Education, Research and Business Technologies: Proceedings of 20th International Conference on Informatics in Economy (IE 2021) (Smart Innovation, Systems and Technologies, 276) 9811688656, 9789811688652

Citation preview

Smart Innovation, Systems and Technologies 276

Cristian Ciurea Cătălin  Boja Paul Pocatilu Mihai Doinea   Editors

Education, Research and Business Technologies Proceedings of 20th International Conference on Informatics in Economy (IE 2021)

123

Smart Innovation, Systems and Technologies Volume 276

Series Editors Robert J. Howlett, Bournemouth University and KES International, Shoreham-by-Sea, UK Lakhmi C. Jain, KES International, Shoreham-by-Sea, UK

The Smart Innovation, Systems and Technologies book series encompasses the topics of knowledge, intelligence, innovation and sustainability. The aim of the series is to make available a platform for the publication of books on all aspects of single and multi-disciplinary research on these themes in order to make the latest results available in a readily-accessible form. Volumes on interdisciplinary research combining two or more of these areas is particularly sought. The series covers systems and paradigms that employ knowledge and intelligence in a broad sense. Its scope is systems having embedded knowledge and intelligence, which may be applied to the solution of world problems in industry, the environment and the community. It also focusses on the knowledge-transfer methodologies and innovation strategies employed to make this happen effectively. The combination of intelligent systems tools and a broad range of applications introduces a need for a synergy of disciplines from science, technology, business and the humanities. The series will include conference proceedings, edited collections, monographs, handbooks, reference books, and other relevant types of book in areas of science and technology where smart systems and technologies can offer innovative solutions. High quality content is an essential feature for all book proposals accepted for the series. It is expected that editors of all accepted volumes will ensure that contributions are subjected to an appropriate level of reviewing process and adhere to KES quality principles. Indexed by SCOPUS, EI Compendex, INSPEC, WTI Frankfurt eG, zbMATH, Japanese Science and Technology Agency (JST), SCImago, DBLP. All books published in the series are submitted for consideration in Web of Science.

More information about this series at https://link.springer.com/bookseries/8767

Cristian Ciurea · C˘at˘alin Boja · Paul Pocatilu · Mihai Doinea Editors

Education, Research and Business Technologies Proceedings of 20th International Conference on Informatics in Economy (IE 2021)

Editors Cristian Ciurea Department of Economic Informatics and Cybernetics Bucharest University of Economic Studies Bucharest, Romania

C˘at˘alin Boja Department of Economic Informatics and Cybernetics Bucharest University of Economic Studies Bucharest, Romania

Paul Pocatilu Department of Economic Informatics and Cybernetics Bucharest University of Economic Studies Bucharest, Romania

Mihai Doinea Department of Economic Informatics and Cybernetics Bucharest University of Economic Studies Bucharest, Romania

ISSN 2190-3018 ISSN 2190-3026 (electronic) Smart Innovation, Systems and Technologies ISBN 978-981-16-8865-2 ISBN 978-981-16-8866-9 (eBook) https://doi.org/10.1007/978-981-16-8866-9 © The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 This work is subject to copyright. All rights are solely and exclusively licensed by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. This Springer imprint is published by the registered company Springer Nature Singapore Pte Ltd. The registered company address is: 152 Beach Road, #21-01/04 Gateway East, Singapore 189721, Singapore

Preface

The 20th International Conference on Informatics in Economy (IE 2021), Education, Research & Business Technologies, was held online in Bucharest, Romania, on 14th May 2021, using Zoom video conference meeting solution. The IE 2021 conference promoted research results in Business Informatics and related Computer Science topics: • IoT, Mobile-Embedded & Multimedia Solutions, Cloud & Distributed and Parallel Computing, Databases & Big Data; • Audit, Project Management and Quantitative Economics; • Artificial Intelligence, Data-mining & Machine Learning; • E-Society, Enterprise and Business Solutions. The IE Conference has been over the years a meeting point for participants from all over the world, both from academia and from industry. The conference was first organized in 1993 in collaboration with researchers from Institut National des Sciences Appliquées de Lyon (INSA de Lion), France. From 1993 to 2011, the conference has been organized once every two years, publishing in ten editions high quality papers and bringing together specialists from around the world. Starting with 2012, the conference takes place annually, the 11th, 12th, 14th, 15th, and 16th edition volumes have been indexed by ISI Thomson Reuters in its ISI Proceedings directory. Now, the conference proceedings will be sent continuously to Clarivate for evaluation and possible indexing. The current conference proceedings have been sent for review to Springer and the accepted papers will be published in a special conference proceeding by Springer, entitled Smart Innovation, Systems and Technologies. The International Conference on Informatics in Economy is one of the first scientific events on this subject in Romania, and during the last ten years has gained an international scientific recognition. At national level, this remains one of the most important scientific events that gather the entire Romanian Economic Informatics community. The IE 2021 edition was an anniversary edition because we celebrated the 20th edition of our international conference on Informatics in Economy and we are proud

v

vi

Preface

to have organized it under the scientific auspices of the Information Science and Technology Section of The Romanian Academy. The International Programme Committee was composed of people from 21 countries (Australia, Austria, Bulgaria, China, Czech Rep, Denmark, France, Germany, Ireland, Israel, Greece, Italy, Latvia, The Netherlands, Poland, Portugal, Romania, Singapore, Spain, and UK). The Keynote Speakers at IE 2021 conference were: • Gang Kou, Professor, School of Business Administration, Southwestern University of Finance and Economics, PR China; the presentation was entitled Credit scoring for SMEs using transactional data: a profit- and risk driven approach; • Janusz Kacprzyk, Professor of Computer Science, Systems Research Institute, Polish Academy of Sciences; he presented Towards trustworthy and human acceptable decision making and optimization models reflecting cognitive biases. There were 42 papers presented in 4 sessions. The authors were from 6 countries (Bulgaria, Chile, Rep. of Moldova, Poland, Romania, and Switzerland). The conference has made partnerships with international journals like: • • • • • •

Economic Computation and Economic Cybernetics Studies and Research, Informatica Economic˘a, Economy Informatics, Database Systems Journal, Journal of Logistics, Informatics and Service Science, Journal of System and Management Sciences

to publish an extended format of the conference best papers. A Conference such as this can only succeed as a team effort, so the Editors want to thank the International Scientific Committee and the Reviewers for their excellent work in reviewing the papers as well as their invaluable input and advice. Special thanks are dedicated to Professor Lakhmi C. Jain, Ph.D., Visiting Professor at Liverpool Hope University, UK, for his support and encouragement to publish this IE 2021 volume at Springer. Bucharest, Romania

Cristian Ciurea C˘at˘alin Boja Paul Pocatilu Mihai Doinea

Contents

Part I

IoT, Mobile-Embedded & Multimedia Solutions|Cloud & Distributed and Parallel Computing|Databases & Big Data

1

U-Healthcare Solutions’ Acceptance for Adults . . . . . . . . . . . . . . . . . . Sorin Câlea, Sergiu Jecan, Mihaela Lut, as, , and Lucia Rusu

3

2

The Effectiveness of a Multimedia Mobile Application . . . . . . . . . . . . Dinu Mihail-V˘aduva

15

3

An Analysis of Different Browser Attacks and Exploitation Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Stefan Nicula and R˘azvan-Daniel Zota

31

4

A General Cost Model in a Cloud Data Center . . . . . . . . . . . . . . . . . . . Constanta Zoie Radulescu, Delia Mihaela Radulescu, Gheorghe Lazaroiu, Alexandru Sipica, and Dragos Barbu

5

Opportunities and Disadvantages of Using Mobile Technologies Based on Cloud in Learning . . . . . . . . . . . . . . . . . . . . . . . Rares, -Constantin Ciobanu and Alexis-Valentin Zaharia

55

Cloud Authentication Using FIDO Compliant Java Card Technology Secure Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cristian Toma, Marius Popa, and Mihai Doinea

65

Research on Big Data Analytics Using a Scientometric Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Mihaela Muntean

75

6

7

8

Alerts and Fraud Detection in Electricity Consumption Recorded by Smart Metering Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . Simona Vasilica Oprea, Adela Bâra, Vlad Diaconi¸ta, and Niculae Oprea

43

87

vii

viii

9

Contents

Analytical Capabilities of Graphs in Oracle Multimodel Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Iuliana S, imonca, Alexandra Corbea, and Anda Belciu

97

10 Distributed Ledger Technology Economy . . . . . . . . . . . . . . . . . . . . . . . . 111 Felician Alecu, Paul Pocatilu, Silviu Ojog, and Petru Simon Mot 11 Digital Humanism: Virtual Exhibitions in the Time of Pandemic and Evolving Collaboration of Relevant Actants . . . . . 123 Cristian Ciurea, Florin Gheorghe Filip, Alin Zamfiroiu, and Lorena Pocatilu Part II

Audit, Project Management and Quantitative Economics

12 Research on Data Analysis (Environmental, Social and Economic) in the Context of Implementing the Circular Economy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Denis-Alexandru Dragomir 13 Applying a Sustainable Vector Model to Generate Innovation . . . . . 149 Marian Pompiliu Cristescu, Maria Flori, and Raluca Andreea Nerisanu 14 Optimal Employment Contracts with Several Types of Agents . . . . . 163 Laura-Stefania Constantin and Dana Luiza Grigorescu 15 Labor Market Trends During the COVID-19 Pandemic . . . . . . . . . . . 175 Florin-Valeriu Pantelimon, Bogdan-S, tefan Posedaru, Tiberiu-Marian Georgescu, and R˘azvan Bologa 16 The Labor Market in Relation to Digitalization—Perspectives on the European Union . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 Ioana Andreea Bogoslov, Eduard Alexandru Stoica, and Mircea Radu Georgescu 17 The Impact of Bitcoin in the Financial Market. A Cybernetics Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 Nora Chirit, a˘ , Ionut, Nica, and Mihaela Popescu Part III Artificial Intelligence, Data-mining & Machine Learning 18 Privacy-Preserving Framework for Deep Learning Cybersecurity Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213 Constantin Nil˘a, Marius Preda, and Victor Patriciu 19 Cyber Security Maturity Model for Critical Infrastructures . . . . . . . 225 Aurelian Buzdugan and Gheorghe Capatana

Contents

ix

20 A GIS-Based Approach in Support of Monitoring Sustainable Urban Consumption Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237 Julian Vasilev, Maria Kehayova-Stoycheva, and Boryana Serbezova 21 Data Mining in Smart Agriculture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249 Andreea-Elena Ogrezeanu 22 Machine Learning and Data Mining Techniques for Human Resource Optimization Process—Employee Attrition . . . . . . . . . . . . . 259 Laura-Gabriela Tanasescu and Ana-Ramona Bologa 23 Machine Learning Techniques for Network Intrusion Detection—A Systematic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271 George-Bogdan Mertoiu and Gabriela Mes, nit, a˘ 24 Web Scraping and Ethics in Automated Data Collection . . . . . . . . . . 285 Marius Cristian Mazilu 25 Classical Machine-Learning Classifiers to Predict Employee Turnover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 Les, an Maria-Carmen 26 Assessing the Share of the Artificial Ad-Related Traffic: Some General Observations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307 Marek Gajewski, Olgierd Hryniewicz, Agnieszka Jastrz˛ebska, Mariusz Kozakiewicz, Karol Opara, Jan W. Owsi´nski, Sławomir Zadro˙zny, and Tomasz Zwierzchowski Part IV E-Society, Enterprise and Business Solutions 27 Experimental Results Regarding the Efficiency of Business Activities Through the Use of Chatbots . . . . . . . . . . . . . . . . . . . . . . . . . . 323 Cîmpeanu Ionut, -Alexandru 28 Agile Perspectives in Higher Education . . . . . . . . . . . . . . . . . . . . . . . . . . 333 Margarita Bogdanova and Evelina Parashkevova-Velikova 29 Digitalization of Business and Public Organizations—Communication Problems with IT Companies and Possible Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347 Desislava Serafimova, Andriyana Andreeva, and Vanya Banabakova 30 An Assisted Instruction System Designed for Online Teaching and Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361 Gabriel Zamfir 31 Building Resilience Through Digital Transformation . . . . . . . . . . . . . 371 Iulia Daniela Postolea and Constan¸ta-Nicoleta Bodea

x

Contents

32 Visual Tool for Stimulating Employee Intelligent Attitude . . . . . . . . . 383 Smaranda Derscanu, Vasile Paul Bresfelean, Liana Stanca, Monica Ciaca, and Alexandru Vancea 33 Management Information Systems in Knowledge Society . . . . . . . . . 397 Marian Stoica, Elena Mircea, Bogdan Ghilic-Micu, and Marinela Mircea 34 Analyzing Business Performances with a Multicriteria Decision Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411 Catalin Marcu, Luminita Duta, and Marinela Daniela Manea 35 Measuring Real Time Occupational Stress in Organizations via a Digitalized Risk Management App . . . . . . . . . . . . . . . . . . . . . . . . . 421 Magali Dubosson, Emmanuel Fragnière, Arnaud Fournier, Samuele Meier, and Sacha Varone Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431

About the Editors

Cristian Ciurea is a Professor and Head of the Department of Economic Informatics and Cybernetics from Bucharest University of Economic Studies. He graduated the Faculty of Economic Cybernetics, Statistics and Informatics from the Bucharest University of Economic Studies in 2007. He has a master in Informatics Project Management (2010) and a Ph.D. in Economic Informatics (2011) from the Bucharest University of Economic Studies. Cristian has a solid background in computer science and is interested in collaborative systems related issues. Other fields of interest include virtual exhibitions, software metrics, data structures, object-oriented programming, windows applications programming, mobile devices programming and testing automation for software quality assurance. C˘at˘alin Boja is Professor at the Department of Economic Informatics and Cybernetics from Bucharest University of Economic Studies, Bucharest, Romania. In June 2004 he has graduated the Faculty of Cybernetics, Statistics and Economic Informatics at the Bucharest University of Economic Studies. He is a team member in various undergoing university research projects where he applied most of his project management knowledge. His work currently focuses on the analysis of mobile computing, information security, artificial intelligence and cryptography. He is currently holding a Ph.D. degree on software optimization and on improvement of software applications performance. Paul Pocatilu graduated the Faculty of Cybernetics, Statistics and Economic Informatics in 1998. He achieved the Ph.D. in Economics in 2003 with thesis on Software Testing Cost Assessment Models. He has published as author and co-author over 45 articles in journals and over 40 articles on national and international conferences. He is author and co-author of 10 books, Mobile Devices Programming and Software Testing Costs are two of them. He is professor at the Department of Economic Informatics and Cybernetics within the Bucharest University of Economic Studies, Bucharest. He teaches courses, seminars and laboratories on Mobile Devices Programming and Object-Oriented Programming to graduate

xi

xii

About the Editors

and postgraduate students. His current research areas are software testing, software quality, project management, and mobile application development. Mihai Doinea has a Ph.D. (2011) in the field of Economic Informatics, from the Bucharest University of Economic Studies, Bucharest, Romania. The addressed topics are related to Cybersecurity and Information Security, with objectives for identifying security optimization methods in distributed applications. His research is also backed up by a master diploma in ICT|Cybersecurity (2008). He is an Associated Professor, teaching Data Structures and Mobile Applications and Devices at the Academy of Economic Studies. He published more than 50 articles in collaboration or as a single author in journal papers and international conferences and his research interests are directed to areas such as security on embedded devices, mobile programming, multimedia security, smart cards and biometrics.

Part I

IoT, Mobile-Embedded & Multimedia Solutions|Cloud & Distributed and Parallel Computing|Databases & Big Data

Chapter 1

U-Healthcare Solutions’ Acceptance for Adults Sorin Câlea , Sergiu Jecan , Mihaela Lut, as, , and Lucia Rusu

Abstract Most u-healthcare applications were developed based on five important dimensions: education, prevention, diagnosis, treatment, and monitoring of patients. The starting point of our research was the need of finding out the way in which the current COVID-19 pandemic influenced the dependency of chronic diseases’ persons over 50 to the M-health and E-health solutions in Romania. We focused on user’s experience and ability to use these systems, starting from the already known Smarthealthcare and U-healthcare ones, as developed in EU’s Horizon 2020 program and the way the new technologies like IoT, Smart Device, and Wearable Technologies as part of U-Healthcare are accepted and used in Romania. The focus group is made up of people aged 50 to 84, and the on-line questionnaire contained issues related to the acceptance of the IoT and the new technologies used in Telemedicine and U-healthcare systems for the prevention and monitoring of the chronic disease’s patients, starting from the influence UX factors.

1.1 Introduction The Internet of Things (IoT) is the general idea of things, especially everyday objects, that are readable, recognizable, locatable, addressable, and controllable via the Internet, whether via RFID, wireless LAN, wide-area network, or other means”

S. Câlea · S. Jecan (B) · M. Lut, as, · L. Rusu Babes, Bolyai University, M. Kogalniceanu 1-3, 400084 Cluj Napoca, Romania e-mail: [email protected] S. Câlea e-mail: [email protected] M. Lut, as, e-mail: [email protected] L. Rusu e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_1

3

4

S. Câlea et al.

[1]. Even though IoT is used in almost all domains, from environment to indooroutdoor solutions, from industry to entertainment, from public services to the private sector, our research’s aim is to analyze some benefits of applying it to caregiving and monitoring of adults. If in the last decade of the twentieth Century, IoT was at the beginning, technological evolution and operating system improvements forced medical services and assistance to the patients to evolve from E-health solutions for Internet connection to M-health in 3-G mobile networks and, in the last decade, U-health proved to be a modern and efficient solution. Mobile Health (M-heath or M-healthcare) can be defined as “medical and public health practice supported by mobile devices (e.g., especially smart phones, mobile phones, patient monitoring device, and wireless devices)” [2]. Mobile Health started several years ago with wireless telemedicine, mobile telecommunications, and multimedia technologies as an integration mobile healthcare delivery systems and, nowadays, uses 4G, 5G, and 6G mobile communication technology [3]. Several papers present different solutions and architecture for healthcare techniques involving the IoT: E-healthcare, Ambient Assisted Living, Patient Recovery, Wireless Health Monitoring, U-healthcare, and Age-friendly healthcare systems. Begum & Parveen built-up a U-Health Monitoring (UHM) solution and a pertinent definition of IoT in Healthcare as a heterogeneous computing, wirelessly communicating system of apps and devices that connects patients, and health providers to diagnose, monitor, track, and store vital statistics and medical information” [4]. The ecosystem of mobile technology as defined by Conejar and Kim consists of three parts: (a) Financing-health financing by banks, insurance companies, private investors, individual donors, etc., (b) mobile U-healthcare applications which involve the health system, healthcare workers, medical support chain patient, and (c) mobile U-healthcare delivery, based on mobile platforms and technologies such as software developers, mobile operators, handset makers, etc. [3, 4]. Most of the mobile u-healthcare applications were developed based on five important dimensions: education, prevention, diagnosis, treatment, and monitoring of patients. This paper’s aim is to analyze the acceptance of mobile and IoT devices as part of the complex homecare technologies for monitoring and treatment in chronical diseases for adults. After a short introduction to the U-health and M-health specific objectives, the second section outlines the existing solutions for wearable, mobile, and pervasive devices. The third section details the results of an empirical study focused on the acceptance of mobile and wearable technology proposed solutions developed using an on-line and off-line survey. We offer a detailed analysis based on the correlation between several factors involved in adults’ attitude and user experience in mobile and IoT domain, based on experimental results. In the last section we conclude and outline the future research ideas in the field.

1 U-Healthcare Solutions’ Acceptance for Adults

5

1.2 Smart Healthcare Solutions Studies in the field show that the population over 50 face numerous chronic diseases that need to be diagnosed, treated, and monitored over time. Furthermore, ageing people tend to live longer and independent, in comparison to the last century, both at global but particularly in Europe so that IoT is offering a solution for monitoring and treatment in their own home environment. The new generation of IoT is more and more visible and may be included into the category of wearable electronics and/or multi-sensor platforms. We list some of the most popular and useful products for monitoring and U-healthcare: smartwatches, wristband sensors, wearable sensor patches, artificial reality-augmented glasses, brain computer interfaces, wearable body metric textiles, etc. In-door and out-door monitoring include smartphone applications, environmental monitoring, and home automation sensors [5]. Google’s Project “Glass augmented eyewear” is a wearable computing along with smartwatches, wristband sensors, and wearable textiles. Since 2012 more new products containing a wearable connected computer category of the programmable watches include the Pebble watch, the Basis watch, the Contour Watch from Wimm Labs, and the Sony Smart Watch Continuous Wearable Sensor Patches for Blood Chemistry and Vital Signs (mc10) and Cardiac Rhythm (iRhythm’s Zio Patch). Continuous glucose monitor (CGM) by diabetics and other self-trackers are the classical example of wearable patches for U-health monitoring. Another category is made up of stretchable electronics track and wirelessly transmitting information such as heart rate, brain activity, body temperature, and hydration level. Wearable sensor patches like Zio Patch from I-Rhythm (two-week use) can be useful to monitor cardiac rhythm and arrhythmias [5]. The European Program Horizon 2020 Active and Assisted Living (AAL), finances projects linked to well-being and independent and active living platforms. In the last years private researchers and scientific entities joint for a lot of proposals, starting in 2019 in Netherlands (14 projects) and Romania with 7 projects. We point further on several success projects from the last years [6]. Digital Health Europe permits digital transformation of health and care in three pillars: (a) citizens’ secure access to and sharing of health data across borders; (b) increasing quantitative and qualitative data to promote research, disease prevention, personalized health and care; and (c) digital tools for citizen empowerment and person-centered care, multi-stakeholder collaborative platforms that directly reflect the digital transformation priorities. The platforms work in the following three areas: better people’s access and control of data, better use of data infrastructure platforms to support secondary uses of health data, and active cooperation between patients and health and care professionals and providers. This outcome will include a roadmap, advice, and recommended actions [7]. Framed in the Horizon2020, the project REACH is a proactive strategy of detection, prevention, and development for a solution aiming to reduce Long Term Care (LTC). It was developed as a personalized system of promoting and monitoring

6

S. Câlea et al.

the activity of elderly citizens in order to reduce their risk of loss of function and associated morbidities. REACH tries to increase the levels of physical activity that improve health in older adults, mobilization, and rehabilitation among older adults, who accepted to use wearable devices for instant feedback during training sessions [8]. The INCARE AAL project (“Integrated Solution for Innovative Elderly Care”) has a main objective building upon two successful platforms (AAL-NITICS and FP7RAPP). The AAL NITICS platform offers fully integrated and validated solutions for health monitoring, home automation, indoor fall detection, and personal agenda with reminders, alerts, and caregiver administrative tools. The RAPP platform has been designed toward a cloud-based integrated approach that enables developers to deploy robotic applications. The INCARE project added functionalities that help elderly remain physically active and socially connected. These are (a) a multimodal and seamless interface tuned to elderly users; (b) indoor hazard detection RAPP; (c) machine supervised and personalized physical exercises presented in the form of games (exer-games); (d) fall detection, alerts, localization in outdoor environment. The latter will confer elderly increased confidence for outdoor activities (including socializing), thus improving their sense of confidence and autonomy [9].

1.3 IoT, Smart Device, and Wearable Technologies’ Acceptance 1.3.1 Research Methodology The research methodology is based on literature review and empirical studies, data collected through questionnaires, and on specific statistical analyzes and tests. In our current study, a questionnaire was administered to collect the requested data. The questionnaire was created and broadcasted in the classic off-line system and also in Google Forms and has 15 items of various types such as short answer questions, multiple choice with 1 or n answers, single or two-dimensional questions. We obtained 57 answers from respondents at the questionnaire, adults between 50 and 84 years old, active, or retires from rural and urban environment. The gender distribution is the following: 47.36% women, and 56.63% men.

1.3.2 Data Analysis and Results Our first target was the focus group’s IT&C knowledge. Out of 57 adults between 50 and 84 years, with chronically or severe diseases, including some (4%–4) with disabilities, 65%–37 persons, did not have a smartphone, most had mobile phones

1 U-Healthcare Solutions’ Acceptance for Adults Table 1.1 The type of respondents

7

Modality

Fields

N (%)

Gender

Male

27 (47.36)

Female

30 (53.63)

Rural

23 (40.35)

Environment Living

Status

Urban

34 (59.64)

Alone

15 (26.31)

With the spouse

30 (52.63)

With children

6 (10.52)

In a care center

6 (10.52)

Married

19 (33.33)

Divorced

12 (21.05)

Widow

23 (40.35)

Alone

3 (5.26)

(96.49%–55) and tablets (12.28%–8), laptops (54.38%–31), and/or PC (49.12%–28) (Table 1.1). Based on the adults IT&C literacy profile, we obtained the following results: • Group A: good/high knowledge of IT environments: use mobile phones, smartphones possibly, laptops, PC, mail, browser, search engine, social media (63.15%– 36) with skills to use social networks, rarely, particularly Facebook (56.14%–32). • Group B: acceptable/medium IT knowledge: use mobile phone, smart phone (rarely), often refuse mail, browser, search engine. A small number/subset/group use social media frequently to communicate with the relatives abroad (10–15%) or have advanced knowledge in IT (28%–27). • Group C: poor IT knowledge (8.85%–5) group that answer or talk on mobile phone, possibly write messages (rarely, if they use glasses). Analyzing the socio-demographic issues, we find that the majority of A and B groups belong to the urban areas. In depth, A group has 29.82%–17 adults, (13 adults from urban areas and 4 adults from rural areas), for B group 47.36%–27 adults, (21 from urban areas and 6 from rural areas), and C includes 22.80% (5 seniors from urban areas and 83%–13 seniors from rural areas). We mention that from 14 seniors over 75, only 5 of them belong to group A and B. Age distribution is quite equal: 19% over 50 year, 23% between 55 and 65, two categories of active adults, and 33% between 65 and 75 and 25% over 75 years, two categories of retired (Fig. 1.1). The distribution of education level consists of medium level education (32%–18), high school (39%–22), college (26%–15), and 4%–2 persons holding a Ph.D. As for the level of acceptance of technology, there is no relevant difference between the three IT groups (Fig. 1.2). The distribution of monthly income level (in lei) consists of 46% have an income between 500 and 1500 lei/month, most of them are over 75 years, 39% have an

8 Fig. 1.1 Age distribution

S. Câlea et al.

Age distribuon (%) >50

19

25

55-65

23 33

65-75 >75

Fig. 1.2 Level of education

Professional training (%) General School

26

4

High School

32

Licence

39

Doctoral Degree

income between 1501 and 2500 lei/month, only 12% have an income between 2500 and 3500 (lei/month), and 2 persons 4% have an income over 3500 lei/month. As for the level of acceptance of technology, there is no relevant difference between the three IT groups, but for intelligent things and IT&C there is a strong connection between income and those things the mentioned above groups of persons can afford (Fig. 1.3). Analyzing the results of the questions related to chronic diseases for the focus group (Fig. 1.4), we find that most adults have at least one chronic disease. The analysis of responses related to health issues concluded that most of the elders: (93%) suffer from at least one chronic disease, 61.4% have two or three chronic diseases (45.61%). The most common chronic diseases found in the processed questionnaires are coronary heart disease (63.16%), angina (8.77%), hypertension (47.37%), myopia (68.42%), long sightedness (63.16%), osteoporosis (40.35%), diabetes (19.30%), obesity (10.53%), thyroid disorders (8.77%), hemiparesis (5.26%), stroke (5.26%), Fig. 1.3 Income distribution

Income (%) 12 4 39

500-1500

46

1501-2500 2500-3500 >3500

1 U-Healthcare Solutions’ Acceptance for Adults

9

autoimmune disease cancer Kidney stones parkinson hemiparesis Stroke tyroid disease obesity osteoporosis diabets hypertropia myopia high blood pressure Angina Coronary heart disease… 0

10

20

30

40

50

Fig. 1.4 Chronical diseases (%)

Parkinson (5.26%), kidney stones (8.77%), cancer (5.26%), and autoimmune diseases (4.08%). Related to seniors (age over 65) that participated in our study, only 13 out of 57 (23%) accepted to monitor their health parameters using the mobile applications made available to them and only 11 out of 57 (19%) accepted monitoring via wearable technologies/devices. A significant number of the participants have intense daily outdoor activities (more than 5 h a day), e.g., gardening, especially in the case of those from rural areas (11 out of 23 seniors). These activities qualify as ADLs and are equivalent to the 7 exer-games designed by AAL projects for mobility, strength, and balance, important exercises for cardio and well-being. Another study performed 5 years ago, focusing exclusively on elder people demonstrated that IT&C education and level of computer literacy users are increasing. For instance from a number of 69 seniors only a small part (9%–6) accept e-textile and (6%–4) accept wearable sensors [10]. The major role of the modern technology as a tool in the healthcare system is to offer patients better and more comfortable services, by giving user friendly features. Product design process must, for each healthcare product, focus on needs, not necessarily on what people would like to have [11]. Gy˝orffy pointed the top 6 healthcare user interface (UX) challenges: 1. Wearables and Data Visualization, 2. Virtual and Augmented Reality, 3. Artificial Intelligence (AI) and Chatbots, 4. Voice User Interfaces, 5. Consumer-focused design and personalized experiences in healthcare, and 6. Telemedicine. Our study focused on three of them: Wearables, Consumer-focused design, and personalized experiences in healthcare and Telemedicine (Fig. 1.5) [11].

10

S. Câlea et al.

IoT Acceptance Personal Assistant Diet Tips Video Games Medicaon Reminder Thermometer Diabec Monitor Blood Pressure Meter Pulse Oximeter Glucometer 0

10

20

30

40

50

60

Fig. 1.5 IoT acceptance (%)

Healthcare Information and Management Systems Society, Inc. (HIMSS) is a global advisor and thought leader supporting the transformation of the health ecosystem through information and technology. Besides expertise in health innovation, public policy, workforce development, research and analytics, HIMSS treats user experience (UX) as different actors involved in modern U-healthcare and telemedicine: Patient Experience, Patient Engagement, Healthcare Consumerism, Physician Experience, Nurse Experience, Clinician Experience, and Clinician [12]. We tested UX only for patient experience and engagement. Usability represents more than a facile way of using technologies or if the users may accomplish the tasks without difficulty. It is linked to the consumer’s satisfaction, between utility and desire, experience and mark of the product, by this quantifying the matches between user’s needs and contexts and the technologies’ functionalities. Peter Morville analyzed it through User Experience Honeycomb, demonstrating that the UX influence factors are determined by Useful, Usable, Findable, Credible, Desirable, Accessible, and Valuable (Fig. 1.6) [13]. If we intend to make a hierarchy of IoT acceptance based on UX factors for our focus group respondents (57), they rank Blood Pressure Meter (51), Thermometer (48), and Medication Reminder (44) in top of prefered IoT, followed by Glucometer (3) and Diet Tips (27). Less attractive appear Pulse Oximeter (18) and Video Games (18) dedicated for health or cardio exercises, linked to adults aged between 50 and 65, Personal Assistants (15) especially for persons over 65, and diabetic monitor for adults who are suffering from this disease or have concerns about it. None of the interviewed persons accepted indoor and/or outdoor monitoring using video, audio or sensor system because of privacy and good mood (Fig. 1.4). Other equipment is closely related to the health problems that the respondents have and relate to IoT connected to U-healthcare and medical applications for monitoring: holders (7), skin sensors (11), and other equipment (4).

1 U-Healthcare Solutions’ Acceptance for Adults

11

Acceptance of Intelligent Equipment

11. Any major appliance 10. Video interface 9.Automac washing machine 8.Automac dishwasher 7.Smart Fridge 6. Tablet 5. Notebook / Laptop / PC 4. Smartphone 3. Mobile phone (landline) 2. Internet TV 1. TV

0

20

40

Never

Rarely

Annual / Quarterly

Monthly

Weekly

Daily

60

Very oen

Fig. 1.6 Acceptance of intelligent equipment/devices

For next multiple choice answers we have chosen 7 point Likert scale for quantifying acceptance of intelligent equipment and 5 point Likert scale for quantifying user experience in handling intelligent equipment. Under the conditions of long-distance monitoring of chronic patients, the IoT tools become indispensable, along with the intelligent devices like smartphones, smart TV’s, notebooks, laptops, intelligent interface, etc., particularly in chronic diseases like diabetes, heart diseases, autoimmune diseases, for cardiac rehabilitation and monitoring, neuro-motor rehabilitation and monitoring of patients with cognitive impairments. Each intelligent equipment focuses on the system interaction and human needs which are also a crucial part of user experience and design thinking (Fig. 1.7) [14, 15]. If we analyze the answers from the first group of multiple choice answers we can link it to the adults IT&C profile (Group A, B, and C). Most adults whose answers were very often/daily/weekly belong to group A, while most adults whose answers were rarely or never belong to group C. TV, Smart Fridge, Automatic washing machine, and Mobile phone are the most popular tools for all groups of adults, while Smart phone, Notebook, Tablet, and Automatic dishwasher represent equipment specific to adults between 50 and 65, who have at least high school as a professional background (Fig. 1.5) [16]. TV is used very often (31.57%) or daily (75.89%), Smart fridge is used very often (92.35%), or daily (5.82%), mobile phone is used very often (52.63%) or

12

S. Câlea et al.

User Experience of Intelligent Equipment (%) 11. Any major appliance 10. Video interface 9.Automac washing… 9.Automac dishwasher 7.Smart Fridge 6. Tablet 5. Notebook / Laptop /… 4. Smartphone 3. Mobile phone… 2. Internet TV 1. TV 0

20

Easy to use

Pleasant to use

Useless without assistance

I do not use / do not own

40

60

With assistance (human)

Fig. 1.7 User experience of intelligent equipment

daily (36.84%) but the same adults did not ever use a Notebook (35.08%) or rarely (8.77%) and never a tablet (68.42%) or rarely (8.77%). Same answers can be found for Automatic dishwasher. Smart Phone is used very often (52.63%) or daily (26.31%), and Smart TV is used very often (57.89%) or daily (26.31%). The most popular mobile devices are the smartphones and laptops, which are owned by the surveyed users /focus group between 50 and 65. The usability of smart equipment is closely linked to their acceptance as analyzed in detail in the previous paragraph. Same adults which use very often some equipment respond that TV is easy to use (26.31%) or pleasant to use (31.57%), or Smart TV is easy to use (26.31%) or pleasant to use (31.57%), mobile and smartphone is easy to use (15.78%) or pleasant to use (36.84%) and by opposite others answered: I do not use/do not own (26.31%). Same answers are for laptops and tablets. Almost same percentage of respondents with great frequency at previous question, up to 30%, answer positive that is easy to use or pleasant to use Laptop, tablet, or smartphone.

