a new strategy for end enabling modifications to the
UMBC, a National Center of recruiting talented cybersecurity UMBC campus firewall. In support
Academic Excellence in Cyberde- professionals for government ser- of the project, UMBC’s Division
fense Education and Research, is a vice: the university extended SFS of IT (DoIT) provided partici-
midsize public university offering scholarships to nearby partnering pants with all relevant source code
undergraduate and graduate tracks community colleges (CCs). To and a functional copy of the envi-
in cybersecurity leading to B.S., integrate the new CC students into ronment for testing. At the end of
M.S., and Ph.D. degrees in computer the existing SFS cohort through a each day, DoIT staff, including the
science, computer engineering, collaborative activity, Alan T. Sher- primary NetAdmin author, met
man, UMBC professor and director with the students. At the conclu-
Digital Object Identifier 10.1109/MSEC.2019.2900595
of UMBC’s Center for Informa- sion of the project, the student
Date of publication: 14 May 2019 tion Security and Assurance (and team identified several critical
26 October 2019 Published by the IEEE Computer Society  2469-7087/19 © 2019 IEEE
82 May/June 2018 Copublished by the IEEE Computer and Reliability Societies 1540-7993/19©2019IEEE
vulnerabilities, devised exploits, problem solving, and independent one Ph.D. student. All students had
and presented their findings and thinking in addressing an impor- at least a basic grounding in cyber-
recommendations to DoIT. tant, practical, rich, and challenging security. Some students had much
This type of activity more expertise. Each
should be beneficial for participant signed a non-
any group of students. disclosure agreement
Our hope is that educa- Our task was to analyze the security of (NDA) with DoIT.
tors, IT Departments, NetAdmin and the network architecture The study took place
and students at any insti- and to make recommendations to DoIT. from 9 a.m. to 5 p.m.,
tution may learn from our Tuesday through Fri-
shared experiences in col- day, in a large room with
laborative and real-world tables, a whiteboard, and
project-based learning (PBL) (see problem. We sought a problem that a projector. Using a PBL approach,2

“Project-Based Learning”). Partner- was complex but tractable. We also we presented the challenge and
ing with a real IT Department has sought a project that, if successful, challenge-related goals to the students
many benefits: the study inspired would benefit the UMBC community. and instructed them to formulate a
students and enhanced students’ Focusing on UMBC’s home-grown strategy that would achieve the proj-
skills, students and educators appre- NetAdmin had many attractive prop- ect’s goals, while supporting sustained
ciated the authentic case study, DoIT erties: NetAdmin’s source code was inquiry and reflection. Students orga-
received free security consulting, available; DoIT could answer ques- nized themselves into teams, with
and the UMBC community gained tions and provide information; and, each team exploring some aspect
improved security.5 since NetAdmin had never under- of the problem. For example, teams
gone a security evaluation, it seemed explored the network topology, the
The SFS Summer likely to have vulnerabilities. software environment, architectural
Study at UMBC The in-person participants com- issues, source code, and known soft-
A hands-on study was appealing prised six CC transfer students, ware vulnerabilities. More experi-
because it enabled collaboration, three UMBC undergraduates, and enced students emerged as leaders.

Project-Based Learning
P roject-based learning (PBL) is an instructional approach in which small groups of students engage in authen-
tic tasks and learn as they attempt to solve relevant problems. Students ask and revise questions, debate
ideas, generate predictions, experiment, collect data, draw conclusions, communicate ideas and findings, refine
approaches, and create products.2
PBL holds great promise in cybersecurity because there is a proliferation of complex challenges to engage
students, sustain their interest, and direct their learning as they develop diverse approaches to solving real-world
problems. In PBL, students are focused on tasks; they can try out a variety of solutions and receive timely feed-
back on their approaches. They engage in collaboration and reflection that deepens their learning and enhances
the transferability of skills.
There are many examples of PBL in cybersecurity (e.g., the New Jersey Institute of Technology’s Cyber-Real
World Connections Summer CampS1 and Conklin and White’s graduate course,S2 which includes some elements
similar to our study). We encourage the creation of more scholarly articles on this subject. We are strong believers
in the value of PBL, as evidenced by our participation in the INSuRE Project.S3

References
S1. New Jersey Institute of Technology, “Cybersecurity Real World Connections Summer Boot Camp at NJIT,” 2016.
[Online]. Available: https://sci.njit.edu/gencyber/RWCCybersecurityCamp Brochure-Summer2016.pdf
S2. A. Conklin and G. White. “A graduate level assessment course: A model for safe vulnerability assessment,” in
Proc. 9th Colloquium for Information Systems Security Education (CISSE), June 2005, pp. 109–114.
S3. A. T. Sherman et al., “The INSuRE Project: CAE-Rs collaborate to engage students in cybersecurity research,” IEEE
Security Privacy, vol. 15, no. 4, pp. 72–78, July–Aug. 2017.

www.computer.org/computingedge 27
www.computer.org/security 83
EDUCATION

Campus Network

UMBC
Firewall NetAdmin
Research Subnet
Internet

Client

Figure 1. An illustration showing the architecture of the UMBC network, including the NetAdmin tool, which is accessible
to machines on the research subnet.

Two UMBC professors and task was to analyze the security of “own.” Rules violating these restric-
two NSA experts visited each day NetAdmin and the network architec- tions must be submitted out of band
to answer technical questions. Late ture and to make recommendations to DoIT for special consideration.
each afternoon, representatives from to DoIT. Since machine owners could mod-
DoIT, including the primary NetAd- NetAdmin allows faculty and ify only rules affecting their own
min script author, joined the group staff who are authenticated through machines, DoIT reasoned that Net-
for a discussion. Students unable to the myUMBC single sign-on Admin introduced little risk.
attend in person joined a student-led (SSO) system to create firewall Written in PHP 5.1.6 and resid-
one-hour evening chat session via exceptions for their machines on ing on a dedicated Linux server
Google Hangouts. the research subnet. As shown in running Apache 2.2.3, NetAdmin
Figure 1, NetAdmin sits behind receives firewall rules from client
The Problem the UMBC firewall, so it can be browsers and applies those rules to
The UMBC network has 10,000 accessed only from the campus net- UMBC’s firewall through applica-
users; more than 15,000 devices work or by virtual private network tion programming interface (API)
connect to the network daily. That (VPN) users. calls. To authenticate the rules to
makes defending the the firewall, NetAd-
UMBC network a daunt- min includes a 360-bit
ing challenge. One part symmetric API key file
of the defense is a firewall The adversary’s main goal was to stored in the application
between the Internet and make unauthorized changes to the directory of the NetAd-
the UMBC network. All UMBC firewall without detection. min server. This file is
campus traffic must pass neither digitally signed
through this firewall. nor integrity protected.
One of UMBC’s inter- In case of failures and
nal subnets is for computers used User groups, including faculty, restarts, NetAdmin stores rules and
in research projects. Users on these staff, and superusers, are defined in a logs in local unstructured files. Each
computers often need to connect file in NetAdmin’s application direc- rule is described by one record,
to and from the Internet on vari- tory. Superusers may view, modify, which is delimited by a newline.
ous ports. This requires permission or create any rule for any Internet Pipe characters delimit fields.
to enable data to pass through the Protocol address on the UMBC For more than a decade, NetAd-
firewall. DoIT originally processed network (not only on the research min ran untouched and worked well,
firewall exceptions manually, which subnet). Faculty and staff may cre- with no detected compromises. No
was time-consuming and error ate, modify, or delete rules for cer- one, however, had ever subjected
prone. NetAdmin, launched in 2006, tain common ports [e.g., Secure NetAdmin to a thorough secu-
facilitates exceptions to UMBC’s Shell (22), HTTP (80)] associated rity evaluation. In planning discus-
default-deny firewall policy. Our with research subnet addresses they sions, DoIT suggested analyzing
28 ComputingEdge October 2019
84 IEEE Security & Privacy May/June 2019
NetAdmin in the same way that a
penetration testing team might.
Students were encouraged to follow
whatever approach they thought
best and were given access to
DoIT staff, who provided appro-
priate information as requested.
Our adversarial model was an out-
sider with compromised faculty or
staff credentials or a malicious fac-
ulty or staff insider on the research
subnet with the knowledge, skills,
and resources of an excellent com-
puter science graduate student.
The adversary’s main goal was to
make unauthorized changes to the
UMBC firewall without detection.
The group analyzed NetAdmin in
its operational context, including
whether cryptography was being Figure 2. A screenshot of the NetAdmin web interface with record overflow.
properly used, but did not consider
attacks on the cryptography itself,
the servers’ physical security, social Students found some of the could be vulnerable to possible
engineering of DoIT staff, or recov- most common software security record-overflow attacks and/
ery after disaster or compromise. errors.3 NetAdmin did not ade- or denial-of-service attacks. In
quately validate or sanitize inputs. particular, NetAdmin’s use of
Vulnerabilities, Attacks, For example, NetAdmin permitted the PHP command fgetcsv() as-
and Risks firewall rules to include text descrip- sumed (without verifying) that
At the start of our four-day study, the tions but did not strip HTML or each record was at most 999 bytes.
student-led team of 10 individuals JavaScript. This made it possible for As shown in Figure 2, if a user (or
focused on identifying risks, poten- someone to conduct code injection adversary) entered a rule longer
tial vulnerabilities, and related attacks,attacks,4 which could victimize users than 999 bytes, the additional bytes
many of which were would be accepted as a
extremely serious. NetAd- new and valid record.
min ran on an unpatched, Communication bet-
out-of-date, and unsup- While DoIT was not aware of any attack ween users and NetAd-
ported operating system involving NetAdmin, the potential min was unencrypted
(OS), Linux 2.6.18, which attacks listed were feasible and could HTTP without integ-
has at least 463 vulner- be executed by skilled students. rity protection, allow-
abilities (https://www ing an adversary to read
.cvedetails.com). Violating and modify all traf-
the principle of least privi- fic. By modifying data
1
lege, the firewall API key used by Net- and administrators through their sent to NetAdmin, an adversary
Admin permitted arbitrary changes to browsers. JavaScript payloads could could set firewall rules enabling
the campus firewall (not just to the submit rules to NetAdmin in the unauthorized access to the user’s
research subnet). Compromise of background. The malicious code machines or launch an injection
the NetAdmin server would there- could execute arbitrary commands or record-overflow attack. Also,
fore be very severe. An attacker could on the NetAdmin server. The while NetAdmin authenticated the
issue arbitrary firewall rules affecting malicious code could, for example, firewall using a self-signed certifi-
the entire campus; modify log files, initiate commands to exfiltrate the cate, the firewall did not authenti-
rules, and user groups; and exfiltrate firewall API key. cate NetAdmin; it required only
the firewall API key, all of which are Similarly, NetAdmin did not that requests contain the API key.
stored as unencrypted text without validate the length of rule descrip- Additionally, since the firewall’s
integrity protection. tions, which meant that the system key was self-signed, compromise of
www.computer.org/computingedge 29
www.computer.org/security 85
EDUCATION

Research Subnet
Firewall

Campus Network

Internet Research Subnet

UMBC NetAdmin
Firewall

Client

Figure 3. An illustration showing the recommended architecture to provide compartmentalized defense. This design
restricts failure of the research subnet firewall to the research subnet.

