A Systematic Literature Review of Crowdsourcing-Based Research in Information Security

Crowdsourcing is a well-established concept in several application areas of computer science and information systems. While crowdsourcing is favored in areas such as information sharing, quality management or data acquisition, only little attention has been drawn to crowdsourcing capabilities for information security in the past. Since a few years an increase of crowdsourcing-based research in information security can be identified. To which extend remains unclear since a comprehensive overview of applied crowdsourcing techniques and related challenges is missing. In this paper we try to shed some light on this by conducting a systematic literature review based on the snowballing methodology. It delivered 23 relevant papers which we analyzed with respect to the following perspectives: (a) Bibliographic information, (b) applied research methodology, (c) addressed information security application context, (d) applied crowdsourcing approach, and (e) challenges for crowdsourcing-based research in information security. Finally, based on the described investigations, we give a comprehensive overview, and identify several challenges of crowdsourcing based research in information security.

[1]  Gianluca Stringhini,et al.  Two years of short URLs internet measurement: security threats and countermeasures , 2013, WWW.

[2]  Mark Harman,et al.  A survey of the use of crowdsourcing in software engineering , 2017, J. Syst. Softw..

[3]  Vinayak S. Naik,et al.  SMSAssassin: crowdsourcing driven mobile-based system for SMS spam filtering , 2011, HotMobile '11.

[4]  Claes Wohlin,et al.  Systematic literature studies: Database searches vs. backward snowballing , 2012, Proceedings of the 2012 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement.

[5]  Claes Wohlin,et al.  Experimentation in Software Engineering , 2012, Springer Berlin Heidelberg.

[6]  Claes Wohlin,et al.  Guidelines for snowballing in systematic literature studies and a replication in software engineering , 2014, EASE '14.

[7]  Malcolm Hall,et al.  ProtectMyPrivacy: detecting and mitigating privacy leaks on iOS devices using crowdsourcing , 2013, MobiSys '13.

[8]  Munkee Choi,et al.  Crowdsourcing for Device Manufacturers in the Convergent Media Industry , 2013 .

[9]  Jonathan Corney,et al.  Outsourcing labour to the cloud , 2009 .

[10]  Martin Schader,et al.  Managing the Crowd: Towards a Taxonomy of Crowdsourcing Processes , 2011, AMCIS.

[11]  Roel Wieringa,et al.  Requirements engineering paper classification and evaluation criteria: a proposal and a discussion , 2005, Requirements Engineering.

[12]  David Johnstone,et al.  An Architecture Utilizing the Crowd for Building an Anti-virus Knowledge Base , 2014, FDSE.

[13]  Austen Rainer,et al.  Case Study Research in Software Engineering - Guidelines and Examples , 2012 .

[14]  Stephen Giguere,et al.  Crowdsourced Cyber Defense: Lessons from a Large-Scale, Game-Based Approach to Threat Identification on a Live Network , 2012, SBP.

[15]  Georgios Kambourakis,et al.  A cloud-based architecture to crowdsource mobile app privacy leaks , 2014, Panhellenic Conference on Informatics.

[16]  Kwong-Sak Leung,et al.  A Survey of Crowdsourcing Systems , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.

[17]  Sushmita Ruj,et al.  Security Services Using Crowdsourcing , 2014, ANT/SEIT.

[18]  Lars Hetmank,et al.  Components and Functions of Crowdsourcing Systems - A Systematic Literature Review , 2013, Wirtschaftsinformatik.

[19]  Eugene Fink,et al.  SmartNotes: Application of crowdsourcing to the detection of web threats , 2011, 2011 IEEE International Conference on Systems, Man, and Cybernetics.

[20]  Qinghua Zhu,et al.  Evaluation on crowdsourcing research: Current status and future direction , 2012, Information Systems Frontiers.

[21]  Pern Hui Chia,et al.  Community-based web security: complementary roles of the serious and casual contributors , 2012, CSCW '12.

[22]  Hongzhi Wang,et al.  Brief survey of crowdsourcing for data mining , 2014, Expert Syst. Appl..

[23]  Niels Bjørn-Andersen,et al.  Organizational Learning with Crowdsourcing: The Revelatory Case of LEGO , 2014, J. Assoc. Inf. Syst..

[24]  Alon Y. Halevy,et al.  Crowdsourcing systems on the World-Wide Web , 2011, Commun. ACM.

[25]  Ted S. Sindlinger,et al.  Crowdsourcing: Why the Power of the Crowd is Driving the Future of Business , 2010 .

[26]  L. Jean Camp,et al.  PeerSec: Towards Peer Production and Crowdsourcing for Enhanced Security , 2012, HotSec.

[27]  Maja Vukovic,et al.  Accelerating the Deployment of Security Service Infrastructure with Collective Intelligence and Analytics , 2012, 2012 IEEE Ninth International Conference on Services Computing.

[28]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[29]  Tyler Moore,et al.  Evaluating the Wisdom of Crowds in Assessing Phishing Websites , 2008, Financial Cryptography.

[30]  Gang Liu,et al.  Smartening the crowds: computational techniques for improving human verification to fight phishing scams , 2011, SOUPS.

[31]  Bilal Kartal,et al.  CALL OF DUTY: CAN TURKEY BENEFIT FROM CROWD-SOURCED SERIOUS GAMES TO STRENGTHEN ITS CYBER SECURITY CAPABILITIES? Call of Duty: Can Turkey Benefit from Crowd-Sourced Serious Games to Strengthen Its Cyber Security Capabilities? , 2014 .

[32]  Serge Egelman,et al.  Is This Thing On?: Crowdsourcing Privacy Indicators for Ubiquitous Sensing Platforms , 2015, CHI.

[33]  Fernando González-Ladrón-de-Guevara,et al.  Towards an integrated crowdsourcing definition , 2012, J. Inf. Sci..

[34]  Matthew Smith,et al.  On Usable Location Privacy for Android with Crowd-Recommendations , 2014, TRUST.

[35]  Eemil Lagerspetz,et al.  The company you keep: mobile malware infection rates and inexpensive risk indicators , 2013, WWW.

[36]  Chenglei Yang,et al.  What? How? Where? A Survey of Crowdsourcing , 2014 .

[37]  Kalpana Parshotam,et al.  Crowd computing: a literature review and definition , 2013, SAICSIT '13.

[38]  Svein J. Knapskog,et al.  Re-evaluating the Wisdom of Crowds in Assessing Web Security , 2011, Financial Cryptography.

[39]  Denzil Ferreira,et al.  Securacy: an empirical investigation of Android applications' network usage, privacy and security , 2015, WISEC.

[40]  Michael Vitale,et al.  The Wisdom of Crowds , 2015, Cell.

[41]  Michael K. Reiter,et al.  Crowdsourced Exploration of Security Configurations , 2015, CHI.

[42]  Muhammad Ali Babar,et al.  Collaborative Software Development Platforms for Crowdsourcing , 2014, IEEE Software.

[43]  Chrysanthos Dellarocas,et al.  Harnessing Crowds: Mapping the Genome of Collective Intelligence , 2009 .

[44]  Robbie T. Nakatsu,et al.  A taxonomy of crowdsourcing based on task complexity , 2014, J. Inf. Sci..

[45]  Norman M. Sadeh,et al.  Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing , 2012, UbiComp.