1.4 Conclusions This paper analyzed the acceptance of mobile and IoT devices as part of the complex homecare technologies for monitoring and treatment in chronical diseases for adults. In the 5G era the M-health and U-heath solutions are a common and permanent presence in the lives of the chronic diseases patients, including m-health solutions

1 U-Healthcare Solutions’ Acceptance for Adults

13

for monthly drugs administration, daily monitoring of patients by using wearable technologies and IoT, on-line consultation via mobile technologies. We presented above some of the existing solutions for wearable, mobile and pervasive devices, in special wearable computing together with smartwatches, wristband sensors, and wearable textiles, continuous glucose monitor (CGM) by diabetics wearable patches for u-health monitoring, wirelessly transmitting information tools for heart rate, brain activity, body temperature, and hydration level or to monitor cardiac rhythm and arrhythmias. In the third part we pointed out some details of the results of an empirical study focused on acceptance of mobile and wearable technology proposed solutions using an on-line and off-line survey. We offered a detailed analysis based on correlation between several factors involved in adults’ attitude and user experience in mobile and IoT domain, based on experimental results. As most of the respondents were literate computer users (over 50%), the ones suffering of chronic diseases were accustomed with the use of IoT and wearable technologies, frequently used by over 60% of the focus group, without any external help. We have tested UX only for patients’ experience and engagement, taking into account Peter Morville’s User Experience Honeycomb.

References 1. National Intelligence Council (2019) Disruptive technologies global trends 2025, Six technologies with potential impacts on US interests out to 2025. http://www.fas.org/irp/nic/disruptive. pdf 2. Lee S-H, Lee D-W (2013) A study on review and consideration of medical industry convergence based on U-healthcare. J Digit Policy Manag Soc Digit Policy Manag 11(6):182–186 3. Conejar RJ, Kim H-K (2015) A design of mobile convergence architecture for U-healthcare. Int J Softw Eng Appl IJSEIA 9(1):253–260. https://doi.org/10.14257/ijseia.9.1.22. ISSN: 17389984 4. Begum S, Parveen H (2016) U-HEALTHCARE and IoT. Int J Comput Sci Mobile Comput IJCSMC. 5(Issue 8):138–142 5. Swan M (2012) Sensor Mania! The internet of things, wearable computing, objective metrics, and the quantified self 2.0. J Sens Actuat Netw 1, 217–253. https://doi.org/10.3390/jsan10 30217; www.mdpi.com/journal/jsan/. ISSN 2224-2708 6. AAL Europe, AAL Projects. http://www.aal-europe.eu/wp-content/uploads/2019/07/Submis sion-REPORT-2019. Accessed 21 Dec 2020 7. Digital Health, Europe. https://digitalhealtheurope.eu/. Accessed 05 Nov 2020 8. Reach. http://reach20/eu. Accessed 19 Nov 2020 9. Nastac DI, Arsene O, Dragoi M, Stanciu ID, Mocanu I (2019) An AAL scenario involving automatic data collection and robotic manipulation. In: 3rd IET international conference on technologies for active and assisted living (TechAAL 2019), London, UK, pp 1–6. https://doi. org/10.1049/cp.2019.0105 10. Rusu L, Mocanu I, Jecan S, Sitar D (2016) Monitoring adaptive exergame for seniors. J Inf Syst Oper Manag 10(2). Editura Universitar˘a Bucure¸sti. ISSN 1843-4711 11. Gy˝orffy M (2019) Digital healthcare trends for 2020: 9 UX Challenges to Know. https://uxs tudioteam.com/ux-blog/healthcare-ux/. Accessed 25 May 2020 12. Healthcare Information and Management Systems Society, Inc. (HIMSS). https://www.him ss.org. Accessed 25 May 2020

14

S. Câlea et al.

13. Morville P (2020) The 7 factors that influence user experience, 2020. https://www.interactiondesign.org/literature/article/the-7-factors-that-influence-user-experience. Accessed 25 May 2020 14. Bellmann B, Lin T, Greissinger K, Rottner L, Rillig A, Zimmerling S (2020) The beneficial effects of cardiac rehabilitation. Cardiol Ther. https://doi.org/10.1007/s40119-020-00164-9 15. Stola K (2018) User experience and design thinking as a global trend in healthcare. J Med Sci 87(1). https://doi.org/10.20883/jms.2018.281 16. Wild K, Sharma N, Mattek N, Karlawish J, Riley T, Kaye J (2021) Application of in-home monitoring data to transition decisions in continuing care retirement communities: usability study. J Med Internet Res 23(1):e18806 17. ISO 9241-210 (2010) Ergonomics of human-system interaction—Part 210: human-centred design for interactive systems. International Organization for Standardization. https://www. iso.org/standard/52075.html. Accessed 22 Aug 2019

Chapter 2

The Effectiveness of a Multimedia Mobile Application Dinu Mihail-V˘aduva

Abstract The major preoccupation regarding the actual research is to visualize a theoretical model of the natural forces interaction between a multimedia mobile application deployed upon an educational activity over a group of students and an automatic process of evaluation regarding the final academic results. We implemented a new metric indicator, named here with effectiveness of a multimedia mobile application, correlated with the educational resultant force emerged from a mobile environment learning experiment. The variables involved in our model are connected to the cross-disciplinary curricula, the educational time coverage disclosed by a multimedia mobile application, the multimedia concentration, and the academic performance measured just in time at the interface between formal and informal evaluation. We are proposing another educational force couple, a resultant force, which is represented by the quality attributes allocated to the mobile devices and, furthermore, to the multimedia mobile applications. We are using the assumption that a multimedia mobile application generates an educational field in front of a learner taking into consideration not only the easiness of the process by which the learner’s attention is retaining toward a mobile device. The fact that between a mobile user and a multimedia mobile application could be established a quantitative relation of physical attraction or rejection, disclosed by surveys and questionnaires including qualities attributes, was an argument for our hypothesis that educational forces encountered could be explained by a cloaking educational field where a touch screen electric impulse is only the beginning of the educational magnetism encountered at the learners.

2.1 Introduction The importance of quality attributes divided between mobile devices and multimedia mobile applications was exposed in scientific literature by researchers like Toperesu [1] and Kuhlemeier [2] who emphasized educational consequences extracted from mobile quality aspects like connectivity through Wi-Fi, small screens allocated to any D. Mihail-V˘aduva (B) University of Economic Studies Bucharest, Bucharest, Romania © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_2

15

16

D. Mihail-V˘aduva

mobile devices, camera capabilities and, from the other point of view, outstanding software performance delivered through mobile operating systems. We are motivated to study the way in how the quality attributes regarding mobile devices and multimedia mobile attributes are joined together to a better understanding of effectiveness regarding the impact of multimedia mobile applications upon learners. Searching through scientific literature about quality attributes of mobile devices, disclosed by intrinsic contact with any choice explicit formulated by a possible user, we found connections between a positive academic performance and availability toward accessing learning materials anywhere and anytime. Mathematical tools used were cataloged in direction of surveys and questionnaires with statistical support represented in many cases with linear regression. This article is realized taking into consideration the following statements. The first division is a compulsory introduction regarding our research and proposed a suitable interpretation toward our objective. The second division is defined by a searching activity through scientific literature that acquires distinctive references for our intentions concerning relations between academic performance and effectiveness of using multimedia mobile applications. The third division shows our methodology to achieve accurate facts, regarding our laboratory experiment, and understandable ways to calculate the effectiveness of the impact generated by multimedia mobile application upon a collectivity of learners. The next division enters into a case study that explains how a group of multimedia mobile applications could be used to gauge the statistical correlation between effectiveness of their impact upon a collectivity of learners and values obtained for academic performance grouped by criterions proposed.

2.2 Literature Review The general trend about classification regarding the impact of mobile devices upon learners implies a scale where a positive and negative evaluation occurs as we know it from a paper work written by Toperesu [1]. His method of doing research explores tools from a set which is composed from mobile applications like internet browsers, email, and social media with large social influence, instant messaging, camera, calendar, and file storage. Toward exploring learner’s opinions, he uses a scale Likert with 7 points from which we are gathering a general review of this subject with an emphasizing area upon a positive impact concerning a better learning from anywhere and a negative impact which is meaning a strong dislike due to the fact that a mobile device could be a certain way to distract attention in classroom. An inventory catalog about the most common and not easy at all problems, to work around it, was filled with records concerning free connectivity using Wi-Fi and small screen of a mobile phone. To achieve an evaluation of user’s satisfaction the researcher Toperesu [1] creates a survey that revealed a strong correlation with the possibility to access learning material from mobile device. He tested his hypothesis with multiple linear regression tests and revealed a negative impact on learning process when video capabilities allocated to mobile device are used excessively due to the fact that distraction occurs frequently.

2 The Effectiveness of a Multimedia Mobile Application

17

The theory of learning named connectivism, written by the author Siemens [3], was accepted by Toperesu [1] due to the fact that will be more appropriate with the use of technology in our stage of evolution. According with this theory of connectivism the learning process is influenced by a shifting kernel of different environments which can be without any control from the individual person involved. Another researcher Melchor [4] studied the relationship between the level of the mobile device utilization and the general academic performance of the students revealing the fact that in any explored combination of educational methodologies the role of the mobile devices generated a positive impact. In a depth analysis he revealed that the mobile device itself does not offer a guaranty to a better achievement of student’s academic performance but the way in which the mobile device is used, the type of learning activities or the awareness of the respondent toward a maturity of behaving in front of a learning process. Furthermore, he found that cloud service does not affect general score related to student’s academic performance. On the other hand, according with the researcher Kuhlemeier [2] the influence of the Internet access has a positive role regarding academic performance and, in addition, a highly positive correlation with a better achievement of cognitive skills. For his results the researcher uses a model with linear multiple regression where dependent variable were students who promoted or repeated and for a predictor variable the role was taken by the understanding the use of the mobile device. Records used in his research were collected from a national database of the Ministry of Education of Spain in 2017. The paper work written by the researcher Nawaz [5] shows that among the major factors which could have an impact concerning M-learning systems the hypothesis that variable represented by the hedonic motivation could be certified by statistical calculation. The hedonic motivation was a new direction of study introduced by the researcher Venkatesh [6] who gathered multiple observations regarding an increasing motivational behavior if the appearance of the entertainment occurs when a learner uses mobile device as a support for educational purpose. The same paper work inserts a link to the pervasive habit renowned for implementing behaviors due to repetitive tasks, as well as another researcher Oulasvirta [7] observed. A study fastens tightly with the impact of using mobile device applications in an educational process was realized by Farrah [8] who observed through interviews major attitudes of the learners confronted with specific difficulties in such environments. From this paper work the author revealed that a positive feedback could be established if an increasing outcome on academic performance is correlated with a pleasurable and enjoyable learning environment. Once more a different study accentuates the importance of the hedonic and habit motivation, previously mentioned, with a major impact on top of a learning environment. The learners’ intuition regarding the globalization objective was explored by the author Shonola [9] who observed that is an inclination toward activities like searching different educational supplementary materials through Internet resources motivated by the desire to enrich their curricula learning basis. The principal factor was in this case the stringent desire to be mobile connected in anywhere and anytime ways. The same technical orientation toward globalization objective was discerned through a paper work written by the author Hashemi [10] who accentuates the transversal curricula integration of multiple resources discovered with the help of mobile device

18

D. Mihail-V˘aduva

and increasing, in this way, the information accessibility inside or outside the educational classic space named classroom. The author Koroleva [11] observed that the traditional or conventional way of doing teaching activities has a restrained effect toward a fast implementation of the newest mobile device tools which, without a doubt, gain a well-known plus-value distinction upon a classical method occurred in an educational process. Other educational experiments deployed with support of tablet devices were conducted, according with the author Montrieux [12], with teachers and students at the level of two exploratory groups orientated toward to the procedural way of doing teaching. He concluded from his research existence of two different kinds of teachers. One type of teachers is represented by those who are inclined to be synchronizing with a tradition in performing teaching at classrooms. The other type of teachers is a new one coming into view with the methodology based on a transition from a teacher centered approach to learning in the middle of educational process. From this paper work result an observation that traditional teachers tend to manage mobile device as an auxiliary resource behind the sovereign printed book. From this reason the stakeholders involved in educational processes should have a major role regarding technical and professional support adequate to the transition toward innovative teachers. Another researcher Gonca [13] observed that young learners possess a high level of easiness in front of a new mobile technology becoming adjusted just in time to solve different tasks. A similar opinion has the author Druin [14] who creates an alias for these new unusual phenomena amongst young children known as I-children.

2.3 Methodology Our laboratory experiment deployed in November 2019 at the Bucharest University of Economic Studies, as we shown in a previous paper work [15], has leaded to a series of numerical observations which were grouped around a specific metric indicator named academic performance, abbreviated here with PE, considered to be a depended statistic variable. An embedded task allocated to the assessment target of our mobile multimedia experiment was to gauge the preferences of our students involved in this research study project. These preferences were grouped in two classes regarding quality attributes allocated to the hardware of mobile device, used by every student, and in a second point of view our attention was focused to the quality attributes related to the multimedia mobile applications used. Our research question is the following: What is the correlation between the resultant forces generated by qualities attributes regarding mobile multimedia applications, distributed in a set of a complex mobile hardware devices, against a group of students keen to execute learning activities, and a personal degree of a self-intrinsic evaluation of their academic performance? There were developed four mobile multimedia applications, from the APP1 to APP4 , with the same curricula content experimented but with a decreasing value of multimedia components. We are showing these two classes in Table 2.1.

2 The Effectiveness of a Multimedia Mobile Application

19

Table 2.1 The classification of quality attributes allocated to mobile application Quality attributes of the mobile device

Quality attributes of the multimedia mobile application

No.

Name of the quality attribute metric indicator

User’s option

No.

(1)

(2)

1

Type of mobile network

2

10

2

Type of operating mobile system

3

3

Display size

4

Name of the quality attribute metric indicator

User’s option

(3)

(4)

Preexistent knowledge about educational subject studied with mobile application

2

11

Utility of animation

5

4

12

Logical presentation of the content

3

The temperature of mobile device during application

3

13

Correlation between learning objectives and evaluation questionnaire

3

5

Discharging mobile’s battery

4

14

Virtual instructor evaluation

5

6

Gaps over the video sequence

3

15

Sequentially operating mode

2

7

Device calibration of font size

2

16

The importance of audio content

5

8

Device manipulation 3 (landscape or portrait)

9

Speed browsing necessity

Total number of user’s options

25

3

Total number of user’s 27 options

There are 9 subcategories regarding quality attributes studied of mobile device and 7 subcategories regarding quality attributes involving quality attributes of multimedia mobile application. Every option validated for quality attributes involving mobile device, according with user’s choice, from Table 2.1 was equaled to one-point value and if we are speaking of quality attributes regarding multimedia mobile application a value of 1.08, resulted from division between number 27 by 25, was calculated to reach a state with equal distribution between these two quality categories. The sums of all points acquired were centralized into those two previous mentioned classes of quality attributes according toward every multimedia mobile application from APP1 to APP4 . The schema used to visualize the picture of the effectiveness regarding learning impact considered to be the result when a user tries to assimilate knowledge with a multimedia mobile application is depicted in Fig. 2.1.

20

D. Mihail-V˘aduva

Fig. 2.1 The learning impact assuming the environment of a multimedia mobile application

In Fig. 2.1, in zone labeled with A, we meet a virtual teacher represented here by a mobile device with its quality attributes. On the other hand, in zone labeled with B, we meet the multimedia mobile application installed on the mobile device used, which can be assimilated with a teacher’s method ready to deploy knowledge. Furthermore, in zone labeled with C, we visualize a normal learner who tries to use the mobile device with a specific application to acquire some knowledge regarding a specific subject. We introduced two forces, labeled with F and G that will be considered starting from a single point and targeting the zone A, representative for the mobile device quality attributes, and the zone B, considered to be representative to the multimedia quality attributes. There is an angle, labeled with α, between the force F and G considered to be the concentration of the multimedia mobile application explained in our previous work. We are embossing, with label A, that a mobile device will take a place represented by a teacher formal position and a method of doing teaching, with label B, should be replaced by a multimedia mobile application. If we are, generally, speaking about learning attraction between a student and a teacher’s method then it is obvious that it is possible to assume and scientifically study a virtual attraction between a student and a mobile device in a specific multimedia mobile applications environment. In our laboratory experiment we are assuming that the role of a teacher as a human being is missing. For every mobile application were calculated a pair of numerical values according with Eqs. 2.1 and 2.2. The general numerical results were normalized with a maximum value of points calculated to every class in part from the multimedia mobile application APP1 toward APP4 . Fmobile attributesAppi =

27    k jm × v

(2.1)

m=1

G multimedia mobile attributesAppi =

52   n=28

where

k jn × v



(2.2)

2 The Effectiveness of a Multimedia Mobile Application

21

i = the indicator of the version about multimedia mobile application from 1 to 4, j = the indicator about the subcategory of quality attribute between 1 and 52, m = the indicator of the quality attribute metric indicator for any user’s choice from 1 to 27, n = the indicator of the quality attribute metric indicator for any user’s choice from 28 to 52, v = the value resulting from counting validated choices for every user’s choice allocated to the educational force generated by the learning interaction between a user and a multimedia mobile application, k = the coefficient to quantifying the weights of user’s options. The sum of the weights for every subcategory shown in Table 2.1 is equal with 1, F = the force resulted from cumulating evaluation of user’s choices regarding the attributes of mobile user’s device during laboratory experiment, G = the force resulted from cumulating evaluation of user’s choices regarding the attributes of multimedia mobile application during laboratory experiment. For evaluation of the effectiveness about learning impact during laboratory experiment using four multimedia mobile applications we proposed the Formula 2.3 presented below. The Formula 2.3 proposed could be justified by the assumption that the effectiveness of the learning impact using multimedia mobile application will be direct proportional with the nominator and inversely proportional with the denominator. In this case the denominator will be treated like a regular learning distance between the source that shed learning and the target that assimilate the knowledge. The nominator is the scalar product of the force abbreviated with F and G previously introduced. When the value of denominator if very low then we are expecting a high value for effectiveness about learning impact because in this case we are assuming a tight correlation between mobile quality attributes and multimedia mobile application quality attributes. Keeping into account our previous assumptions we introduced an understandable presuming similarity between our proposed formula and the attraction between two electrical charges. The effectiveness of the educational field generated by a close encounter between a multimedia mobile application and a user should be treated from the perspective of the effectiveness of the impact generated by a learning activity covered with an electromagnetic shield generated by a mobile device. E impact = Q ×

Fma × G mma abs(Fma − G mma )

(2.3)

where E impact = the effectiveness of the learning impact using multimedia mobile application, Fma = the force resulted from cumulating user’s choices regarding mobile attributes used, G mma = the force resulted from cumulating user’s choices regarding multimedia mobile application,

22

D. Mihail-V˘aduva

Q = the value of an educational environmental factor created to evaluate the effectiveness of the learning impact using multimedia mobile application. We proposed a Formula 2.4 that involves the value of curricula integration, the value of time coverage regarding effective learning time and the value of multimedia concentration. Q=

1 cintegration × tcoverage × amultimedia concentration

(2.4)

where cintegration = the value of curricula integration calculated with the Formula 2.5, tcoverage = the value of time coverage dedicated only toward learning activity and not for recall or recap of knowledge calculated with Formula 2.6, amultimedia concentration = the value of multimedia concentration regarding the multimedia mobile application studied explained in our previous paper work. cintegration = 1 +

pintroduce collateral concepts pprincipal subject of learning + pintroduce collateral concepts

(2.5)

where pprincipal subject of learning = the value resulted from counting the parts referring the main subject of the learning activity, pintroduce collateral concepts = the value resulted from counting the parts referring other concepts, already delivered toward the user, with the role to help the main subject of the learning activity. tcoverage =

tlearn tlearn + trecap

(2.6)

where tlearn = the time in seconds allocated only to learning activity, trecap = the time in seconds allocated only to recap or recall activity. The coverage of time due to the learning activity was a new path to approximate the coverage of the lines of multimedia mobile application named, generically, the source code. Our goal was to find a better way to evaluate the effectiveness of the line code regarding a learning multimedia mobile activity versus a recap or recall multimedia mobile activity. Tracing a loading activity of some source lines, as we presented in a previous paper [16], at the level of a system of log files, during multimedia mobile application exploitation, does not offer a guaranty toward a conclusion that underlines the effectiveness of source line traced in log files against a learning activity objective. In this case the time spend over a specific stage embedded into a multimedia mobile application was a proper criterion to evaluate the effectiveness of the learning impact upon the stage studied. The value of curricula integration was centered toward collateral concepts with the role of helping assimilation of the

2 The Effectiveness of a Multimedia Mobile Application

23

principal subject dedicated in our laboratory experiment. The value of curricula integration is considered, in our laboratory experiment, to be a value added to the learning activity.

2.4 The Proposed Solution The values of the metric indicator named time coverage, abbreviated with t coverage , calculated with the Formula 2.6 are shown in Table 2.1 where every version of multimedia mobile application labeled with APPi has its own preferences among students involved in our laboratory experiment. The path where every respondent evolves during his learning multimedia mobile experience could be depicted in Fig. 2.2. We are trying to emphasize that a normal teaching activity holds two kinds of activities. One activity is correlated with an area covered by strictly learning about new concepts and the second one is assuming that respondents are stimulate to recap or to recall some previous knowledge. This image is depicted in Fig. 2.2. In our laboratory experiment these activities are intertwined as we declared in Fig. 2.2. In Table 2.2 we are emphasizing that the metric indicator T time, named the total time for teaching activities is constructed using the total time for learning, meaning a sum composed from LT1, LT2, and LT3, and a total time for recap actions, meaning

Fig. 2.2 The way how teaching activities are intertwined in our laboratory experiment

Table 2.2 The classification of quality attributes allocated to mobile application Version of APPi

LT1(s)

SR1(s)

LT2(s)

SR2(s)

LT3(s)

T time(s)

L time(s)

t coverage

(1)

(2)

(3)

(4)

(5)

(6) = (1 + 2+3+4 + 5)

(7) = (1 + 3 + 5)

(8 = 7/6)

APP1

3695

1773

4328

1190

13,924

24,910

21,947

0.88

APP2

6738

1920

7368

1733

21,372

39,131

35,478

0.90

APP3

10,439

1559

8732

1333

31,833

53,896

51,004

0.94

APP4

4998

3313

5963

708

15,230

30,212

26,191

0.86

24

D. Mihail-V˘aduva

Table 2.3 The classification of quality attributes allocated to mobile application Number order

The main objectives of learning activities in our laboratory experiment

Order

The collateral concepts used for learning activities in our laboratory experiment

1

The Firebase database

1

Referential integrity in a database

2

JSON structure

2

CRUD operational statements

3

NOSQL diagram

3

SQL commands

4

Rules to operate with Firebase

4

JavaScript language

5

Creating a project Firebase

5

Programming ability upon personal mobile device

a sum composed from SR1 and SR2. Using the Formula 2.6 we obtained the values inserted into Table 2.2. The maximum value for the metric indicator t coverage is located at the level of APP3 . This is the location where respondents allocated a maximum effort to achieve new knowledge from the mobile multimedia application. The minimum value for the metric indicator t coverage is located at the level of APP4 . The metric indicator named curricula integration, abbreviated with cintegration , was the same for every multimedia mobile application tested because this was a premise of our laboratory experiment: the same educational content deployed with a different multimedia concentration. In Table 2.3 we are exposing the categories of teaching objectives through main curricula goals and the secondary concepts that are considering helpful in our laboratory experiment. The metric indicator abbreviated with cintegration was calculated with Formula 2.5 previously explained. The value obtained for this metric indicator is 1.5. The metric indicator named multimedia concentration, abbreviated with amultimedia concentration was introduced in our previous paper work [15]. In Tables 2.4 and 2.5 we revealed the values obtained in our survey launched when the laboratory experiment reached at the end. The metric indicator abbreviated with cintegration was calculated with Formula 2.5 previously explained. The value obtained for this metric indicator is 1.5. The metric indicator named multimedia concentration, abbreviated with amultimedia concentration was introduced in our previous paper work [15]. In Tables 2.4 and 2.5 we revealed the values obtained in our survey launched when the laboratory experiment reached at the end. In Table 2.4 the coefficient, named k with red color, was introduced to quantify the weights of user’s options and will get a value according with his importance in our laboratory experiment. For every subcategory studied the sum of user’s choices with the Formula 2.7 represent the total number of respondents per every group involved in our research. 4  i=1

vAPPi = 29

(2.7)

2 The Effectiveness of a Multimedia Mobile Application

25

Table 2.4 The values for quality mobile attribute according every respondent’s choice

where v = the number to indicate the total number of user’s option for one multimedia mobile application from APP1 to APP4 . In this case the total number of respondents was 116, grouped in 29 respondents, allocated to four multimedia mobile applications from APP1 to APP4 . In Table 2.6 we are represented the final calculation of the effectiveness of the learning impact using our multimedia mobile application APPi . In column 6 of Table 2.6 we are representing the value calculated for the effectiveness of the learning impact using our multimedia mobile application APPi with our proposed Formula 2.3. We are observed that a strong statistic correlation, shown in Table 2.7, occurs when we applied linear regression between the academic performance PE as a dependent variable and the values of quality attributes, represented by multimedia mobile application and mobile device, shown in column 2 and, respectively, 3 from Table 2.6.

26

D. Mihail-V˘aduva

Table 2.5 The values for multimedia mobile attribute according every respondent’s choice

Table 2.6 The calculation for the effectiveness of the learning impact E impact Multimedia Multimedia Mobile Multimedia α Time E impact mobile quality device concentration coverage version attributes quality amultimedia concentration tcoverage attributes

The academic performance PE

(1)

(2)

(3)

(4)

(5)

(6)

(7)

APP1

66.798

93.2

0.57

0.88

313.39

1298

APP2

79.056

89.6

0.42

0.9

1184.82

2088

APP3

82.89

81.3

0.28

0.94

10735.40 2885

APP4

71.172

84.65

0.14

0.86

2475.10

1492

Table 2.7 The linear regression to analyze multiple correlations Multiple R

R square

Coefficient MMva

Coefficient MDa

Intercept

0.9644

0.9300

85.60

−16.86

−3008.01

where MMva = represent the multimedia mobile version quality attributes MDa = represent the mobile device quality attributes

2 The Effectiveness of a Multimedia Mobile Application

27

100 80 Mulmedia quality aributes

60 40

Mobile device quality aributes

20 0 APP1 APP2 APP3 APP4

Fig. 2.3 The intersection between qualities attributes in our laboratory experiment

The equation resulted from linear regression will be in our experiment represented by Eq. 2.8, Y = 85.60 × X 1 − 16.86 × X 2 − 3008.01

(2.8)

where X 1 = represent the multimedia mobile version quality attributes, X 2 = represent the mobile device quality attributes, Y = represent the academic performance PE. If we are representing, in Fig. 2.3, the numerical values from column 2 and 3, from Table 2.6, a point of intersection will be exposed as a starting point who amplifies the effectiveness the impact of the learning using multimedia mobile applications in our laboratory experiment.

2.5 Discussions From Table 2.6 and Fig. 2.3 we should extract the conclusion that APP3 creates the highest value for the effectiveness for the learning impact, E impact , taking into consideration that the total value for quality attributes studied for mobile devices used is in a state inversely proportionally with the total values calculated for the quality attributes analyzed for multimedia mobile applications studied. We are seeing that the value 81.3 is at the lowest level in our scale for quality attributes for mobile device used and the value 82.89 is at the highest level in our scale for quality attributes for multimedia mobile applications. The point of intersection is allocated to the application APP3 which is responsible for the highest awareness, concerning toward the subject of knowledge studied, of the respondents involved in out laboratory experiment. The highest awareness is represented by the value of the metric indicator PE, named the academic performance, located in the column 7 of Table 2.6. The application APP1 will be characterized by a lowest value simultaneously for the learning impact, E impact , and for the academic performance PE due to the fact that

28

D. Mihail-V˘aduva

multimedia concentration was at the highest level in multimedia mobile application APP1 as we can see in column 4 from Table 2.6. This conclusion is explained by the fact that all the multimedia effects used in our laboratory experiment could be responsible for a dilution of general learning attention needed to be acquired in a short time toward focusing the main target exposed in multimedia mobile application deployed. The metric indicator named academic performance, abbreviated with PE, who is a resultant force from a formal and an informal evaluation, is correlated with this paper result using the resultant intersection between quality mobile attributes and quality multimedia mobile applications studied. This observation is consolidated by the results of the multiple correlations using linear regression shown in Table 2.7 and Eq. 2.8. The link observed between qualities attributes referring mobile device used together with multimedia mobile applications and the metric indicator named academic performance PE is a premise to the conclusion that the learning energy impact calculated, E impact , is at the highest level using the multimedia mobile application APP3 and at the lowest level using the multimedia mobile application APP1 . The evolution of the quality attributes studied are orientated, furthermore, toward to the conclusion that meanwhile the values attributes for mobile devices are involved in a descending slope, and a minimum value, the value attributes for multimedia mobile applications recorded an evolution characterized by an ascending slope, and a maximum value. This observation connected with the information that the level of multimedia concentration is at a medium value, approximately, of 30%, let us to conclude that the respondents using the multimedia mobile application APP3 are more involved in managing the mobile multimedia application against to the other functions embedded into mobile device hardware, not essential to the learning subject studied. In this case the role of the visual effects is diminished and is not preponderant against the role of the information that could be delivered by a text message. The switched position between multimedia mobile applications APP2 and APP4 obtained in our laboratory experiment, regarding numerical values from Table 2.6, columns 6 and 7, could be explained by a reverse score numerical values for subcategory referring previous knowledge about educational subject studied. A highest value for the learning energy impact calculated, E impact , is recorded at the multimedia mobile application APP4 where total number of respondents who declare knowing something tangential with the subject studied is greater than the total number of respondents, allocated to the application APP2 , who declare that the subject studied is a genuine new knowledge. Nonetheless, the combination between the learning energy impact calculated, E impact , and the multimedia concentration produced a classification value for the metric indicator named academic performance PE, regarding multimedia mobile application APP2 , superior against the value obtained by the multimedia mobile application APP4 . The consequence of this research revealed that the impact of a learning educational process with multimedia mobile applications could be treated from the perspective of a resultant force between quality attributes regarding mobile device together with multimedia mobile applications as well as between formal and informal evaluation.

2 The Effectiveness of a Multimedia Mobile Application

29

Furthermore, a link between these two approaches could be revealed in a controlled laboratory experiment.

2.6 Conclusions and Future Work A high learning effectiveness resulted from a study concerning quality attributes of the educational environment should be correlated with the resultant force created when the evaluation of knowledge, previously studied, occurs. We noticed that educational polarization occurred when quality attributes are studied with questionnaires immediately after the laboratory experiment ends. This phenomenon of awareness encountered at the multimedia mobile application APP3 is connected with the ability to get an approximately synchronized evaluation between formal and informal assessment. In this case we are saying that we arrived toward a situation of educational polarization. This event is characterized in a graphical manner by a surface delimited at the intersection of the lines belonging to the quality attributes exposed in Fig. 2.3. Every point from this surface could be allocated toward a state where a virtual respondent gives a more attention to the mobile educational content against to the multimedia components or to the own mobile device. In this situation we could say that a virtual respondent is disconnected, in a mentally way, from his affiliation started with a mobile device dependence. The following actions will be taken to explore in depth more consequences of the necessity for using mobile device as a major tool toward an educational process: • Creating more scenarios to emulate the confrontation between qualities attributes regarding mobile device used and multimedia mobile applications. • Explore additional educational rules to convey a physical interpretation of the reactivity manifested by the educable people who are using mobile device for learning.