UMBC’s signing key could enable faculty, with the latter affecting security. Segmenting NetAdmin
an adversary to forge certificates only the research subnet. API key into a web front end, for validating
and impersonate the firewall. establishment and storage might and sanitizing input, and a back
Other risks were exposed. For be improved by encrypting the API end, for performing additional
example, UMBC’s one-firewall keys and keeping digests for integ- validation and for communicat-
design provided no architectural rity checking. The digests could be ing with the firewall, would add
protection. NetAdmin was acces- kept offline for periodic manual defense in depth. These services
sible via the campus VPN, facilitat- integrity checks, but the plaintext should run under separate accounts
ing remote attacks. If an adversary API keys are actively needed by and be restricted in other ways
could hijack a user’s SSO session, the server during operation; keep- (e.g., no unnecessary software or
that adversar y could masquer- ing the encrypted API keys and communication with unneces-
ade as that user to NetAdmin. digests locally would have limited sary hosts). Disallowing con-
While DoIT was not aware of value given that there is no secure nections from the campus VPN
any attack involving NetAdmin, the place on the NetAdmin server to would reduce the potential for
potential attacks listed were feasible store them. As mentioned, com- remote attacks, though it would
and could be executed by skilled stu- promise of the NetAdmin server be difficult to prevent an adver-
dents. As proof of concept, students would be catastrophic; in this sary from logging into NetAdmin
implemented record-overflow and case, the keys would be revealed. after establishing a VPN connec-
injection attacks.5 There is no perfect solution for the tion to another campus machine.
key-storage issue. Performing periodic internal and
Recommendations Figure 3 shows a two-firewall external audits of NetAdmin’s
After identifying attacks, the stu- approach with better segmentation, software and firewall rules would
dents recommended a number of where the research subnet firewall help sustain security.
mitigations: the NetAdmin soft- and the main campus firewall use sep-
ware, including the OS and all sup- arate keys. Regardless, communica- Takeaways
porting software, should be kept tions between the NetAdmin server We hope that educators, IT depart-
current with security patches to mit- and users should use end-to-end ments, and cybersecurity program
igate off-the-shelf exploits; all input encryption with authentication and managers can benefit from our
should be sanitized and validated on integrity protection, and the firewall experience.
the server side; HTML, Javascript, and NetAdmin should authenticate
and special characters (e.g., pipe) each other using certificates signed Educators and Study
should be prohibited in rules; and by a certificate authority. Organizers
size limits should be enforced to Using a direct, physical con- Overall, the study went very smooth-
stop overflow attacks. nection between NetAdmin and ly, and PBL sustained inquiry
Also, NetAdmin should use dif- the proposed research subnet and critical thinking. Most stu-
ferent API keys for superusers and firewall would improve physical dents quickly became absorbed in
30 ComputingEdge October 2019
86 IEEE Security & Privacy May/June 2019
the project and were productive, departments elsewhere could ben- could be integrated into nearly any
although some students could have efit from similar analysis. kind of cybersecurity program.
benefited from some prior prepara- We were fortunate to enjoy re- Partnering qualified students with
tion. Engagement level varied, but markably strong support and cooper- IT Departments can reap benefits
everyone made contributions. A few ation from DoIT, and we commend for everyone: students gain excit-
students were somewhat uncom- members of the department for their ing, concrete, hands-on collabora-
fortable with the undirected and constructive attitude. Teams at tive experiences; educators are given
open-ended model. However, in a other schools, however, might face rich and realistic case studies sup-
follow-up survey, 100% of participants a defensive administration that fears porting project-based learning; and
reported that the project increased embarrassment or is unwilling to IT Departments receive free cyber-
their cybersecurity knowledge and trust students. We believe that care- security consultations. DoIT hired
skills (86% strongly agreed and ful selection of participants and the several of the participants to join its
14% agreed). Participants identi- use of NDAs should reassure admin- security team. We look forward to
fied the following elements as valu- istrators that students in the project conducting similar studies each year
able: teamwork, hands-on nature of can be trusted. Our hope is that, by and hope that other schools can also
the task, real-world challenge, critical welcoming and encouraging analy- benefit from similar collaborations.
thinking, and problem solving. All par- sis of their systems, other IT depart-
ticipants reported that they would rec- ments and student teams can learn References
ommend the summer study project to while enhancing the security of 1. M. Bishop, Computer Security: Art and
other cybersecurity students. their communities. Science. Boston: Addison-Wesley,
Having a virtual copy of the pro- 2003.
duction system for experimentation Cybersecurity Program 2. P. C. Blumenfeld, E. Soloway, R. W.
was extremely valuable as was having Managers Marx, J. S. Krajcik, M. Guzdial, and A.
access to the original developer. Pos- Extending scholarships to CC stu- Palincsar, “Motivating project-based
ing questions to DoIT in a Google dents has thus far has worked well. learning: Sustaining the doing, sup-
Doc and receiving answers through- In recruiting CC students for our porting the learning,” Educ. Psychol.,
out the day was effective and helpful SFS program, we focus primarily vol. 26, pp. 369–398, 1991.
as was having local security experts on those pursuing associate degrees 3. S. Kaza, B. Taylor, and E. K. Haw-
available for consultation. In-person because they are more prepared to thorne, “Introducing secure coding
discussions were facilitated by a transfer to four-year schools, even in CS0, CS1, and CS2: Conference
video projector, whiteboard, and though some associate of applied workshop,” J. Computing Sci. Col-
students’ personal devices. We rec- science programs include more leges, vol. 3, pp. 11–12, June 2015.
ommend having numerous power cybersecurity coursework. While 4. Open Web Application Security
strips available. Evening chat sessions there is an opportunity cost in that Project, “The OWASP Foundation:
allowed remote students to partici- a scholarship awarded to a CC stu- The free and open software security
pate. Chat worked better than video dent is not awarded to a student at community.” [Online]. Accessed
because it provided a written record UMBC, we are attracting highly on: Sept. 16, 2018. Available:
and facilitated asynchronous use. qualified CC students, and the https://www.owasp.org/index
Summer internships can create sched- scholarship is a life-changing oppor- .php/Main_Page.
uling conflicts; we now hold the study tunity for some students, especially 5. A. T. Sherman et al., The SFS Sum-
during the January intersession. those from modest backgrounds. mer Research Study at UMBC:
Our current approach is to support Project-based learning inspires cyber-
IT Departments two CC graduates per year. security students, Cryptologia, to
IT departments often run obsolete be published, Nov. 2018. [Online].
and unpatched systems because Available: arXiv:1811.04794.
they know that updates will take
valuable staff time and might break
the system, requiring even more
O ur study engaged and moti-
vated students, as evidenced
by their findings and our survey
Alan T. Sherman is with the Uni-
versity of Maryland, Baltimore
staff time to fix. Our study, however, results. We also demonstrated that County. Contact him at sherman@
demonstrates that keeping software there are highly capable students at umbc.edu.
systems up to date is not optional. CCs who can contribute to cyber-
We also exposed and exploited security. While we integrated this Peter A.H. Peterson is with the
numerous common vulnerabilities study into the SFS program at University of Minnesota Duluth.
and suggested improvements. IT UMBC, we feel this type of activity Contact him at [email protected].
www.computer.org/computingedge 31
www.computer.org/security 87
EDUCATION

Enis Golaszewski is with the Univer- Mykah Rather is with Prince George’s Casey O’Brien is with Prince George’s
sity of Maryland, Baltimore County. Community College. Contact her Community College. Contact him
Contact him at golaszewski@ at [email protected]. at cobrien@nationalcyberwatch
umbc.edu. .org.
Bryan Solis is with Montgomery
Edward LaFemina is with the Univer- College. Contact him at bsolis1@ Linda Oliva is with the University
sity of Maryland, Baltimore County. umbc.edu. of Maryland, Baltimore County.
Contact him at edlafem1@umbc Contact her at [email protected].
.edu. Wubnyonga Tete is with Prince
George’s Community College. Joseph Roundy is with Montgomery
Ethan Goldschen is with the Uni- Contact her at [email protected]. College. Contact him at Joseph.
versity of Maryland, Baltimore [email protected].
County. Contact him at egold2@ Edwin Valdez is with Montgom-
umbc.edu. er y College. Contact him at Jack Suess is with the University
[email protected]. of Maryland, Baltimore County.
Mohammed Khan is with Prince Contact him at [email protected].
George’s Community College. Brian Weber is with the University of
Contact him at khanmoh1@ Maryland, Baltimore County. Con-
umbc.edu. tact him at [email protected].
This article originally
appeared
Access in IEEE Computer
all your
Lauren Mundy is with Montgom- Damian Doyle is with the University of
IEEE Security
Society & Privacy,at
subscriptions
ery College. Contact her at Maryland, Baltimore County. Con-
vol. 17, no. 3, 2019.
computer.org/mysubscriptions
[email protected]. tact him at [email protected].

Rejuvenating Binary Executables Visual Privacy Protection Communications Jamming

■ ■ Policing Privacy Dynamic Cloud Certification Security for High-Risk Users
■ ■ Smart TVs Code Obfuscation The Future of Trust
■ ■

IEEE Symposium on
Security and Privacy

January/February 2016 March/April 2016 May/June 2016

Vol. 14, No. 1 Vol. 14, No. 2 Vol. 14, No. 3

IEEE Security & Privacy magazine provides articles

with both a practical and research bent by the top
thinkers in the field.
• stay current on the latest security tools and theories and gain invaluable practical and
research knowledge,
• learn more about the latest techniques and cutting-edge technology, and computer.org/security
• discover case studies, tutorials, columns, and in-depth interviews and podcasts for the
information security industry.
Digital Object Identifier 10.1109/MSEC.2019.2911826

32 ComputingEdge October 2019

88 IEEE Security & Privacy May/June 2019
IEEE Internet Computing delivers novel content
from academic and industry experts on the
latest developments and key trends in Internet
technologies and applications.

Written by and for both users and developers,

the bimonthly magazine covers a wide range
of topics, including:
• Applications
• Architectures
• Big data analytics
• Cloud and edge computing
• Information management
• Middleware
• Security and privacy
• Standards
• And much more

In addition to peer-reviewed articles,

IEEE Internet Computing features industry
reports, surveys, tutorials, columns, and news.

www.computer.org/internet

VOLUME 22, NUMBER 2 MARCH/APRIL 2018

IEEE INTERNET COMPUTING

VOLUME 22, NUMBER 4 JULY/AUGUST 2018

 July/August 2018
IEEE INTERNET COMPUTING

IEEE INTERNET COMPUTING

Evolution of Rack-Scale Systems

VOLUME 22, NUMBER 1 JANUARY/FEBRUARY 2018

 January/February 2018

VOLUME 22, NUMBER 3 MAY/JUNE 2018

 May/June 2018
IoT-Enhanced Human Experience

Connected and Autonomous Vehicles

IoT-Enhanced Human Experience

Evolution of Rack-Scale Systems
Volume 22
Number 1

Volume 22

www.computer.org/internet
Number 4

Healthcare Informatics and Privacy

www.computer.org/internet

Join the IEEE Computer Society Connected and Autonomous Vehicles

for subscription discounts today!
Volume 22

www.computer.org/internet
Number 3

www.computer.org/internet

www.computer.org/product/magazines/internet-computing
 Anecdotes

Learning to Network
Stephen D. Crocker
Shinkuro, Inc.

Editor: David Walden [[email protected]]

& THE ARPANET FOR me was an intriguing diver- an opportunity for graduate students from the
sion from my graduate studies for the summer various projects to meet others and share experi-
of 1968. During the previous eighteen months, I ences. The IPTO principal investigators met
had studied artificial intelligence (AI) at Massa- every year, and this was an experimental spin-off
chusetts Institute of Technology (MIT), Cam- at the graduate student level.
bridge, MA, USA. I decided to spend the summer Barry Wessler, the sole program manager in
at my undergraduate school, University of Cali- IPTO, organized and ran the meeting. Barry was
fornia, Los Angeles (UCLA), CA, USA, to work warm, welcoming, and roughly the same age as
with both Professor Gerald (Gerry) Estrin and we were. He structured the meeting for the
my friend Vint Cerf. I packed my bags, sublet my group to become acquainted with each other,
apartment in Cambridge, and headed west. reserving only one block of time for a discussion
Shortly after arriving at UCLA, Vint described of computer networking. For most of the three
an unusual graduate meeting he would attend in days, I listened to descriptions of current cut-
late June. Rather than a conventional conference ting-edge computer science research: advanced
with papers and a common research theme, the interactive systems; AI; graphics; multiproces-
sole purpose of the meeting was to introduce sors; new programming languages; etc. One of
graduate students who were working on projects the more engaging presentations covered the
supported by the Information Processing Tech- possibility of small portable computers. It was a
niques Office (IPTO) in the Advanced Research fantastic idea for an age in which computers
Projects Agency (ARPA). were large, bulky, and filled air-conditioned
I was mildly jealous but I was not a UCLA grad- rooms. Alan Kay, then a graduate student at
uate student and had no right to complain. Luck- the University of Utah held forth: “And by
ily, IPTO also funded research at MIT, including ‘portable’,” he proclaimed, “I mean you can carry
Marvin Minsky’s AI Laboratory. Minsky selected it and something else as well.”
Pat Winston and me to represent his lab, and his During the discussion of computer net-
secretary tracked me down. The conference in working, Barry described the ideas that would
Illinois was attended by approximately 30 guys, eventually become the Arpanet. It did not cap-
one or two from each IPTO funded project. ture the group’s attention; we were each focused
A networking meeting in the social sense, it was on our own research goals. I doubt many of us
were aware that IPTO was fully committed to
building the network which would directly affect
Digital Object Identifier 10.1109/MAHC.2019.2909848 each of us. The IPTO people, Larry Roberts,
Date of current version 29 May 2019. Bob Taylor, and Barry, had been working on the

1058-6180  2019 IEEE Published by the IEEE Computer Society IEEE Annals of the History of Computing

34
42 October 2019 Published by the IEEE Computer Society  2469-7087/19 © 2019 IEEE
 plan for the network, developing the technical architecture. Our sites would be connected by
strategy while also gaining the acceptance and long-distance 50 kb/s lines. The lines would be
cooperation of the principal investigators at shared using a technology called packet switch-
each of the research sites. ing. The lines would be connected to our com-
The Arpanet plan was already well advanced. puters via the IMPs. ARPA was in the process of
The initial four sites would be in the western part soliciting bids to build the IMPs.
of the United States at UCLA, Stanford Research Shapiro had come prepared with possible
Institute (SRI), Menlo Park, CA, the University of experiments using dial-up lash-ups between our
California, Santa Barbara (UCSB), CA, and the Uni- machines before the network was delivered.
versity of Utah, Salt Lake City, UT, USA. Wes However, we found ourselves more interested in
Clark’s suggestion to place a separate computer the challenges of connecting our computers
at each site to perform the packet-switching with the new technology. The details of the hard-
instead of requiring the host computers to do ware connections would depend on the design
this work was already part of the plan. These of the IMP and how the contractor built it. How-
were dubbed “IMPs” for interface message pro- ever, to make those connections work, we would
cessor. This was the birth of routers, the central have to make incisions into both the hardware
element in all successive network architectures. and the operating system on our computers, and
IPTO had SRI organize a meeting with the we would have to design the kinds of messages
institutions to discuss the basic elements of the that our computers would say to each other.
network. The meeting was held at UCSB in Our four laboratories had machines that were
August; Vint and I attended on behalf of UCLA. commonly used in computer science research
I had known Vint since high school where we but they were of four different designs. UCLA
pursued our common interest in math and began had a Scientific Data Systems (SDS) Sigma 7 com-
to get involved in computing. While still in high puter, SRI had an SDS 940, Utah had a Digital
school, I was given access to some of the UCLA Equipment Corporation PDP-10, and UCSB had
computers and I occasionally dragged Vint along an IBM 360/75. The machines had different oper-
on some visits. We attended different colleges, ating systems and different character sets. All
he at Stanford and I at UCLA. Vint then attended had the capacity for timesharing, but each
graduate school at UCLA while I went off to MIT. behaved as if it were the center of its own world
The summer was a fortunate chance to work and had no easy way of connecting to another
together. machine.
Elmer Shapiro from SRI chaired the meeting Our group did not make technical decisions
at UCSB. Shapiro developed a preliminary at that meeting, but we realized we needed to
description of the new network. There were continue talking. We did not explicitly think
roughly a dozen of us in the room, two from of ourselves as an organization, per se, but we
each of the four sites and a few observers. implicitly gravitated toward forming our own
We represented the second level of the human network. We needed to understand each
research personnel. We were graduate students other’s computing environment and we agreed
or staff members. None of the principal investi- to hold meetings at each of our sites. In making
gators attended. Although we were not in charge this decision, we recognized the implicit irony.
of the research agendas in our home institutions, We would do a substantial amount of travel in
we had a thorough understanding of the com- order to build a network that would eventually
puters and software, including operating sys- permit collaboration without travel.
tems, compilers, and the applications. This The group from the Santa Barbara meeting
common base would be crucial in figuring out became the nucleus of a working group that cut
how to connect our four different computer sys- across communities and bound the laboratories
tems to form the first nodes of the network. together. It grew from an informal group of fewer
The meeting was not highly structured. than a dozen to what is now the Internet Engi-
Shapiro explained the basic plan for the project neering Task Force (IETF). Fifty years later, this
and offered a bare outline of the Arpanet task force engages thousands of people across

April-June 2019
www.computer.org/computingedge
43 35
 Anecdotes

the globe who continue to develop hundreds of language systems, chess programs, databases,
protocols. graphics, and more. Beyond the existing sys-
My involvement in the Arpanet was supposed tems, we wanted to create the environment for
to last the summer. As time neared for me to applications that could use the facilities at two or
return to Cambridge, I realized I was not anxious more sites at the same time. This meant we had to
to leave. I shared my thoughts with my boss for be careful not to build unnecessary assumptions
the summer, Gerry Estrin. He immediately or constraints into the basic infrastructure.
invited me to join the UCLA Ph.D. program. I Two of the examples influencing our thinking
debated the change since I had chosen to do my about how the network should interact with exist-
graduate research in AI, where MIT was a clear ing systems were the Culler-Fried System at UCSB
leader. After a few sleepless nights, I chose and Douglas Engelbart’s On-Line System (NLS) as
UCLA, returned to Cambridge to withdraw from SRI. The Culler-Fried System was a clever tool for
MIT and close my apartment. experimenting with signal processing. Like a desk
The fall of 1968 was a time of travel. Our infor- calculator on steroids, single button pushes
mal group visited each of the four ARPA sites, caused computations, but it operated on vectors
talked about the local research agendas and of 128 numbers and reduced complicated opera-
brainstormed ideas on what our computers tions, such as convolution, to a single keystroke.
would say to each other. Our discussions Douglas Engelbart’s NLS was the precursor of the
remained general; we did not yet have the con- graphical user interface for text. It had a mouse
crete specifications for the network. Rather than and allowed users to interact with structured text
focusing on the details of message formats, exact and hyperlinks. To support these over the net-
sequences of messages, etc., we explored more work would be challenging. At the very least, we
general concepts. We knew we wanted to build a knew it would be important to transmit single but-
network that would handle the unique and crea- ton pushes if the remote system required it, even
tive elements of any machine or system without though that might seem inefficient. In other cases,
forcing those elements into a homogenized or it would be important to move larger chunks of
restricted form, so our thinking focused on gen- data as efficiently as possible.
erality instead of minimal functionality During our discussions that fall, we identified
Generality is fine as a principle, but it does not two principles that would guide our work. First,
provide much guidance. Meanwhile, although we our network services or protocols were to be
did not want to close the door on potentially constructed in layers and these layers would be
interesting uses of the net, we could see two fun- as thin and as simple as possible. Our second
damental services that would be immediately principle was the entire network structure would
useful. First, users at each site would like to login be open. The different layers of protocols
to distant machines just as if they were connect- needed to be accessible to any user. All users
ing to that machine over conventional telephone should be able to modify the protocols, add new
lines or directly connected terminals. Second, layers, and insert new protocols between layers.
users would want to be able to transfer files from In hindsight, our decisions felt natural to us
one machine to another. At the same time, we did because they reflected the cooperative research
not want to focus only on these two services lest environment in which we worked. Hence,
we compromise the larger possibilities. it made sense to have the internal structure
Our thinking included research systems open and available to the users. Had we been
beyond those at the first four nodes. We were all building a commercial product, it would have
aware of Multics at MIT and how it represented been natural to have a hard boundary between
the next generation in time-sharing systems. that internal structure and the services that
We all knew that ILLIAC IV at the University were available to the users.
of Illinois, IL, USA, was planned to be a big Although we did not spend time saying so
step forward in parallel computing that would be explicitly, we were conscious that we lacked
able to handle large numerical calculations. any formal authority for designing the structure
We were also interested in interactive natural of network software or for defining network

36
44 ComputingEdge
IEEE Annals of the History of Computing
October 2019
 standards. We were simply graduate students At this initial meeting, we sized up each other
who might develop some of the network soft- and tested our future relationship. We had come
ware. However, we had been visiting the initial prepared with some preliminary ideas. One of
sites and had built up an understanding of the our members, Jeff Rulifson of SRI, suggested
requirements for such a system. None of us good practice would be to insert, at various
rushed to exert our authority over network soft- layers, some lightweight checksums for data
ware. In those early days, we met as equals and integrity. He had argued this approach provided
without hierarchy. substantial benefits in operating systems by
In February 1969, our environment catching software and configuration errors.
expanded when our group began working with We shared our plan to use a simple checksum
Bolt Beranek and Newman, Inc. (BBN), the con- to catch major errors, including the possibility of
tractor that had been selected to build the incorrectly assembled messages in the IMPs. Frank
IMPs. The BBN development team was led by Heart pushed back very forcefully, booming,
Frank Heart. Frank was a seasoned, no non- “You’ll make my network look slow.”
sense digital engineer. He started his career in I was uncertain how to respond. The lines of
the early 1950s working on the Whirlwind at authority were far from clear. It really was not for
MIT. He then moved to Lincoln Labs and him to tell us how to design our protocols but we
worked on the communications circuits for the had no formal authority. I did not want our rela-
SAGE computers, the machines the Air Force tionship to start in a contentious manner. I
used to monitor intrusions into the U.S. air- focused on the planned bit-serial host–IMP inter-
space. He would later claim that his group at face and tried to make a point about potential
BBN knew more about computer communica- errors. “How reliable is that interface?” I asked.
tions “than any other group in the country.”1 “As reliable as your accumulator!” Heart boomed
The IMPs were based on a commercial prod- again. The accumulator was the key element of a
uct, the Honeywell 516 computer, that Frank’s mid-1960s computer. If it failed, your computer
group augmented for the Arpanet project. His was broken. His vehemence convinced us to
engineers specified modifications for the Honey- remove a checksum from our plans. This was a
well hardware. They also designed and wrote mistake. When Lincoln Laboratory added their
the software that performed the IMP functions. TX-2 computer to the network in 1970, they had a
Frank and his team were accustomed to lot of trouble debugging their software. It turned
working in an industrial environment, where out their hardware interface to the IMP had some
they met deadlines and contract specifications. crosstalk with their drum storage unit. Rulifson’s
They were aiming to deliver the IMPs on a very advice would have paid off.
tight schedule. The first IMP was scheduled Our meetings with Heart and his BBN staff were
for UCLA in September, and the others on a productive, and we left on good terms. Yet, we
monthly schedule. Although they were building returned to our home institutions with the feeling
a research network, they expected the network that we were in an awkward position. Although we
would be reliable and always available. were making decisions about network design and
On a snowy day that February, the two implementation, we had no formal authority. We
groups, West Coast graduate students and East realized we needed to put our ideas on paper.
Coast engineers, met at the BBN offices. The two Even though we were meeting every few weeks,
groups approached the technical problems from we lacked enough time to discuss all our ideas. We
different perspectives. Frank’s team had thought also needed to include others in our thinking.
about the details of the IMP and how it would When we met a month later at the University of
operate. We had spent our time thinking about Utah, we agreed to start documenting our ideas.
how our computers, which were called the We each took a writing task. I took on the addi-
hosts, would talk with the IMPs. As we consid- tional clerical assignment of organizing the notes,
ered potential solutions, we also recognized we which seemed to be a minor chore. However, each
needed to deal with issues that were organiza- time I started to jot down how we might organize
tional or bureaucratic as well as technical. these notes, I felt blocked. I feared the simple act