References 1. Toperesu B-A, Turpin M, Van Bell JP (2019) Impacts and satisfaction of using smartphones for learning in a university context. In: Proceedings of 4th international conference on the internet, cybersecurity and information systems 2019 2. Kuhlemeier H, Hemker B (2007) The impact of computer use at home on students’ Internet skills. Comput Educ 49:460–480 3. Siemens G Connectivism: a learning theory for the digital age. Int J Instr Technol Distance Learn 2(1):1–9 4. Melchor G, Varela R-S, Moron-Marchena J (2020) Using Mobile devices for educational purposes in compulsory secondary education to improve student’s learning achievements. Sustainability 5. Nawaz SS, Mohamed R (2020) Acceptance of mobile learning by higher educational institutions in Sri Lanka: an UTAUT2 approach. J Crit Rev 7(12):1036–1049

30

D. Mihail-V˘aduva

6. Venkatesh V, Thong JY, Xu X (2012) Consumer acceptance and use of information technology: extending the unified theory of acceptance and use of technology. MIS Q 36(1):157–178 7. Oulasvirta A, Raita E (2012) Habits make smartphone use more pervasive. Pers Ubiquitous Comput 8. Farrah M, Abu-Dawood A (2018) Using mobile phone applications in teaching and learning process. Int J Res Engl Educ 49–67 9. Shonola A, Oyelere S, Joy M, Suhonen J (2016) The impact of mobile devices for learning in higher education institutions: Nigerian universities case study. Int J Mod Educ Comput Sci 10. Hashemi M, Azizinezhad V, Najafi V, Nesari A (2011) What is mobile learning? Challenges and capabilities. Proc Soc Behav Sci 30:2477–2481 11. Koroleva D (2015) Mobile technology and social media usage by modern teenagers at home and at school. Always Online 12. Montrieux H, Vanderlinde R, Schellens T, De Marez L (2015) Teaching and learning with mobile technology: a qualitative explorative study about the introduction of tablet devices in secondary education. PLoS One 13. Gonca KC (2015) How mobile devices affect students according to teachers’ beliefs. J Int Educ Res 11(4) 14. Druin A (2009) Mobile technology for children: designing for interaction and learning. Kaufmann Morgan 15. Mihail-Vaduva D (2020) The Resultant Force of a Multimedia Mobile Application. Inform Econ 24(3):24–39 16. Mihail-Vaduva D (2019) Quality characteristics of mobile learning applications. Inform Econ 23(4):76–88

Chapter 3

An Analysis of Different Browser Attacks and Exploitation Techniques Stefan Nicula and R˘azvan-Daniel Zota

Abstract Modern browsers are very complex pieces of software, having capabilities, and functionalities that have been compared to those of the operating systems. Although not quite the same, browsers do pack a lot of processing power and enough versatility to dictate a big part of our everyday internet-related activities by providing optimization and robust frameworks. A large range of functionalities and mechanisms are directly related to a bigger attack surface, complexity comes with hidden bugs and deeper analysis requirements. This paper aims to take a look and study some of the attack vectors and exploitation techniques applied for browser research security based on the Windows environment. Among the examples, we can note that some browser engines are so complex that they have their own classes of vulnerabilities while others are notorious for their flawed design. The paper dives into ways of evaluating a browser’s security level and conducting research based on multiple attack vectors by taking into consideration the latest protection mechanisms, exploitation techniques, and vulnerabilities discovered.

3.1 Introduction By taking a brief look at the history of the browser and the JavaScript engine, we can note an ever-ascending trend of complexity and technological increase, this being one of the main key components that pushed the internet to its current levels. Having such a big impact in every day’s online work, browsers are notorious for being targeted by both researchers and external malevolent attackers. Oftentimes, we see that exploits are leveraged to spread malware or to monetize advertisements in an unintended way. A simple pop-under or a clickjacking opportunity can have devastating effects on the user’s privacy level. On the other hand, full-blown exploits that abuse certain S. Nicula (B) · R.-D. Zota The Bucharest University of Economic Studies, Bucharest, Romania e-mail: [email protected] R.-D. Zota e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_3

31

32

S. Nicula and R.-D. Zota

vulnerabilities like memory corruption are the most devastating in terms of user victims. On the bright side, active updates and maintenance is constantly offered and all the main browsers from the market are enrolled in public bug-bounty programs and are exposed to internal security controls as well. Unfortunately, there is no universal fix for many situations that are allowing abuse, mainly because, by design, a browser was made to accommodate multiple custom functionalities demanded by the websites. A good example would be the implementation of HTTP security headers that are intended to add many layers of security improvements by allowing the webserver to communicate with the browser and dictate different levels of protections. However, strict HTTP security header configurations can interfere with the usual web application flow or completely make it unusable and as such, many differences in implementation can be noted and a solution to cover them all would be impossible and impractical. In the next chapters, we will take a look at some of the ways that we can follow in order to start creating a baseline for browser security research by studying attack vectors, protection mechanisms, classes of vulnerabilities, and different particularities. We will also tackle the subject of automated vulnerability discovery by using fuzzing or manual testing in order to target functional bypasses and complex bugs that could not be found otherwise with an automated system.

3.2 Evaluating the Security of a Browser Evaluating a software from a security point of view requires a deep understanding of the complexity, the mechanisms, and the overall architecture of the program. The more complex the program is, the harder it is to reach a good coverage. The coverage is defined as a percentage of the code paths, functionalities, and mechanisms being reached by the defined tests. There is also the problem of the tests being able to cover an optimized amount of test cases and edge-case scenarios. The main problem with a really complex solution is creating a comprehensive method to evaluate all the features and the biggest challenge of all is perhaps that there is no guarantee that new code and modifications will not alter the previously assessed code. It becomes quite impractical and not feasible to account all the possibilities and scenarios. As such, a prioritization based on different triage categories is required. Browsers are integrating and interpreting multiple languages and technologies and are interfacing with the operating system and providing a dynamic experience for the user. The interpretation of scripting languages provides one of the best ways to evaluate and provide input to the browser in order to create test cases. Well defined protocols have been established for technologies such as HTML, CSS, and JavaScript and they are constantly changing. The biggest problem comes where all these technologies are communicating and interacting with each other. The JavaScript code especially is notorious for providing a big attack surface considering the many functionalities that it provides, the API calls exported, and all the frameworks that are constantly asking for more capabilities.

3 An Analysis of Different Browser Attacks …

33

Another interesting target that can provide good results is the comparison between multiple engines and their implementation for different features. Attacks can be targeted on multiple layers, and generally, each class of vulnerability can be hunted in different ways, although some methods such as fuzzing are more preferred for memory corruption issue research rather than functional bypasses which are more for complex reverse engineering techniques. As such, we can define the layer and memory corruption issues, which can be targeted on investigating the implications of sending untrusted input to different functions. This automatically translates into vulnerabilities that can be linked with protection mechanisms such as ASLR, DEP, Stack Cookies, and SafeSEH. The DOM plays an equally important role, and test cases can be generated independently here, targeting mainly the investigations into various DOM components such as SOP, HTML, and CSS parsing, CORS, Cookies, and HTTP protocol implementation. Testing the sandboxing capabilities is also preferred in DOM specific test case scenarios, having the possibility of combining different features in unintended ways by using DOM components [1]. Looking into the addons implementation is also a perspective from a research standpoint, as external attackers can potentially deploy addons that might carry out attacks against the browsers, potentially exploiting 0-day vulnerabilities affecting the engine. Finally, a browser’s robustness against attacks and the general defense capabilities can be investigated with a special focus on mapping the generic differences between browser engines and the various responses obtained through specific test cases [2].

3.3 Analysis of XSS, SOP Bypasses, and Other Security Features Many of the attack vectors used in creating scenarios for DOM vulnerabilities are based on analyzing the implementation of a certain features, like internal HTML mutations on calling innerHTML property, and providing test cases with unexpected inputs in order to trigger various results that will show the browser’s behavior in a heuristic way. An interesting vulnerability to study is the mutation Cross-Site Scripting; it is specific to browsers and related to the information in transit, processed differently from the backend webserver and the browser. Often times, the browser is parsing and interpreting the input differently from the webserver that provides the input “sanitized” already from the backend, although the assumption is most of the time that the XSS filter output and the browser-rendered HTML are the same. Discrepancies can occur where the backend processing might determine an input as valid and nonmalicious, but it will actually trigger a malicious behavior when the browser will parse and evaluate it. This is the case of mutation XSS issues, where content of the server’s response is interpreted and mutated by the browser’s parses resulting in

34

S. Nicula and R.-D. Zota

JavaScript and HTML injection [3]. The multilayer approach that the general web is designed, produces these kinds of situations where ultimately, the browser that shows the webpage will render the code received, potentially allowing malicious actions to occur. The Same Origin Policy was designed as a protection mechanism right after early JavaScript implementations, and it was a response to the powerful feature of JavaScript that could permit cross-domain attacks by just visiting a malicious website. As such, the need of a Same Origin Policy was shown, in order to prevent privacy data access issues that might arise. However, the SOP can also prevent certain user-friendly functionalities to happen, so the relaxation of the SOP policy was implemented in the form of CORS, JSONP, and cross-domain postMessage mechanisms. Even so, these features added specific mechanisms that, if not configured right, could allow cross-origin abuses [4]. Interesting examples of fully-fledged SOP bypasses include two cases Edge vulnerabilities affecting the read mode implementation and the abuse of domain less blank pages. [5].

3.4 Classes of Vulnerabilities The classic memory corruption issues are part of the browser’s security concerns, mainly affecting components related to the browser engine, targeting specific JavaScript functionalities, and file parsing that are translating into core C/C++ or similar code at the engine level. By analyzing the trend of the reported vulnerabilities in the previous years for the main JavaScript engines, we can note a certain tendency toward heap-related memory bugs such as Use after free, heap buffer overflows, double free exploits, and structure-related issues like type confusions. These issues are also related to automated discovery techniques like fuzzing or via reverse engineering key components, new updates, or hidden features of the engine. Memory corruption issues have been around for every complex software, and the complexity and intercommunication between so many layers of technology and implementations are providing a big attack surface for such bugs to take place [6]. The previously mentioned SOP bypasses are also representing a target for vulnerability research, mainly due to its core nature of protecting against abusive crossdomain requests. One can see that such bypasses can provide an attacker with excessive control over the user’s browser data, potentially creating massive privacy risks. Regarding browser exploits for web usage, we also have the Universal Cross-Site Scripting that sometimes is found affecting different engines [7]. The UXSS abuses the flaw inside the browser instead of leveraging vulnerabilities against insecure web applications. Cross-Site Scripting is normally a vulnerability that affects web applications however, a namely Universal one targets the browser and as the name suggests, allows malicious JavaScript and HTML execution on any domain via a malicious website. This class of vulnerability is strongly related to SOP bypasses,

3 An Analysis of Different Browser Attacks …

35

often referred to as the same class of vulnerability because in certain situations, the root case can be the same [8]. A tendency that we can spot when analyzing such issues is the common leverage of iframe interactions for the Proof of Concepts. The same iframe abuse can also be seen in memory corruption vulnerabilities. The main purpose is related to cross-functionality information sharing that is targeted in many attacks. As an overview of the presented vulnerabilities and examples, we can conclude the following general classes of vulnerabilities based on the attack vectors: • • • •

Memory corruption issues; Browser security features abuses and bypasses; DOM exploits; Browser extensions and plugins.

3.5 Internet Explorer Internet Explorer browser is arguably an outdated and increasingly unpopular browser however, with the recent introduction of Internet Explorer mode in the Edge Chromium-based system, we are seeing some attack vectors opening and creating opportunities in terms of exploitation. Exceptionally old web applications that are running legacy interfaces are still running on Internet Explorer although their number is noticeably lower. The users of such applications can be subject to specific targeted attacks and can represent an entry vector for the attackers. Nonetheless, Internet Explorer is heavily integrated with the Windows API and its routines which makes it a good research target. A big difference between the Internet Explorer engine and all the other engines for the main browsers on the market is related to the memory management part. Internet Explorer uses the Windows Heap Manager for most of the dynamic memory related processes, and the same implementation is used by the Windows operating system itself. This difference has considerable implications on the exploit development part for heap-based vulnerabilities as a thorough understanding of the Windows Heap Manager is needed in order. This implementation can actually benefit researchers as the Windows Heap Manager can be tested and debugged using other local programs. This is a big advantage compared to other browser engines, mainly because it takes away all the complexity and the load of a browser and provides a direct access to analyze the behavior of heap memory [9]. However, this also means that future protections and security implementations of the Windows Heap Manager will also have a direct impact on the browser itself. Considering that the manager was developed in order to provide memory management to an operating system userland, this can have additional complexity and protection mechanisms that will tamper with the exploitation flow. Nonetheless, a research on the Windows Heap Manager will benefit security evaluation in both Windows-based applications and the Internet Explorer.

36

S. Nicula and R.-D. Zota

3.6 Chromium and JIT Compilation The Chromium build is based on the Blink browser engine, the well-known engine that is used by Chrome and nowadays by the new Microsoft Edge as well. At its core, Chromium is using the open-source V8 engine as JavaScript and WebAssembly engine. JIT attacks have become increasingly popular and security researchers have started defining JIT specific issues that are affecting the products [10]. Modern JavaScript engines such as V8 are performing just-in-time (JIT) compilation of the JavaScript code as an optimization and performance related functionality. This means that the engines are translating JavaScript code directly to native machine code for faster execution. When the interpreter for such engines is executing the same functions for a number of times that function is marked as a hot path and compiled by the JIT compiler for optimization. When the function is called again, the native code will execute, bypassing the interpreter. Many components from the JIT engine are statically analyzing the dynamic JavaScript language in order to properly set the type of the input code or variable. In type confusion cases, a big difference is made between the type information when statically analyzed by JIT and the type placed at runtime. This behavior can cause the optimizer to eliminate certain protections like CheckBounds [11] that ultimately provides the ability to construct powerful exploitation primitives. An example of two common and more abstract primitives that can be leveraged to grant more freedom in corrupting the memory are addrof and fakeobj. A successful exploit on latest versions of the browser engine requires a need for bypassing ASLR protection because the location of memory regions such as heap, libraries, and the stack are randomized and unknown to the external attacker code. Moreover, compared to Internet Explorer memory, the heap of a JavaScript engine such as V8 is very crowded, resulting in a difficult process of predicting addresses. Hence, the addrof can be crafted in order to take an object as input and return the memory address of that object. It represents a sequence of basic function calls and instructions using regexes and mathematical operations that will result in the desired behavior. On the other hand, the fakeobj primitive is built to take a memory address and input and return the object reference backed by that memory address. These are really versatile primitives that help in referencing and obtaining the right memory addresses. Although much different from the Internet Explorer engine, both heap managers have some common ground in how the data is being managed in terms of heap metadata information, a generic mechanism for Garbage Collection, optimizations, and protection mechanisms at the memory level and the general structure of object and usage of vtable pointers, mappings, and indexation.

3 An Analysis of Different Browser Attacks …

37

3.7 Protection Mechanisms ASLR and DEP significantly raised the bar of vulnerability exploitation. In the old generation of browsers and for early adoption of these mechanisms, there were still some possibilities of abusing certain loaded modules that were not implementing ASLR that offered a glimpse of hope for bypassing methods to be as low effort as possible. However, these days, all the main browsers are including DEP and ASLR for all their modules without exception. This has changed the field so much that, by analyzing the Pwn2Own competition for browser exploits, for example, we can note the trend of combining multiple vulnerabilities including a mandatory primitive that creates some form of information disclosure in order to build the exploit chain off of that. This is mandatory in modern memory corruption exploitation in order to overcome protections such as ASLR and DEP [12]. Another very important protection mechanism is the sandboxing protections offered by the browsers. This mechanism comes with a series of specific protections that are forbidding actions within the browser’s process as technically, if the browser is behaving normally, such anomalies would not occur. We take the example of Chrome’s sandboxing system, and we can have a look at some of the details on how it operates [13]. For Chrome, all the processes running the sandbox will have a Low Integrity level. This dictates a process’s restrictions and permissions when trying to access resources, objects, or invoke certain functions, especially when communicating with higher integrity levels. This also translates into preventing attackers from being able to exploit a number of kernel leaks that requires processes to be running with Medium integrity or higher. Another protection that leverages the Windows own implementation is applying restrictive job objects and tokens for all the running processes under the Chrome sandbox. Among other things, this prevents the spawning of child processes. A Windows job can be assigned to a process, and it can implement many restrictions and limitations, including hardware related functionalities such as limiting the CPU processing power as an example. The restricted token ensures that the process does not have any permissions inside the system. For an exploitation, an attacker will likely need to obtain and steal another more privileged token from other processes. Additionally, processes running in the Chrome sandbox will automatically run inside an isolated desktop environment that is separated from the main desktop. This prevents attacks such as the Shatter attack that abuses the Windows messaging service [14]. The Windows operating system prevents windows messages from being sent between desktops; hence, processes running inside a limited desktop will not be able to communicate with the main user desktop, but it can communicate with processes from inside the sandbox alternate desktop. Also, the sandbox prevents calls to win32k.sys on Windows 8 and higher.

38

S. Nicula and R.-D. Zota

We can already note that a lot of protection mechanisms are making an exploitation scenario very unlikely, and a successful exploit will require multiple components and primitives to work. Even so, exploits bypassing all these limitations have been identified in the wild, specifically referring to CVE-2019-5786 and CVE-2019-0808 which are combined in order to obtain remote code execution [15].

3.8 Exploitation Techniques All the protection mechanisms previously mentioned have made it exponentially harder to develop reliable standalone exploits. Modern browsers are employing strong sandboxing techniques, multiple layers of memory protections and deep structure integrity checks on specific memory areas. When developing a browser exploit, generally, to leverage a certain vulnerability oftentimes requires an understanding of the internal memory allocations and the behavior of the engines. A good understanding of the heap managers behind the JavaScript and HTML parser is crucial in creating custom heap layouts with external controlled data. Precise allocations and fixed data structures are key in grooming the memory to exploit memory corruption issues. All of these techniques are possible by using the allocators “offered” by the engines in the best way possible in order to maneuver around the memory space area with ease. Each engine comes with its different allocation routines and mechanism, but we can note specific templates that are used by them such as the caching mechanism for optimization purposes, the introduced randomization in order to prevent adjacent allocations, definition of memory chunks and data structures, metadata headers for the memory structures, routines such as allocation, free, reallocation. The main target of memory corruption exploitation is controlling and overriding vtable pointers or some form of metadata structure from complex heap memory objects. In many browser exploits, we can note that the process of heap spraying has not lost its full potential, although it is not used as before. In past years, a heap spray was used in order to control the content at a predictable address. Nowadays, heap spraying can be used in order to preserve the grooming of a heap memory by keeping references to allocated objects to prevent Garbage Collector from deallocating and creating inconsistencies in the heap memory. This process helps in linearizing the heap. A heap spraying also helps in triggering different processes such as JIT routines, optimizations or other mechanisms that are closely monitoring multiple significant allocations. A good option for bypassing NX protections on Chrome is to make use of the WebAssembly code. The V8 engine is not alternating the read-write and read-execute flags on code memory areas. A bypass can be achieved by trying to modify certain flags from the Heap instance corresponding to chunk metadata; however, there are implications to this. A stack pivot technique also requires work in terms of computing a good ROP chain and finding the right gadgets. A better alternative would be using

3 An Analysis of Different Browser Attacks …

39

WebAssembly code which is compiled by default with RWX, and this can be used in conjunction with the addrof primitive to obtain a direct reference to the executable code [16].

3.9 Fuzzing Fuzzing is a way of discovering bugs in software by providing mutated randomized input to the tested software, monitoring the results, and triaging the crashes to find the root cause. The process of fuzzing plays a big role in vulnerability discovery [17]. Nowadays, multiple companies are developing custom fuzzers and are integrating fuzzing in their browser development lifecycle, having a major role in every SDLC plan. This significantly helped in lowering the number of vulnerabilities found exploited in the wild and helped provide an overall better security maturity to the products. Regarding applied fuzzing in the context of browser security, most of the results can be expected to originate from some kind of memory corruption issue, given the nature of the employed technique. Logical flows and functional bypasses are usually not the target of fuzzers, rather these specific findings are uncovered using manual techniques such as reverse engineering. Some of the main challenges of fuzzing the browsers could be the instrumentation and the crash triaging process, mainly because it requires deep knowledge on the browser engine internals to be able to automate the fuzzing campaign and pinpoint the root cause to analyze the full context. Programs with complex input validations and input code paths require much more elaborate work to create fuzzers smart enough to produce efficient and sufficient code coverage. There are many types of fuzzing techniques available, each coming with their pros and cons. For some of the techniques such as mutation-based fuzzing, a test case and a setup is arguably one of the easiest to create; however, this type of fuzzing represents a plain approach to the discovery process. Hence, more intelligent techniques are usually combined with the samples taken from the mutations and are used in order to produce malformed input. More advanced techniques such as symbolic fuzzing are solving the problems with traditional methods of fuzzing in that they fail to exercise all the possible behaviors that a system can have. The automatization is also very dependent on the instrumentation provided, the crash analysis and the corpus generated for fuzzing. Tools like dynamoRio can help with instrumentation and memory debuggers like AddressSanitizer, the PageHeap will aid in debugging a crash more easily. A popular tool for assessing a crash dump is BugID which helps in checking a crash and identifying if there is a security bug involved or a non-security related issue that might not be exploitable. This step is important for the triaging process, especially considering that not all crashes are necessarily vulnerabilities. There are limitations, pros and cons, and dependencies for each method of fuzzing. The integration of automated discovery methods into the process of security research

40

S. Nicula and R.-D. Zota

for browsers will bring a lot of insights and possible results. Fuzzing modern browsers plays an important role in code coverage testing and attack surface mitigation, helps in trying to evaluate the codebase as much as possible, and allows the discovery of vulnerabilities that are otherwise virtually impossible to find using manual or semi-automated approaches.

3.10 Conclusion Browsers are increasingly getting more complex and that can have both good parts and bad parts. The security of a browser plays a big role in ensuring privacy over the user’s data, taking into consideration that the internet developed primarily around using a browser to accommodate online actions. A big portion of today’s network traffic by the customers is done through a browser. Attacks are getting more complex as the browser engines themselves are including more functionalities and mechanisms. The integration and the compatibility implementations for multiple frameworks are constantly increasing the codebase and the attack surface. A large-scale code base automatically comes packed with a larger attack surface. Security protection mechanisms are also reassessed, implemented and enforced more carefully into the products, resulting in higher complex solutions. This is also closely associated with operating systems that offer support for such implementations. We can note that protection mechanisms for both browser and operating systems have a direct correlation and a similar goal to mitigate the exploitation surface as much as possible and to constantly negate exploitation techniques. As with the addition of new protection mechanisms, the exploit development area is also constantly changing and getting increasingly difficult to exercise, a good number of modern Proof of Concepts are now combining different vulnerabilities or leveraging primitives for the main goal of enumerating the target and creating information disclosure situations in order to create an exploit chain that will bypass all the protections. In some situations, such as low integrity levels for the vulnerable process, a successful exploitation would only be possible using sandbox escape through an operating system vulnerability that allows the attacker to execute arbitrary code as a privileged user. We can already see that necessities are going beyond finding one single vulnerability primitive that will result in code execution because oftentimes this will not be the case. Instead, modern browser exploits are going toward finding new ways and techniques of avoiding protection mechanisms, combining different primitives, creating new possibilities to incorporate operating system vulnerabilities and leveraging advanced techniques to obtain a successful exploitation.

3 An Analysis of Different Browser Attacks …

41

References 1. Shital P, Chavan R (2017) Web browser security: different attacks detection and prevention techniques. Int J Comput Appl 170:35–41. https://doi.org/10.5120/ijca2017914938 2. Cure53 Browser Security Whitepaper (2017) https://github.com/cure53/browser-sec-whitep aper/blob/master/browser-security-whitepaper.pdf. Accessed July 2020 3. mXSS Attacks (2013) Attacking well-secured web-applications by using innerHTML mutations. https://cure53.de/fp170.pdf. Accessed Aug 2020 4. Hacking the Same-Origin Policy (2019) https://medium.com/swlh/hacking-the-same-originpolicy-f9f49ad592fc. Accessed Nov 2019 5. Disclosing vulnerabilities to protect users across platforms (2019) https://security.googleblog. com/2019/03/disclosing-vulnerabilities-to-protect.html. Accessed Aug 2020 6. Wade Alcorn, Christian Frichot, Michele Orru (2014) The browser Hacker’s handbook. Wiley Publishing 7. SOP bypass/UXSS—adventures in a domainless world (Edge) (2016) https://www.brokenbro wser.com/uxss-edge-domainless-world/. Accessed Aug 2020 8. SOP bypass courtesy of the reading mode (Edge) (2017) https://www.brokenbrowser.com/sopbypass-abusing-read-protocol/. Accessed May 2020 9. Windows 10 x86/wow64 Userland heap (2016) https://www.corelan.be/index.php/2016/07/05/ windows-10-x86wow64-userland-heap/. Accessed Nov 2019 10. Intro to Chrome’s V8 from an exploit development angle (2020) https://sensepost.com/blog/ 2020/intro-to-chromes-v8-from-an-exploit-development-angle/. Accessed Feb 2020 11. Attacking clientside JIT compilers (2011) https://www.nccgroup.trust/globalassets/resources/ us/presentations/documents/attacking_clientside_jit_compilers.pdf. Accessed Sep 2020 12. Serna FJ (2012) The info leak era on software exploitation. https://paper.bobylive.com/Mee ting_Papers/BlackHat/USA-2012/BH_US_12_Serna_Leak_Era_Slides.pdf 13. Google sandbox webpage. https://chromium.googlesource.com/chromium/src/+/master/docs/ design/sandbox.md. Accessed June 2020 14. A shatter attack: how it works (2002) https://www.zdnet.com/article/a-shatter-attack-how-itworks/. Accessed Dec 2019 15. Windows within windows—escaping the chrome sandbox with a Win32k NDay (2019) https:// blog.exodusintel.com/2019/05/17/windows-within-windows/. Accessed Mar 2020 16. Exploiting the Math.expm1 typing bug in V8 (2019) https://abiondo.me/2019/01/02/exploi ting-math-expm1-v8/. Accessed Sep 2020 17. Our guide to fuzzing (2020) https://www.f-secure.com/en/consulting/our-thinking/15-minuteguide-to-fuzzing. Accessed May 2020

Chapter 4

A General Cost Model in a Cloud Data Center Constanta Zoie Radulescu , Delia Mihaela Radulescu , Gheorghe Lazaroiu , Alexandru Sipica , and Dragos Barbu

Abstract Cloud Computing is one of the technologies with a rapid development in recent years. This technology provides many services and resources to end users at low prices. Last decade witnessed a growing interest from industry and academia in the study of problems arising in cloud computing. A major condition for the commercial success of a business in cloud data centers is the formulation of a welldefined pricing strategy. Pricing models play a key role in the services purchase decision of the potential cloud customers. On the cloud market there are numerous Cloud Service Providers (CSPs) that offer users various pricing models for storage, databases, memory, and applications. Cloud pricing models are depending on the cloud type: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). The present paper provides an overview on various price models present in the cloud market with price comparisons for the three main CSPs: Amazon, Microsoft, and Google. A general cost model is then proposed for computing the services costs in a Data Center. This model can be used by the manager to make comparisons between the cost of his own Data Center services and the cost of the same CSPs services computed according to the CSPs pricing models. For different types of hardware configurations different electricity consumption is taken into account. C. Z. Radulescu (B) · D. M. Radulescu · A. Sipica National Institute for Research and Development in Informatics, 8-10, Maresal Averescu Avenue, 01145 Bucharest, Romania e-mail: [email protected] D. M. Radulescu e-mail: [email protected] A. Sipica e-mail: [email protected] D. M. Radulescu · G. Lazaroiu Politehnica University of Bucharest, 313, Splaiul Independentei, 60042 Bucharest, Romania D. Barbu Bucharest University of Economic Studies, Doctoral School of Economic Informatics, 6, Piata Romana, 010374 Bucharest, Romania © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_4

43

44

C. Z. Radulescu et al.

4.1 Introduction Due to its business potential in recent years, cloud computing has begun to attract major attention of organization managers. On the cloud market there are numerous Cloud Service Providers (CSPs) that offer users various pricing models such as Ondemand, Reservation, Subscription, On-demand code, Bare Metal, Dedicate Host, etc. Cloud pricing models are depending on the cloud type: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). First a user should define his requirements and then select an appropriate pricing models that meets his requirements. Today, energy consumption has become one of the main problems of a Data Center manager. From an economic perspective, CSPs consider energy consumption as one of the key cost factors with a substantial impact on the operational cost of cloud infrastructure [1, 2]. A manager can choose between using CSP services or using services generated by his own Data Center. When he wants to choose one of the two options, he will make an analysis of the costs involved in the two options. It will use a cost model to calculate the services cost at his Data Center and compare it to the services price offered by CSPs. The problem of choosing a CSP which provides services that meet user requirements is a complex multicriteria decision problem [3, 4]. Pricing models are fundamental to cloud computing. The present paper provides an overview of the various existing pricing models on the cloud market with price comparisons for the three main CSPs: Amazon, Microsoft, and Google. A general cost model is then proposed for the calculation of the Data Center cost. For different types of hardware configurations different electricity consumption is taken into account. The paper is organized as follows: in the second section a state of the art is made on the existing researches in the literature regarding pricing models for cloud computing. In the third section an overview is realized on the different price model types existing in the cloud market. A general model for calculating the Data Center cost is presented in the fourth section. The paper ends with the conclusion section.

4.2 Related Work There is a lot of research in the literature on the subject of developing a cost-effective model for cloud computing. Some research refers to optimizing the allocation of resources, others to saving electricity consumption. Other research analyses the pricing models used by major CSPs or performs cost analyses and forecasts. Some recent research in the field of cost models for cloud computing is presented in Table 4.1.