April-June 2019
www.computer.org/computingedge
45 37
 Anecdotes

of writing these notes might trigger a backlash documentation when the network was up and
from someone in charge—someone from the East, running. To my surprise, the idea took hold, and
maybe Boston or maybe Washington—asking who RFCs persist to this day, albeit with major
we thought we were. changes; the IETF’s protocol standards are still
Our group was deeply involved in the design published as RFCs. Because RFCs are online
and implementation of the network. We had and available to anyone without cost, they form
insights, both practical and theoretical, that would a powerful technical repository that has enabled
help all of us build this technology. If we neglected generations of developers to extend the capabili-
to capture our thoughts in writing, we would be ties of the network in every imaginable direction.
retreating from our assignment to develop this net- The RFCs captured and represented many of
work. I found myself struggling with this problem the lessons that we learned in those first months
evening after evening. Finally, I realized one of the developing the Arpanet. They were distributed via
key lessons of networking, i.e., you have to present regular paper (“snail”) mail, of course; successive
your ideas to others in a way that encourages versions of the recipient list for the RFCs were also
rather than cuts off discussion. I decided to make distributed as RFCs. In a simple and practical
clear these notes were first words, not last words sense, we had formed a network of people even
and were intended to encourage conversation. before we had a working computer network5.
With that in mind, I jotted down the clerical Our technical work had two tracks. We were
aspects: each note should have a title, date, author slowly reaching toward a useful and workable set
institution, and number. I said the numbers would of abstractions as the basis for our protocols. We
be handed out quickly upon request after the note had to figure out how to connect each of our
was written so as to avoid holes in the sequence. machines to its IMP, which did not feel like lofty
And to emphasize the informal status of these notes, research but was nonetheless challenging.
I said each of them, no matter what its content, We had to build both a hardware interface and an
would be called a Request for Comments or RFC2. I addition to the operating system. Since most of
stated that the content of an RFC could be “any our machines were commercial products,
thought, suggestion, etc., related to the HOST soft- changes to the hardware and modifications of the
ware or other aspect of the network.” I added that operating system were not common. The vendors
an RFC should have at least one sentence and that it who sold us the machines certainly did not expect
was more important for the notes to “be timely such changes. At UCLA, the vendor’s quote for a
rather than polished.” Then I added that the notes hardware interface was both too expensive and
could contain “philosophical positions without required too much time. Fortunately, Mike Wing-
examples,” or “implementation techniques without field, another of our graduate students, volun-
introductory or background explication,” or teered to do it less expensively and quite quickly.
“questions without any attempted answers.”3 Others of us made the incisions into the operating
Finally, I wrote a few sentences in an effort to system to make the Arpanet appear as a device
explain what we were trying to do. I was hoping to available to user processes.
avoid outside criticism and encourage a wide dis- In a first test of the network, before we had
cussion, I opened with the phrase. “These stand- completed the definition of the early protocols, we
ards (or lack of them),” were stated “explicitly for lashed up a connection between UCLA and SRI on
two reasons.” First, I wanted to avoid the idea that October 29, 1969. The UCLA end acted as a user on
these notes were standards or authoritative design a terminal connecting to SRI. And of course, when
documents but were intended “to promote the we tried to log into the SRI computer that day, we
exchange and discussion of considerably less than uncovered a bug which caused the SRI system to
authoritative ideas.” Second, I felt it was important crash. But our work progressed steadily. By the
to bring forward incomplete or unpolished ideas start of 1970, new IMPs were added monthly and
and I wanted to ease the natural inhibition against the communication between the IMPs was reason-
doing so4. ably stable. We had learned how to network in all
I had expected that the RFCs would be tem- senses of the word—how to build network
porary, probably replaced by more formal software and hardware, how to collaborate at

38
46 ComputingEdge
IEEE Annals of the History of Computing
October 2019
 a distance, and how to work in groups without 3. Crocker, Steve, RFC 003, April 1969, tools.ietf.org/
well-defined authority. This experience became the html/rfc3
dominant mode of protocol design, first for the 4. Ibid.
Arpanet and then for the Internet. These methods 5. It is perhaps a reflection of our thinking that the
were captured by the long-standing IETF rallying network would facilitate distributed instead of
cry of “Rough consensus and running code” attrib- centralized coordination that we instinctively required
utable to Dave Clark, derived from the dedicated each RFC author to send copies to everyone listed on
efforts of that early group of graduate students the current recipient list instead of having one
who were learning how to network. particular site receive and then redistribute the RFCs.

& REFERENCES Steve Crocker is an Internet pioneer and computer

1. Page 6 of Oral History Interview with Frank Heart, scientist with experience in academia, government,
and industry. He managed research at DARPA in the
Conducted by Judy O’Neill, March 13, 1990, Charles
early 1970s, founded the computer science research
Babbage Institute, University of Minnesota, Minneapolis,
laboratory at the Aerospace Corporation in the early
conservancy.umn.edu/handle/11299/107349
1980s, co-founded CyberCash, Inc. in the early 1990s,
2. The term RFC is now in the Oxford English Dictionary,
and served on the board of the Internet Corporation for
credited to me. Recently, I learned Bill Duvall said he Assigned Names and Numbers from 2003 to 2017. He
suggested the term. I do not recall, but all the more earned his B.A. in mathematics and Ph.D. in computer
credit to him if so because the phrase seemed to me to science from UCLA. His honors include the 2002 IEEE
strike just the right tone. Forty years later, I wrote an Internet Award, an honorary doctorate from the Univer-
Op-Ed in the New York Times on the fortieth sity of San Martin des Porres, Lima, Perú, founding
anniversary of the RFCs, “How the Internet Got Its membership in the Internet Hall of Fame Pioneers, and
Rules,” https://www.nytimes.com/2009/04/07/opinion/ a Lifetime Achievement Award from the Internet
07crocker.html Society. Contact the author at [email protected].

This article originally appeared in

IEEE Annals of the History of Computing, vol. 41, no. 2, 2019.

April-June 2019
www.computer.org/computingedge
47 39
 Affective Computing and Sentiment Analysis

Supervised Learning for

Fake News Detection
 Correia,
Julio C. S. Reis, Andre
Fabrıcio Murai, Adriano Veloso, and
Fabrıcio Benevenuto
Universidade Federal de Minas Gerais

Editor: Erik Cambria, Nanyang Technological University, Singapore

Abstract—A large body of recent works has focused on understanding and detecting fake
news stories that are disseminated on social media. To accomplish this goal, these works
explore several types of features extracted from news stories, including source and posts
from social media. In addition to exploring the main features proposed in the literature for
fake news detection, we present a new set of features and measure the prediction
performance of current approaches and features for automatic detection of fake news.
Our results reveal interesting findings on the usefulness and importance of features for
detecting false news. Finally, we discuss how fake news detection approaches can be used
in the practice, highlighting challenges and opportunities.

& SOCIAL MEDIA SYSTEMS have been dramatically not only traditional news, corporations are
changing the way news is produced, dissemi- increasingly migrating to social media (https://
nated, and consumed, opening unforeseen oppor- www.comscore.com/Insights/Blog/Traditional-
tunities, but also creating complex challenges. News-Publishers-Take-Non-Traditional-Path-to-
A key problem today is that social media has Digital-Growth). Along with this transition, not
become a place for campaigns of misinformation surprisingly, there are growing concerns about
that affect the credibility of the entire news fake news publishers posting “fake” news sto-
ecosystem. ries, and often disseminating them widely using
A unique characteristic of news on social “fake” followers.1 As the extensive spread of fake
media is that anyone can register as a news pub- news can have a serious negative impact on indi-
lisher without any upfront cost (e.g., anyone can viduals and society, the lack of scalable fact
create a Facebook page claiming to be a newspa- checking strategies is especially worrisome.
per or news media organization). Consequently, Not surprisingly, recent research efforts are
devoted not only to better comprehend this
phenomenon1 but also to automatize the detec-
Digital Object Identifier 10.1109/MIS.2019.2899143 tion of fake news.2,3,4 While a fully automated
Date of current version 3 May 2019. approach for the fake news problem can be quite

1541-1672  2019 IEEE Published by the IEEE Computer Society IEEE Intelligent Systems

40
76 October 2019 Published by the IEEE Computer Society  2469-7087/19 © 2019 IEEE
 controversial and is still open for debate, a perti- trustworthiness); and 3) features extracted from
nent research question is: What is the prediction environment (e.g., social network structure). Next,
performance of current approaches and features we briefly survey previous efforts, describing
for automatic detection of fake news? existing features and how we implemented them.
Most of the existing efforts in this space are Textual Features consist of the information
concurrent work, which identify recurrent pat- extracted from the news text, including the text
terns on fake news after they are already dissemi- body, the headline, and the text message used
nated, or propose new features for training by the news source. For news articles embedded
classifiers, based on ideas that have not been in images and videos, we applied image process-
tested in combination. Thus, it is difficult to gauge ing techniques for extracting the text shown on
the potential that supervised models trained from them. In total, we evaluated 141 textual features.
features proposed in recent studies have for Features were grouped in sets, which are
detecting fake news. This paper briefly surveys described next.
existing studies on this topic, identifying the main
features proposed for this task. We implement 1) Language Features (Syntax): Sentence-level
these features and test the effectiveness of a vari- features, including bag-of-words approaches,
ety of supervised learning classifiers when distin- “n-grams” and part-of-speech (POS tagging)
guishing fake from real stories on a large, recently were explored in previous efforts as features
released and fully labeled dataset. Finally, we for fake news detection.2,6 Here, we imple-
discuss how supervised learning models can be mented 31 features from this set including
used to assist fact-checkers in evaluating digital number of words and syllables per sentence
content and reaching warranted conclusions. as well as tags of word categories (such as
noun, verb, adjective). In addition, to evalu-
FEATURES FOR FAKE NEWS ate writers’ style as potential indicators of
DETECTION text quality, we also implemented features
Most of the existing efforts to detect fake news based on text readability.
propose features that leverage information pres- 2) Lexical Features: Typical lexical features
ent in a specific dataset. In contrast, we use a include character and word-level signals,7,6
recently released dataset that allows us to imple- such as amount of unique words and their fre-
ment most of the proposed features explored in quency in the text. We implemented linguistic
previous works.5 It consists of 2282 BuzzFeed features, including number of words, first-per-
news articles related to the 2016 U.S. election son pronouns, demonstrative pronouns,
labeled by journalists and enriched with com- verbs, hashtags, all punctuations counts, etc.
ments associated with the news stories as well as 3) Psycholinguistic Features: Linguistic Inquiry
shares and reactions from Facebook users. and Word Count (LIWC)8 is a dictionary-
In this paper, we discarded stories labeled as based text mining software whose output
“non factual content” (12%), and merged those has been explored in many classification
labeled as “mostly false” (4%) and “mixture of true tasks, including fake news detection.4 We use
and false” (11%) into a single class, henceforth its latest version (2015) to extract 44 features
referred as “fake news.” The remaining stories cor- that capture additional signals of persuasive
respond to the “true” portion (73%). The rationale and biased language.
is that stories that mix true and false facts may 4) Semantic Features: There are features that cap-
represent attempts to mislead readers. Thus, we ture the semantic aspects of a text2,3 are useful
focus our analysis on understanding how features to infer patterns of meaning from data.9
can be used to discriminate true and fake news. As part of this set of features, we consider
On a coarse-grained level, features for fake the toxicity score obtained from Google’s API
news detection can be roughly categorized as fol- (https://www.perspectiveapi.com/#/). The
lows: 1) features extracted from news content API uses machine learning models to quantify
(e.g., language processing techniques); 2) features the extent to which a text (or comment, for
extracted from news source (e.g., reliability and instance) can be perceived as “toxic.” We did