4 A General Cost Model in a Cloud Data Center

45

Table 4.1 Some recent research in the field of cost models for cloud computing References Description

Model

[5]

In the paper a cost model that takes into An optimization scheduling model that account the dynamic energy attributes the overall energy costs per consumption of a given VM and the VM in heterogeneous environments proportional static cost of using a Cloud infrastructure is presented

[6]

The authors proposed a system that Cost-effective analysis ensures the Service Level Agreement and heterogeneous services. The system analyses the corresponding cost-driven Cloud SaaS optimization problem and provides an affordable optimization approach

[7]

An analytical approach is proposed in which the quality of the service and the price of the service, as well as the revenues, costs and profit of a CSP can be quantitatively available based on well-established analytical models

A non-cooperative game model for a competitive cloud computing market with competing CSPs

[1]

The paper introduces a novel Cloud system architecture that facilitates an energy aware and efficient cloud operation methodology and presents a cost prediction framework

Cost prediction model to estimate the total cost of VMs based on their resource usage and power consumption

[8]

The paper proposes two efficient workflow scheduling approaches for hybrid clouds that both consider makespan and monetary cost: A single-objective workflow scheduling optimization approach and A multi-objective workflow scheduling optimization approach

A single-objective model for minimizing the monetary cost and a multi-objective model for optimizing makespan and monetary cost

[9]

In this paper, is presented the Cloud A mixed-integer programming model Service Purchasing Problem which aims and two large neighborhood search to minimize costs while incorporating approaches specific consumer and application task requirements

[10]

In the paper is presented a new class of revenue management problems inspired by cloud computing, where the prices for multiple products that share limited resource are determined. The aim is the maximization of the expected revenue over a finite horizon

Monopolistic pricing models for revenue management

(continued)

46

C. Z. Radulescu et al.

Table 4.1 (continued) References Description

Model

[11]

A novel integer programming model for the time-varying multidimensional resource allocation problem

In the paper is proposed a multidimensional resource allocation model and a payment pricing algorithm in clouds based on the critical value theory

4.3 Overview of Pricing Models Types The three main CSPs: Amazon (AWS), Microsoft Azure (MA), and Google Cloud (GC) use different terminologies for their cloud-based operating systems. AWS calls them “instances”, MA refers to them as “virtual machines”, and GC oscillates between the two terms “instances” and “Virtual Machines (VM)”. We will use the term “instance”. All major CSPs operate under similar pricing schemes; they provide fixed-price, usage-based resources. Large vendors offer a wide selection of optimized general hardware, computing, memory, or storage configurations. Examples for Virtual Machines Pricing are: AWS [12], MA [13], and GC [14]. There are currently at least seven types of common pricing models in the cloud market, namely: On-demand, Reservation, Subscription, On-demand code (Code on Demand), Bare Metal, Spot Instance, and Dedicate Host (Fig. 4.1). Dedicate host (Amazon)—A dedicated host (Amazon EC2) is a physical server with EC2 instance capability dedicated entirely to usage. Dedicated hosts allow the use

Fig. 4.1 The CSPs pricing schemes

4 A General Cost Model in a Cloud Data Center

47

of software licenses on existing socket, per-core, or per-VM, including Windows Server, Microsoft SQL Server, and Linux Enterprise Server. An important difference between a dedicated host and a dedicated instance is that a dedicated host provides additional visibility and control over how instances are placed on a physical server, and instances can be consistently deployed on the same physical server over time [15]. Bare metal cloud is a single-user, non-virtualized environment that retains the full versatility of cloud self-service, while enabling the full potential of processing the server’s hardware. Bare Metal instances support applications that require a large number of cores, large amounts of memory, and a large amount of memory bandwidth. Computing instances on servers provide customers with exceptional isolation, visibility, and control [16]. On Demand is a delivery model in which CSP computing resources are made available to the user as needed. The On-Demand model has been developed to overcome the challenge of being able to effectively meet fluctuating demands. Because the demand for computing resources can vary drastically from time to time, maintaining sufficient resources to meet peak requirements can be costly. The On-Demand model allows payment for computing capacity or the database without long-term commitments or prepayment [17]. A comparison between the prices of “On Demand” for Microsoft Azure (MA), Google Cloud (GC), and Amazon Web Services (AWS) is made for different VM types (Table 4.2). The VM types considered are as follows: General purpose, Compute optimized, and Memory optimized. Cloud pricing comparison is difficult due to the frequency with which prices change. The same region, operating system, and vCPUs/cores are considered. Data collection is built from [18]. Reservation—Reserved instances is a price model for employment at a specific level of use. However, the conditions under which a discount is offered for Reserved instances vary from provider to provider. Reservation mode offers higher discounts, Table 4.2 A comparison between the VM prices for MA, GC, and AWS AWS, MA, and GC VM

On demand pricing (per hour) General purpose

AWS m6g.xlarge

0.166$

GC e2-standard-4

0.156$ 0,136$

MA F4s v2

0.169$

GC c2-standard-4

0.235$

AWS r6g.xlarge

Memory optimized

0.154$

MA B4MS AWS c6g.xlarge

Compute optimized

0.202$

MA E4a v4

0.252$

GC m1-ultramem-40

6.303$

48

C. Z. Radulescu et al.

in the range of 50–75% for organizations that pay for capacity on time. The amount of the discount varies depending on the duration of the reservation and how much is paid in advance (whether there is an advance payment option). From a financial point of view, reserved instances can be of significant benefit to users with constant workloads [19]. Spot Instance—A Spot instance is an unused EC2 instance that is available at a lower price than On Demand instance. The hourly price for a Spot Instance is called the Spot Price. The main difference between a Spot Instance and an On-Demand Instance is commitment. There is no commitment in the Spot Instance. As soon as the bid price exceeds the Spot price, a user receives the instance [20]. Preemptible Instances are extremely accessible, short-term computing instances suitable for flexible workloads over time. They offer last up to 24 h and are available in Google Cloud [21]. Subscription—A subscription-based pricing model is a payment structure that allows a customer to buy or subscribe to a CSP for a specified period of time at a set price. Subscribers usually commit to monthly or annual services. In a subscriptionbased model, cloud customers usually pay in advance before receiving access to cloud services. Prices are often based on the length of the subscription and a longer subscription often translates into a lower cost [22]. A comparison between the prices of three major cloud providers: MA, GC, and AWS for different CPU cores of VM is presented in Table 4.3 and Fig. 4.2. Data is built using the Cloudarado [23]. Table 4.3 A comparison between the prices of three major cloud providers: MA, GC, and AWS CPU cores

1x

2x

4x

6x

12x

24x

32x

48x

64x

MA

27

81

195

388

776

1551

1551

3102

3102

GC

30

98

197

414

1085

1853

1853

3251

4585

AWS

56

138

273

544

1146

2292

2292

4585

4679

5000 4000 3000 2000 1000 0 1x

2x

4x

6x

Windows Azure

8x

12x

Google

16x

24x

32x

48x

64x

Amazon web Services

Fig. 4.2 A comparison between the prices of three major cloud providers: Windows Azure, Google and Amazon Web Services

4 A General Cost Model in a Cloud Data Center

49

The comparison between prices was made for different CPU cores, VM using the following features: 1G RAM, 20 GB Storage, OS: Windows, Transfer Out: None, Transfer In: None, Subscription: 1 month, Location: Europe. The price was in dollars. Code on Demand—In distributed computing, on-demand code is any technology that sends executable software code from a server computer to a client computer at its request. Some well-known examples of the on-demand code paradigm on the web are Java applets, Adobe ActionScript for Flash player, and JavaScript. Serverless is a cloud architectural model that allows developers to manage and maintain servers. It is often associated with Functions-as-a-Service (Faas), a form of computing service without a server. FaaS executes autonomous codes on demand (Code on Demand) (Table 4.3) [24].

4.4 Formulation of a General Cost Model in a Cloud Data Center Each of the pricing models presented above calculates the price based on a cost model and on the cloud market. The CSP cost model takes into account the resources it uses and considers obtaining a profit. In the literature there are many cost models for CSPs. However, these models are specific to a type of cloud, customized for different types of services, usually for a period of one month. Pricing on the cloud is a complex activity since many things should be taken into account. The first thing is the cloud service provider’s aims to maximize the profit and the customers aim to obtain a higher quality of services with a lower price. Factors involved in pricing models are data center cost, market values, services portfolio pricing, quality of services, users demand, social category of users, CSPs reputation, SLA (Service Level Agreement), public review, etc. In the following, we propose a general model for calculating the Data Center cost. This model takes into account the factors involved in determining the cost, the period of time considered, the number of virtual machines (VM), and the VM types. This model can be used by a manager who wants to perform a cost analysis in order to make a decision: either to use the services of a CSP or to use its own Data Center services. We consider a Data Center in which there are n VM of m types. For each VM type i ∈ {1, 2, …, m} we denote by ni the number of VM of type i. Thus, the virtual machines will be VM i,j , i ∈ {1, 2, …, m}, j ∈ {1, 2, …, ni }. VM i,j is the j-th virtual machine of type i. A VM consumes a set of resources R1 , R2 , …, Rk . Note with qi and the amount of resource Ri used by a VM of type i the and with pi the cost per unit time of using the resource Ri . The cost of using the VMs per unit of time is

50

C. Z. Radulescu et al.

c=

k 

pi qi .

(4.1)

i=1

The main resources used in a VM are the processor (CPU), network bandwidth, RAM memory and storage space. In the case of HDD or SSD storage by the amount of resource, we mean the storage volume allocated to the VM. In the case of RAM memory, by the amount of resource we mean the volume of RAM memory allocated to the VM. In the case of bandwidth by the amount of the resource we mean the number of GB characterizing the bandwidth. In the case of the processor by the amount of the resource we mean the number GHz of the processor. Other resources for a VM include: the IP associated with the VM, the VM operating system, the set of software packages that the VM uses, and so on. This VM cost model is used in the following model. We note: – c1,i = the cost of using a virtual machine of type i, VM i,j per unit time; – t i,j = the time interval the VM i,j , is used; – d 1,i,j (t) = the volume of data downloaded by the VM i,j in the time interval [0, t] calculated in GB; – c2 = the cost of downloading one GB; – d 2,i,j (t) = the volume of data carried in the time interval [0, t] by the VM i,j through read–write operations on media (HDD, SSD) calculated in GB; – c2 = the cost of one GB written or read; – C sal = the cost of salaries in the unit of time; – C clim = the cost of air conditioning in the unit of time; – C amo = the cost of amortization per unit time; – C other = the cost of other operations per unit of time (includes repair costs, risk reserve expenses, utilities, etc.); – Profit = the expected profit to be obtained in the unit of time; – D(t) = the operating costs of a Data Center in the time interval [0, t]; – C elec (t) = cost of electricity in the time interval [0, t]; – C i,j (t) = the cost of using VM i,j in the time interval [0, t]: ci, j (t) = c1,i ∗ ti, j + c2 ∗ d1,i, j (t) + c3 ∗ d2,i, j (t)

(4.2)

The model is D(t) =

ni m  

ci, j (t) + t ∗ (Csal + Cclim + Camo + Cother + Pr o f it + Celec ).

i=1 j=1

(4.3) This model is an original model that has a high degree of generality. It takes into account the operating period of the data center and the types of VMs together with other costs.

4 A General Cost Model in a Cloud Data Center

51

The variation of electricity costs per month for different types of hardware configuration, with different power consumption is presented in Table 4.4. The Price of electricity taken into account in our study is 0.1334$/kWh. Table 4.4 The variation of electricity costs for different types of hardware configuration Hardware configuration

Power rating (watts) per hour

Electricity costs per month

1 Proc 1 Core/Proc, 0.75 GB RAM

105

10.225

1 Proc 1 Core/Proc, 1.75 GB RAM

156

15.192

1 Proc 1 Core/Proc, 2 GB RAM

156

15.192

1 Proc 4 Core/Proc, 7 GB RAM

166

16.165

2 Proc 1 Core/Proc, 4 GB RAM

160

15.581

2 Proc 1 Core/Proc, 7 GB RAM

170

16.555

2 Proc 1 Core/Proc, 14 GB RAM

180

17.529

2 Proc 2 Core/Proc, 8 GB RAM

166

16.165

2 Proc 2 Core/Proc, 14 GB RAM

250

24.346

2 Proc 2 Core/Proc, 28 GB RAM

318

30.967

2 Proc 4 Core/Proc, 14 GB RAM

324

31.552

2 Proc 4 Core/Proc, 16 GB RAM

324

31.552

2 Proc 6 Core/Proc, 64 GB RAM

682.3

66.444

2 Proc 8 Core/Proc, 128 GB RAM

682.3

66.444

2 Proc 10 Core/Proc, 128 GB RAM

652.3

63.522

2 Proc 16 Core/Proc, 256 GB RAM

1002.3

97.606

2 Proc 32 Core/Proc, 1000 GB RAM

2004.6

195.212

4 Proc 32 Core/Proc, 2000 GB RAM

3006.9

292.818

4 Proc 2 Core/Proc, 28 GB RAM

400

38.953

4 Proc 2 Core/Proc, 56 GB RAM

500

48.691

4 Proc 4 Core/Proc, 32 GB RAM

800

77.906

4 Proc 4 Core/Proc, 56 GB RAM

900

87.644

4 Proc 4 Core/Proc, 112 GB RAM

1000

97.382

4 Proc 6 Core/Proc, 112 GB RAM

1100

107.120

4 Proc 8 Core/Proc, 112 GB RAM

1200

116.858

4 Proc 8 Core/Proc, 224 GB RAM

1100

107.120

4 Proc 8 Core/Proc, 448 GB RAM

1200

116.858

4 Proc 8 Core/Proc, 448 GB RAM

1200

116.858

52

C. Z. Radulescu et al.

4.5 Conclusions The last decades have witnessed rapid development of cloud computing. In this paper it is realized a state-of-the-art of recent research in the field of cloud models for cloud computing. A short overview of various pricing models in the cloud market is presented. VM price comparisons for the three main CSPs: Amazon, Microsoft, and Google for On Demand pricing model and for different VM CPU cores is performed. A general cost model is proposed computing the operation cost of a cloud Data Center. CSP provides services that can significantly reduce operating costs of a cloud user. However, switching to the cloud can be costly and complex, and this can introduce additional tasks for managers. Acknowledgements This work was supported by project PN 19 37 04 01 “New solutions for complex problems in current ICT research fields based on modeling and optimization” and by the project PN 19 37 02 01 “Increasing the performance of Cloud services by analyzing and developing a billing system” funded by the Romanian Core Program of the Ministry of Research, Innovation, and Digitization, 2019–2022.

References 1. Aldossary M, Djemame K, Alzamil I, Kostopoulos A, Dimakis A, Agiatzidou E (2019) Energyaware cost prediction and pricing of virtual machines in cloud computing environments. Futur Gener Comput Syst 93:442–459 2. Conejero J, Rana O, Burnap P, Morgan J, Caminero B, Carrión C (2016) Analyzing Hadoop power consumption and impact on application QoS. Futur Gener Comput Syst 55:213–223 3. Radulescu CZ, Radulescu M (2020) A group decision approach for supplier selection problem based on a multi-criteria model. Stud Inform Control 29(1):35–44 4. R˘adulescu CZ, R˘adulescu IC, Boncea R, Mitan E (2018) A group decision approach based on rough multi-attribute methods for Cloud Services Provider selection. In: Proceedings of the 10th international conference electronics, computers and artificial intelligence—ECAI 2018, Iasi, Romania 5. Bansal M, Malik SK (2020) A multi-faceted optimization scheduling framework based on the particle swarm optimization algorithm in cloud computing. Sustain Comput Inform Syst 28:100429 6. Naidu PY, Rajalakshmi D, Muthusundari S, Berlin MA, Manikandan K (2021) Cost efficient tool for cloud storage services. Mater Today Proc (In press) 7. Li K (2021) On the profits of competing cloud service providers: a game theoretic approach. J Comput Syst Sci 117:130–153 8. Zhou J, Wang T, Cong P, Lu P, Wei T, Chen M (2019) Cost and makespan-aware workflow scheduling in hybrid clouds. J Syst Arch 100:101631 9. Heilig L, Lalla-Ruiz E, Voß S (2020) Modeling and solving cloud service purchasing in multicloud environments. Expert Syst Appl 147:113165 (2020) 10. Doan XV, Lei X, Shen S (2020) Pricing of reusable resources under ambiguous distributions of demand and service time with emerging applications. Eur J Oper Res 282(1):235–251 11. Zhang J, Yang X, Xie N, Zhang X, Vasilakos AV, Li W (2020) An online auction mechanism for time-varying multidimensional resource allocation in clouds. Futur Gener Comput Syst 111:27–38

4 A General Cost Model in a Cloud Data Center

53

12. Amazon EC2 Instance Types. https://aws.amazon.com/ec2/instance-types/. Accessed 5 Mar 2021 13. Microsoft Linux Virtual Machines Pricing, https://azure.microsoft.com/en-us/pricing/details/ virtual-machines/win-dows/. Accessed 05 March 2021 14. Google Machine types, https://cloud.google.com/compute/docs/machine-types. Accessed 05 March 2021 15. Amazon Dedicated Host. https://aws.amazon.com/ec2/dedicated-hosts/. Accessed 05 March 2021 16. Bare Metal Cloud. https://phoenixnap.com/kb/what-is-bare-metal-cloud. Accessed 05 March 2021 17. Amazon EC2 on Demand Pricing. https://aws.amazon.com/ec2/pricing/on-demand/. Accessed 05 March 2021 18. Cloud Pricing Comparison (2021) AWS vs Azure vs Google Cloud (simform.com). https:// www.simform.com/compute-pricing-comparison-aws-azure-googlecloud/. Accessed 05 March 2021 19. Amazon EC2 Reserved Instances. https://aws.amazon.com/ec2/pricing/reserved-instances/. Accessed 05 March 2021 20. Spot Instance. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/usingspot-instances. html. Accessed 05 March 2021 21. Preemptible Virtual Machines. https://cloud.google.com/preemptible-vms. Accessed 05 March 2021 22. The Most Common Subscription Pricing Models. https://www.priceintelligently.com/blog/sub scription-pricing. Accessed 05 March 2021 23. Cloud Server Comparison. https://www.cloudorado.com/cloud_server_comparison.jsp.. Accessed 05 March 2021 24. Cod on Demand. https://en.wikipedia.org/wiki/Code_on_demand. Accessed 05 March 2021

Chapter 5

Opportunities and Disadvantages of Using Mobile Technologies Based on Cloud in Learning Rares, -Constantin Ciobanu and Alexis-Valentin Zaharia

Abstract In recent years, technology has advanced very quickly, and highperformance computers, laptops, tablets, and smartphones have appeared on the market. These devices do not cost so much now, and many people can afford to buy one. Currently, many people have access to the internet and they can access various sources of information and entertainment. Many sectors of activity have benefited from this progress, including the educational sector. Lately, more and more educational solutions have appeared that come to the aid of students. Students can now access educational materials using their mobile phones or laptops with just a few clicks. In this paper our main goal is to analyze what educational solutions currently exist on the market, how they are used, and what impact they have on the educational system. The methodological approach that we used in this paper is to obtain and evaluate statistical data about different educational solutions available now on the market and the impact that they have for the educational system. In our research we observed an increasing usage of mobile devices and a preference of those devices over desktop computers.

5.1 Introduction In recent years, the number of mobile phone users has increased significantly, from 2.5 billion users in 2016 to over 3.2 billion in 2019, and it is predicted that in 2021 there will be 3.8 billion mobile phone users [1]. Recently, the use of mobile devices has outpaced the use of computers/laptops [2]. Being easier to transport from place to place, mobile devices are the preferred choice for accessing information at anytime from anywhere. The increase of phone users has led to a continuous improvement in phone capabilities over the years [3]. The rapid development of telephones has led to the emergence of various mobile applications for different fields of activity, one of them being R.-C. Ciobanu · A.-V. Zaharia (B) Bucharest University of Economic Studies, Bucharest, Romania © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_5

55

56

R.-C. Ciobanu and A.-V. Zaharia

education. In recent years, various mobile applications have been created around the world to help students in their learning processes.

5.2 Cloud Presentation In recent years, cloud computing technologies have become more and more popular. Cloud computing provides powerful computing services as well as storage o large volumes of data. By using the services offered by the cloud providers, a company or any entity does not need to build its own infrastructure, which further lowers the cost, this being a major attraction. Cloud has grown in popularity, due to the increase of data transmission capacity of networks and access to low-cost storage media [4].

5.2.1 Mobile Cloud Computing Since their appearance, smartphones and tablets have changed the way people access information. Smartphones are essentially equivalent to a portable PC. Due to the capabilities and development of recent years, people have become addicted to mobile devices, being the main device for communication and access to information [5]. Mobile devices are increasingly preferred by people. They use them more often than other devices, such as laptops and PCs. Mobile devices offer the advantage of mobility and easy access to information, combining the advantages of a PC with the fact that people are not forced to stay in one place. Mobile devices have become even more efficient due to the evolution of mobile networks that allow faster data transfers in larger quantities. The leap from 3 to 4G and now to 5G has brought mobile devices even closer to the classic PCs connected to the network cable. Consequently, it can be seen in Fig. 5.1 how mobile devices take up a significant amount of time in the day compared to other devices [6]. Mobile cloud computing is a concept that combines the benefits of mobile devices with the capabilities offered by cloud services. Mobile devices have the advantage of giving users flexibility so that people have a portable PC without being tied to a fixed location, but to be practical these devices need to be small. This need limits these types of devices. Although technologies have evolved a lot in recent years and smartphones and tablets have similar specifications to laptops, they are not yet at the level of a real PC. Due to limited processing power and storage capacity, the cloud is an ideal partner for mobile devices, expanding processing capabilities and turning mobile devices into real PCs. Mobile cloud computing is an ideal partnership between mobile and cloud devices, especially in the current period when we have increasing volumes of data to process and store [7, 8]. Another limitation of mobile devices is due to their biggest advantage, mobility. Since these devices are not located in a fixed location, they are not connected to a constant power source. Although batteries are becoming more powerful and have a

5 Opportunities and Disadvantages of Using Mobile …

57

Fig. 5.1 Daily hours spent with digital media in the U.S. per adult user. Source Adapted from [6]

longer lifespan, they are still a big disadvantage of mobile devices. Any complex processing significantly shortens the battery life. The “offloading” mechanism helps mobile devices. This mechanism involves moving processing operations from client to server. By moving this processing out of the device, the use of the battery is significantly more efficient, which prolongs its life. Again, the cloud is an ideal partner for these devices, enabling applications to run in its infrastructure.

5.3 Disadvantages for Cloud The cloud is an increasingly popular solution adopted by more and more companies and entities. Regardless of the domain, the cloud can help with its services, whether it is opting for data storage services, application hosting services, or data processing services. Security is still a sensitive issue that still makes some potential customers hesitate to adopt the cloud. Even so, security has always been a challenge and a priority for cloud providers, especially since better security also means a competitive advantage over opponents. The cloud has matured a lot in recent years, which has convinced more and more customers to adopt it. This trend has intensified especially recently, as many companies have had to digitize their businesses [8].

58

R.-C. Ciobanu and A.-V. Zaharia

There are still many other disadvantages for the cloud, depending on the region, which has slowed down its adoption in some parts, such as internet coverage, infrastructure, and network speed [8, 9]. Security, trust, and privacy Data security is a sensitive but very important topic. The cloud provider must ensure that it has robust data security methods in place so that they can only be accessed by authorized customers. At the same time, privacy is extremely important. The customer must be assured that his data will not be accessed by others. Trust is hard to come by and easy to lose [8]. Infrastructure The infrastructure in a country defines its level of development and the speed with which it can adapt to new changes. Less developed countries are at a disadvantage because they have a less developed infrastructure, including the Internet, and for the cloud this means low adoption, as the Internet is the gateway to cloud services [9]. Devices Depending on the country, people have various devices for internet access. In underdeveloped or developing countries, many people do not have PCs, but have mobile phones. Cloud services must be as varied as possible to work on different types of devices, otherwise people will be limited in accessing cloud services. A major disadvantage for underdeveloped and developing countries is the quality of mobile communication networks. If people only have mobile phones, but the connection is weak, cloud services will suffer [9]. Bandwidth and data transfer Cloud services consume more bandwidth because of constant and large data transfers between the client and the cloud provider. The “offloading” mechanism used by mobile devices in the cloud can bring significant costs to the customer, by transferring more data, which can be an impediment for the customer. At the same time, the network must be able to handle the demand for higher bandwidth [8]. Internet coverage Internet coverage is a significant problem for underdeveloped or developing countries. Large cities are likely to have stable and strong connections, but other areas in these countries will have a much diminished quality of service due to poorer coverage [9]. Romania has an average coverage of 76.2%. As one of the least developed countries in Europe, rural areas have low access to internet services and cloud adoption is very weak or non-existent [10].

5 Opportunities and Disadvantages of Using Mobile …

59

5.3.1 Security Risks for Cloud Security risks will always be present. Even if the cloud has more and more sophisticated security methods, 100% security can never be guaranteed. The adoption of the cloud will be determined by the degree of customer trust. Service availability There may be several reasons why cloud services are no longer available. The main causes can be the interruption of the provider’s equipment, the interruption of the internet connection of the internet provider or even the failure of the customer’s device. Equipment failures of the cloud provider should generally be rare, and the cloud provider should have backup equipment to handle the tasks. In less developed countries, the interruption of the internet connection may be somewhat more frequent, which is an impediment, depending on the importance of cloud services in the company’s processes [9, 11]. Data and application security Methods must be implemented to ensure the security of data on storage and transfer and to ensure the security of applications hosted in the cloud [9, 11, 12]. Data integrity Data integrity must be ensured to avoid data loss that could affect customer processes. At the same time, the data must be protected from unauthorized access which may alter or delete it [13]. Identity management As identity theft is becoming more common, cloud providers need to implement methods to ensure that a customer is properly identified by the system. Cloud services are paid for by usage, so an intruder pretending to be a customer will introduce additional payments for that customer [9, 11, 12]. Privacy Data privacy is very important and must be ensured by the cloud provider; otherwise, the customer will not choose to use these services. The customer’s data and processes must be accessed by him and no one else must be able to access them [9]. Denial of Service Denial of service is a type of attack that blocks an entity’s servers. In the case of cloud providers, such an attack disrupts the provision of cloud services to customers. Customers who base much of their processes on these services will suffer the most [11, 12].

60

R.-C. Ciobanu and A.-V. Zaharia

5.4 M-learning Mobile learning (the use of mobile solutions in the learning process) is a form of distance learning, part of e-learning. M-learning is the term used for that teaching method, which is based on the latest technologies in communications and information processing systems, which facilitate the development of the learning process. The main difference between the m-learning and e-learning is that with m-learning the student has more availability and accessibility when using a mobile learning environment. M-learning focuses on student mobility, interaction with mobile technologies and the learning process, and it can have a great influence on the quality of education in the whole educational community (students, teachers, and other members) [14]. In the first years of the apparition of mobile learning, the concept was defined as the action of any use of a mobile device that can be used for online learning [15]. Multiple researchers tried to provide a definition to this concept. One of them is John Traxler that defined the mobile learning in 2005 as any form of educational learning achieved through portable devices. This definition includes mobile phones, smartphones, PDAs, tablets, and laptops [16]. Other researchers think that this type of learning has many to give beside the learning component, the teachers, students, the environment or anything else related to learning can interact very easily now [17]. In the last years many cloud-based mobile learning platforms appeared on the market. Some examples of them would be SAP Litmos LMS, TalentLMS, Docebo LMS, and TalentCards [18]. SAP Litmos is a cloud-based learning management system (LMS) that can be accessed by using any device. The platform gives educational organizations a powerful, flexible platform to meet student needs, as well as the needs of the extended learning population internal staff and external service providers, and it makes rich content available over platforms that users are already familiar with [19]. TalentLMS offers a highly configurable mobile learning platform that allows course organizers to conduct online seminars and training programs. The TalentLMS mobile app is highly effective in designing and deploying courses [20]. Docebo LMS is one of the global leaders in the SaaS-based e-learning industry. It offers an easy to operate and manage web applications that can deploy useful distance learning projects. In addition to m-learning, it also helps with blended and social learning [21]. TalentCards allows course creators to generate bite-sized, easy to comprehend courses for mass-training purposes. By using this mobile learning platform, organizations can create visually pleasing customized cards for learning [22]. As we can observe in Table 5.1 the SAP Litmos LMS could be a good choice for the organizations looking for a combination of off-the-shelf content with their own integration of their own custom courses. Docebo is a solid LMS for online learning for students, packed with lots of features. TalentLMS is best suited for organizations that need a cost-effective LMS for students learning, and it is also a good option for those looking for a platform to sell learning content with [23].

5 Opportunities and Disadvantages of Using Mobile …

61

Table 5.1 Main features for SAP Litmos LMS, TalentLMS, Docebo LMS, TalentCards [19–22] SAP Litmos LMS

Docebo LMS

Talent-Cards

Intuitive and uniform Course personalization user interface and authoring

Talent-LMS

Modular platform

Micro-tests and assessments

Embedded content creation tools that support various formats

Grading

MOOC builder

Micro-tests and assessments

Real-time reporting

Registration management

Blogs

Reporting

Gamification

Gamification

Gamification

Gamification

SCORM and TIN CAN certified

Allows course building External training and using pre-existing re-training material

Multimedia extensions

Multi-language and localization support

Multi-language and localization support

Multi-language and localization support

Multi-language and localization support

Surveys and assessment quizzes

Surveys and assessment quizzes

Surveys and assessment quizzes

Surveys and assessment quizzes

Messages and notifications

Messages and notifications

Messages and notifications

Messages and notifications

e-commerce

e-commerce

e-commerce

e-commerce

5.5 Opportunities for Cloud and Mobile Devices From the beginning of the pandemic, solutions were sought for remote work and digitization solutions were sought for many companies. Lately, more and more companies have opted to migrate their business to the cloud. The cloud offers the advantage of accessing an already built and functional infrastructure, instead of building your own infrastructure. Building your own infrastructure requires a major investment and risks. If the system architecture is not well thought out or problems occur in its installation the losses can be high. Thus, the cloud has a great opportunity during this period to expand to new customers. Customers will no longer have to manage servers and will pay as much as they consume. Given that mobile devices can be easily purchased and work well with the cloud, there are opportunities for them as well. They can be bought in bundles and distributed to employees to work remotely on them. As they offer great mobility, they can be taken by employees to the office or on the go so that they can keep in touch with the company. Some disadvantages about using mobile applications for learning are the fact that they are increasing the dependence on technological tools and that would mean the loss of contact with older non-technology learning skills. The distracted learning increases the time spent in front of the screen and too many activities in parallel affect the recall of course material may not encourage learning and content retention [24].

62

R.-C. Ciobanu and A.-V. Zaharia

A problem in this days that the mobile developers and researchers should also take into account would be that the adoption of learning through mobile applications could have a few barriers: poverty, technical issues (battery life, lack of flash), inconveniences small screen, lack of business model, and mobile applications may not work on all devices [25, 26].

5.6 Conclusions People spend more and more time in front of mobile devices, even more than desktop PCs. At the same time, mobile traffic in the cloud is more and more prominent than non-cloud traffic. Mobile devices work well in the cloud environment and as they are increasingly used, mobile cloud computing will also be an important factor in the current and future period. The research shows that technological progress in the world in recent years has led to an increase in the number of educational solutions for m-learning. Also, these solutions are becoming increasingly complex and help more in educational processes, such as organizing projects and exams, assessment and grading, as well as sharing various educational resources. Mobile learning is becoming more and more present due to the increasing use of mobile devices worldwide, which is a consequence of the increase in the number of mobile phones.

References 1. Holst A (2019) Number of smartphone users worldwide from 2016 to 2021. https://www.sta tista.com/statistics/330695/number-of-smartphone-users-worldwide/. Accessed 25 April 2021 2. StatCounter (2016) Mobile and tablet internet usage exceeds desktop for first time worldwide. https://gs.statcounter.com/press/mobile-and-tablet-internet-usage-exceeds-desktop-forfirst-time-worldwide. Accessed 7 May 2021 3. Kemp S (2020) Digital around the world. https://datareportal.com/global-digital-overview. Accessed 22 April 2021 4. Kushida KE, Murray J, Zysman J (2011) Diffusing the cloud: cloud computing and implications for public policy. J Indus Competit Trade 11(3):209–237 5. Ceobanu C, Boncu S, (2014) The challenges of the mobile technology in the young adult education. Proc Soc Behav Sci 142:647–652 6. Statista Research Department (2019) Smartphone are the bulk of our digital media diet. Statista Research Department. https://www.statista.com/chart/18347/hours-spent-on-digitalmedia/. Accessed 26 April 2021 7. Akherfi K, Gerndt M, Harroud H (2018) Mobile cloud computing for computation offloading: issues and challenges. Appl Comput Inform 14(1):1–16 8. Noor TH, Zeadally S, Alfazi A, Sheng QZ (2018) Mobile cloud computing: challenges and future research directions. J Netw Comput Appl 115:70–85 9. Mujinga M, Chipangura B (2011) Cloud computing concerns in developing economies. In: Australian information security management conference

5 Opportunities and Disadvantages of Using Mobile …

63

10. National Institute of Statistics (2019) Population access to information and communication technology—Romania 2019. https://insse.ro/cms/en/content/population-access-informationand-communication-technology-%E2%80%94-romania-2019. Accessed 26 April 2021 11. Ramachandra G, Iftikhar M, Khan FA (2017) A comprehensive survey on security in cloud computing. Proc Comput Sci 110:465–472 12. Subramanian N, Jeyaraj A (2018) Recent security challenges in cloud computing. Comput Electr Eng 71:28–42 13. Rao RV, Selvamani K (2015) Data security challenges and its solutions in cloud computing. Proc Comput Sci 48:204–209 14. Georgieva T, Georgieva E, Smrikarov A (2004) m-Learning: a new stage of e-learning. In: International conference on Computer Systems and Technologies, Rousse, Bulgaria 15. Q. C. (2000) mLearning: mobile, wireless, in your pocket learning. In Line Zine, VA, USA 16. Traxler J (2005) Defining mobile learning. In IADIS international conference on mobile learning 17. Andrews R, Haythornthwaite C (2007) Introduction to e-learning research, The SAGE Handbook of e-Learning Research. Thousand Oaks, CA, USA, pp 1–52 18. Hurix Digital “Hurix digital.” https://www.hurix.com/top-mobile-learning-platforms-elearn ing/. Accessed 7 May 2021 19. SAP Litmos “Learning solutions.” https://www.litmos.com/industry-solutions/education. Accessed 6 May 2021 20. talentlms “Talent Lms About.” https://www.talentlms.com/about. Accessed 2 May 2021 21. Docebo “About us.” https://www.docebo.com/. Accessed 2 May 2021 22. Talent Cards “Student training.” https://www.talentcards.com/solution/student-training. Accessed 2 May 2021 23. David “4 Best TalentLMS alternatives and competitors”. https://lmschef.com/talentlms-altern atives/. Accessed 03 May 2021 24. Gautam P (2018) What the advantages and disadvantages of mobile learning are. https://elearn ingindustry.com/advantages-and-disadvantages-of-mobile-learning. Accessed 24 April 2021 25. Ganci J (2010) Mobile learning: obstacles and solutions. https://learningsolutionsmag.com/art icles/473/mobile-learning-obstacles-and-solutions. Accessed 24 April 2021 26. Rajasingham L (2011) Will mobile learning bring a paradigm shift in higher education. Education Research International

Chapter 6

Cloud Authentication Using FIDO Compliant Java Card Technology Secure Elements Cristian Toma , Marius Popa , and Mihai Doinea

Abstract The necessity of using secure elements for accessing different clouds or blockchain exchange websites in a secure manner has increased over years. Most of the websites and cloud platforms offer second-factor authentication as mobile application, OTP token, or even biometric key. The technology evolved and a market requirement appeared regarding the access with first and second factor as a combination between biometry and public-key cryptography, therefore the non-usage of the passwords which often are not strong enough for the authentication. The first section is an introduction in the set of the standards for FIDO authentication and in the second section, the authors present a proof of concept solution for Cloud authentication using Java Card Secure elements. The last section offers a view of a benchmark regarding the speed of performing cryptographic algorithms required by FIDO using different secure elements.