March/April 2019
www.computer.org/computingedge
77 41
 Affective Computing and Sentiment Analysis

not consider strategies for topic extraction have become famous because of residents
since the dataset used in this paper was built who create and disseminate fake news
based on news articles about the same topic (https://www.bbc.com/news/magazine-
or category (i.e., politics). 38168281). In order to exploit the information
5) Subjectivity: Using TextBlob’s API (http://text- that domain location could carry, a pipeline
blob.readthedocs.io/en/dev/), we compute was built to take each news website URL and
subjectivity and sentiment scores of a text as extract new features, such as IP, latitude, lon-
explored in previous efforts.4 gitude, city, and country. First, for each
domain, the corresponding IP was extracted
News Source Features consist of information using the trace route tool. Then, the ipstack
about the publisher of the news article. To API was used to retrieve the location features.
extract these features, we first parsed all news Although localization information (i.e., IP) has
URLs and extracted the domain information. been previously used in works on bots or
When the URL was unavailable, we associated spam detection, to the best of our knowledge,
the official URL of news outlet with news article. there are no works that leverage these data in
Therefore, we extract eight (eight) indicators of the context of fake news detection.
political bias, credibility and source trustworthi-
ness, and use them as detailed next. Moreover, Environment Features consist of statistics of user
in this category, we introduce a new set com- engagement and temporal patterns from social
posed of five features, called domain localization media (i.e., Facebook). These features have been
(see below). extensively used in previous efforts,12 especially
to better understand the phenomenon of fake
1) Bias: The correlation between political polar- news.13 Next, we detail the 21 features from this
ization and spread of misinformation was category.
explored in previous studies.10 In this paper,
we use the political biases of news outlets 1) Engagement: We consider number of likes,
from the BuzzFeed dataset as a feature. shares, and comments from Facebook users.
2) Credibility and Trustworthiness: In this feature Moreover, we compute the number of com-
set, we introduce seven new features to cap- ments within intervals from publication time
ture aspects of credibility (or popularity) and (900, 1800, 2700, 3600, 7200, 14400, 28 800,
trustworthiness of domains. We collect, using 57 600 and 86 400 s), summing up to 12
Facebook’s API (https://developers.facebook. features.
com), user engagement metrics of Facebook 2) Temporal Patterns: Finally, to capture tempo-
pages that published news articles (i.e., “page ral patterns from user commenting activities,
talking about” count and “page fan” count). we compute the rate at which comments are
Then, we use the Alexa’s API to get the relative posted for the same time windows defined
position of news domain on the Alexa Ranking before.
(https://www.alexa.com). Furthermore, using
this same API, we collect Alexa’s top 500 news-
papers. Based on the intuition that some unre- CLASSIFICATION RESULTS
liable domains may try to disguise themselves We evaluate the discriminative power of the
using domains similar to those of well-known previous features using several classic and state-
newspapers, we define the dissimilarity of-the-art classifiers, including k-Nearest Neigh-
between domains from the Alexa ranking and bors (KNN), Naive Bayes (NB), Random Forests
news domains in our dataset (measured by (RF), Support Vector Machine with RBF kernel
the minimum edit distance) as features. (SVM), and XGBoost (XGB). Given that we used
Finally, we use indicators of low credibility of hand-crafted features, there was no need to
domains compiled11 as features. include a neural network model in the compari-
3) Domain Location: Ever since creating fake son since it would only associate weights with
news became a profitable job, some cities the features, rather than find new ones.

42
78 ComputingEdge
IEEE Intelligent Systems
October 2019
 Table 1. Results obtained for different classifiers w.r.t
AUC and F1 score.

Classifier AUC F1
KNN 0.800.009 0.750.008

NB 0.720.009 0.750.001

RF 0.850.007 0.810.008

SVM 0.790.030 0.760.019

XGB 0.860.006 0.810.011

RF and XGB performed best.

Figure 2. Chi-Square feature importance.

We measure the effectiveness of each classi-
fier w.r.t. the area under the ROC curve (AUC)
and the Macro F1 score. In this case, the result- For each classifier, we learn a model from a set
ing AUC is the probability that a model will of previously labeled (i.e., preclassified) data,
rank a randomly chosen fake news higher and then use it to classify new (unseen) news
(more false) than a randomly chosen news arti- articles into “fake” or “not fake.” The best results
cle. The AUC is especially relevant for fake were obtained by RF and XGB classifiers, statisti-
news detection since the decision threshold cally tied with 0.85 ( 0.007) and 0.86 ( 0.006)
can be used to control the tradeoff between for AUC, respectively.
true and false positive rates. The F1 score com- Moreover, inspecting the ROC curve for XGB
bines precision and recall per class in a single (see Fig. 1), we observe that it is possible to
metric and the Macro F1 score provides the choose a threshold so as to correctly classify
overall performance of the classifier. almost all of fake news (true positive rate  1),
We compute 95% confidence intervals for the while misclassifying 40% of the true news (false
mean AUC and F1 by performing a fivefold split positive rate  0.4). This can be useful, espe-
between training and test set, repeated ten times cially in assisting fact checkers to identify stories
with different shuffled versions of the original that are worth investigating. Finally, we assessed
dataset (a total of 50 runs). Table 1 shows the relative power of the selected attributes in
the empirical results obtained from the fitted discriminating each class from the other by rank-
models using all features previously described. ing features from each set based on X2 (Chi
Squared). Fig. 2 shows the results. Although all
feature sets have some discriminatory power,
there are some of them (e.g., credibility and
localization of news sources, and news engage-
ment) that can be more useful to improve the
performance of models for fake news detection.

FAKE NEWS DETECTION IN

PRACTICE
Fact checking is a damage control strategy
that is both essential and not scalable. It might
be hard to take out the human component out of
the picture any time soon, especially if these
news regard sensitive subjects such as politics.
Figure 1. ROC curve for the XGboost classifier. For In the case of social networks and search
BuzzFace, it is possible to correctly classify almost engines, predictions made by models for fake
all of fake news with only 40% of false positive rate. news detection could be used internally to limit

March/April 2019
www.computer.org/computingedge
79 43
 Affective Computing and Sentiment Analysis

the audience of news stories likely to be fake. in Proc. Annu. Meeting Assoc. Inf. Sci. Technol., 2015,
This is why automatic labeling of news stories pp. 1–4.
raises so many questions about fairness and 3. W. Y. Wang, “Liar, liar pants on fire: A new benchmark
algorithm transparency, suggesting that it is dataset for fake news detection,” in Proc. Annu. Meeting
likely that the final call will still depend on an Assoc. Comput. Linguistics, 2017, pp. 422–426.
expert at the end point for a long time. 4. S. Volkova, K. Shaffer, J. Jang Yea, and N. Hodas,
On the bright side, automatic fake news detec- “Separating facts from fiction: Linguistic models to
tion could be used by fact checkers as an auxiliary classify suspicious and trusted news posts on twitter,”
tool for identifying content that is more likely to in Proc. 55th Annu. Meeting Assoc. Comput.
be fake. Our results show that the prediction per- Linguistics, 2017, pp. 647–653.
formance of proposed features combined with 5. G. Santia and J. Williams, “BuzzFace: A news veracity
existing classifiers has a useful degree of discrimi- dataset with facebook user commentary and egos,” in
native power for detecting fake news. Our best Proc. 12th Int. AAAI Conf. Web Soc. Media, 2018,
classification results can correctly detect nearly pp. 531–540.
all fake news in our data, while misclassifying 6. K. Shu, A. Sliva, S. Wang, J. Tang, and H. Liu, “Fake
about 40% of true news, which is already sufficient news detection on social media: A data mining
to help fact checkers. In this context, providing perspective,” ACM SIGKDD Explorations Newslett.,
explanations that supported the algorithm’s out- vol. 19, no. 1, pp. 22–36, 2017.
put is crucial. For example, a certain story was 7. C. Castillo, M. Mendoza, and B. Poblete, “Information
considered false because it was posted by new credibility on twitter,” in Proc. 20th Int. Conf. World
newspaper hosted in the same IP address than a Wide Web, 2011, pp. 675–684.
known blacklisted fake news source. Additionally, 8. J. W. Pennebaker, M. E. Francis, and R. J. Booth,
this kind of approach requires a continual pipeline “Linguistic inquiry and word count: LIWC 2001,”
where more stories get labeled each day and are, Mahway: Lawrence Erlbaum Associates, vol. 71, 2001.
in turn, fed back to the models. Rather than verify- 9. E. Cambria, S. Poria, A. Gelbukh, and M. Thelwall,
ing only the most suspicious stories, an active “Sentiment analysis is a big suitcase,” IEEE Intell.
learning solution can be put in place, so that the Syst., vol. 32, no. 6, pp. 74–80, Nov./Dec. 2017.
model can also indicate which stories should be 10. F. N. Ribeiro, L. Henrique, F. Benevenuto,
investigated in order to improve its prediction A. Chakraborty, J. Kulshrestha, M. Babaei, and K. P.
performance. More importantly, fake news is a rel- Gummadi, “Media bias monitor: Quantifying biases of
atively recent problem and the cost to label large social media news outlets at large-scale.,” in Proc. of the
datasets is still very high. In the future, larger vol- Twelfth International AAAI Conference on Web and
umes of labeled data will enable us to explore Social Media, 2018, pp 290–299.
other techniques such as deep learning and push 11. C. Shao, G. L. Ciampaglia, O. Varol, A. Flammini, and
the boundaries of prediction performance. F. Menczer, “The spread of low-credibility content by
social bots,” 2017, arXiv:1707.07592.
12. M. Ebrahimi, A. H. Yazdavar, and A. Sheth, “Challenges
ACKNOWLEDGMENTS
of sentiment analysis for dynamic events,” IEEE Intell.
This work was supported in part by Google,
Syst., vol. 32, no. 5, pp. 70–75, Sep./Oct. 2017.
CAPES, MASWeb (Grant FAPEMIG/PRONEX
13. S. Vosoughi, D. Roy, and S. Aral, “The spread of true
APQ-01400-14), CNPq, and Fapemig.
and false news online,” Science, vol. 359, no. 6380,
pp. 1146–1151, 2018.

& REFERENCES
Julio C. S. Reis is currently working toward the
1. D. M. J. Lazer et al., “The science of fake news,”
Science, vol. 359, no. 6380, pp. 1094–1096, 2018. PhD degree in computer science at the Universidade
2. N. J. Conroy, V. L. Rubin, and Y. Chen, “Automatic Federal de Minas Gerais, Brazil. Contact him at julio.
deception detection: Methods for finding fake news,” [email protected].

44
80 ComputingEdge
IEEE Intelligent Systems
October 2019
 Andre  Correia is currently working toward the B.Sc. Adriano Veloso is an associate professor of
degree in information systems at the Universidade Computer Science at the Universidade Federal de
Federal de Minas Gerais, Brazil. His main interest is Minas Gerais, Brazil. His interests are in machine
applied machine learning. Contact him at andrecor- learning and natural language processing. Contact
[email protected]. him at [email protected].

Fabrıcio Murai is an assistant professor in the Fabrıcio Benevenuto is an associate professor in

Computer Science Department, Universidade Federal the Computer Science Department, Universidade
de Minas Gerais, Brazil. His research lies in the app- Federal de Minas Gerais, Brazil. His research lies in
lication of mathematical modeling, statistics and topics related to social computing, computational jour-
machine learning to informational and social networks. nalism, and sentiment analysis. He is the correspond-
Contact him at [email protected]. ing author. Contact him at [email protected].

This article originally appeared in

IEEE Intelligent Systems, vol. 34, no. 2, 2019.

ADVERTISER INFORMATION

Advertising Personnel Southwest, California:

Mike Hughes
Debbie Sims: Advertising Coordinator Email: [email protected]
Email: [email protected] Phone: +1 805 529 6790
Phone: +1 714 816 2138 | Fax: +1 714 821 4010

Advertising Sales Representative (Classifieds & Jobs Board)

Advertising Sales Representatives (display)
Heather Buonadies
Central, Northwest, Southeast, Far East: Email: [email protected]
Eric Kincaid Phone: +1 201 887 1703
Email: [email protected]
Phone: +1 214 673 3742
Fax: +1 888 886 8599 Advertising Sales Representative (Jobs Board)

Northeast, Midwest, Europe, Middle East: Marie Thompson

David Schissler Email: [email protected]
Email: [email protected] Phone: 714-813-5094
Phone: +1 508 394 4026
Fax: +1 508 394 1707

March/April 2019
www.computer.org/computingedge
81 45
 SECTION TITLE
CYBERTRUST

Thoughts on
Cyberbullying
Nir Kshetri, University of North Carolina at Greensboro
Jeffrey Voas, IEEE Fellow

Cyberbullying is a cybertrust issue that does not

get much attention until after an incident occurs.
It is hard to tie it directly to security or privacy. seven times more likely than other
people to be offenders.2 In a survey
It is its own threat category, fitting between conducted in 28 countries, 51% re-
ported that the offenders in cyber-
security, safety, and privacy. It is a social and bullying are classmates of cyberbul-
societal issue, a cowardly action attempting to lied children. The proportion was
the highest in North America (65%)
hide behind a virtual shield. Fortunately, digital and the lowest in the Middle East/
Africa (39%).3 In most developed
forensics can usually unmask this. countries, cyberbullying is regarded
as an important issue. In the United

C
States, First Lady Melania Trump
has made it a focus of her initiatives.
yberbullying is a targeted online weapon used The seriousness of this issue has led to the emergence
by online offenders to inflict psychological of new forms of cyberinsurance to protect against cyber-
and emotional harm to Internet users. Ac- bullies. Some insurers, such as American International
cording to a Pew Research Center survey from Group (AIG) and the Arbella Insurance Group, have cov-
September 2018, 59% of U.S. teens had been bullied or erage options for cyberbullying, including coverage for
harassed online.1 Often, the offenders are family, friends, costs incurred after a cyberbullying attack, e.g., legal
and other persons that the victims know and trust. For expenses, temporary relocation expenses, and private
example, in cyberbullying incidents where children and tutoring. The Family CyberEdge policy, a new product
young adults are victims, friends or dating partners are from AIG, includes coverage for one year of psychiatric
services if a family member is victimized by cyberbully-
Digital Object Identifier 10.1109/MC.2019.2898720
ing. Lost salary is also covered if the victim loses a job
Date of publication: 16 April 2019 within 60 days.

46 October 2019 Published by the IEEE Computer Society  2469-7087/19 © 2019 IEEE
64 COM PUTE R PUBLISHED BY THE IEEE COMPUTER SOCIET Y 0018-9162/19©2019IEEE
 EDITOR
EDITORJEFFREY
EDITOR NAME
VOAS
IEEE Fellow; [email protected]
Affiliation;

GEOGRAPHIC, DEMO- of cyberbullying. For instance, in the to take measures to control what is
GRAPHIC, ECONOMIC, AND United States, parents in general regard likely to happen with their personal
SOCIOCULTURAL FACTORS cyberbullying as among their top con- data. The GDPR emphasizes the roles
There are geographic, demographic, cerns related to their children’s health of parents and parental consent.4 So-
economic, and sociocultural variations and well-being. Among African-Amer- cial networking sites require paren-
in the awareness, patterns, and prev- ican parents specifically, however, tal consent before they process chil-
alence of cyberbullying. For instance, cyberbullying was a relatively lower dren’s information.5 In practice, this
according to a study conducted in 28 concern when compared to other social could mean that those under 16 years
countries by the global market research issues (Table 1). old may need to obtain their parents’
and consulting firm Ipsos, 75% of adults permission to use social media.6 In-
were aware of cyberbullying. However, ADDRESSING dividual EU member states can also
the awareness varied from the highest CYBERBULLYING lower the age required for parental
in Sweden and Italy (91% each) and low- So what can be done to protect children consent from 16 years to as low as 13.7
est in Saudi Arabia (37%).3 from the psychological and emotional In the United States, the 50 states, the
In the Ipsos study, 65% of parents harm that results from cyberbullying? District of Columbia, and U.S. territo-
reported that they know that this be- Table 2 shows coordinated efforts at ries have each taken various regulatory
havior takes place on social-network- various levels. measures to addresses bullying in gen-
ing sites.3 This proportion was higher Fortunately, laws dealing with eral and cyberbullying in particular.8
in Latin America and the lowest in the cyberbullying are evolving. The Eu- Some parents of cyberbullying victims
Asia-Pacific region (Table 1). ropean Union’s (EU’s) General Data have filed lawsuits against alleged bul-
There are also gender and economic Protection Regulation (GDPR) has lies or schools for failing to protect their
dimensions of cyberbullying. For in- provisions that aim to protect chil- children. In early 2018, a Pennsylvania
stance, girls are more likely to be vic- dren from cyberbullying and other family sued Sean Davis, a player on the
tims of cyberbullying than boys, and misuse of information by social-me- Pittsburgh Steelers football team, for
poor children are more likely to be vic- dia websites. The preamble to the cyberbullying the family’s teenage son.
tims of cyberbullying than children GDPR states that children are “less The family accused Davis of posting
from wealthier families.1 There are aware of risks, consequences, safe- a video on the social-media platform
also racial differences in terms of guards, and their rights” related to Snapchat that mocked the teen’s work
t he percept ion of t he seriousness personal data and often aren’t able at a Chick-fil-A drive-through.9

TABLE 1. Geographic, demographic, economic, and sociocultural factors linked to cyberbullying.

Factor Findings
Geography Ipsos' Global Advisor study was conducted in 28 countries. The proportion of parents who reported that their own
children or other children they knew were cyberbullied and that the harassing behavior took place on social-
networking sites was 76% in Latin America compared to 53% in the Asia-Pacific region.3

Gender A Pew Research Center survey 1 shows that, in the United States, 39% of girls were reported to be victims of false
rumors online compared to 26% of boys; 29% of girls reported that they received unwanted explicit images compared
with 20% of boys, and 15% of teen girls had become targets of four or more different forms of cyberbullying compared
with 6% of boys.1
In India, about 90% of cyberstalking victims are women.12
In the Democratic Republic of Congo, women and LGBT groups are frequently targeted by cyberbullies.15

Economic According to Ipsos' Global Advisor study, in the United States, 24% of teens from families with annual household
income lower than US$30,000 a year had been the target of physical threats online, as compared with 12% of those
with annual household income of US$75,000 or more.3

Race According to a national U.S. survey of C.S. Mott Children's Hospital on Children's Health, University of
Michigan, bullying and cyberbullying were the most serious concerns parents had about their children's
health, followed by Internet safety. For African-American parents, racial inequities and school violence were
bigger concerns.16

www.computer.org/computingedge 47
APRIL 2019 65
CYBERTRUST

Many developing countries, on the the cybersecurity firm Symantec, only offenses is nonexistent.10 Enactment
other hand, lack laws that criminalize 11 countries in Africa had specific laws of laws that criminalize cyberbullying
cyberbullying. As of 2016, China and and provisions in place to deal with cy- is important to combat this problem.
Russia had no specific laws against cy- bercrime and electronic evidence. An There are also law-enforcement chal-
berbullying. In Russia, cyberbullying is additional 12 countries had taken at lenges in addressing these offenses.
theoretically covered by conventional least some legislative measures, albeit In India, the unsupportive attitudes of
laws against violence or murder.10 limited. In May 2018, Kenya enacted a law-enforcement agencies and their un-
Many other developing countries law that criminalizes cyberbullying.11 willingness to help victims have contrib-
lack even basic cybercrime laws. Ac- The Democratic Republic of Congo uted to a low reporting rate of cyberbul-
cording to a November 2016 report of has no laws to protect people against lying cases.12 To fight this problem, law
the African Union Commission and cyberbullying. Prosecution for such enforcement must be better prepared.

TABLE 2. Measures to address cyberbullying.

Actors Possible actions Examples
Regulators Pass stricter laws that might discourage In Michigan, a "pattern of repeated harassment" is a felony
cyberbullying activities. that carries a penalty of up to five years in prison and a
US$5,000 fine.17
In The Netherlands, cyber offenders who engage in
cyberbullying and harassment may face a prison sentence
of up to 10 years. In 2018, a Dutch appeals court upheld this
maximum prison sentence for a convicted cyberbully.20

Law-enforcement Train law enforcement. In Illinois, police officers assigned to protect schools are
agencies required to undergo training focused on cyberbullying.21

Organizations Educate students about cyberbullying’s Seattle Public Schools participated in a pilot program
and educational psychological and legal implications and with iCanHelpLine.org where subscribers can discuss
institutions present to them actual case studies of issues related to student cyberbullying on social media.
cyberbullying.22 iCanHelpline.org works with social media organizations,
Invest in technical solutions, such as such as Instagram, Snapchat, and Twitter, to delete
monitoring or blocking software to content.18
detect cyberbullying activities on school
networks.23

Technology Develop advanced technical tools. Credit report and identity theft protection company Identity
companies Guard uses artificial intelligence to monitor social media feeds
and identify behavior that can be considered cyberbullying. It
uses IBM Watson to enable natural language processing and
natural language classifiers. Complex algorithms identify
potential cyberbullying instances and send alerts to parents.
These alerts also include screenshots with dates and times of
related content that triggered the warnings. Parents are then
guided to resources, such as relevant laws and school policies,
so that they can respond effectively.24

Parents, guardians, Discuss Internet and cell phone etiquette. A survey of parents of teenagers found that more than 75%
and caregivers Talk with children about cyberbullying. of parents discussed cyberbullying with their children, 86%
joined their children’s online social network to monitor
interactions, and 67% monitored the security settings on
their children’s social media accounts.25

Social arbiters (e.g., Create awareness about cyberbullying. The nonprofit organization End to Cyberbullying (ETCB) has
press, governance Encourage victims to report abuses. taken initiatives to raise awareness about cyberbullying. It
watchdog groups, works with students, educators, and parents. The ETCB has
academics, and hundreds of volunteers worldwide.19
activists) The Family Online Safety Institute (FOSI) works with the
industry, government, and other nonprofit organizations to
address problems related to cyberbullying. FOSI also uses
forums, conferences, special events, and YouTube to promote
online safety.18