6.1 Introduction—FIDO Specifications The FIDO Alliance has the mission to be an open industry association for the authentication standards in order to offer passwords less authentication experience. Passwords exist over decades as authentication procedures but they are having security flaws. Even during the time there were developed effective PKI and strong authentication solutions, most of the authentication schemes are based on the password usage. C. Toma (B) · M. Popa · M. Doinea Department of Economic Informatics and Cybernetics, Bucharest University of Economic Studies, Bucharest 010552, Romania e-mail: [email protected] M. Popa e-mail: [email protected] M. Doinea e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_6

65

66

C. Toma et al.

There are a lot of companies as members in FIDO Alliance and they push different standards in different use cases and versions. Table 6.1 lists the existing FIDO standards: The certification programs of FIDO Alliance are targeted to be interoperable between products and services. The functional certification programs for its core specifications (UAF, U2F, and FIDO2) are used to validate product compliance and interoperability. The members and non-members of the Alliance through the FIDO Functional Certification program are able to measure compliance and ensure interoperability among products and services. One of the key components of the functional certification is the process of the authenticator device certification. Table 6.2 shows the certification level examples for the authenticators: Table 6.1 Table for the FIDO alliance standards Standard

Acronym and publication year

URL

U2F 1.0

Universal 2nd Factor issued in year 2014 mainly for Authenticators devices with Java Card or without Java Card

[1]

U2F 1.1

Universal 2nd Factor improved version in year 2016

[2]

U2F 1.2

Universal 2nd Factor enhancements for the devices with various interfaces: NFC, Bluetooth, USB, etc., in year 2017

[3]

UAF 1.0

Universal Authentication Framework in year 2014 as framework for usage of U2F 1.0

[4]

UAF 1.1

Universal Authentication Framework improvements in year 2017

[5]

UAF 1.2

Universal Authentication Framework enhancements in year 2020

[6]

FIDO2 CTAP

Fast IDentity Online 2—Client to Authenticator Protocol in year 2018

[7]

FIDO2.1 CTAP

Fast IDentity Online 2.1—Client to Authenticator Protocol enhancements in year 2020–2021

[8]

FDO 1.0

Fast IDentity Online—Device Onboard published in year 2021

[9]

Table 6.2 Table for the FIDO certification levels for the authenticators Level

Description with example

L1

FIDO2 build into a downloadable web browser app

L1 +

U2F in downloadable application using white-box technique

L2

UAF implemented as a TA—Trusted Application in an uncertified TEE—Trusted Execution Environment

L2 +

FIDO2 makes use of the Android keystore which runs in a TEE that is certified at L2 +

L3

USB U2F Authenticator Token built on a basic simple CPU with certified OS—Operating System and good physical anti-tempering enclosure OR UAF implemented in a TA—Trusted Application running on a certified TEE—Trusted Execution Environment with POP Package on a package—memory

L3 +

USB U2F Authenticator Token built on a CC—Common Criteria certified Secure Element such as Java Card technology device

6 Cloud Authentication Using FIDO Compliant Java Card …

67

The FIDO Authenticator Security Requirements have been published in 2020 and they are actively maintained [10]. In the next section, the authors present a proof of concept solution based on Java Card technology that is working with different Clouds authentication.

6.2 FIDO Secure Elements Proof of Concept 6.2.1 Architecture In Fig. 6.1 there is the architecture for the proof of concept solution. From left to right side of the diagram, there are the following elements: FIDO Authenticator—a Java Card USB device with FIDO compliant applet running on top of a Java Card virtual machine version 3.0.4. It is CC—Common Criteria certified and the applet implements U2F protocol. FIDO Client—the web browser—Google Chrome, MacOS Safari, Mozilla Firefox, Opera, Internet Edge which cooperate via PC/SC with the FIDO Authenticator. They are running the front-end JavaScript for WebAuthn protocol and CTAP over PC/SC. Relying Party Server which runs the back-end API for the WebAuthn protocol in order to register/enroll a U2F authenticator Java Card device associated with a user and then to authenticate that U2F device. The focus of the paper is on U2F device and the migration to FIDO CTAP2 protocol although the demo is compliant with FIDO 1 specifications. Regarding the compliance between the web browsers (FIDO Client) and implementation of the WebAuthn and CTAP protocols, Table 6.3 is representative: In order to standardize FIDO Authentication for the entire web platform, the FIDO Alliance creates a partnership with the World Wide Web Consortium (W3C). In this manner, the FIDO ecosystem standardization would be in synchronization with an

Fig. 6.1 Architecture for FIDO Authentication

68

C. Toma et al.

Table 6.3 Table for the web browsers compliant with FIDO protocols: CTAP—Client To Authenticator (web browser U2F Authenticator device) and WebAuthn (web browser relying party server/cloud)|USB = Universal Serial Bus, NFC = Near Field Communication, BLE = Bluetooth Low Energy [11] Web browser

Description of supported features

Chrome/Win OS

U2F and CTAP2 (full development): USB, NFC, BLE

Chrome/MacOS

U2F and CTAP2 (in development): USB, BLE

Chrome/Android

U2F and CTAP2 (in development): USB, NFC, BLE

Edge/Win OS

U2F and CTAP2 (full development): USB, NFC, BLE, Hello (only on CTAP2)

Firefox/Wind OS

U2F and CTAP2 (full development): USB, NFC, BLE, Hello (only on CTAP2)

Safari/iOS

U2F and CTAP2 (full development): USB, NFC, Plat (only on CTAP2 in development supports iOS Face ID or Fingerprint)

entire community of web browsers and web application servers development. In terms of the data flow, we have described in the next section the steps for the two main phases: enrollment/registration of the Secure Element and the authentication phase.

6.2.2 Data Flow The enrollment/registration phases (A) of the FIDO device as Secure Element is performed in the beginning only once for each website or cloud platform access. In this phase. the generated keys and the secure element are associated with the website. The authentication phases (B) are performed each time an end-user will access a FIDO-enabled website or cloud platform in order to establish the validity of the secure element and keys registered in the enrollment phases. In Fig. 6.2, there are described the A.1. Setup and A.2. Processing from the A. Enrollment/Registration phase. In Fig. 6.2, the FIDO Client (Web Browser—e.g., Chrome, Firefox, Edge, etc.) as trigger for the end-user action of accessing a website or cloud platform which is FIDO enabled will issue a JSON with a generated challenge by the cloud platform/website—actually received from the FIDO Relying Party server. Immediately after this and before sending the challenge to the authenticator, the Client sends a SELECT APDU compliant with Global Platform/ISO 7816 standard in order to select a secure element file (in this case a Java Card applet/application) with AID: A000000647AF0001. The Secure Element (FIDO Authenticator) responds in compliance with FIDO standard either with “U2F_V2” bytes for FIDO 1 communication and with “FIDO_2_0” in order to enforce FIDO 2.0 communication with the browsers (FIDO Client).

6 Cloud Authentication Using FIDO Compliant Java Card …

69

Fig. 6.2 FIDO Setup and processing for the enrollment and registration phase

Figures 6.3, 6.4, and 6.5 present the continuation of the A.1. Setup, A.2. Processing and A.3. Processing from the A. Enrollment/Registration phase. After the protocol for the enrollment is established to be FIDO 1 or 2, the challenge from the Relying Party server is ready to be sent by the Client browser to the

Fig. 6.3 FIDO setup and processing for the enrollment and registration phase

70

C. Toma et al.

Fig. 6.4 FIDO enrollment and registration phase finalization

Fig. 6.5 FIDO authentication phase—performed each time for accessing a FIDO website—Client authenticator communication

FIDO Authenticator. The challenge from the JSON is actually hashed with SHA-256 cryptographic function and the 32 bytes output is concatenated with the 32 bytes as the Application Parameter. For this request, the FIDO Authenticator, in this case, the Java Card Secure Element is generating a key pair (private and public) according to ECDSA on the Elliptic Curve secp256r1 (non-Koblitz curve). The reply to the challenge is a set of fields and the most important are the following: the ECDSA

6 Cloud Authentication Using FIDO Compliant Java Card …

71

public key (it is a point on the elliptic curve), key handle identifier (the authenticator may have different ECDSA public–private keys for each website, but also can reuse the same key pairs), the attestation certificate and the signature obtained as the electronic ECDSA applied to the hash of the challenge received from the browser into the authenticator. The ECDSA signature has been applied on the following fields in the FIDO authenticator (Java Card Secure Element): Application Parameter, Challenge Parameter, Key Handle, and User Public Key. In Fig. 6.4, the browser submits the obtained signature and the attestation object to the FIDO-relying party server in order to store the ECDSA public key and the correspondent attestation certificate to the enrolled FIDO authenticator and therefore, for each web access of the authentication to check the registered public key. Figure 6.5 shows the process performed each time after the Authenticator enrollment when the end-user accesses the website. The FIDO Client sends each time per authentication access another challenge (32 bytes) and the Application Parameter (32 bytes). Once these data are received by the FIDO Authenticator the signature using ECDSA is performed securely by the Authenticator. As reply to the input, the Authenticator returns the user presence (certified in FIDO 1 by action with button or in FIDO 2.1 eventually by Biometry) as 1 byte, the counter (4 bytes which are incremented each time as anti-reply mechanism) and the signature applied to the following fields: Application parameter (32 bytes), User Presence (1 byte), Counter (4 bytes), and Challenge Parameter (32 bytes of SHA-256 hash). Figure 6.6 shows the authentication finalization as communication between the FIDO Client (web browser) and the FIDO Relying Party server. The obtained signature and counter are essential for the authentication process. The response to the relying party server contains the signature and the initial challenge. The relying party server is able to perform ECDSA validation taking into account the public key

Fig. 6.6 FIDO authentication phase—performed each time for accessing a FIDO website—Client relying party communication

72 Table 6.4 EC Multiplication as part of ECDSA Signature using secp256r1 and secp256k1 curves for the Java Card authenticators

C. Toma et al. Java card secure element

Speed in ms for secp256r1 (ms)

Speed in ms for secp256k1 (ms)

Sm@rtCafe 5

320

310

Sm@rtCafe 6

185

178

J3A081

115

91

J3D081

128

103

and the attestation certificate established in the enrollment phase. If the validation of the signature is performed with success by the relying party, then the end-user as the owner of the authenticator will access the website, otherwise the access is denied.

6.3 Conclusions 6.3.1 Benchmarking The authors have measured the speed of different Java Card secure elements for performing various elliptic curves operations such as EC Multiplication. This operation is the most consuming in terms of milliseconds as part of the ECDSA Signature (Table 6.4). Further in the measurement process, the following factors should be kept constant in order to have the relevant results: same PC/laptop in terms of CPU, OS, and drivers; same USB cable and baud rate; same browser version and cloud platform for the Relying Party Server; even same speed of the Internet connection and same card acceptance device/interface communication between the laptop and authenticator (e.g., it makes no sense to measure the speed of the communication between laptop and authenticator using BLE versus NFC).

6.3.2 Future Work The authors intend to further perform analysis for FIDO2 authenticators’ secure elements and promote Java Card and MultOS benchmarking for different phases within FIDO2 standards.

References 1. Resources for FIDO U2F 1.0, https://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/; https://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-u2f-raw-message-formats-ps20141009.pdf. Accessed 11 March 2021

6 Cloud Authentication Using FIDO Compliant Java Card …

73

2. Resources for FIDO U2F 1.1, https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/; https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/FIDO-U2F-COMPLETE-v1.1-id20160915.pdf. Accessed 11 March 2021 3. Resources for FIDO U2F 1.2, https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/; https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/FIDO-U2F-COMPLETE-v1.2-ps20170411.pdf. Accessed 11 March 2021 4. Resources for FIDO UAF 1.0, https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/; https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/FIDO-UAF-COMPLETE-v1.0-ps20141208.pdf. Accessed 11 March 2021 5. Resources for FIDO UAF 1.1, https://fidoalliance.org/specs/fido-uaf-v1.1-ps-20170202/; https://fidoalliance.org/specs/fido-uaf-v1.1-ps-20170202/FIDO-UAF-COMPLETE-v1.1-ps20170202.pdf. Accessed 11 March 2021 6. Resources for FIDO UAF 1.2, https://fidoalliance.org/specs/fido-uaf-v1.2-ps-20201020/; https://fidoalliance.org/specs/fido-uaf-v1.2-ps-20201020/FIDO-UAF-COMPLETE-v1.2-ps20201020.pdf. Accessed 11 March 2021 7. Resources for FIDO 2 CTAP, https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-clientto-authenticator-protocol-v2.0-ps-20190130.pdf. Accessed 11 March 2021 8. Resources for FIDO 2.1 CTAP, https://fidoalliance.org/specs/fido-v2.1-rd-20210309/fido-cli ent-to-authenticator-protocol-v2.1-rd-20210309.pdf. Accessed 11 March 2021 9. Resources for FDO—Device Onboard, https://fidoalliance.org/specs/FDO/fido-device-onb oard-v1.0-ps-20210323/fido-device-onboard-v1.0-ps-20210323.pdf. Accessed 11 March 2021 10. FIDO Certification Authenticator Security Requirements, https://fidoalliance.org/specs/fidosecurity-requirements/fido-authenticator-security-requirements-v1.4-fd-20201102.pdf 11. Browsers FIDO 2 support, https://fidoalliance.org/fido2/fido2-web-authentication-webauthn/ 12. Sari Greene, CISSP, 3rd Edition, Publisher(s): Pearson IT Certification, Release date: May 2021, ISBN: 0137442084 13. Loutfi I., Jøsang A. (2015) FIDO trust requirements. In: Buchegger S, Dam M (eds) Secure IT systems. NordSec 2015. Lecture Notes in Computer Science, vol 9417. Springer, Cham. https://doi.org/10.1007/978-3-319-26502-5_10 14. Braga AM, Nascimento EN (2012) Portability evaluation of cryptographic libraries on android smartphones. In: Cyberspace Safety and Security. Springer, pp 459–469 15. Toorani M, Beheshti A (2008) Lpki-a lightweight public key infrastructure for the mobile environments. In: Communication Systems, 2008. ICCS 2008. 11th IEEE Singapore International Conference on. IEEE, pp. 162–166 16. Gallagher P (2013) Digital signature standard (DSS). Federal Information Processing Standards Publications, volume FIPS, pp 186–3 17. Dzurenda P, Ricci S, Hajny J, Malina L (2017) Performance analysis and comparison of different elliptic curves on smart cards. https://doi.org/10.1109/PST.2017.00050

Chapter 7

Research on Big Data Analytics Using a Scientometric Approach Mihaela Muntean

Abstract Big data analytics (BDA) have attracted attention from managers, academics, software vendors, and IT consultants. The primary goal of the BDA is to help organizations make informed business decisions. As the importance of BDA continues to increase, so does the number of studies for this concept. So, it is difficult for researchers to find topics they are interested in and track up to date. In this context, the primary goal of this paper is to provide a systematic investigation of the current state of Big data analytics and to identify the research gaps that provide the directions for future studies.

7.1 Introduction Analyzing the relative number of searches for BDA between 2004 and 2021, it was observed that has been a wave of interest in BDA since 2011 (Fig. 7.1). BDA has a score of 0 until 2011, meaning there was not enough data for this term until 2011. Also, it was observed that in November 2017, BDA had a relative search score of 100, that means that this term had a very high popularity. The first research paper on BDA was “Starfish: A self-tuning system for big data analytics” [1] in 2011. The authors presented a BDA system built on Hadoop. A systematic search of the Scopus database for all papers using the keywords “big data analytics” and “systematic literature review” for the titles of research papers retrieved 15 papers. Some papers [2–5] systematized the BDA research made in healthcare, banking, finance, and libraries. The papers [6–8] focused on the BDA capabilities and the impact on business performance and value discovery. Other research papers [9–12] focused on the features of deep learning, machine learning, and artificial intelligence. In [13], the authors analyzed the top 150 profiles of Google Scholar, including BDA as one research field. Unlike [13], this paper examined two different data sets: Google Scholar data set and Scopus data set and compared M. Muntean (B) University of Economic Studies, Bucharest, Romania e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_7

75

76

M. Muntean

Fig. 7.1 The trends graph for “Big data analytics” search term

the results of analyses. Moreover, the study identified subject areas that are well researched and those that need further research. It defined the following research questions: What are the main subject areas related to BDA? What is the temporal distribution of the research papers? What are the most cited research papers? What are the main keywords related to BDA? What is the distribution of research on BDA across the world based on the number of papers and number of citations? What is the distribution of the top 100 BDA scholars across the world? Which are the top 100 scholars’ research fields relating to BDA? What are the research opportunities? The next section describes the research methodology, then Sect. 3 presents the results of the analysis. Finally, I provide conclusions and directions for future rsearch.

7.2 Research Methodology and Data Collection This study performs a systematic literature review to get the most relevant papers related to “Big data analytics” from two different platforms: Scopus (https://www. scopus.com) and Google Scholar (https://scholar.google.com). An investigation of the two platforms for the same search term “Big data analytics” (only in titles of the research papers) yielded the results from Table 7.1. At this stage, 2852 papers were retrieved from the Scopus database. Then I defined the following inclusion criteria:

7 Research on Big Data Analytics Using a Scientometric Approach

77

Table 7.1 Summary of academic literature search Search terms only in titles

Google Scholars

Scopus

Big data analytics (2011–February 2021)

7160 documents (including articles, books, conference papers, theses, dissertations, preprints, abstracts, technical reports)

2852 documents (including conference papers, articles, books, editorial, reviews, notes, short surveys)

• Only journal articles, book chapters, and conference papers (publication stage was final). • The publication years between 2011 to 2020. The search string was: TITLE(“big data analytics”) AND (LIMIT-TO (PUBSTAGE, “final”)) AND (LIMIT-TO(PUBYEAR, 2020) OR LIMIT-TO (PUBYEAR, 2019 ) OR LIMIT-TO (PUBYEAR, 2018) OR LIMIT-TO (PUBYEAR, 2017) OR LIMITTO(PUBYEAR, 2016) OR LIMIT-TO(PUBYEAR, 2015) OR LIMIT-TO(PUBYEAR, 2014) OR LIMIT-TO(PUBYEAR, 2013) OR LIMIT-TO(PUBYEAR, 2012) OR LIMIT-TO(PUBYEAR, 2011)) AND (LIMIT-TO(DOCTYPE, "cp") OR LIMITTO(DOCTYPE, "ar") OR LIMIT-TO(DOCTYPE, "ch"))

For each paper, it was collected the following information: document title, year of publication, author(s), journal title, document type, publisher, source title, citation count, affiliation, and keywords. The result of the search was exported to (CSV) file. Then, the data set was cleaned to eliminate errors and missing information such as author, affiliation, and other information. The structure of the data set was adapted to the analysis. At this stage, 2445 papers were retrieved (Fig. 7.2). Also, the study used Google Scholar to collect data of the top 100 scholar profiles and their research fields, based on the “cited by.” The scholar’s research fields include “big data analytics” (Fig. 7.3). A Web to text converter tool [http://totheweb.com/learning_center/tools-converthtml-text-to-plain-text-for-content-review/] was used to convert Web pages in a text file, then the text file was transformed into an excel file (Fig. 7.4). The structure of the data set was cleaned and adapted to the analysis. Both data sets are small but are derived from the big data of Google Scholar and Scopus database. The paper examined these data sets and compared the results of the analysis.

Fig. 7.2 Data set structure

78

M. Muntean

Fig. 7.3 Google Scholar Profile

Fig. 7.4 The Google scholar data set

7.3 Analysis and Results A scientometric approach has been applied to both data sets. I conducted analysis of data using Tableau software (a data visualization software) and VOS viewer software (a software tool for constructing and visualizing bibliometric networks). The results of the study are presented regarding the research questions. The following analyzes were performed:

7.3.1 Subject Areas Analysis There are 24 subject areas/domains in Scopus database such as Computer science, Engineering, Business, Management, and Accounting. Figure 7.5 shows the distribution of the research papers based on subject areas between 2011 and 2020.

Fig. 7.5 Top 10 subject areas

7 Research on Big Data Analytics Using a Scientometric Approach

79

Fig. 7.6 Temporal analysis

It was observed a concentration of research papers in Computer science (with 1751 papers), Engineering (with 323 papers), Business, Management, and Accounting (with 128 papers). These subject areas account for over 90% of the BDA-related research papers published and available on Scopus between 2011 and 2020. Therefore, future scholars can focus attention on other areas such as Economics, Finance, Energy, Environment science, Medicine to determine the impact of big data analytics on these areas.

7.3.2 Temporal Analysis Analyzing the temporal distribution of research papers, it was observed that has been a wave of interest in BDA since 2011. The number of research papers produced in 2012 was tripled in 2013. It was observed that years 2018 and 2019 reported the highest number of papers. But it was noticed a decrease in the number of papers in 2020, because of COVID-19 pandemic (Fig. 7.6).

7.3.3 Document Type Analysis Figure 7.7 shows the percentage of papers from journals, conferences, and books. It was observed that the most papers were published in conference proceedings (52.84% for all years) and journals (40.07% for all years). Also, it was noticed a decrease in the number of conference papers from 2015 to 2020. Only 7.08% of papers were published in books. In the future, more attention should be paid to books with topic BDA that are important for the academic programs that teach BDA and, for students who want to study BDA.

80

M. Muntean

Fig. 7.7 Percentage distribution of document type

7.3.4 Research Papers and Related Citations Figure 7.8 depicts the cumulative number of papers and the cumulative number of citations in each year. As the number of papers increased, BDA field received more attention in the literature. It was observed that the maximum number of citations was for papers published in 2017. Figure 7.9 shows the top 20 most-cited research papers on the topic BDA from 2011 to 2020. It was observed that “Deep learning applications and challenges in big data analytics” [14] was the most cited research paper (with 716 citations). The

Fig. 7.8 Papers and related citations

7 Research on Big Data Analytics Using a Scientometric Approach

81

Fig. 7.9 Most Cited research papers from 2011 to 2020

authors explored how deep learning can be used for extracting patterns from Big data. To get a comprehensive analysis, the titles’ analysis was also studied using a word cloud generated from the top 20 titles based on frequency. As suggested by Fig. 7.10, the highest frequency word related to BDA is IoT (Internet of Things), which showed that it is a recent research field. Also, the papers focused on the role of BDA in firm performance. Fig. 7.10 A word cloud generated from the top 20 titles

82

M. Muntean

7.3.5 Keywords Analysis For each paper, it was collected its related five keywords. The keywords are a measurement of the relation between BDA with other research fields. The Tableau software was used to construct a keyword cloud (Fig. 7.11), where the size of each word reflects its frequency of occurrence. It was observed that many papers focused on advanced analytical methods (AI, data mining, machine learning, deep learning, data science), other papers focused on big data technologies (Hadoop, Map Reduce, Spark, cloud computing). Also, many scholars focused on the impact of BDA on healthcare. The VOSviewer tool was used to construct a cluster density visualization to co-occurrence the keywords (Fig. 7.12). A minimum number of occurrences was

Fig. 7.11 Keywords cloud

Fig. 7.12 Keywords cluster density visualization

7 Research on Big Data Analytics Using a Scientometric Approach

83

assumed as 15, so 33 keywords from 4824 words met the criteria. Each keyword is represented by a circle where the size of the label represents the keyword’s frequency. There are four clusters depending on co-occurrence links (relations) between words. For example, the red cluster groups terms associated with advanced analytical methods such as deep learning, text mining, AI. Also, the blue cluster and yellow cluster groups terms associated with big data technologies. The clusters are located close to each other, providing a strong relationship between the terms of each group.

7.3.6 Geographic Analysis India, USA, China, and UK have dominated the research on BDA (based on the number of papers and number of citations) (Fig. 7.13). It was observed that researching on BDA in high-income countries has found more favor among scholars, because these countries have better access to knowledge resources. The top 100 BDA scholars are from 28 different countries. The top 2 countries ranked by the number of the top BDA scholars are the largest economies in the world: USA (39), China (11) (Fig. 7.14). The number of top BDA scholars of USA and China has taken 51%. There are 75 BDA scholars working in the top 10 countries, accounting for 76.5%, while the rest working in the other 18 countries. Figure 7.14 showed similar results to Fig. 7.13. In the future, every country should invest more in BDA to improve its global competition. Also, top 100 BDA scholars are

Fig. 7.13 The top 10 countries ranked by the number of the BDA papers/number of citations

84

M. Muntean

Fig. 7.14 Distribution of top 100 BDA scholars across the world

interested in artificial intelligence, data mining, machine learning, deep learning, data science, IoT, cloud computing, but also in cybersecurity or biomedical informatics (Fig. 7.15). Figure 7.15 showed similar results to Fig. 7.11. In Europa, it was observed that top researchers are more interested in AI, data mining, and data science (Fig. 7.16). The research also shows that Germany and UK have dominated the BDA research. In America, top researchers are more interested in data mining, machine learning, and deep learning. Also, in Asia, top researchers are more interested in AI, cloud computing, and data mining.

Fig. 7.15 Research fields associated with BDA (Google scholar data set)

7 Research on Big Data Analytics Using a Scientometric Approach

85

Fig. 7.16 Top 3 research fields related with BDA in Europa (Google scholar data set)

7.4 Conclusions In this paper, I conducted a comprehensive study based on the 2445 research papers related to BDA. I used a scientometric approach. It was observed that the research on BDA had a considerable developmental leap from 2011 until 2020. USA, China, and India are the countries producing the most research on the BDA. It is worth mentioning that other types of analysis are not presented in this article due to lack of space such top 10 publishers on big data analytics or the coauthorship network that shows the interrelations between researchers. The clear understanding of the BDA and its related fields is important for researchers, but also for the academic programs that teach BDA. This paper shows new research opportunities on the BDA from an academic point of view. Using the systematic literature review does not guarantee that all relevant BDA research papers are analyzed. However, SCOPUS database is the largest abstract and citation databases of peer-reviewed literature. Most papers related to the research were published in IEEE, Springer, ACM, Emerald, MDPI, and Elsevier. In future work, it will extend the search for other databases such as Web of Knowledge.

References 1. Herodotos H, Lim H, Luo G (2011) Starfish: a self-tuning system for big data analytics. In: Conference: CIDR 2011, fifth biennial conference on innovative data systems research. Asilomar, USA, pp 261–272 2. Eachempati P, Srivastava PR (2017) Systematic literature review of big data analytics, In: Proceedings of the 2017 ACM SIGMIS conference on computers and people research. Association for Computing Machinery, India, pp 177–178

86

M. Muntean

3. Inamdar Z, Raut R, Narwane VS (2020) A systematic literature review with bibliometric analysis of big data analytics adoption from period 2014 to 2018. J Enterp Inf Manag 34(1):101– 139 4. Salbihan M, Mad Khir J, Noor Zaidi S A (2020) Big data analytics concepts in libraries: a systematic literature review. Int J Acad Res ProgIve Educ &Development 9(2):345–362 5. Khanra S, Dhir A, Islam N, Mäntymäki M (2020) Big data analytics in healthcare: a systematic literature review. Enterpr Inf Syst 14(7):878–912 6. Mikalef P, Pappas IO, Krogstie J, Giannakos M (2018) Big data analytics capabilities: a systematic literature review and research agenda. Inf Syst e-Bus Manag 16(3):547–578 7. Adrian C, Sidi F, Abdullah R (2016) Big data analytics implementation for value discovery: a systematic literature review. J Theor Appl Inf Technol 93(2):385–393 8. Duan Y, Ramanathan R, Cao G, Khilji N (2018) Understanding current research on the use and impact of big data analytics: a systematic literature review. In: Multi conference on computer science and information systems; proceedings of the international conferences on big data analytics, data mining and computational intelligence, theory and practice in modern computing and connected smart cities. Curran Associates Inc., Spain, 185–188 9. Iman Raeesi V, Setareh M (2019) Literature review on big data analytics methods. In: Social Media and machine learning. Intechopen, USA, pp 1–22 10. Nunavath V, Goodwin M (2019) The role of artificial intelligence in social media big data analytics for disaster management-initial results of a systematic literature review. In: 5th international conference on information and communication technologies for disaster management. IEEE, Japan, pp 100–130 11. Hordri NF, Samar A, Yuhaniz SS, Shamsuddin SM (2017) A systematic literature review on features of deep learning in big data analytics. Int J Adv Soft Comput Its Appl 9(1):32–49 12. Nada E, Elragal A (2014) Big data analytics: a literature review paper. Lect Notes Comput Sci 214–227 13. Zhaohao S, Yanxia H (2019) The spectrum of big data analytics. J Comput Inf Syst 1–16 14. Najafabadi MM, Villanustre F (2015) Deep learning applications and challenges in big data analytics. J Big Data 2(1):1–20

Chapter 8

Alerts and Fraud Detection in Electricity Consumption Recorded by Smart Metering Systems Simona Vasilica Oprea , Adela Bâra , Vlad Diaconi¸ta , and Niculae Oprea Abstract The fraud detection in electricity consumption represents a challenge as they produce significant financial losses for utility companies. The detection strategy could be also costly because the classification performance is not high when working with real, unbalanced data, sometimes containing missing intervals. This implies that the company budget for fraud detection should cover on-site investigations for both true and false positives. Hence, the best algorithm partly depends on the company strategy and budget for the identification of dishonest consumers. Various classification algorithms for time series data, such as distance-based (K-Nearest Neighbor), interval-based (TSF—Time Series Forest), Dictionary-based (Bag of SFA Symbols—BOSS, contractable BOSS—cBOSS), frequency-based (similar with TSF), shapelet-based (Shapelet Transform) are known to perform better than baseline classifiers. In this paper, using Machine Learning (ML) algorithms and stream ingestion, we analyze the electricity consumption data of some Chinese consumers for a data span of almost three years.

8.1 Introduction Fraud detection is employed in many fields ranging from frauds in welfare methods [1] to opinion frauds in online reviews [2]. The methods employed to classify an S. V. Oprea (B) · A. Bâra · V. Diaconi¸ta Department of Economic Informatics and Cybernetics, Bucharest University of Economic Studies, Romana Square 6, 010374 Bucharest, Romania e-mail: [email protected] A. Bâra e-mail: [email protected] V. Diaconi¸ta e-mail: [email protected] N. Oprea SC ICPE S.A, Bucharest, Romania © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_8

87

88

S. V. Oprea et al.

observation as fraudulent or not include statistical methods (Hidden Markov Bayes), ML techniques (k Nearest Neighbors, Support Vector Machines, Logistic Regression, Naïve Bayes, etc.), or deep learning methods (Recurrent Neural Networks, Convolutional Neural Networks). Fraud detection in electricity consumption is far from being successfully handled and still generates financial losses for utility companies that struggle to discourage such behavior. The financial losses generated by frauds also known as nontechnical losses, are supported by the entire society, thus, the support from honest consumers is highly valued. On-site investigation relies on complaints from neighbors that identify consumers with peculiar consumption customs. However, with smart metering systems, anomalies in electricity consumption can be more easily detected than with conventional meters. The main threat comes from new tempering methods that are not similar to the previous ones. Thus, the training (learning) process is not efficient in case the anomaly is not similar to previous anomalies. Therefore, we analyze algorithms to ingest data streams and provide alerts.

8.2 Machine Learning Algorithms When using classification (called supervised learning in ML), we try to assign new data points to existing categories. For example, we might want to classify a consumption pattern as normal or suspicious, a new email as spam or not spam or an image in one or more categories such as art, landscape, cities, pets, people, or to find the appropriate reviewers for a scientific paper. k-Nearest neighbors is a method developed by Evelyn Fix and J. L. Hodges, Jr. in the fifties as part of a U.S. Air Forces grant unclassified in 1970. It was later published as a journal paper [3]. The method gained popularity for nonparametric classification [4] as the computational power increased. It can use different distance metrics, but can also function for developing regressors [5]. The base approaches are computationally intensive, so approximate nearest neighbor approaches that aim to reduce the number of calculated distances or for dimensionality reduction [6] have been put forward. The k-NN algorithm finds the k observations with xi closest to x in the input space based on a metric. To apply the algorithm, we first must choose k (e.g., 5 or 10). Then, the algorithm finds the k nearest neighbors of the data point (x) that needs to be classified based on a metric. Among these k nearest neighbors, we count how many of these fall in each of the existing categories and we assign the new data point to the category with the most neighbors. Different metrics (similarity measures) can be assessed to check which are the most adjacent points to the point we are trying to classify. Probably the most well-known metrics are the Euclidean distance and the Cosine similarity (mostly used in information retrieval and text mining). There are, of course, other metrics like Hamming distance (used in block codes), Manhattan Distance (used in compressed sensing), or the Haversine formula (used in navigation).