48 ComputingEdge October 2019

66 COMPUTER W W W.CO M P U T E R .O R G /CO M P U T E R
 Parents and caregivers can also Sept. 27, 2018. [Online]. Available: 9. Associated Press, “Family sues
play a key role in helping children deal http://www.pewinternet Steelers’ Sean Davis, alleging cyber-
with cyberbullying. A study found .org/2018/09/27/a-majority-of- bullying,” USA Today, Feb. 27, 2018.
that “authoritative” parents who listen teens-have-experienced- [Online]. Available: https://www
to their children and provide guid- some-form-of-cyberbullying/ .usatoday.com/story/sports
ance can help reduce the impact of 2. J. White, “How to keep cyberbullies out /nfl/steelers/2018/02/27/sean-davis-
cyberbullying.13 of your life,” Inc., Oct. 5, 2017. Accessed pittsburgh-steelers-cyberbullying-
Cyberbullies as well as victims on: Nov. 15, 2018. [Online]. Available: lawsuit/377666002/
may be stigmatized, and victims may https://www.inc.com/john-white 10. N. Kshetri, “Cybercrime and cyber-
also suffer secondary victimization. /how-to-keep-cyberbullies-out-of- security in India: Causes, conse-
Note that primary victimization oc- your-life.html quences and implications for the
curs when a person becomes a victim 3. M. Newall, “Cyberbullying: A global future,” Crime, Law Social Change, vol.
of the act itself. Some mechanisms advisor survey,” Ipsos, 2018. 66, no. 3, pp. 313–338, 2016.
involved in primary victimization [Online]. Available: https://www 11. A. Schwarz, “Kenya signs bill criminal-
include physical/psychological suf- .ipsos.com/sites/default/files/ct ising fake news,” Mail & Guardian, May
fering or financial losses. Secondary /news/documents/2018-06/cyber 16, 2018. [Online]. Available: https://
victimization takes place due to ac- bullying_june2018.pdf mg.co.za/article/2018-05-16-kenya-
tions in the victim’s social environ- 4. Better Internet for Kids, “Data Protec- signs-bill-criminalising-fake-news
ment. Key mechanisms involved in tion Directive or General Data Protec- 12. P. K. Roy, “Why online harassment
secondary victimization include stig- tion Regulation: Which one is for you?” goes unpunished in India,” BBC
matization, social isolation, and in- Sept. 28, 2017. [Online]. Available: News, July 17, 2015. [Online]. Avail-
trusive and humiliating questioning. https://www.betterinternetforkids able: https://www.bbc.com/news
Secondary victimization can also oc- .eu/web/portal/practice/awareness /world-asia-india-33532706
cur when journalists use faulty and /detail?articleId=2258465 13. A. Baird, “Best defenses against cy-
insensitive practices in gathering or 5. European Commission, “Can personal ber bullies,” Scientific American, Aug.
reporting news or when the criminal data about children be collected?” 24, 2010. [Online]. Available: https://
justice system takes inappropriate Accessed on: Nov. 15, 2018. [Online]. www.scientificamerican.com/arti
actions. Schools should have multiple Available: https://ec.europa cle/best-defenses-cyber-bullies/
avenues for reporting cyberbullying .eu/info/law/law-topic/data-protec 14. P. K. Smith and F. Thompson, “The
so that victims are not stigmatized.14 tion/reform/rights-citizens best way to stop bullying: Get the
/how-my-personal-data-protected cool kids to stick up for the victims,”

C
/can-personal-data-about-children- Washington Post, Aug. 8, 2014.
yberbullying can be as de- be-collected_en [Online]. Available: https://www
structive as traditional bul- 6. V. Verdoodt, “Children’s access to .washingtonpost.com/postevery
lying. However, parents often social media and the GDPR – ‘Please thing/wp/2014/08/08/the-best-
have a low level of awareness of this mom, can I go on Facebook?’” Ku Leu- way-to-stop-bullying-in-schools/?
form of bullying. How people view ven Centre for IT & IP Law, Aug. 9, 2016. utm_term=.bb405af86c8c
and respond to this issue is shaped [Online]. Available: https://www.law 15. K. Lyons, T. Phillips, S. Walker, J.
by various geographic, demographic, .kuleuven.be/citip/blog Henley, P. Farrel, and M. Carpentier,
and racial differences. Constructive /childrens-access-to-social-media-and- “Online abuse: How different coun-
and supportive actions of parents can the-gdpr-please-mom-can-i-go-on- tries deal with it,” The Guardian, Apr.
reduce the harm that cyberbullying facebook/ 12, 2016. [Online]. Available: https://
causes. Organized and systematic re- 7. J. Průša, “Beware of encouraging www.theguardian.com/technology
sponses by governments and law-en- pupils to use social networks and /2016/apr/12/online-abuse-ho
forcement agencies and by social ar- messengers,” CZ.NIC, Sept. 27, 2018. w-harrassment-revenge-pornogra-
biters, such as the press, governance [Online]. Available: https://en.blog phy-different-countries-deal-with-it
watchdog groups, academics, and ac- .nic.cz/2018/09/27/beware- 16. News Medical Life Sciences, “Bullying
tivists, can also play a role in fighting of-encouraging-pupils-to-use-social- and cyberbullying top parents’ list of
cyberbullying. networks-and-messengers/ worries, new report reveals,” Aug. 21,
8. Stopbullying.gov, “Laws & Policies,” 2017. [Online]. Available: https://www
REFERENCES U.S. Department of Health and Hu- .news-medical.net/news/20170821
1. M. Anderson, “A majority of teens man Services, Jan. 7, 2018. [Online]. /Bullying-and-cyberbullying-top-
have experienced some form of Available: https://www.stopbullying parents-list-of-worries-new-report-
cyberbullying,” Pew Research Center, .gov/laws/index.html reveals.aspx

www.computer.org/computingedge 49
APRIL 2019 67
CYBERTRUST This article originally appeared in
Computer, vol. 52, no. 4, 2019.

17. L. Devito, “Cyberbullying is now a cyberbully,” 660 News, Dec. 14, 2018. [Online]. Available: https://www
crime in Michigan punishable by jail 2018. [Online]. Available: .ibm.com/blogs/client-voices
time,” Detroit MetroTimes, Dec. 28, 2018. https://www.660citynews.com /ai-technology-protect-teens-
[Online]. Available: https:// /2018/12/14/dutch-court-upholds- cyberbullying/
www.metrotimes.com/news-hits maximum-sentence-for-cyberbully 25. HealthDay, “Cyberbullying a big
/archives/2018/12/28/cyberbullying- 21. NBC 5, “Illinois school resource offi- worry for parents: Survey,” July 15,
is-now-a-crime-in-michigan-punish cers to undergo training,” NBC Univer- 2011. [Online]. Available: https://
able-by-jail-time sal, Aug. 20, 2018. [Online]. Available: consumer.healthday.com
18. Seattle Public Schools, “District part- https://www.nbcchicago.com /health-technology-information-18
ners to stop bullying on social media,” /investigations/Illinois-School- /misc-computer-health-news-150
Sept. 29, 2017. [Online]. Available: Resource-Officers-to-Undergo- /cyberbullying-a-big-worry-for-parents-
https://www.seattleschools.org Training-491310131.html survey-654818.html
/district/calendars/news/what_s_new 22. M. Clifford, “15 strategies educa-
/district_partners_to_stop_bullying_ tors can use to stop cyberbullying.”
on_social_media informED, Oct. 26, 2012. [Online]. NIR KSHETRI is a professor of manage-
19. E. Kaough, “Combatting cyberbul- Available: https://www ment in the Bryan School of Business
lying: Government, NGO and the .opencolleges.edu.au/informed and Economics at the University of
private sector,” Ministry of Public /features/15-strategies-educators- North Carolina at Greensboro. Contact
Security, Israel. Accessed on: Nov. can-use-to-stop-cyberbullying/ him at [email protected].
15, 2018. [Online]. Available: https:// 23. C. Page, “Striking back at the cyber-
www.gov.il/BlobFolder/reports bullies,” BBC News, Apr. 16, 2006. JEFFREY VOAS is an IEEE Fellow, is
/cyberbullying_brief/en/cyberbully- [Online]. Available: http://news Computer’s “Cybertrust” column ed-
ing%20brief%2001.13.pdf .bbc.co.uk/2/hi/uk/4912766.stm itor, and was a cofounder of Cigital.
20. Associated Press, “Dutch court 24. T. Meier, “AI technology helps protect Contact him at [email protected].
upholds maximum sentence for teens from cyberbullying,” IBM, Feb. 27,

Call rticles
f o r A
g
C o m putin
e
E Pe rvasiv the la
te s t
IEE u s efu
l p a p e r s on
e,
ible, er vasiv
a c ce s s ts in p
seek s men
velop ics
e d de g. Top
eview putin
peer-r ou s c o m
biquit f t war
e
b il e , an d u gy, so
mo n o lo
te c h
ware nd
d e hard sing a
in clu
w o r ld sen
l- ion,
re , re a terac t
truc tu ter in
s: infras m p u
e li n e n- co
r gui
d hu m a g
ut ho e ra c tion, ns, in
cludin
A /mc / in t tio
er.org onsid
e r a
rivac y
.
mpu t an d p
ww w .c o
s y s t em s c r it y,
thor.h
tm an d s e cu
ive /au bilit y,
pe r v a s
ls:
i m e n t, scala
a y
e r det deplo
Furth ter.o rg
ive
sive@
c ompu
g/p ervas
p e r va ter.or
.c ompu
www
Digital Object Identifier 10.1109/MC.2019.2906963

50 ComputingEdge October 2019

68 COMPUTER W W W.CO M P U T E R .O R G /CO M P U T E R
 CAREER OPPORTUNITIES
The Department of Computer

Call for Articles

and Cyber Sciences at the
US Air Force Academy
seeks to fill a faculty position
at the Assistant Professor level.
Exceptionally qualified candidates at
upper ranks will also be considered. 
The department is particularly
interested in candidates with a IEEE Software seeks
background in cybersecurity, but practical, readable articles
all candidates with a passion for
teaching computer science are that will appeal to experts
encouraged to apply. and nonexperts alike. The
The Academy is a national service
institution, charged with producing magazine aims to deliver
leaders of character for the US Air reliable information to software
Force.  Faculty members are expected
to exemplify the highest ideals of developers and managers to
professionalism and integrity.  The help them stay on top of rapid
Academy is located in Colorado
Springs, an area known for its natural technology change. Submissions
beauty and quality of life. The
United States Air Force Academy must be original and no more
values the benefits of diversity than 4,700 words, including 250
among the faculty to include a
variety of educational backgrounds, words for each table and figure.
professional and life experiences.
For information on how to apply, go
Author guidelines:
to usajobs.gov and search with the
www.computer.org/software/author
keyword 545526600. US citizenship
is required. Candidates with specific Further details: [email protected]
questions can contact Dr Barry Fagin www.computer.org/software
at [email protected].

The University of Alabama in Huntsville

The Department of Computer Science at The University of Alabama in Huntsville (UAH)
invites applicants for a tenure-track faculty position at the Assistant Professor level
beginning August 2020 to support the gaming and entertainment computing program.
A Ph.D. in computer science or a closely related area is required. The successful
candidate will have a strong academic background and be able to secure and perform
funded research in areas typical for publication in well-regarded academic conference and journal venues. In addition, the candidate
should embrace the opportunity to provide undergraduate education.
The department has a strong commitment to excellence in teaching, research, and service; the candidate should have good
communication skills, strong teaching potential, and research accomplishments.
UAH is located in an expanding, high-technology area, in close proximity to Cummings Research Park, the second largest research
park in the nation and the fourth largest in the world. Nearby are the NASA Marshall Space Flight Center, the Army’s Redstone Arsenal,
numerous Fortune 500 and high tech companies. UAH also has an array of research centers, including information technology and
cybersecurity. In short, collaborative research opportunities are abundant, and many well-educated and highly technically skilled
people are in the area. There is also access to excellent public schools and inexpensive housing.
UAH has an enrollment of approximately 9,900 students. The Computer Science department offers BS, MS, and PhD degrees in
Computer Science and contributes to interdisciplinary degrees. Faculty research interests are varied and include cybersecurity, mobile
computing, data science, software engineering, visualization, graphics and game computing, multimedia, AI, image processing,
pattern recognition, and distributed systems. Recent NSF figures indicate the university ranks 30th in the nation in overall federal
research funding in computer science.
Interested parties must submit a detailed resume with references to [email protected] or Chair, Search Committee, Department
of Computer Science, The University of Alabama in Huntsville, Huntsville, AL 35899. Qualified female and minority candidates are
encouraged to apply. Initial review of applicants will begin as they are received and continue until a suitable candidate is found.
The University of Alabama in Huntsville is an affirmative action/equal opportunity employer/ minorities/ females/ veterans/ disabled.
Please refer to log number: 20/21-549

www.computer.org/computingedge 5
IEEE Computer Architecture Letters is a forum for fast
publication of new, high-quality ideas in the form of
short, critically refereed technical papers. Submissions
are accepted on a continuing basis and letters will be
published shortly after acceptance in IEEE Xplore and in
the Computer Society Digital Library.