8 Alerts and Fraud Detection in Electricity Consumption Recorded …

89

If d = (d1 , d2 … dn ) and q = (q1 , q2 , …, qn ) are two points in the Euclidean n-space, the distance from d to q is given by the formula:   n  D(d, q) =  (qi − di )2

(8.1)

i=1

The formula for the Cosine similarity that can be used to calculate the angle between d and q is: Cos(d, q) =

n 

 ⎛ ⎞  n  n   (di ∗ qi )/⎝ (di )2 ∗  (qi )2 ⎠

i=1

i=1

(8.2)

i=1

Support Vector Machines is a valuable tool for classification [7], regression [8], or even clustering [9]. For classification, this algorithm attempts to find the best boundary that separates the space into different classes using one or more maximummargin hyperplanes. This boundary has the largest distance from the support vectors from each class. The hyperplane has to have the highest margin to reduce bad classification. The support vectors are the observations from each class that are the closest to the maximum margin hyperplane, thus the most “different” from their peers. If the data is not linearly separable, the algorithm can add one or more dimensions to find the separation between the classes and then map the separation boundary that was found back to the original plane. These transformations that can get highly computationally intensive can be done using kernel functions. For example, the radial basis function is:



x − x  2  (8.3) K x, x = ex p − 2δ 2 where x − x  2 is the squared Euclidean distance between the two vectors (x and x’) and sigma is a free parameter. We can introduce gamma: γ =

1 2δ 2

Therefore, the formula becomes: 



 2 K x, x = exp −γ x − x  

(8.4)

(8.5)

The kernel functions employ tuning parameters such as the regularization parameter and gamma. The regularization parameter (or penalty parameter) tells the algorithm how much misclassification should be avoided in the classification. The gamma

90

S. V. Oprea et al.

parameter (as in the above equations) shows if points far away from the possible separation line are considered in its calculation. These parameters also have a role in tuning the training time which can be necessary on big data. If they are not adequately chosen (e.g., high gamma), they can also cause overfitting. Some kernels have extra parameters, for example, the degree is specific to the polynomial kernel. A special class of SVM is the one-class classifier [10] which seeks to identify the desirable situations (e.g., honest consumers) and assumes that the others are bad (energy thieves). In Python, the most popular library for SVM is scikit-learn (sklearn.svm). It offers full support for the tuning parameters. The kernel can take values such as linear, poly (for polynomial), RBF (Radial Basis Function), sigmoid, precomputed, or a callable whereas gamma and the regularization parameter (called C) can take discrete values (of float type). It also offers the OneClassSVM classifier but not suitable for time series data. BOSS stands for Bag of SFA Symbols and is a dictionary-based classifier that transforms the time series into sequences of words. Then, the extracted words are distributed leading to a classification system using a sliding window of a certain length that moves across the time series. BOSS classifiers are using the Symbolic Fourier Approximation (SFA). SAX-VSM classifier relies on term frequency (tf) and inverse document frequency (idf) statistics. Time series are transformed into words with Symbolic Aggregate approXimation (SAX). The resulted classes are converted into a Vector Space Model (VSM) with tf and idf.

8.3 Evaluating Models Cross-validation is a good way of analyzing the performance of the models. The data is split into a training set that contains, for example, 75% of the observations, and a testing set that contains 25%. The algorithm is trained on the first set and is used on the second set. The predictions rendered by the model are then compared to the actual values from the testing set. A version of cross-validation is the k-fold cross-validation where the data is divided into test and training set k at different times. Every time we have (100/k) %) holdout data that is tested against the function estimated from the remaining data. In this approach, every data point is used once in a test set and k-1 times in a training set. For some algorithms and large data sets, this approach is very time-consuming, especially if no search space reduction method is used. To visualize the results, we can use a table of confusion (confusion matrix) as described in Table 8.1 showing true positives (classified correctly as being part of a class), true negatives (classified correctly as not being part of a class), and false positives (type 1 error—classified incorrectly as being part of a class), false negatives (type 2 error—classified incorrectly as not being part of a class).

8 Alerts and Fraud Detection in Electricity Consumption Recorded … Table 8.1 Confusion matrix

91

Predicted class Actual class

Positive

Negative

Positive

True positives

False negatives

Negative

False negatives

True negatives

Sometimes, the model requires tuning between false positives and false negatives. Nonetheless, in many cases, to say, which is more serious is up to debate and rarely transparent. For example, a strict anti-spamming system could flag an important mail like a lucrative business proposal as SPAM (false-negative) causing losses. On the other hand, a more relaxed system could mark an actual SPAM that contains a dangerous link as NON-SPAM, and if clicked, could provoke even more damage to the firm. Things are even more complicated in medicine, if we incorrectly diagnose a healthy person as ill or an ill person as in good health. Based on the confusion matrix, different indicators can be calculated such as True Positive Rate (TPR), True Negative Rate (TNR), accuracy, or F1 score [11], but such indicators, especially accuracy, are susceptible to the accuracy paradox, i.e., predictive models with a given level of accuracy may have greater predictive power than models with higher accuracy.1 If the model has more than two classes, for example, three (A, B, and C), 3 × 3 confusion matrices can be built, or three 2 × 2 matrices (A vs non-A, B vs non-B, and C vs non-C). The Cumulative Accuracy Profile (CAP) is used to visualize and compare the power of different models. A model can be also compared to the perfect CAP (choosing the right observations directly) and to the random CAP in which no model is used and the observations are chosen randomly. The curve of a given model is between the random CAP and the perfect CAP, preferably as close as possible to the latter. Another way of evaluating the model is to look at the positive observations at 50% which should be at least 70% (for the random model they are 50% if the data is reasonably balanced). Another way of visualizing the power of a classifier is by using the Receiver Operating Characteristic curve (ROC) that plots true positive rates against false positive rates at different thresholds [12].

8.4 Results The input data was analyzed to apply the preprocessing steps before running the ML algorithms. Firstly, we noticed that the target (0 for normal and 1 for suspicious) is highly unbalanced as in Fig. 8.1a. In addition, missing data were identified especially in 2015 (Fig. 8.1b). After eliminating the time series data with too many missing values, we used forward and back-filling methods (implemented in Python) to replace 1

https://towardsdatascience.com/accuracy-paradox-897a69e2dd9b.

92

S. V. Oprea et al.

Fig. 8.1 Unbalance target and random time series

the null values for the remaining ones. Some time series data logs are seasonal and stationarity as in Fig. 8.1c. Most time series data logs are not stationary, so they need to be differenced (usually only once). We also checked [13] the dataset to remove the extreme values (above the 99.8th quartile) which are clearly caused by erroneous readings. Confusion matrices (CM) were used to assess the performance of the ML algorithms. Hence, we will concentrate on the second column of each of the matrices that shows two important results: false positive or the consumer in the cell top right of the CM that the classifiers failed to classify as normal. Instead, it classified the consumers as suspicious. For these consumers, the budget is also spent for on-site inspections. True positive is the bottom right cell of the CM and represents the consumers correctly identified as thieves. Furthermore, very relevant is the bottom left cell that shows the suspicious consumers that the algorithms fail to classify as suspicious (Fig. 8.2). Thus, four ML algorithms are investigated to classify consumers based on their consumption daily recorded by smart meters. For the algorithms, we have split the data into training and test data and used two approaches: (a)

(b)

We kept in the training set and test set the unbalanced proportions of the main dataset (93% honest consumers, 7% suspicious consumers—the class of interest); We constructed the training set and test set with 50% honest consumer and 50% suspicious consumers time series to see how the algorithms perform

8 Alerts and Fraud Detection in Electricity Consumption Recorded …

93

Fig. 8.2 Confusion matrices for the ML classification algorithms

on balanced data as most machine learning classification algorithms assume an equal distribution of classes [14]. To accomplish under-sampling [15], we selected the 3,615 suspicious consumers in our dataset (the 7% which met the preprocessing filtering conditions) and we have sampled an equal number of honest consumers (flag[flag[’FLAG_mean’] = = 0].sample(n = 3615)). In Fig. 8.3, we exemplify a 3NN search where the queries are in black on the first row and the three nearest neighbors are in red on the next three rows. If at least two of its neighbors are in a category, we classify the query as belonging to that class. Using seasonal_decompose from statsmodel, we can decompose a time series into trend, seasonal, and residual as shown in Fig. 8.4.

Fig. 8.3 k-Nearest-Neighbors (k = 3)

94

S. V. Oprea et al.

Fig. 8.4 Seasonal decompose

This enables us to run the algorithms on these components, in addition to the original data: train = seasonal_decompose(X_train, model=’additive’, freq=5) test = seasonal_decompose(X_test, model=’additive’, freq=5) X_train2 = to_time_series_dataset(train.trend) X_test2 = to_time_series_dataset(test.trend) knn2 = KNeighborsTimeSeries(n_neighbors=n_neighbors).fit(X_train2) ind2 = knn2.kneighbors(X_test2[3:8], return_distance=True)

The accuracy of the algorithms is shown in Table 8.2. For the first column (undersampled data), we consider that the model beats the random one if the accuracy is greater than 50% and for the second if it’s greater than 93%. The default OneClassSVM from sklearn performed poorly. It correctly classified all the 130 outliers but misclassified a lot of regulars (5272/7884). The kNN is a slow classifier. Training the algorithm on the full dataset took too long (it crashed on Google Colab) so we used a sample also for the unbalanced data. Nevertheless, after the algorithm is trained, classifying a new query happens in almost real-time. To simulate a testing environment, for all the ML algorithms, we used KafkaProducer to send the test data to a Kafka topic and KafkaConsumer to retrieve the data from that topic, so we can apply the algorithm. Table 8.2 Average accuracy (%) Under-sampled balanced data

Unbalanced data

kNN (k = 3, dynamic time warping as similarity metric)

72.5

94

RandomForestClassifier (50 estimators)

58

92.5

LogisticRegression

60

93.5

GaussianNB

55

93.7

VotingClassifier

60

93.3

SVM SVC

61

93.2

kNN (k = 3, dynamic time warping as similarity metric)

72.5

94

RandomForestClassifier (50 estimators)

58

92.5

8 Alerts and Fraud Detection in Electricity Consumption Recorded …

95

8.5 Conclusions and Future Research Anomaly detection is not an easy task, especially when the duration of the anomaly is short compared to the length of the anomaly or the amplitude of the fraud is limited. To counter these shortcomings, the budget for on-site inspections should be sufficient to investigate a bigger share of suspicious consumers. From the analyzed algorithms, KNN performed the best, but as expected it took the longest to train. Furthermore, SVC with optimized hyperparameters (gamma = 2, C = 1) provided decent results. In practice, long-term consumption data analyses can be combined with short-term approaches that analyze daily and monthly data streaming to identify irregularities and anomalies in electricity consumption. Both long-term and short-term analyses will be correlated to provide the best results for utility companies. Hence, the ML algorithm results will be backed-up by short-term anomaly detection. Acknowledgements This work was supported by a grant from the Romanian Ministry of Research and Innovation, CCCDI–UEFISCDI, project number 462PED/28.10.2020, project code PN-III-P22.1-PED-2019-1198, within PNCDI III.

References 1. da Azevedo CS, Gonçalves RF, Gava VL, de Spinola MM (2021) A Benford’s law based methodology for fraud detection in social welfare programs: Bolsa familia analysis. Phys A Stat Mech its Appl (2021). https://doi.org/10.1016/j.physa.2020.125626 2. Dong M, Yao L, Wang X, Benatallah B, Huang C, Ning X (2020) Opinion fraud detection via neural autoencoder decision forest. Pattern Recognit Lett. https://doi.org/10.1016/j.patrec. 2018.07.013 3. Fix E, Hodges JL (1989) Discriminatory analysis. Nonparametric discrimination: consistency properties. Int Stat Rev/Rev Int Stat. https://doi.org/10.2307/1403797 4. Cover TM, Hart PE (1967) Nearest neighbor pattern classification. IEEE Trans Inf Theory. https://doi.org/10.1109/TIT.1967.1053964 5. Tiffany-Anne T, Trevor C, Melissa L (2021) Data science: a first introduction 6. Goldberger J, Roweis S, Hinton G, Salakhutdinov R (2005) Neighbourhood components analysis. In: Advances in neural information processing systems 7. Boser BE, Guyon IM, Vapnik VN (1992) Training algorithm for optimal margin classifiers. In: Proceedings of the fifth annual acm workshop on computational learning theory (1992). https://doi.org/10.1145/130385.130401 8. Drucker H, Surges CJC, Kaufman L, Smola A, Vapnik V (1997) Support vector regression machines. In: Advances in neural information processing systems 9. Ben-Hur A, Horn D, Siegelmann HT, Vapnik V (2002) Support vector clustering. J Mach Learn Res 2:125–137 10. Ma J, Perkins S (2003) Time-series novelty detection using one-class support vector machines. In: Proceedings of the international joint conference on neural networks. https://doi.org/10. 1109/ijcnn.2003.1223670 11. Powers DMWD (2007) Evaluation: from precision, recall and F-factor to ROC, Informedness, Markedness & Correlation. J Mach Learn Technol 12. Fawcett T (2004) ROC graphs: notes and practical considerations for researchers. HP Labs Tech Rep HPL-2003–2004

96

S. V. Oprea et al.

13. Dixon WJ (1960) Simplified estimation from censored normal samples. Ann Math Stat. https:// doi.org/10.1214/aoms/1177705900 14. Guo X, Yin Y, Dong C, Yang G, Zhou G (2008) On the class imbalance problem. In: Proceedings—4th international conference on natural computation, ICNC 2008. https://doi.org/10. 1109/ICNC.2008.871 15. Fernández A, García S, Herrera F, Chawla NV (2018) SMOTE for learning from imbalanced data: progress and challenges, marking the 15-year anniversary. https://doi.org/10.1613/jair.1. 11192

Chapter 9

Analytical Capabilities of Graphs in Oracle Multimodel Database Iuliana S, imonca , Alexandra Corbea , and Anda Belciu

Abstract Graphs exist in mathematics for more than 300 years, but their full expansion and usage in databases can be considered to be started about 10 years ago, when multimodel databases adopted graph models. This paper presents how the graph theory was used in computer science, focuses on graph databases, and on Oracle multimodel in particular, while the last part shows how graphs work in Oracle database. Graphs became more and more popular in databases because they use a flexible data model, with no predefined schema, which can adapt on the run. On the other hand, they offer an intuitive visualization and put in place new opportunities for analytical processing, which couldn’t be performed with the classical relational technology. Oracle Database offers property graph and RDF graph data models, specialized query languages (SPARQL, PGQL, SQL), visualizations tools, and inmemory graph analytics that can help to identify clusters and patterns in sparse, semi-structured data.

9.1 Graph Theory—From Mathematics to Computer Science The Graph theory has its origins in mathematics in the eighteenth century, where it serves as a representation for data and the relationships between them. Multiple applications of graph theory can be found in the domain of computer science and related, like: Internet networks, grid computing, graph databases, GIS representation, network analysis in data science, social networks, and so on. I. S, imonca (B) · A. Corbea · A. Belciu Bucharest University of Economic Studies, 6 Piata Romana, 010374 Bucharest, Romania e-mail: [email protected] A. Corbea e-mail: [email protected] A. Belciu e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_9

97

98

I. S, imonca et al.

9.1.1 Graphs in Mathematics In book [1], it is stated that a graph is an ordered pair of disjoint sets (V, E), E being the set of edges or links and V being the set of vertices or nodes. Two edges are considered adjacent if they have exactly one common end vertex. In book [2], a graph is defined as a set of points in a plane or a 3-D space and a set of line segments (curved), joining two points or a point to itself. Another definition is given in [3], a graph being defined as a set of nodes and the relationships that connect them. Thomas Vanderwal calls graphs (in work [4]) a collection of entities and relationships among them, which can hold separate data. Whether they’re called edges and vertices, or links and nodes, or points and segments, or entities and relationships, graphs turn out to find their usage in mathematics, computer science, or geographical representation. The graph-specific algorithms (path analysis, clustering, minimum spanning tree, page rank, centrality measures, pattern analysis, Bayesian networks, etc.), explained by [5, 6], provide powerful data analytics through predictions, optimizations, or decision-making assistance. There are many types of graphs that can be categorized considering the orientation of vertices, the existence of (self) loops, the existence of parallel edges, the degree of vertices, the existence of cycles, etc. Common classes of simple graphs can be found in [7]. The most popular types of graphs can be considered: multigraph, cyclic/acyclic graph, complete graph, Euler graph, directed/non-directed graph, connected/disconnected graph, etc.

9.1.2 Graphs in Computer Science The papers [8, 9] detail how mathematical graphs could be applied to different application fields like database designing, network security, cyber security, data mining, image processing, software engineering, data structure, or computer hardware. Graphs in computer science are applied to areas like: – Graph database (through index-free adjacency) – Arrays, trees, linked lists, pointers, stacks, or queues (through oriented graphs and matrices) – Graph mining (through subgraphs and isomorphism) – Topological control and weighted graph (through connectivity, traversing, adjacency, vertex cover algorithms) – Network and cyber security (through cryptography) – Edge boundaries, entropy, shortest path algorithms (through edge connectivity, regions, spanning tree). In matter of types of software applications that benefit from the graph theory, the complex network applications are the most well-known ones, as [10] states. In

9 Analytical Capabilities of Graphs in Oracle Multimodel Database

99

social networks, the people are the nodes, having their relationships (friendships). An analytical capability would extract here the influencers (the nodes that have the largest flows coming towards them, with a large number of links). In information networks, the relations could be represented by citations and the nodes by the papers. In technological networks, the spatial and geographical coordinates are the nodes and the links are represented by the routes. In biological networks, the neural network could be represented by the neurons, having the connections through synapsis.

9.2 Graph Databases 9.2.1 Graph Model and GDBMSs (Graph Database Management Systems) Graph databases have a lot in common with network databases which appeared on the market in the 70 s, but the main difference between them is that network databases have a lower level of abstraction and don’t offer an easy traversal on a path, as [10] shows. As defined in [11] , a network database is a set of record types structured in set types. The graph database is a type of NoSQL database in which the relationships (the links) are the central entity and have the purpose to solve the limitations of relational databases. The study [11] shows that a data model for a database is represented by a set of concepts and tools for developing the data collections’ structure, according to which the data will be represented. The book [3] shows the characteristics of a graph data model, and they should be: – The nodes contain properties (key-value pairs) and can have one or more labels. – The relationships have a name, a direction (meaning a start and an end node), and can have properties. Also, a GDBMS is considered an online management system that can ensure CRUD methods that expose a data model. When talking, in general, about different types of databases, one DBMS can be considered a purely, let’s say Object-oriented (OO) DBMS or GDBMS, or just have some (OO or graph) capabilities. As for graph DBMS, two aspects define the native GDBMS: the graph storage and the index-free adjacency. The pure GDBMS stores the graphs natively, but other DBMSs adapt the storage into relational or object-oriented databases. Also, from the processing engine point of view, there is the native graph processing which consists in using index-free adjacency. The study [12] has shed more light on the fact that the connected nodes physically reach each other in the database. These DBMSs have a traversal performance, which can be a disadvantage when not using this capability, because of intensively memory usage.

100

I. S, imonca et al.

The book [3] considers that the power of graph databases comes with performances for querying connected data, flexibility, and agility toward new technologies and business requirements. The flexibility should apply to situations that may arise regarding the database model (like new nodes, new labels, or new relationships), which can be expanded without affecting the applications, the queries, or the functionalities. GDBMSs include open-source solutions, like Neo4J, and proprietary software, like Oracle, Amazon Neptune, AnzoGraph DB, SQL Server, etc. Of these listed above, one of the leading graph-oriented databases is Neo4J, used successfully to develop applications such as those described in [13–16]. However, for some time now, Oracle database, already established in working with structured data, has been expanded with interesting facilities, in order to successfully store and handle semi- and unstructured data. Thus, the multimodel Oracle database was born. Given a recent study conducted in June 2020, that comparatively analyzed the functionalities of the native graph-oriented Neo4J database against those of Propertygraph from Oracle database, the balance tilted in favor of the latter. The tests used in LDBC Social Network-BI benchmark have been rigorously performed and are detailed in the study [17]. The tests include 25 analytic queries, which were run on equivalent systems (Oracle database on Oracle Cloud Infrastructure vs. Neo4J database on Amazon AWS). As a result, 19 of the 25 queries generated better results for the Oracle database, to the detriment of Neo4J.

9.2.2 Query Languages for Graph Databases The query languages that have been adapted from SQL for graph databases include AQL (used in ArangoDB), Cypher (used in Neo4J, AnzoGraph DB), Gremlin (used in Amazon Neptune), SPARQL (used in Oracle, Amazon Neptune, AnzoGraph DB), PGQL (used in Oracle). In Neo4J GDBMS, the main query language is Cypher. Its central clauses are MATCH and RETURN, but it allows other clauses like WHERE, CREATE, MERGE, DELETE, SET, UNION, START, etc. This language is designed to work with graphs and not with relational tables. Cypher doesn’t offer regular path queries and graph construction like PGQL does. In the study [18], the PGQL language is proposed. PGQL was developed for property graph data model in which vertices and edges in a graph can be associated with arbitrary properties as key-value pairs. SPARQL, on the other hand, is the standard query language for the RDF (Resource Description Framework) graph data model, where the graph is represented as a set of edges and sometimes it creates artificial vertices that can hardly be exposed by queries.

9 Analytical Capabilities of Graphs in Oracle Multimodel Database

101

9.3 Oracle Multimodel Database The over four decades of evolution of database management systems (DBMS) have seen the rise and fall of a series of trends in terms of functionalities, objectives, data types, and implemented data models. Each new generation of database management systems has been developed with a different focus in mind, in order to solve a different set of problems. Currently, companies face the problem of understanding and efficiently using the massive volume of unstructured data produced by social media, web sources, or automated sources such as sensors and Internet of Things (IoT), in addition to those used by traditional business applications. Thus, as is mentioned in paper [19], the success of an organization has become conditioned by its ability to work efficiently with information manageable only with human or machine-based interpretation such as: JSON or XML files, multimedia files, web content, and even specialized information such as satellite and medical imagery, maps and geographic information, sensor data, and graph structures. An elegant solution to the problem posed by heterogeneous data can be found in the multimodel database. This new type of database uses a unique data store to support multiple data models thus avoiding the problems that come with the need to integrate multiple data stores that implement different data models [20]. To better understand the appearance of the multimodel database it’s useful to have a short overview of the evolution of data management as presented in paper [21]. One stage of this evolution lead from centralized to semi-decentralized to distributed databases, the last step being directly determined by the must-have requirements for cloud applications. A different stage, which was determined by the emergence of single model NoSQL databases at the beginning of the last decade, introduced the concept of polyglot persistence. This concept refers to the use of different database models to meet the needs of different applications. When working with a large, complex system, that has to manage data of different nature in different modules, polyglot persistence indicates that several databases should be used, each part of the system using the specific database that best fits its needs. This particular way of addressing the need to work with heterogeneous data comes with a specific set of problems in itself, the authors of article [22] mentioning elements such as increased code complexity, data consistency, and data duplication. The multimodel database represents the natural evolution of trying to address some of these issues by incorporating different database models into a single engine, thus providing polyglot persistence against a single, integrated backend. Figure 9.1 provides a summary overview of the polyglot and multimodel architectures. Oracle, one of the major players in the databases market, offers a multimodel database management system based on the concept of multimodel polyglot persistence. This concept reflects an architecture that incorporates multiple data models and access methods within a single DBMS. The Oracle multimodel polyglot approach

102

I. S, imonca et al.

Fig. 9.1 Polyglot versus multimodel architecture

offers benefits in terms of consolidation and standardization such as: standardized administration, consistent data security policies, simple data integration across multiple data formats, transactions and data consistency, etc., which are detailed in paper [19]. In fact, Oracle takes things one step further and with the current long-term release of the product implementing this approach, Oracle Database 19c, offers the world’s first converged database, a multimodel, multitenant, multi-workload database that provides a unified layer for supporting all sorts of mobile and web apps, analytics and AI algorithms needed and used within a single organization. Thus, starting with Oracle 19c, the multimodel database incorporates optimized data types and data structures with operators to bring enhancements to the NoSQL, allowing data management for JSON documents or graphs, as well as functionalities for XML services, text analytics, multimedia content, IoT and blockchain data [23]. The product offers support for full joins and transactions for all the mentioned data types as well as model-specific access methods for graph and spatial queries and it implements most of the widely used machine-learning algorithms. All of these included elements can be accessed either through RESTful APIs or stateful connections, according to the preference of the developers. Through these multimodel facilities that Oracle offers, enterprises can enjoy the benefits of both developer productivity as well as data productivity while being able to have a unified approach to security, upgrades, patching, and maintenance across all deployments of Oracle’s converged database.

9 Analytical Capabilities of Graphs in Oracle Multimodel Database

103

9.4 Graphs in Oracle Multimodel Database 9.4.1 Types of Graphs in Oracle Database As described above, Oracle multimodel database natively supports graphs, modelled as: Property Graphs or RDF graphs. In both cases, Oracle stores data as collection of points (vertices) and connections between those points (edges) and provides important graph data management features. While property graphs offer great support for querying (through PGQL—Property Graph Query Language), analytics, and visualization of graph data, RDF graphs are focusing especially on data integration, semantic networks, and knowledge graphs, although they also provide querying capabilities (using SPARQL graph query language). Details about those two graph models can be found in the official documentation: [24, 25]. Some use cases of property graphs or RDF implementations are described in other works, like [26], which describes details of RDF graphs implementation at the National Statistics Centre, in Japan, and [27], which highlights interesting aspects about property graph implementation in the financial sector, in order to evaluate the fraud at a bank.

9.4.2 Property Graphs in Oracle The concepts exemplified in this paper use property graph features of Oracle Database 19c. In the property graph model, all the data (represented as vertices and edges) are persistent in the database, in relational form, as tables. This means that we can also run typical SQL queries on these tables. One of the biggest advantages of storing data as a graph is that we can analyze our data based on the connections and relationships between them. Since there are more than 50 graph algorithms already implemented, we can easily run graph analytics algorithms on the stored data. Usually, when using Oracle property graphs, we’ll adopt a three-tier architecture, consisting of the following layers: database, graph server, and client [25]. The client will receive the requests from the user and send them to the server, which will interact directly with the database. By default, Oracle Graph Server and Client is a software package that is used with Oracle property graphs. It includes client libraries and an in-memory graph server (PGX), which enable faster and parallel graph query, and also integrates built-in algorithms needed for graph data analytics. The results of the queries and analysis are shown using a shell user interface, through Java APIs, or in a more user-friendly manner through Oracle Graph Visualization. Alternatively, a restricted architecture can be used, containing only the database and the graph client (in a two-tier architecture). In this case, using PGQL statements, the graph is created directly from database tables and it is stored in the property graph schema. The results of the queries will be usually displayed using a shell user

104

I. S, imonca et al.

interface. However, Oracle Graph Visualization can be also configured to retrieve the graph directly from the database. To exemplify a series of facilities offered by property graphs, we chose a situation from our current activity, which can be easily designed by graphs. Thus, we started from the relational database that stores data regarding students, the courses they take, the related grades, and the professors who teach them. Starting from the relational model shown below in Fig. 9.2, we have created the corresponding graph representation (Fig. 9.3). The property graph we’ve designed has the vertices: Students_group, Student, Course and Professor and the corresponding edges. Figure 9.4 highlights the correspondence between a row in Students table and the specific node (vertex) from the graph, which has properties and values indicated by standard key-value pairs. We have created the graph starting from database tables. Using PGQL data definition language, we mapped the tables into interconnected vertices and edges, indicating the columns of those tables which become properties of the vertices/edges.

Fig. 9.2 Relational model for the proposed case study

Fig. 9.3 The corresponding graph representation

9 Analytical Capabilities of Graphs in Oracle Multimodel Database

105

Fig. 9.4 From relational to graphs: mapping rows to vertices

CREATE PROPERTY GRAPH statement describes how the relational tables should be converted into a graph, indicating explicitly the vertex tables and the edge tables. In our example, StudGroups, Students, Courses, and Professors are vertex tables, while CourseByStud and Exams are included in views representing the edge tables. CREATE PROPERTY GRAPH STUD_GRAPH VERTEX TABLES (……… students KEY (STUDENT_ID) LABEL STUDENT PROPERTIES(STUDENT_ID,STUDENT_NAME,EMAIL,STUDENT_LOC), courses KEY (COURSE_ID) LABEL COURSE PROPERTIES (COURSE_ID, COURSE_NAME, ECTS, ACAD_LEVEL), ……… ) EDGE TABLES ( sc_edge SOURCE KEY (STUDENT_ID) REFERENCES students DESTINATION KEY (COURSE_ID) REFERENCES courses LABEL REGISTERED_TO PROPERTIES(CSP_ID, ACADEMIC_YEAR, EXAM_TYPE, GRADE), ……… )

9.4.3 Querying and Visualizing a Graph Once the property graph is created, it will be stored in the relational database, through several tables which will be automatically created in the user’s schema, having the graph name as the prefix and some specific suffixes. In our example, five tables were created to store data and metadata of the Stud_graph graph, as: vertices and their properties (Stud_graphVT$), edges and their properties (Stud_graphGE$), text index metadata (Stud_graphIT$), graph structure (Stud_graphGT$), and specific metadata needed only for Oracle internal use (Stud_graphSS$). For demo purposes, at the client-side, the interaction with the graph was ensured through the JShell Command-line interface, using Java APIs (oracle.pg.rdbms.OraclePropertyGraph).

106

I. S, imonca et al.

Fig. 9.5 PGQL query

We can easily run queries on the created graph by using PGQL syntax. The following query will return the names of the students taking the Databases course. The PGQL syntax indicates explicitly the graph patterns which matches vertices and edges that complies with the given conditions (Fig. 9.5). Next, according to the three-tier architecture, we have loaded the graph into memory and, using Graph Visualization, we have run some PGQL queries in order to visualize the results as a graph. Oracle Graph Visualization is a single-page web application (SPA) that works usually with the in-memory graph server (PGX), so that we can visualize graphs already loaded. In Fig. 9.6, the query displays through a graph all the students who have taken undergraduate courses. In addition, the above graph clearly shows the students who did not pass the disciplines. The values of the vertices are displayed (i.e., the names of the students and the names of the courses attended), being highlighted only those edges whose values are less than 5 for courses of the 2020/2021 academic year. The grades of the students and the academic years were defined as properties of the edges between Student and Course vertices.

Fig. 9.6 Graph visualization (1)

9 Analytical Capabilities of Graphs in Oracle Multimodel Database

107

Fig. 9.7 Graph visualization (2)

The query from the following figure (Fig. 9.7) searches all the students with their courses and the corresponding professors, according to the conditions mentioned. The displayed graph is conditionally formatted, so that the courses are highlighted separately according to their type.

9.5 Conclusions For more than 50 years, databases have begun to play an increasingly important role in the field of informatics. And for more than 10 years, data has not only better organized our activities, but they have come to govern our lives and decide our actions. Given the need to store huge volumes of various data, continuously generated and which no longer find their place in the rigid structure of the relational, the article highlights the strength and also the popularity of graphs as part of the new database trend that provides management for non-relational data. The paper focuses on graph capabilities in the new Oracle multimodel database, exemplifying some interesting aspects regarding their querying and intuitive graphical visualization. Although the examples in this article are purely didactic, in order to highlight important aspects of Oracle graph features, typical applications that integrate graphs and spatial components can provide valuable results in the financial, public, or retail sectors. Going further, beyond the details and examples in this paper, it is obvious the opportunity to integrate graphs with machine learning techniques, in order to obtain valuable predictive analyses. Since the representation of data as graphs often leads to

108

I. S, imonca et al.

the discovery of hidden information about data and the relationships between them, graph analytics can be used successfully to improve predictive models. Acknowledgments This work was supported by a grant of the Romanian Ministry of Research and Innovation, CCCDI–UEFISCDI, project number 462PED/28.10.2020, project code PN-III-P22.1-PED-2019–1198, within PNCDI III.

References 1. Bollobás B (1998) Fundamentals. In: Modern graph theory. Graduate texts in mathematics, vol 184. Springer, New York, NY. https://doi.org/10.1007/978-1-4612-0619-4_1 2. Gross J, Yellen J (2005) Graph theory and its applications, 2nd Edn. CRC Press 3. Robinson I, Webber J, Eifrem E (2015) Graph databases: new opportunities for connected data. O’Reilly Media, Inc. 4. Vanderwal T (2017) Blog IV—It’s a rdbms... It’s a nosql... It’s a graph database!. http://thomas vanderwal.blogspot.com/2017/10/blog-iiii-its-rdbms-its-nosql-its-graph.html?m=1 5. Agarwal R (2019) Data scientists, The 5 graph algorithms that you should know—because graph analytics is the future. https://towardsdatascience.com/data-scientists-the-five-graph-alg orithms-that-you-should-know-30f454fa5513 6. Singh A (2019) Graph analytics and big data. A DSF whitepaper. https://datascience.founda tion/sciencewhitepaper/graph-analytics-and-big-data 7. Weisstein E, Simple graph. https://mathworld.wolfram.com/SimpleGraph.html, Wolfram research, Accessed 27 March 2021 8. Rishi P, Vandana V (2014) Application of graph theory in computer science and engineering. Int J Comput Appl 104:10–13 9. Webb J, Docemmilli F, Bonin M (2015) Graph theory applications in network security. arXiv: abs/1511.04785 10. Angles R, Gutierrez C (2008) Survey of graph database models. ACM Comput Surv 40(1), Article 1:39. https://doi.org/10.1145/1322432.1322433 11. Belciu A (2016) Introduction to databases. ASE Publishing House, ISBN 978-606-34-0107-7 12. Marko R, Neubauer P (2011) The graph traversal pattern. In: Sakr S, Pardede E (ed) Graph data management: techniques and applications. IGI Global, Hershey, PA, pp 29–46 13. Webber J, Robinson I, The top 5 use cases of graph databases unlocking new possibilities with connected data. https://go.neo4j.com/rs/710-RRC-335/images/Neo4j_Top5_UseCases_G raph%20Databases.pdf. Accessed 22 March 2021 14. Soumya G, Sudheep E, Santhanakrishnan T (2015) A study on applicability of graph databases in big data analysis. Int J Adv Res Trends Eng Technol II:1288–1294 15. Pokorný J (2019) Integration of relational and graph databases functionally. Found Comput Decis Sci 44(4):427–441. ISSN 0867-6356, e-ISSN 2300-3405 16. Escamilla Molgora JM, Sedda L, Atkinson PM (2020) Biospytial: spatial graph-based computing for ecological big data. GigaScience 9:1–25. https://doi.org/10.1093/gigascience/ giaa039 17. Oracle (2020) Benchmarking oracle property graph against Neo4j. https://www.oracle.com/a/ tech/docs/ldbc-graph-benchmark-2020-06-30-neo-only-v3.1.pdf 18. Rest O, Hong S, Kim J, Meng X, Chafi H (2016) PGQL: a property graph query language. 1–6. https://doi.org/10.1145/2960414.2960421 19. Multimodel Database Whitepaper. https://www.oracle.com/a/tech/docs/multimodel19c-wp. pdf, Accessed 14 March 2021 20. Aven P, Burley D (2017) Building on multi-model databases. O’Reilly Media, USA

9 Analytical Capabilities of Graphs in Oracle Multimodel Database

109

21. The Multi-Model Database Cloud Applications in a Complex World, https://www.ciosummits. com/Online_Assets_DataStax_Whitepaper_-_The_Multi-Model_Database.pdf, Accessed 14 March 2021 22. Khine P, Wang Z (2019) A review of polyglot persistence in the big data world. Information 10(4) 23. Oracle’s Converged Database: How to Make Developers and Data More Productive. https://www.oracle.com/a/otn/docs/database/oracle-converged-database-technicalbrief. pdf, Accessed 27 March 2021 24. Oracle (2021) Graph developer’s guide for RDF graph. https://docs.oracle.com/en/database/ora cle/oracle-database/21/rdfrm/graph-developers-guide-rdf-graph.pdf, Accessed 24 March 2021 25. Oracle (2021) Graph developer’s guide for property graph, https://docs.oracle.com/en/database/ oracle/property-graph/21.1/spgdg/graph-developers-guide-property-graph.pdf. Accessed 25 March 2021 26. Nishimura S, Takeyoshi Y (2020) Enhancing statistical discovery with oracle RDF on oracle cloud. spatial and graph summit @ analytics and data summit 2020. https://www.oracle.com/ technetwork/database/in-memory/learnmore/dbim-natinststatjapan-6603489.pdf, Accessed 16 March 2021 27. Yamanaka R, Annamalai M, Pisharam G (2020) Financial industry use cases for graph analytics. https://www.oracle.com/a/tech/docs/asktom-financial-industry-use-cases-graph-ana lytics.pdf, Accessed 16 March 2021

Chapter 10

Distributed Ledger Technology Economy Felician Alecu, Paul Pocatilu, Silviu Ojog, and Petru Simon Mot

Abstract Distributed ledger technology (DLT) and blockchain are very popular these days, especially due to the cryptocurrencies like Bitcoin, Ethereum, Dogecoin, and others. To better understand these cryptocurrencies and the related transactions, it is important to know how these technologies work and how secure they are. This paper presents the concepts, technologies, and security issues related to blockchain with respect to the economy.

10.1 Introduction Today we can easily notice how the nature of the Internet is changing from a place used to read web pages to an environment that allows the users to run software applications. The future of the Internet belongs to Web 3.0 [1], also called the intelligent Web (Fig. 10.1). The Web 3.0 is the next generation of Internet, an environment allowing users not only to read and write content but also execute the desired applications over the cloud, so the content can be seen as an executable web. The WEB 3.0 is a totally new way of creating and using applications that can run on different devices and having the data stored in the cloud. On January 3, 2009, a new technological revolution started with the launch of the genesis block of Bitcoin by its creator, Satoshi Nakamoto, a year after the publication of a whitepaper describing the new form of currency and peer to peer payment system. Soon after, the author disappeared leaving behind an innovation that took F. Alecu (B) · P. Pocatilu · S. Ojog · P. S. Mot Bucharest University of Economic Studies, Bucharest, Romania e-mail: [email protected] P. Pocatilu e-mail: [email protected] S. Ojog e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_10

111

112

F. Alecu et al.

Fig. 10.1 The history of the web

the world by storm in the following years—the blockchain, a type of distributed ledger technology. The concept was quickly developed and taken far beyond the idea in the original paper by projects such as Ethereum which built new, improved blockchain systems capable of managing not only cryptocurrencies, but also other types of digital tokens and smart contracts that support development of distributed applications (dApps) which power the Web 3.0. The cryptocurrency bull market of December 2017 brought the technology new levels of public notoriety with the advent of alternative digital coins (“altcoins”) and initial coin offerings (ICO). This reached new heights during the 2020 pandemic when tens of billions of dollars in government and central banks relief funds have been invested in crypto assets as a hedge against inflation, bringing the total market capitalization to more than 2 trillion dollars in the first quarter of 2021. Financial institutions, technology corporations, and other influential organizations have taken notice; Many startups have been founded; Fortunes have been made; New business models have emerged; There has also been fraud, speculative schemes, bubbles, scams; And this is just the beginning. The Distributed Ledger Technology (DLT, also called blockchain) is now the driving force of the new generation of the Internet referred as Web 3.0 [2], allowing various types of interactions without the need of any type of intermediaries, unlike the Web 2.0 of today that is using private servers belonging to private entities for data hosting and client–server communication. The paper is structured as follows. The next section highlights the Distributed Ledger Technology characteristics. The third section deals with token economy, while the fourth section presents security concepts related to DLT. The paper ends with conclusion and future work.

10 Distributed Ledger Technology Economy

113

10.2 DLT Highlights Distributed Ledger Technology (or blockchain) is basically a shared public infrastructure that anyone can trust and that is collectively maintained by the participants receiving incentives to keep up to date with the ledger in a completely truthful fashion. The blockchain participants are allowed to collectively settle data transactions on the shared public ledger that anyone can trust. Basically speaking, the blockchain is a trust machine [3], very useful for the situation in which the trusted institutions are problematic and there is no full trust in business partners. The key characteristics of the blockchain technology are listed below [4]: 1.

2.

3.

4.

5.

6.

Distributed ledger—shared, public, trusted ledger completely out of a single user control, everyone can inspect the ledger and the participants are collaborating in keeping the ledger up to date, there are some strict rules allowing users to modify the ledger content by general agreement Decentralized database—not being owned by a single entity, each party can access the data based on permissions but leaving a time-stamped audit trail; the integrity of the decentralized database content is always achieved by cryptography with no need for trusted third parties. Consensus mechanism—for validating and verifying transactions. The consensus algorithm is transparent for everybody, the transactions are validated and confirmed for both the sender and receiver. Nobody can front-run the algorithm and insert fraudulent transactions. Two of the most used consensus mechanisms are proof of work and proof of stake. Immutability—the blockchain generates an immutable consensus over a transaction history even if the blockchain itself cannot give you any guarantee you can trust what is transacted or you can trust who makes the transaction; the immutability is very useful in providing a single source of truth to all blockchain participants Smart contracts—software code, small computer programs implementing a piece of code being deployed on the blockchain and waiting for a specific message to come, in which they generate a specific output. These small computer programs are neither smart nor a contract. Even if there is no need for a legal meaning, they are still called contracts because each time the conditions are met and the message is received, the output is instantly delivered. And they are smart because they react to do what they are programmed to do. A very successful example of smart contracts can be found in the insurance industry, so if the insured event takes place, an automatic payment is made by the insurance company without the need for the insured to make any type of claim. Decentralized Applications (dApps)—are applications that are built on top of the blockchain. But they do not necessarily reside entirely on the blockchain. Dapps deploy smart contracts on the blockchain and use them to store and compute data on the blockchain. In order for the user to access the data and transact, dApps have a front-end component. The front-end is either a web or a mobile

114

F. Alecu et al.

application. Certain components of the front-end are not truly decentralized, such as the DNS, hosting provider, or the platform the mobile app resides, and they can be subject to restrictions. Nevertheless, dApps do not take custody of user keys and passwords, contrary to traditional applications. The user can initiate transactions at any time, without limitations. The blockchain itself is not a very exciting technology but the tokens are making it really amazing, just like the websites that made the Internet and Web 1.0 so popular in the 90 s since tokens are to the Web 3.0 very similar to what was HTML to the Web 1.0.

10.3 Token Economy Today, the most popular examples of tokens are the cryptocurrencies but there are also other types of tokens available in this broad context of the blockchain technology centered on tokens, like cryptographic, real estate, art, or other physical assets [5]. Tokens existed long before the blockchain revolution in the shape of public transportation tickets, loyalty points, vouchers, gift cards, stock certificates, QR codes, coins, paper money, and so on, representing some kind of economic value and having assigned some built-in anti-counterfeiting measures as a security measure intended to prevent the double-spending problem. Any asset of any type and shape (real or virtual) can be tokenized to obtain a digital version that is easier to trade on the market, so most of the time a token actually represents money, like real money or virtual currencies, or even cryptocurrencies. But tokens can also be used for various other purposes as well, like the tokens used to represent the identity of something (person, computer, organization) or credential tokens linked to an identity that has a limited ability to be transferred. Bitcoin itself is just another example of a token. The blockchain allows trusted economic transactions without the need of any intermediaries by using a shared ledger that is collectively managed in a trusted fashion by a network of untrusted computers thanks to cryptography. The blockchain is able to effectively manage digital values in the shape of tokens by avoiding the double-spending issue, nowadays sending a token over the internet is as simple as sending a message. Even Facebook is working on its own digital token (called Diem, former Libra) and the appropriate infrastructure based on Web 3.0 (called Diem network). So far, the biggest cryptocurrency is Bitcoin, with a dominance of over 50%. Hence the price action of Bitcoin, highly affects the price of the other cryptocurrencies, also known as altcoins. Every four years, Bitcoin is subject to a halving event. Bitcoin uses a proof of work mechanism as consensus. Miners, who run special programs to validate transactions, rush into building and appending new blocks. Every time they append a new block, they are rewarded with Bitcoins. Every four year, the rewards are cut in half. The initial reward was 50 Bitcoins and gradually dropped to 6.25

10 Distributed Ledger Technology Economy

115

Bitcoins. The entire supply of Bitcoin, 21 million, is scheduled to function until 2140. The halving events were the catalysts for a two years bull market after the event and two years bear market before the event. Tokenomics refers to token allocation and distribution. Every blockchain project can decide how many tokens to issue on launch, and whether to mint or burn tokens later on. Some projects, like Bitcoin, have a finite number of tokens. Bitcoin has 21 million Bitcoins, which makes it deflationary, hence raising the incentive to hold on the long term. Another aspect is token initial distribution. In some projects, the founders or early investors can receive a high number of tokens. For example, the long-disappeared founder of Bitcoin, Satoshi Nakamoto, owns one million Bitcoins. A fair launch is the launch of a project in which every token is issued upon creation and no token is issued before.

10.3.1 Blockchain Tokens Very early blockchain tokens were first only created as part of the basic blockchain stimulation scheme until the moment when Ethereum introduced the smart contracts that made it possible to simply write only a few lines of code to issue a token in a very cheap and easy and fast fashion by using an already existing blockchain infrastructure. The word token and cryptocurrency are sometimes used interchangeably, but they refer to different things. A cryptocurrency is the native cryptocurrency of a blockchain. A token is the digital cryptocurrency built on top of a native cryptocurrency. In the case of Ethereum, Ether is the native cryptocurrency, and the cryptocurrencies built on top are considered tokens. Every time a transaction takes place a certain transaction fee is paid in order to insert the transaction in the blockchain. The classical or digital tokens are not new at all, they existed for a long time in the shape of physical or digital items, but the blockchain tokens are indicating a completely different approach since they represent programmable assets or access rights managed by a smart contract and a ledger shared by the blockchain network. The blockchain transactions involving tokens are usually done at a very low expense [6] due to the fact the cryptographic tokens are having lower verification, insurance, and management costs assigned since the trust in the blockchain network is enforced by design without the need of any intermediaries. The cryptographic tokens can be accessed by using a dedicated software called wallet. The token security is assessed by using the asymmetric cryptography, so the wallet is actually managing the public and private keys of the blockchain address. The content of the wallet can be accessed only by the person having the private key being considered the owner of the wallet content, the tokens. There are two types of wallets: cold wallets and hot wallets, whether or not they are connected to the internet. Cold wallets can be something as simple as a paper wallet or specialized hardware devices. Cold wallets are certainly more secure but

116

F. Alecu et al.

they lack the convenience of interacting with the crypto assets. The most used hot wallets are mobile wallets and browser-based wallets. The biggest security threat is losing or revealing the private keys. In order to generate the private keys, wallet applications use a seed phrase composed of 12 words. Mobile wallets are generally more secure than browsers due to mobile architecture. Mobile applications run in sandboxes, thus the vulnerability surface is highly reduced.

10.3.2 Non-Fungible Tokens (NFTs) Most of the cryptocurrencies are fungible items, meaning they are interchangeable, being identical to each other, all the units having the same quality and value. Other types of tokens, like digital identities or digital art, represent non-fungible items due to the fact we speak about unique assets that cannot be interchanged at all because they have distinctive properties. NFTs are blockchain tokens usually used to symbolize the property rights over unique (non-fungible) items, like art or even real estate, items having a single owner at a time [7]. The blockchain’s built-in security mechanisms are making the owner sure about the fact no other person can modify the ownership and no one can duplicate the NFT token. Speaking about art, NFT is considered to be the new way to collect and to trade digital art in the future. On 11th March 2021, Christie’s sold the NFT of “Everydays— The First 5000 Days” (Fig. 10.2) by Mike Winkelmann (a digital artist known as Beeple) for $69 million, as the “first purely digital work of art ever offered by a major auction house” [8]. Fig. 10.2 NFT of “everydays—the first 5000 days” by @beeple [9]

10 Distributed Ledger Technology Economy

117

The winner of the auction received the digital file and the blockchain token containing the property rights over the digital image allowing the picture to be displayed.

10.3.3 Decentralized Finance The term decentralized finance represents a global financial system adapted to the internet giving any person having an internet connection full control over the own money, so these financial products are always available to anyone having an internet connection with no need for other intermediaries like the government or central authorities thanks to the trust machine that is the blockchain [10]. Crypto economy allows people to gain interest over the crypto money, to lend, to borrow, to protect the money value in time, to fight against the inflation, to pay wages, and so on. Speaking about the classical financial system, the people’s money is actually stored by some financial institutions powered by humans and having limited operation hours so the transfers are taking days due to the fact there are multiple layers of intermediary institutions requiring some fees making the transfers quite expensive. Decentralized finance means every person is holding his own money by using a wallet with no need for banks or other intermediary institutions demanding fees. The system is widely accessible for anyone, you don’t need to fulfill some forms and conditions to be accepted as a client, the market is always up and running, the transfers of money are made in an anonymous fashion and they are almost instantly performed. The first decentralized finance type application was Bitcoin allowing persons to freely store the money and send them almost instantly around the world by using a shared ledger and the blockchain technology. Today, the crypto money is not only transferable but also programmable by the use of the smart contracts that are small programs generating a predefined output when specific conditions are met. The smart contracts are actually replacing the financial institutions acting as trusted intermediaries in today’s classical financial market [11]. Smart contracts are public and cannot be altered while running, so anyone can check and inspect and audit them, as a result, the community will very quickly amend the bad contracts running on the market. Usual contracts are about transferring the money worldwide, savings, loans, trading of tokens, insurance, or converting in stable currencies (stablecoins)—cryptocurrencies protected against volatility by having a steady (almost stable) value just like the traditional money, like Tether, USDC, Dai, or Ampleforth. Stable coins are backed up by real money on a 1 on 1 ratio. Once deployed to the blockchain, smart contracts are managed, similarly to normal user wallets. Each smart contract address can receive and own funds, similarly to normal user wallets. The smart contract private key holder is the owner of the contract.

118

F. Alecu et al.

Smart contracts provide a callable interface, with functions that can be called in order to initiate transactions, insert or verify data. While anyone can send funds to a smart contract by using the smart contract address, the access to certain functions may be restricted and only accessible by the smart contract owner. Smart contracts can act as an escrow. The input of data into a smart contract is realized through oracles. Oracles are specialized 3rd party entities that provide accurate data to the contract. Smart contracts have a unique property of being able to revert a certain transaction in case some certain conditions are not met. Every transaction comes with a certain cost. It is called a gas fee. Decentralized finance has enabled the creation of a certain category of organizations, namely a Decentralized Autonomous Organization, DAO in short. In the traditional business world, companies are highly centralized. Business directions are imposed by high management. In a DAO, decisions are taken in a decentralized manner. People can vote on implementation of new features. The development process is performed by a certain designated company.

10.4 Security Considerations Blockchain tokens are a type of bearer instrument similar to physical money, meaning that, unlike bank accounts which are created following a KYC (Know Your Customer) process and are tied to a verified identity of the account holder recorded by the bank, the possession of blockchain tokens is technically anonymous, the only ownership information stored in the ledger being a blockchain address. Addresses represent the public key of a cryptographic key pair, and users can (and usually do) create multiple such key pairs which they use to send or receive crypto tokens. While receiving crypto funds is done with knowledge of only the public address of the recipient, initiating a transaction requires the private key of the originator. Asymmetric cryptography (public-key cryptography) is a fundamental building block of blockchain systems as it ensures the authenticity and integrity of transactions with crypto assets. Most blockchains such as Bitcoin and Ethereum use ECDSA (Elliptic Curve Digital Signature Algorithm) to generate a public–private key pair, which requires less computation and uses shorter keys than RSA while maintaining robust security. While ECDSA served these blockchains well over the years, there are plans to update the algorithm to improve scalability and privacy: Schnorr and BonehLynn-Shacham signatures are evaluated by Bitcoin and Ethereum blockchains for their future versions. As crypto assets ownership is established solely by control over a blockchain address, securing them comes down to properly managing the private key access.

10 Distributed Ledger Technology Economy

119

10.4.1 Wallet Security Private key management is facilitated by using wallets, which are tools that allow users to securely generate new addresses (public and private keys), store and use them. Wallets come in various forms for different use cases, offering different levels of security and usability. • Hot wallets—are connected to the internet, easy to set up, and offer convenient access to the assets they protect; • Cold wallets—also known as cold storage, have no internet connection and offer high degree of protection against online hacking. Web wallets, such as those used by cryptocurrency exchange platforms, do not require any software installation and can be accessed via a web browser. They are an example of hot wallets, where private keys are managed by a service provider (such as Coinbase or Binance). While convenient, they are only as secure as the authentication mechanism of the underlying platform—usually a simple username and password. To further protect the digital assets, service providers implement additional security measures such as multifactor authentication, withdrawal address whitelisting, or anti-phishing code. However, they are still vulnerable to hacking attempts against the platform itself [13]. Desktop and mobile wallets are applications installed on a user’s device. Somewhat safer than web wallets since private keys are stored locally, they are however susceptible to hacking directed at the user. Such wallet software usually encrypts the data, and a password is required each time the user needs to access the wallet. The drawback of this type of wallet is that hardware failure of the storage device can lead to loss of private keys—meaning irreversible losing the funds. To address this, backups or a recovery mechanism are recommended. Hardware wallets are purpose-built physical devices that use random number generators (RNG) to create cryptographic key pairs which are safely stored on the device memory, without being connected to the internet. Hardware wallets are a type of cold wallet and are the safest option for private key storage as they can’t be accessed unless one has physical access to the device, with the caveat—like the mobile wallets—that if the device is destroyed or lost, the user would be unable to access the funds. Paper wallets are QR codes printed on paper, representing the address and private key. They can be considered cold wallets since there’s no internet connection involved and as such, secure; however, numerous drawbacks keep their usage limited: paper can be easily destroyed, rendering the wallet useless; partial funds transfers are not possible, since remaining change cannot be transferred back to the paper address.

120

F. Alecu et al.

10.4.2 Transaction Security As shown above, initiating a transaction requires the originator to use the private key associated with an address that contains the funds to sign the transfer to the recipient’s address, ensuring authenticity, integrity, and non-repudiation of the operation [14]. To understand how transaction processing is secured in a blockchain system, the transaction lifecycle is reviewed below (Fig. 10.3). The following steps take place for a transaction to be processed: Originator creates a signed transaction to transfer funds to the recipient’s address. Transactions are published in the transaction pool. All available nodes validate the transaction (verifies fund availability, validates digital signature). Validator includes the transaction in a new block, performs proof of work (or uses its stake) to create the new block. Validator broadcasts the new block to all connected nodes. Connected nodes re-validate the block and accept it. Recipient waits for a few more blocks to be added to the blockchain (typically 6, for Bitcoin) to ensure the chain has not been forked. Transfer is complete.

Fig. 10.3 Blockchain transaction lifecycle

10 Distributed Ledger Technology Economy

121

One of the main concerns in digital currency transaction processing is the issue of double-spending, i.e., the possibility that a transaction originator spends the same funds twice. Bitcoin is the first digital currency to solve the problem by maintaining a common, shared ledger of all transactions and by deploying a confirmation mechanism based on Proof of Work. If a user would try to submit two transactions using the same funds, they would both enter the unconfirmed transaction pool of the network; validators trying to build a block could only process one of them (as the other one would be invalid due to lack of funds) and add it to a new block which would be confirmed and written to the chain. Attempts to process the second transaction would already render it invalid by the time Proof of Work for the second block is complete, since the first one removed the funds from the source. The mechanism is still vulnerable to an attacker that is capable of controlling 51% of the computing power of all validators—however, the size of the blockchain network of miners ensure this is not feasible.

10.5 Conclusions and Future Work The blockchain technology is both a promise and a certainty. The first industry disrupted by blockchain is the financial industry. Financial transactions are cheaper to register. As the tools become more user-friendly, a large audience will be tapped. Comparing the rise of blockchain with the rise of internet projects, we are currently assessing the platform winners. At the moment there is no clear winner, although certain leaders have emerged. Once the platform becomes cheaper to use, the next wave of decentralized applications will soon become available. So far, the biggest challenge the blockchain technology is facing is scalability. Scalability has been addressed with different solutions. Projects like Polkadot, Cardano are using the next generation consensus mechanism, namely, proof of stake. A second scaling alternative is the layer 2 solution protocols. Layer 2 solutions describe an architecture in which transactions first can occur on a second layer, before being inserted in the main blockchain. The blockchain trilemma, the term coined by Vitalik Buterin, founder of Ethereum, describes the tradeoff blockchain projects need to make between: decentralization, security, and scalability.

References 1. Which new business models will be unleashed by web 3.0? https://medium.com/fabric-ven tures/which-new-business-models-will-be-unleashed-by-web-3-0-4e67c17dbd10 2. Blockchain’s big bang: Web 3.0. https://blogs.gartner.com/avivah-litan/2019/08/08/blockc hains-big-bang-web-3-0/ 3. The trust machine. https://www.economist.com/leaders/2015/10/31/the-trust-machine

122

F. Alecu et al.

4. The Economist, open future, the meaning of the blockchain. https://www.economist.com/openfuture/2019/01/08/the-meaning-of-the-blockchain 5. Lee JY (2019) A decentralized token economy: how blockchain and cryptocurrency can revolutionize business. Business Horizons, 62(6):773–784. https://www.sciencedirect.com/science/ article/pii/S0007681319301156 6. Deloitte (2018) The tokenization of assets is disrupting the financial industry—inside magazine issue 19. https://www2.deloitte.com/content/dam/Deloitte/lu/Documents/financialservices/lu-tokenization-of-assets-disrupting-financial-industry.pdf 7. Ethereum, Non-fungible tokens (NFT). https://ethereum.org/en/nft/ 8. Christie’s, Christie’s is proud to offer “Everydays—The First 5000 Days” by @beeple. https:// twitter.com/ChristiesInc/status/1361670588608176128 9. Christie’s (1981) Online auction, Beeple (b), everydays: the first 5000 days. https://onlineonly. christies.com/s/beeple-first-5000-days/beeple-b-1981-1/112924 10. Blockchain for Decentralized Finance. https://consensys.net/blockchain-use-cases/decentral ized-finance/ 11. IBM, What are smart contracts on blockchain? https://www.ibm.com/topics/smart-contracts 12. Ethereum, Non-fungible tokens standard (NFT). https://erc721.org/ 13. Security Intelligence, Binance hack steals $41 million from ‘Hot Wallet’. https://securityinte lligence.com/news/binance-hack-steals-41-million-from-hot-wallet/ 14. ISACA, A view of blockchain from the information security radar. https://www.isaca.org/ resources/isaca-journal/issues/2017/volume-4/a-view-of-blockchain-technology-from-the-inf ormation-security-radar

Chapter 11

Digital Humanism: Virtual Exhibitions in the Time of Pandemic and Evolving Collaboration of Relevant Actants Cristian Ciurea , Florin Gheorghe Filip , Alin Zamfiroiu , and Lorena Pocatilu Abstract Digital humanism (DH) aims to empower people to do something they never thought were feasible or to reimagine how they would achieve their goals. Virtual exhibitions (VE) represent one of the numerous possible deployments of IT (Information Technology) that is congruent with the main ideas of DH, which can be viewed as a concept about the contribution of IT to facilitate attaining human high aspirations. The paper aims at presenting the concepts, technologies of VE with particular emphasis on the evolutions caused by the current pandemic.

11.1 Introduction In an article written by Pettey [1] in 2015, it was considered that in 2020 we will achieve “30 billion things with embedded intelligence combined with around 8 billion smart devices.” The concept of digital humanism holds that people should be at the core of all digital enterprises and workplaces. Businesses that promote digital humanism use technology to reimagine how people achieve their goals and allow them to do things C. Ciurea (B) · A. Zamfiroiu · L. Pocatilu Bucharest University of Economic Studies, Bucharest, Romania e-mail: [email protected] A. Zamfiroiu e-mail: [email protected] L. Pocatilu e-mail: [email protected] F. G. Filip Romanian Academy, Bucharest, Romania e-mail: [email protected] A. Zamfiroiu National Institute for Research and Development in Informatics – ICI Bucharest, Bucharest, Romania © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_11

123

124

C. Ciurea et al.

they couldn’t before. A widespread belief that, while digital technology has had a profoundly positive effect on culture, it has also been the source of much complexity in our daily lives is one of the main forces propelling digital humanism [1]. Humanists were the first and foremost scanners in the all-in-one machine paradigm. They transferred information from one technology to another, as well as its associated modes of thought. They repurposed old items to create something new. Digital humanism has been at the heart of all of the truly brilliant works of the twenty-first century [2]. Doueihi [3] proposes a digital “fourth humanism,” that of this beginning century. This essay opens up to the understanding of new skills, technical, and cultural, of our virtual future. Despite a strong technical component, which must be questioned and constantly monitored because it is the agent of an economic will, digital technology has become a “civilization.” Indeed, digital is changing our outlook on objects, relationships, and values [3]. The Future Internet (FI) is a group of data communication network technologies that will be used in the future. The FI is explored in this chapter in relation to Digital Ecosystems, which are peer-to-peer support systems for a networked architecture and collaborative environment. The discussion of the digital environment as a new evolving paradigm is a step toward gaining a deeper understanding of how cultural heritage resources are changing [4]. While Digital Machinists focus on technology, Digital Humanists are focused on people. Because machines and people become more interconnected, being ready to invest in technology that is focused on how the connected worker can use it in everyday tasks will become increasingly important [5]. The cultural heritage of Europe was a strategic asset. It is now regarded as a collection of resources preserved from the past in all forms and aspects—physical, intangible, and digital (born digital and digitized)—including monuments, places, landscapes, skills, traditions, information, and expressions of human creativity, as well as collections concerned and maintained by public and private bodies, such as museums, libraries, and archives [6].

11.2 Necessity of Virtual Exhibitions During the Pandemic Period The widespread implementation of social restrictions during the pandemic meant that art exhibitions could not take place physically as is normal in museums or halls. Artists and exhibition organizers were forced to look for and find alternative solutions that could be used as an exhibition space through which to bring the public and works of art to a commonplace. A virtual exhibition can encourage the art ecosystem to continue to run with all the limits imposed by this pandemic and can help art workers in the mission they have during this period.

11 Digital Humanism: Virtual Exhibitions in the Time of Pandemic …

125

According to [7] a virtual exhibition must meet the following minimum conditions in order to be considered a real exhibition: • • • •

interdisciplinary presentation of the elements of the exhibition; the elements of the exhibition are presented in 2D or 3D digital format; are broadcast to customers through social distribution channels or platforms; uses current technologies to offer the public new and unique experiences.

According to [8] the coronavirus pandemic is more than a health crisis. This is already a crisis with implications for the lives of the most vulnerable artists or professional workers involved in the core activities of museums and exhibitions. As social restrictions have been applied worldwide, many states have sought to use virtual exhibitions for this period to reduce losses caused by the closure of permanent physical exhibitions. In [9] is presented the advantage that the virtualization of the interiors of museums brings to the public in order to observe certain significant details that they would not have noticed with the naked eye inside the building, but also the disadvantages that such a presentation brings. Disadvantages include the fact that the public will not feel the same silence as in the physical space of the museum when they visit it.

11.3 Virtual Exhibitions, Current Developments, and Foreseen Evolution Virtual exhibitions became one effective solution to facilitate the access to culture during the pandemic crisis. During the pandemic crisis in 2020, the majority of museums in Europe and around the world were closed. Many museums lose a significant amount of money when they close their doors to the public. Although some museums have seen little effect on their budgets so far, others, especially larger museums and museums in touristic areas, have recorded revenue losses of 75–80%, with weekly losses totaling hundreds of thousands of Euros [10]. Culture is more essential than ever in times of crisis. Music, films, books, and online performances provide solace and hope to millions of people who are confined to their homes. They are an important component of psychological well-being and play an important role in enhancing our society’s sense of belonging and inclusivity [11]. Human behavior has changed as a result of the increasing number of people living in smart cities and taking advantage of new information and communication technologies. People interact less physically these days, preferring instead to communicate through electronic means. Nonetheless, by providing dedicated software, technology is the solution to overcoming isolation and bringing people together [12]. Virtual exhibitions are a cutting-edge way for cultural institutions to help pique public interest in their cultural collections and art objects. Furthermore, in the digital

126

C. Ciurea et al.

Fig. 11.1 Users access of Ferdinand I virtual exhibition before and after COVID-19 restrictions

age, virtual exhibitions are the most suitable vehicle for the dissemination of cultural products from libraries and museums [13]. Figure 11.1 shows the differences in terms of users’ access for the Ferdinand I virtual exhibition. The data were collected with Google Analytics and displays the difference between the period 01st January–22nd March 2020, before the COVID-19 restrictions, and also at the beginning of restrictions (22nd March–08th April 2020), when people worked from home. As seen from Fig. 11.1, at the beginning of COVID-19 restrictions, the number of users increased, both on desktop and mobile accesses. We saw an evolution in terms of desktop access during the pandemic, compared with the mobile access, the ratio increased from 1.53 to 1.67.

11.4 Collaborating Actants and Their Tools 11.4.1 Networking GLAMs and IT Organizations Multiculturalism, globalization, and technological revolution have had a significant impact on how art galleries, libraries, archives, and museums (GLAM) choose, conserve, promote, and valorize their cultural goods. The advancement of virtual exhibitions as a way of promoting and valorizing cultural heritage physical objects

11 Digital Humanism: Virtual Exhibitions in the Time of Pandemic …

127

has been determined by the digitization of cultural heritage collections and the evolution of information technology (cloud storage, mobile devices, Internet of things) [14]. Virtual exhibitions represent a modern way to help the young generation to achieve knowledge about specific cultural collections. It is obvious that the educational system will change in the near future both in the way the lessons will be delivered and the interaction between the participants of the educational processes will be realized. Video conferencing solutions, such as Zoom, Skype, Google Meet, Webex, Microsoft Teams, and yet a couple of others, became widely used not just for personal purposes, but as the only solution available for the continuity of the educational and business process during COVID-19 pandemic. NUMBER OF MEETING PARTICIPANTS (MILION/DAY)

CISCO WEBEX SKYPE MICROSOFT TEAM GOOGLE MEET ZOOM 0

100

200

300

400

500

600

The video conferencing solutions have moved with a fast pace in our lives at work and at home, where many users have been using these platforms to connect with friends and relatives [15]. Not only the costs for licensing are important when choosing a solution or another, but also the functionalities offered by each solution, how easy it is to install and to use both from desktop and mobile devices, and also other facilities which made these platforms so popular in a very short period of time, differ significantly and have to be properly assessed prior to actual application in a serious environment. An important criterion, differentiating the use of the web platforms for video conferencing and other collaborative purposes is the cultural profile of the participants. It would be very interesting to have an analysis of the use of current video conferencing solutions, based on gender, age, country, and educational level of users. Certainly, the preferences regarding specific solutions differ among individuals, institutions, societies, and cultures. In [16] the authors analyze the use of web platforms during the pandemic period. They highlight that the youngest quartile was more likely to have increased any type of digital communication compared to others people. On the other hand, older people, with less Internet skills, are not interested in using more the digital communication during the pandemic period. The study also highlights, that the people without Internet skills tried to increase their digital communication using web platforms for video meetings because they want to stay in touch with their relatives.