Submissions are welcomed on any topic in computer

architecture, especially:
• Microprocessor and multiprocessor systems
• Microarchitecture and ILP processors
• Workload characterization
• Performance evaluation and simulation techniques
• Interactions with compilers and operating systems
• Interconnection network architectures
• Memory and cache systems
• Power and thermal issues at the architectural level
• I/O architectures and techniques
• Independent validation of previously published results
• Analysis of unsuccessful techniques
• Domain-specific processor architecture
(embedded, graphics, network)
• High-availability architectures
• Reconfigurable computer architectures

www.computer.org/cal

Join the IEEE Computer Society

for subscription discounts today!
www.computer.org/product/journals/cal
 SHARE AND MANAGE
YOUR RESEARCH DATA
IEEE DataPort is an accessible online platform that enables re-
searchers to easily share, access, and manage datasets in one
trusted location. The platform accepts all types of datasets, up
to 2TB, and dataset uploads are currently free of charge.

2TB Cloud Storage Supports Research Open Access Options

Per Dataset Reproducibility

Link Dataset to Generates Citations ORCID

Manuscript Integration

Host Data Competitions DOI Provided Broad Range of

Data Topics

U P L O A D D ATA S E T S AT I E E E - D ATA P O R T. O R G
IEEE Letters of the Computer Society (LOCS) is a rigorously peer-reviewed
forum for rapid publication of brief articles describing high-impact results
in all areas of interest to the IEEE Computer Society.

Topics include, but are not limited to: EDITOR IN CHIEF

• software engineering and design Darrell Long – University of California, Santa Cruz
• information technology
• software for IoT, embedded,
and cyberphysical systems
ASSOCIATE EDITORS
• cybersecurity and secure computing • Sasitharan Balasubramaniam – Waterford
• autonomous systems Institute of Technology and Tampere
• machine intelligence University
• parallel and distributed software • Dirk Duellmann – CERN
and algorithms • Dan Feng – Huazhong University of Science
• programming environments and languages and Technology
• computer graphics and visualization • Gary Grider – Los Alamos National Laboratory
• services computing • Kanchi Gopinath – Indian Institute of Science
• databases and data-intensive computing (IISc), Bangalore
• cloud computing and enterprise systems • James Hughes – University of California,
• hardware and software test technology Santa Cruz
• Ilia Iliasdis – IBM Research – Zurich
• Katia Obraczka – University of California,
Santa Cruz
OPEN ACCESS • Mubashir Husain Rehmani – Cork Institute
of Technology
LOCS offers open access options for • Thomas Johannes Emil Schwarz
authors. Learn more about IEEE open – Marquette University
access publishing: • Marc Shapiro – Sorbonne-Université–
https://open.ieee.org LIP6 & Inria
• Kwang Mong Sim – Shenzhen University

Submit / Subscribe / Learn More

www.computer.org/locs
 stay connected.

Keep up with the latest IEEE Computer Society publications and activities wherever you are.

Follow us:
 | @ComputerSociety

 | facebook.com/IEEEComputerSociety

 | IEEE Computer Society

 | youtube.com/ieeecomputersociety

 | instagram.com/ieee_computer_society
 IEEE TRANSACTIONS ON

BIG DATA
SUBMIT
TODAY

SCOPE
The IEEE Transactions on Big Data (TBD) publishes peer reviewed articles with big data as the main
focus. The articles provide cross disciplinary innovative research ideas and applications results for
big data including novel theory, algorithms and applications. Research areas for big data include, but
are not restricted to, big data analytics, big data visualization, big data curation and management,
big data semantics, big data infrastructure, big data standards, big data performance analyses,
intelligence from big data, scientific discovery from big data security, privacy, and legal issues specific
to big data. Applications of big data in the fields of endeavor where massive data is generated are of
particular interest.

SUBSCRIBE AND SUBMIT

For more information on paper submission, featured articles, calls for papers,
and subscription links visit:

www.computer.org/tbd
IEEE Security & Privacy is a bimonthly magazine
communicating advances in security, privacy,
and dependability in a way that is useful to a
broad section of the professional community.

The magazine provides articles with both a

practical and research bent by the top thinkers in
the field of security and privacy, along with case
studies, surveys, tutorials, columns, and in-depth
interviews. Topics include:
• Internet, software, hardware, and systems security
• Legal and ethical issues and privacy concerns
• Privacy-enhancing technologies
• Data analytics for security and privacy
• Usable security
• Integrated security design methods
• Security of critical infrastructures
• Pedagogical and curricular issues in security education
• Security issues in wireless and mobile networks
• Real-world cryptography
• Emerging technologies, operational resilience,
and edge computing
• Cybercrime and forensics, and much more

www.computer.org/security

E-Currency and Fairness ■ Ransomware Defense ■ A National Cybersecurity Policy

IEEE SECURITY & PRIVACY

Software and Cybersecurity ■ Big Data: Privacy Versus Accessibility ■ Resiliency in Cloud Computing
AI ETHICS

Blockchain Technologies ■ The Fuzzing Revival ■ Cybersecurity for the Public Interest
IEEE SECURITY & PRIVACY

IEEE SECURITY & PRIVACY

DIGITAL FORENSICS, PART 2

PRIVACY AND AUTOMATED AIRPORT SCREENING

VOLUME 17

VOLUME 16
NUMBER 1
JANUARY/FEBRUARY 2019

NUMBER 3

January/February 2019 CYBERSECURITY AND

PRIVACY ISSUES IN BRAZIL
Vol. 17, No. 1
WWW.COMPUTER.ORG/SECURITY

VOLUME 17

November/December 2018
Vol. 16, No. 6
NUMBER 2
MAY/JUNE 2018

MARCH/APRIL 2019

Join the IEEE Computer Society May/June 2018

WWW.COMPUTER.ORG/SECURITY

Vol. 16, No. 3 March/April 2019

Vol. 17, No. 2
WWW.COMPUTER.ORG/SECURITY

for subscription discounts today!
www.computer.org/product/magazines/security-and-privacy
 Conference Calendar
Questions? Contact [email protected]

I EEE Computer Society conferences are valuable forums for learning on broad and dynamically
shifting topics from within the computing profession. With over 200 conferences featuring leading
experts and thought leaders, we have an event that is right for you.

Find a region: Africa ■ Australia ◆ North America ◗

Asia ▲ Europe ● South America ★

NOVEMBER 4 December
4 November • IREHI (IEEE Int’l Rural and Elderly Health Infor-
• ICTAI (IEEE 31st Int’l Conf. on Tools with Arti- matics Conf.) ■
ficial Intelligence) ◗ 9 December
7 November • AIVR (IEEE Int’l Conf. on Artificial Intelligence
• SEC (IEEE/ACM Symposium on Edge Com- and Virtual Reality) ◗
puting) ◗ • Big Data (IEEE Int’l Conf. on Big Data) ◗
8 November • CDKE (IEEE Int’l Conf. on Conversational Data
• ICDM (IEEE Int’l Conf. on Data Mining) ▲ & Knowledge Eng.) ◗
9 November • ISM (IEEE Int’l Symposium on Multimedia) ◗
• FOCS (IEEE 60th Annual Symposium on Foun- 10 December
dations of Computer Science) ◗ • ISSPIT (IEEE Int’l Symposium on Signal Pro-
11 November cessing and Information Technology) ▲
• ASE (34th IEEE/ACM Int’l Conf. on Automated
Software Eng.) ◗
17 November 2020
• ICCD (IEEE 37th Int’l Conf. on Computer
Design) ▲ January
• SC19 (SC19: Int’l Conf. for High Performance 13 January
Computing, Networking, Storage and Analy- • ICCPS (Int’l Conf. on Cyber-Physical Systems) ●
sis) ◗
18 November February
• BIBM (IEEE Int’l Conf. on Bioinformatics and 3 February
Biomedicine) ◗ • ICSC (IEEE 14th Int’l Conf. on Semantic Com-
puting) ◗
DECEMBER 18 February
3 December • SANER (IEEE 27th Int’l Conf. on Software Anal-
• RTSS (IEEE Real-Time Systems Symposium) ▲ ysis, Evolution and Reengineering) ◗

72 October 2019 Published by the IEEE Computer Society 2469-7087/19 © 2019 IEEE
19 February 18 May
• BigComp (IEEE Int’l Conf. on Big Data and • SP (IEEE Symposium on Security and Pri-
Smart Computing) ▲ vacy) ◗
22 February • FG (IEEE Int’l Conf. on Automatic Face and
• CGO (IEEE/ACM Int’l Symposium on Code Gesture Recognition) ★
Generation and Optimization) ◗ • IPDPS (IEEE Int’l Parallel and Distributed Pro-
cessing Symposium) ◗
March 23 May
2 March • ICSE (IEEE/ACM 42nd Int’l Conf. on Software
• WACV (IEEE Winter Conf. on Applications of Eng.) ▲
Computer Vision) ◗ 30 May
9 March • ISCA (ACM/IEEE 47th Annual Int’l Sympo-
• DATE (Design, Automation & Test in Europe sium on Computer Architecture) ●
Conf. & Exhibition) ●
• IRC (4th IEEE Int’l Conf. on Robotic Comput- June
ing) ▲ 14 June
16 March • CVPR (IEEE Conf. on Computer Vision and
• ICSA (IEEE Int’l Conf. on Software Architec- Pattern Analysis) ◗
ture) ★ 16 June
22 March • EuroS&P (IEEE European Symposium on
• VR (IEEE Conf. on Virtual Reality and 3D User Security & Privacy) (Location TBD)
Interfaces) ◗ 19 June
23 March • JCDL (ACM/IEEE Joint Conf. on Digital Librar-
• ICST (13th IEEE Conf. on Software Testing, ies) ▲
Validation and Verification) ● 29 June
• PerCom (IEEE Int’l Conf. on Pervasive Com- • DSN (50th Annual IEEE/IFIP Int’l Conf. on
puting and Communications) ◗ Dependable Systems and Networks) ●
30 June
April • MDM (21st IEEE Int’l Conf. on Mobile Data
5 April Management) ●
• ISPASS (Int’l Symposium on Performance
Analysis of Systems and Software) ◗
14 April
• PacificVis (IEEE Pacific Visualization Sympo-
sium) ▲
20 April
• ICDE (IEEE 36th Int’l Conf. on Data Eng.) ◗

May
3 May Learn more about
• FCCM (IEEE 28th Annual Int’l Symposium
on Field-Programmable Custom Computing
IEEE Computer
Machines) ◗ Society Conferences
4 May
• HOST (IEEE Int’l Symposium on Hardware www.computer.org/conferences
Oriented Security and Trust) ◗
IEEE Computer Society
Kicks Off Cybersecurity
Awareness Month
The IEEE Computer Society kicks off a month-long campaign
of exciting activities that highlight cybersecurity awareness,
encourage accountability, and promote proactive behavior
to ensure best security practices for individuals and
their organizations.

• Special blog posts

• Daily cybersecurity tips
• Security and Privacy TC Membership
• Cybersecurity curricular guidelines
• Cipher Newsletter
• And more!

Visit computer.org for daily updates!

Don’t miss our lineup

of exclusive activities
and resources!
SE RADIO Zero-Trust Networks
PODCAST
EPISODE Evan Gilman and Doug Barth
Securing Authors of Zero-Trust Networks: Building
SE RADIO Your API 22 OCTOBER Secure Systems in Untrusted Networks
PODCAST
Neil Madden
EPISODE
Author of API
Security in Action
8 OCTOBER and Security Director
of ForgeRock WEBINAR Steven Bay
Former NSA
23 OCTOBER now leading author