128

C. Ciurea et al.

The study shows that an increased usage of video conferencing applications has been most pronounced across younger age groups, but a third group of users (aged 35–44) are spending a lot of time, as a result of COVID-19 lockdowns. Based on gender, the increased usage has been more pronounced across males, but at the same time, we can see an increase in the use of web platforms for video conferencing of women between 35 and 44, in particular, to stay in contact during the pandemic period. Use of Video Conferencing in COVID-19 period

over 55 years old 45-54 years old 35-44 years old 25-34 years old 16-24 years old 0%

10%

20%

Male

Female

30%

40%

All over the world, digital interaction through video conferencing has been increasing in the last year, and in countries where lockdown measures are stricter, this level is higher [17]. In that sense, the pandemic with its lockdown measures was an opportunity for people to overcome motivational barriers [16] and to use the different ways of communicating. This pandemic period made us think that it is very important to use virtual conferencing applications to interact with other people, to increase the development of cultural institutions, and in the same time, to improve the quality of our life. The new coronavirus has paralyzed culture in many regions of the world. And for some parts of our planet, a virtual conferencing represents a real support of evolution and development.

11.4.2 Crowdsourcing Based Collaboration The CrowdHeritage open end-to-end enrichment and crowdsourcing ecosystem is proposed in [18], which supports an end-to-end workflow for improving cultural heritage metadata using crowdsourcing and integrating machine and human intelligence to satisfy the specific needs of the cultural heritage domain. The proposed solution repurposes, expands, and integrates a novel crowdsourcing framework with general-purpose state-of-the-art AI resources, semantic technologies, and aggregation mechanisms in a groundbreaking way to help seamless enrichment workflows for

11 Digital Humanism: Virtual Exhibitions in the Time of Pandemic …

129

improving the quality of CH metadata in a scalable, cost-effective, and entertaining manner. Human intelligence can be combined with metadata enrichment services such as automated analysis and feature extraction, as well as crowdsourcing annotation services, to achieve high-quality metadata at scale with minimal effort and expense [18].

11.5 Concluding Remarks Modern information and communication technology will help the cultural field, as well as many other human endeavors, evolve. IT specialists would introduce new technology to cultural institutions, allowing them to advance in terms of both cultural and economic growth. Virtual exhibitions are an important part of the advancement of cultural institutions, and their overall goal is to enhance people’s lives and society. They are knowledge centers and information sources that contribute to the creation of new values. Globalization has affected all human activity areas, including the cultural sector. The development of virtual exhibitions in museums and libraries would draw new tourists and raise public interest in cultural collections in general. This phenomenon is currently being assessed. Acknowledgements The project entitled “Multiparticipant cooperative decision making: consensus building vs. crowdsourcing-based decisions,” implemented by the Systems Research Institute of the Polish Academy of Sciences and the Bucharest University of Economic Studies in the framework of bilateral cooperation between the Academies of the two countries.

References 1. Pettey C. Embracing digital humanism. https://www.gartner.com/smarterwithgartner/embrac ing-digital-humanism/. Accessed 08 May 2021 2. Carmody T. What is digital humanism? https://kottke.org/17/04/what-is-digital-humanism. Accessed 08 May 2021 3. Doueihi M (2011) Pour un humanisme numérique. Collection Librairie du XXIe siècle, Éditions du Seuil, Paris 4. Russo Spena T, Tregua M, Bifulco F (2021) Future internet and digital ecosystems. In: Russo Spena T, Bifulco F (eds) Digital transformation in the cultural heritage sector. Contributions to management science. Springer, Cham 5. Cobb K. Digital machinists vs. digital humanists. https://www.linkedin.com/pulse/digital-mac hinists-vs-humanists-kevin-cobb. Accessed 08 May 2021 6. Filip FG, Ciurea C, Dragomirescu H, Ivan I (2015) Cultural heritage and modern information and communication technologies. Technol Econ Dev Econ 21(3):441–459

130

C. Ciurea et al.

7. Widjono RA (2020) Analysis of user experience in virtual art exhibition during pandemic. In: International conference of innovation in media and visual design (IMDES 2020). Atlantis Press, pp 93–99 8. Cobley J, Gaimster D, So S, Gorbey K, Arnold K, Poulot D, Jiang M (2020) Museums in the pandemic: a survey of responses on the current crisis. Museum Worlds 8(1):111–134 9. Vajda A (2020) Museums and online spaces. The society-building role of the museums during the pandemic. Acta Universitatis Sapientiae Communicatio 7:42–53 10. NEMO, Survey on the impact of the COVID-19 situation on museums in Europe. https:// www.ne-mo.org/fileadmin/Dateien/public/NEMO_documents/NEMO_Corona_Survey_Res ults_6_4_20.pdf. Accessed 08 May 2021 11. Open Letter to the EU Commission and the Member States, demanding support for the Cultural and Creative Sectors, particularly cultural creators, affected by the COVID-19 crisis. https://cultureactioneurope.org/files/2020/03/Open-Letter-to-COM-and-MS-on-CCSand-Creators-in-COVID-19-Crisis.pdf. Accessed 08 May 2021 12. Ciurea C, Pocatilu L, Filip FG (2020) Using modern information and communication technologies to support the access to cultural values. J Syst Manag Sci 10(2):1–20 13. Ciurea C, Filip FG (2019) Virtual exhibitions in cultural institutions: useful applications of informatics in a knowledge-based society. Stud Inform Control 28(1):55–64 14. Ciurea C, Filip FG (2019) The globalization impact on creative industries and cultural heritage: a case study. Creat Stud 12(2):211–223 15. Kemp S (2020) Report: Digital 2020: July global statshot, 21 July, 2020. https://datareportal. com/reports/digital-2020-july-global-statshot 16. Nguyen MH, Gruber J, Fuchs J, Marler W, Hunsaker A, Hargittai E (2020) Changes in digital communication during the COVID-19 global pandemic: implications for digital inequality and future research, Social Media + Society, September 9, 2020. https://journals.sagepub.com/doi/ pdf/10.1177/2056305120948255 17. Kemp S (2020) Report: Most important data on digital audiences during coronavirus. Growth Quarters—The Next Web, April 24, 2020. https://thenextweb.com/growth-quarters/2020/04/ 24/reportmost-important-data-on-digital-audiences-during-coronavirus/ 18. Kaldeli E, Bekiaris S, Menis-Mastromichalakis O, Ralli M, Tzouvaras V, Stamou G (2021) CrowdHeritage: crowdsourcing for improving the quality of cultural heritage metadata. Information 12(64):1–18

Part II

Audit, Project Management and Quantitative Economics

Chapter 12

Research on Data Analysis (Environmental, Social and Economic) in the Context of Implementing the Circular Economy Denis-Alexandru Dragomir Abstract As we know, a circular approach in the economy means and promotes, in principle, the reusability of products and materials through different processes like recycling, refurbishment and remanufacturing. Thus, the latter is divided into categories based on their time through the cycles mentioned. To implement this system, compared to its long-lived predecessor, namely the linear perspective or model, a various number of actions and policies must be taken. The transition requires the setting of goals or targets meant for this operation. But will this result in a sustainable environment? In fact, the contribution and relationship between circular economy and sustainable development and thus to a more sustainable society is under discussion. That being stated, this paper tries to analyse the concept of circular economy, describes its main principles and values, highlights the main differences in implementing these two antithetic systems—circular and linear—and gives information about the possibility of providing sustainability to the system in cause.

12.1 Introduction 12.1.1 What Is Circular Economy (CE)? The concept of circular economy (also known as CE) represents an economic system, which integrates and promotes the idea of resource reusability using the latter in a continuous manner, having two main objectives: one of them is to eliminate waste as much as possible and the other is to increase the productivity of these resources. A circular system involves, concretely, repairing a broken resource, reusing it as much as possible, recycling and remanufacturing. The model of the circular economy is a systemic way that approaches development from an economic perspective, designed and built to supply benefits to business, the environment and society. D.-A. Dragomir (B) The Bucharest Academy of Economic Studies, Bucharest, Romania © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_12

133

134

D.-A. Dragomir

The notion that refers to circularity has its deep roots both from a philosophical point of view and a historical perspective. The concepts of feedback and the existence of circular processes in the real-world date from very distant times. The latter can be divided into two subcategories (biological and technical), between which a clear distinction must be made. A biological cycle includes all the aspects of consumption, where both nutriments and all biological substances (such as wood or cotton) are designed to have high reusability: they can be reintegrated into the system through various processes, i.e., anaerobic digestion and composting, whereas technical cycles recover and restore components, products and materials through specific and various strategies (repair, reuse, recycling, remanufacturing). Such an economy functions on few but very delimited principles. One of them would be the following: at its core, the main aim is to remove or to ‘design out’, if you want, misuse of resources or waste. Products are built and optimized in such a way that encourages disassembly and reuse. This and the existence of product cycles is what separates the ideology of CE from the disposal and even ineffective reprocessing, where tremendous amounts of labour and energy are lost. Secondly, circularity introduces and emphasizes a strict contrast between the components of a product (consumable and durable, in this case). In contradistinction to the present day, the products that are meant to be consumed are composed of biological ingredients or ‘nutrients’ that are beneficial to the environment and can be cautiously given back to the biosphere, in a direct manner or using the concept of reprocessing. Hard matters such as computers or engines are constituted of technical parts that are not that good for the biosphere, like plastic and metal, which are, from the start, built in such a way that stimulates reusability. Thirdly, the energy necessary to power this cycle should be renewable by nature, again to increase system resilience and decrease resource dependence. As far as it concerns the technical nutrients, the CE replaces the notion of a consumer with that of a final user. This proposes a new attitude regarding the interaction between the producers and their consumers, namely based on product performance. Durable products are rented or shared wherever possible. If they are sold there are agreements or contracts which mention the fact that the respective materials or the product as a whole will be returned or reused at the end of its primary usage, therefore reassuring the re-entry in the cycle. Goods that are at the end of their primary usage lifetime will be turned by the circular economy into reusable materials or resources, which will be available to others, thereby closing inefficient loops in industrial areas and bringing the waste to a minimum. It would offer a new perspective regarding the economic logic because it replaces production with sufficiency: reuse what you can reuse, recycle what cannot be reused, repair what can be repaired, remanufacture with recycled parts that cannot be repaired. Models of this type are divided into two categories that cultivate and extend the concepts of reusability, extending one’s properties and functionality through repairing, upgrades, retrofits and turning old into ‘new’ by recycling [1].

12 Research on Data Analysis (Environmental, Social …

135

12.1.2 Reduce, Reuse, Recycle A circular economy has 4 main levels on which it operates: companies, policies, products, networks. First of all, we need the products to be designed, built and optimized using clean methods, in such a way that they will be recyclable, reusable, all these factors being based on the green supply chains. Second of all, it is the companies’ job to have new business models, in order to create public and private value. Third, networks between companies and customers need to be linked. And finally, markets need to be supported by policies, the latter encouraging, promoting and helping them. Materials that come from the biosphere are sustainable, so they represent the key in the equation. For example, biomass can have multiple usage scenarios: chemical feedstock, products, packaging or might be turned into fuel necessary for transport electricity and heat. Plastics are materials that must be capable of reusability: i.e., the polymer releases worldwide tonnes of the greenhouse a year. By recycling the first, important quantities of greenhouse gas can be saved. A good example for this would-be China, which managed to save 14 million tonnes of greenhouse, the equivalent of almost 3 million cars off the road. New markets and business models emerge. There is a possibility that vehicle manufacturers will take old cars and upgrade them to run for longer. When a car reaches its end of life, its materials can be used in the fabrication of new vehicles by dismantling. Instead of purchasing cars, customers might opt for renting mobility goods and services. Worldwide, multiple countries are implementing and enforcing policies to promote and sustain a circular economy. China is trying, by law, to reduce reuse and recycle municipal waste. The Chinese government has invested a very important sum of yuan in incentives, projects and permits that allow the industry to start and pursue activities that were previously forbidden, such as producing and selling wastewater (also known as greywater). If successful, it is estimated that these policies would have saved 32 trillion yuan (almost 14% of its projected GDP) in 2013. Brazil, India and the United State are opting for a bottom-up approach. For example, Rede Asta, a network formed of more than 50 co-operative groups consisting of women across more than 5–10 Brazilian countries has established an online platform that helps in recovering materials from waste. It is estimated that, at the end of 2030, the percent of reusability must be somewhere between 60 and 70% and the landfill must be no more than 10% filled. The goal is for all plastics to be reusable and for 75% of packaging to be recycled. Laws and regulations must target, primarily, electronic and electrical waste, such as batteries and scrap vehicles. target electrical and electronic waste, scrap vehicles and batteries. The market responsible for fibre and clothes is targeted by the EU, which is investing in regional innovations. Most of these circular-economy initiatives have saved materials, waste, energy and emissions. Since 2009, Japan has managed to reduce, just in Kawasaki, by applying the circular economy principles in cement manufacturing, greenhouse-gas emissions by about 10–15% (45,000 tonnes per year) and saving 275,000 tonnes of materials annually, since the year 2009. More than that, a park located in China, which is found in Liuzhou, Guangxi province, manages to save

136

D.-A. Dragomir

more than 2 million tonnes of CO2 emissions a year by using circulating materials and less energy. In Europe, the most relevant example is found in Slovenia, Ljubljana, which manages to beat the average of wastewater per head by 41% In a 2018 survey realized by the Eurobarometer, 53% of large companies and 41% of small businesses across the European Union reported having decreased costs of production by following the principles of the circular economy; 25% percent of them have declared that their products are easy to reuse, repair, recycle [2]. Through its complicated and diversified processes of development and evolution, the industrial economy as we know it has slowly and hardly moved beyond one base property established in the first days of industrialization: a model of ‘takemake-dispose (waste)’ which was the main aim of resource consumption at that time. Companies use harvesting and extraction to gather all the necessary material, then use them to manufacture or produce a product, then, of course, sell it to the consumer, who then disembarrass it when it is no longer good for use. In terms of volume, 65 billion tons of raw material entered the economy in 2010 and it is expected to grow by another 25% by the end of 2020. Even if major measures were adopted to improve the way resources are consumed and to explore new forms of energy, less thinking was directed to the process of systematically designing out material waste. In any case, any system that is based mainly on consumption rather than restorative use of the non-regenerative resources means significant, or major losses of value and produces negative consequences throughout the material chain. Also, many companies started to notice the fact that adopting a linear economic perspective represents a high exposure to risks (higher resource prices and supply disruptions). More businesses feel discombobulated when it comes to rising and less predictable prices in resource markets on the one hand, and fierce competition and stall demand on the other. Of course, the millennium represented a tipping point for the real prices of natural resources, the latter beginning to climb even further. At the same time, price volatility levels were higher in this century than in the previous one. If no action is taken to resolve this, extraction costs will continue to rise. Against this powerful enemy, leaders around the world are researching a ‘better hedge’ and an industrial model that manages to divide revenue from material input. We are talking, of course, about the circular economy systemic approach and the benefits it brings.

12.1.3 Circular Versus Linear If we are to compare this model (a circular one) and the linear model from an antithetical point of view, we can conclude that the latter uses (or is based on) the ‘take-produce-waste’ model. On the other hand, the former is more regenerative by concept and design and aims at progressively dividing consumption of depletable resources over time from the intrinsic growth. The activity that takes place within the circular model has healthy characteristics, one of the most important examples of this aspect being the fact that it aims to build, rebuild, sustain and expand the general health and well-being of the system. More than that, it successfully recognizes

12 Research on Data Analysis (Environmental, Social …

137

the practicability of the economy: the latter must have effective applicability, even if we speak about the level of activity (large and small enterprises, individuals, organizations), or about the coverage (local or global). If we want to migrate to this model from a linear approach, the changes that are necessary to be made do not involve the process of mitigation regarding the negative effects that already exist, not even remotely. Instead of that, the decisions that need to be made must sustain and stimulate long-term resilience and must be able to generate various and numerous economic opportunities.

12.1.4 Accelerating a Proven Concept As we already know, a circular point of view represents an industrial system that is regenerative or restorative by its nature, design, and intention. It manages to replace the ‘end-of-life’ perspective with the one of restoration, shifting toward regenerable energy, eliminating waste using the superior design of materials, systems, products and, of course, business models. Also, it helps reduce the use of toxic chemicals. The main principles stated above in this paper drive four clear-cut sources of value creation that offer arbitrage chances in comparison with the linear design and material usage: 1.

2.

3.

4.

The power of the inner circle—minimizing the comparative usage of materials in antithesis to the linear production system. It measures the capabilities of a product regarding regenerative factors. In other words, the former has a higher potential to generate savings on the shares, energy, material, and the capital embedded in the product the tighter the circle is, i.e., the less the product must be changed to be reused to its fullest potential. The power circling longer—maximizing the number of consecutive cycles (reuse, recycling, remanufacturing) a product passes through and the time spent in each one of them. The power of cascaded use—refers to the diversification in reuse across the value chain. A good example of this would be the story of cotton clothing, which can be reused as second-hand apparel, then it is transformed into fibrefill in the furniture industry, the latter being used later in stone wool in the domain of constructions before the fibres are returned to be biosphere. In every case, the material substitutes for an entrance of virgin materials into the economy. The power of pure circles—this represents uncontaminated material streams that improve the process of collection and redistribution efficiency and maintain the quality overall, especially for the technical area of materials, which, as a positive effect, increases productivity and extends product longevity for later use.

These four ways used to improve material productivity are not simply effects that last for a short period of time, being used one at a time. Their power lasts and lies in changing the run rate of required material intake. They can therefore add substantial cumulative negative effects over a classical linear system perspective [3].

138

D.-A. Dragomir

12.2 Methods Used 12.2.1 Investigation In order to be able to determine the link between the sustainability and circular economy, a literature search was performed during Spring 2021 using the following sources: Google, Google Scholar and Sci-Hub. Of course, the keywords Circular economy and Sustainability were used in the title, keywords or the abstract of the document of said research. The search resulted in collection of both academic and non-academic literature, such as search results and various sites. Of course, articles or books where the circular economy was not the main topic were discarded, as well as screening the abstracts of said documents. For example, a document whose author said that it will contribute to the circular economy, but the main focus was a new method of recycling that would benefit the environment and the society. The circular economy is viewed and reflected worldwide in many sources of information. Before 2012, it has been investigated mostly in the papers from Asian countries, such as China (where it was distributed the most.), due to their early adoption of the system as a national strategy. Nowadays, the development focuses all its energy and resources in Europe, which also results from all the publications. Said documents contain different definitions for the circular economy. Here are some examples: 1.

2.

3.

4.

5.

An economy that has its main focus on industry in which material streams must be uncontaminated and keep circulating at a high rate, entering the biosphere only if they are nutrients [4]. An industrial economy with regenerative properties by pure intention; aims to use renewable sources of energy, eradicate waste using careful processes (such as building, designing and optimizing a product); it provides multiple mechanisms for value creation across the value chain that are disconnected from finite material usage. An activity that focuses on stock optimization. Its loop consists of four main steps, which, in turn, can be also considered as loops: repairing, remanufacturing, recycling and reusing resources. The idea is the following: if we can use and reuse products, we should do it as much as possible, instead of discarding them. So, a system is intentionally restorative by its design. An alternative for the linear economy, the latter being viewed as traditional (because of the make-take-waste approach). Instead of that, the circular approach tries to keep resources in the system as much as possible, extract the maximum value from them (optimizing their efficiency, so to speak), then recover what can be recovered at the end of each cycle. A term that is generally used for describing the loop stated above as the main factor for production.

12 Research on Data Analysis (Environmental, Social …

6.

7.

139

An economy mainly based on the reusability of products and raw materials, and the regenerative attributes of natural resources, used to minimize value destruction [5]. It disconnects material input from revenue.

It should be noted the following aspect: the list mentioned above does not include all the possible definitions of this concept, so it is not exhaustive, as there can be many more which were not documented for the scope of this paper. However, one of the main common approaches that those seven statements seem to have is the process of maximizing the value of resources that enter through the system and trying to reduce waste to a minimum. This principle can be traced to many economic concepts. For example: • The ‘cradle-to-cradle’ concept. • The ‘limits to growth’ concept—an experiment was conducted, in which three scenarios were applied, using computer simulation for exponential economic and human resource growth under limited resources. Two of them collapsed, whereas the third lead to a stabilized world. • The ‘steady-state’ economy. • The ‘spaceman’ economy—replacing open economic systems with a cyclical one, capable of continuous reproduction of materials. There was a problem, though, as such a system cannot exist without energy entering the system. • The ‘industrial ecology’—suggests industrial emphasis in biological ecosystems, the energy being only external input. Another common principle that has been extracted from these definitions is represented by eco-efficiency. This can play various roles in a circular economy, depending on the context. Some view it as a purpose, some can take this too far and make those two concepts synonymous and some have a more realistic point of view: they view it as one of the many consequences of implementing and maintaining a circular system in the economy. This is said because CE focuses mainly on job and value creation through the reduction of material waste and also decreasing the price volatility of said materials. Another common aspect shared by the statements made above is represented by achieving its purpose using a cycle which includes, as stated earlier in this paper, the four main environmental strategies (or the four main Rs, if you want): Reduce, Reuse, Recycle, Repair (Recover, as stated by another sources) [6]. So, CE is being given a generic connotation, whose main focus is reducing, reusing and recycling. There is also another meaning for those 4 Rs—Refuse, Repair, Refurbish Remanufacture being one of them. As for the final similarity, we can speak about the waste prevention that is being mentioned and promoted in the system. In some definitions, this is viewed as the main purpose of a circular economy. Other sources state that this is an intrinsic part of a circular approach and should not be taken for granted.

140

D.-A. Dragomir

There is also an important difference between said approaches regarding the included resources in the system. We speak here about all physical or just certain sectors, materials, products and substances.

12.2.2 Circular Economy and Supply Chain The consumption and use of materials and resources is often associated with high waste levels, despite the efficiency showed by the processes of manufacturing and freight distribution. Said consumption is heavily influenced by the supply chain, in some cases more than half is burned or discarded, whereas just ten to fifteen per cent will be recycled. The cause of this is often associated with cost differences between using raw materials and recycled materials as sources. Therefore, supply chain strategies can be an important factor regarding the sustainability enhancement since they can provide many more sourcing possibilities. In a circular environment, the supply chains are not so different than the ones that exist in a linear system (being, in their turn, formed by a linear sequence of supplier—manufacturer—distributor—user). However, there are two fundamental aspects that differentiate those two: 1.

2.

Products are designed, build and optimized to last longer and to be reused once their life cycle is complete. Most goods are shared (a good example being capital) which increases their utilization level. Thus, fewer resources are required to provide the same level of services. The conventional linear structure that exists in a linear model becomes a feedback loop in CE. Technical goods are required to have a digital manifest, to provide information about the type, quantity, quality, which, in turn, allow for a better recycling potential evaluation [7].

Among the various implications identified in implementing the supply chain management (or SCM, in short terms), here are the most important ones: 1.

2. 3.

4.

Relationships among supply chains will change in circular supply chains, through shifting from product ownership to emphasize strategies based on digital systems—strategies in purchasing include a major change in a profession dominated by products and materials Circular supply chains need great flexibility—buyers and suppliers will choose to collaborate via inter-connected knowledge networks Both closed and open material loops must be considered in technical and biological cycles—the value must be viewed not only in terms of a reduced waste approach, but also in how shorter loops and maximize the value and productivity of materials Circular supply chains are enabled by close supply chain collaboration with partners within and beyond their immediate industrial boundaries—CE requires a conceptual shift from products and ownership to access to services.

12 Research on Data Analysis (Environmental, Social …

5.

141

Both private and public sectors’ procurement policies are an important factor in the transition to a circular supply chain model if they go beyond minimum legal requirements to include the main CE four principles.

12.2.3 Circular Economy Implementation—What It Means and at Which Levels Can Be Achieved? Regarding circular economy implementation, two main possibilities have been discovered in the literature: 1. 2.

It can be implemented in a systemic economy-wide perspective, for example, at the regional, national, transnational and local levels It can be implemented focusing on specific groups (sectors, products, companies, markets, networks, materials, substances, various clients and so on).

Let us discuss them one at a time. First, an economy-wide perspective has already been thought to be implemented in some countries: • China, in which it will function on three levels: macro-scale (state, province and city), the micro-entities or micro-scale and the intermediate (meso-scale—a symbiosis between those two). • The Netherlands, in which this procedure would have made from it a ‘circular hotspot’, so to speak. For this, numerous actions have been made: the Green Deal initiative (2013), the Realization Acceleration of a Circular Economy (RACE— 2014) [8]. The most relevant and common example for local CE implementation are the industrial parks (eco-industrial), which are based on recycling and sharing resources across industries. Numerous examples of such implementation can be found in China, in Europe the one that stands out being in Denmark (The Kalundborg Park). As for the second method, Action Plan was proposed by the EU to encourage CE, which includes legislative actions to reduce and manage waste, to control the waste management sector, to reduce the landfilling, as well as improvements regarding producer responsibility [9]. Numerous incentives were to be imposed, as well as strong commitments on eco-design and targeted action regarding plastic, construction, food waste, consumption, fertilizers, water reuse and so on. If we are to group the prioritized materials by their importance, the following list would be formed: – Electric and electronic equipment; – Plastic, metals, paper, cardboard, glass, raw materials; – Biodegradable waste. In other words, the purity of materials must represent a great denominator in this calculus. And so, the former is envisioned to be standardized, affecting the material supply on a global level.

142

D.-A. Dragomir

The common CE principles identified and analysed in the theoretical CE approaches are a must-have in the scene of the actual implementation. The majority of them heavily rely on actions and incentives that must all come from all the parts of the value chain. In other words, the CE value chain plays an important role in the stock optimization. Eco-efficiency (which is defined as the minimization of the throughput using the resources) is also promoted and encouraged by said strategies and also by the four main Rs principle (reduce, reuse, recycle, repair). More than that, action within Design and Material Sourcing are also important in order to succeed. Nevertheless, the former is not enabled by default in a circular economic system. Regarding the methods used for implementation, three main ideas were developed and analysed: • Material flow analysis (MFA)—analytical method used to quantify stocks and flows of substances, resources, material across the system [10]. • Emergy analysis (EA)—emergy being the measure for the quantity of work in a biosphere driven by the solar energy. • Input–output analysis (IOA)—used to analyse the impact of positive or negative economic shocks (environmental or other nature)—the most comprehensive one because it quantifies impacts across the value chain [11].

12.3 Circular Economy and Sustainability 12.3.1 Are These Two Concepts Really That Similar? To be able to investigate such a big research gap, two questions were specifically formulated for this matter: 1. 2.

Can you tell exactly what are the main differences and similarities between these two concepts? Is the circular economy conceptually related to sustainability? If it is the case, then how is it?

In order to answer these two questions, a bibliometric research was conducted. The latter is a well-established form of meta-analytical research. It takes published data, measuring text and information from different sources. All papers found were examined by using content analysis techniques. The results are as follows. Regarding the similarities, both sustainability and circular economy are likely to emphasize intra and intergenerational changes made by the environmental hazards, as well as signalling the importance of improving, and sustaining agency and public measures upon the multiple paths that lead to development. In other words, actions that revitalize and help the environment must be made both by the public and the private sectors. The former two also share a similar perspective regarding the area of effect, relying on, promoting and encouraging globalism. More than that, they describe the importance of diversification in accepting distinct opportunities

12 Research on Data Analysis (Environmental, Social …

143

Fig. 12.1 Selected similarities

regarding value creation. The cooperation between stakeholders must be not only important, but also imperative to succeed. To guide and standardize the behaviour of stakeholders, both concepts rely on heavy regulation and incentive structures (Fig. 12.1). On the other hand, it is also revealed by the speciality literature that there is an important range of differences between these two ideas. As a first example, the concepts present different roots, origins, motivations, goals, priorities, the way that they perceive responsibility and timeframes. While the Circular Economy uses different ideas, like cradle-to-cradle and industrial ecology, sustainability is way older and was created by environmental movements and supranational bodies. With regards to the goals they pursue, as the circular economy is targeting a close loop, eliminating all resource inputs and waste and leakages of emissions of the system on which it operates, the goals of sustainability are open-ended, multiple sources attributing a considerable multitude of goals, which can also shift, depending on the considered agents and their main motives of action, their interest, if you prefer. This can be seen also by analysing the different motivations that drive each concept. Whereas sustainability bases its motives on past trajectories, the former being diverse and diffused and embracing adaptivity and reflexivity, the circular economy is mainly focused on making a clear distinction between linear and circular approaches regarding the usage of materials and reducing waste. Of course, promoting the latter. Sustainability aims at benefiting the environment, the society as a whole and the economy. On the other hand, a circular economy has its beneficiaries among the actors that implement the system. The environment is also seen to benefit from less depletion and pollution and society benefits from environmental improvements and certain manual actions, like manual labour or fair taxation. Of course, different motivations mean that each one of these principles prioritize different systems, as specialty literature states. A circular economy tends to main economic systems that provide important benefits for the environment, whereas a sustainable perspective encourages all three dimensions equally and tries to put them

144

D.-A. Dragomir

in balance, yet it can change depending on the circumstances and contextual differences. That is, rich countries like Sweden benefit more from policies and industrial interventions that emphasize the environment, while, at the other end of the spectrum, poor, or better said, developing countries like Zambia enjoy more social emphasis. There is also a notable difference regarding the way in which the two are institutionalized. Sustainability provides a comprehensive framing, being able to adapt itself to different aspirations and contexts, whereas, circular economy, once again, accentuates the main differences between the linear and circular approaches regarding economic processes. Let us not forget about the fact that the agency also differs. A circular economy has set a clear emphasis on companies and governments, sustainability being diffused, as the priorities should be defined by the stakeholders. Furthermore, timeframes seem to be another difference. In the case of the sustainable system, the temporal aspect is open-ended, as goals can be constantly changed or reframed over time. In contrast, CE presents theoretical limits in optimization and practical ones in implementation which can be used for a successful conclusion, geographically speaking. At last, but not least, those two perspectives seem to perceive responsibility in a different way. In the sustainability area, responsibilities are not clearly defined and are formulated by multiple participants (or a group), each one not being able to think for itself and set clear boundaries regarding the former. On the other hand, the literature considers the responsibility in the circular system being based on private business (public business is not encouraged in this area, because of the possible unpleasant situations it can generate), policymakers and regulators. Sharing responsibility and information in a group is dangerous (because a decision cannot be clearly made by none of its participants), or so it seems. Moreover, the goals, commitments and interest behind the usage of each term vary significantly. CE prioritizes financial advantages for companies, less consumption and waste for the environment, encouraging and promoting reusability, whereas sustainability encourages the alignment between stakeholders. The next table summarizes all that was stated above in this paper [12] (Fig. 12.2).

12.3.2 What Kind of Relationship Types Exists Between Them? The first relation between these two ideas is presented by describing the circularity in business models and supply chains as a precondition for generation sustainability in the manufacturing process, which, in turn, is mandatory and greatly affects the performance of industrialized and developing countries. In the same manner, a circular economy can be an important part of a sustainable perspective, or environment, if you want. The second type of relationship is assumed by a different source, which mentions that circularity is absolutely necessary for sustaining economic output. A similar,

12 Research on Data Analysis (Environmental, Social …

145

Fig. 12.2 Selected differences

almost identical approach is presenting circular economy as being a necessary condition for maintaining economic growth in a sustainable way, but it takes into consideration the possibility of other pathways existing, one of them being preferable to the former. A third type is conditional and describes service-based systems and circularity as a necessary but not efficient enough condition for sustainable systems. Other external conditions must accompany a closed-loop system in order to encourage sustainability in the long term. A good example of conditions will be changing lifestyles. A similar view that is good to mention is seeing circular systems as being beneficial for different sustainability dimensions like resource productivity, GDP increase and job creation, but having one downfall: does not further say if this is enough for the system in cause, relative to other external factors, which can also influence the former and its development. Those three stated above were positive types of relationships. Of course, between these two there are also negative types of relationships. A good example would be the necessity of putting in balance the benefits but also the costs of circular systems that must be balanced in order to avoid negative value generation. A similar view suggests and addresses a range of problems that the circular economy brings to the table, i.e., the technical impossibility of a closed circle in combination with growing demand or various problems that waste would generate if not managed properly. There is also the problem of the process of recycling because implementing reusability has its high expenses. The energy consumed and its impact is possible to be higher for some materials than the overall process of acquiring each one, using some conventional methods like mining and deforestation. In conclusion, the CE may actually worsen the gas emission and impact the environment in a negative way, like global warming. Therefore, pragmatic approaches must be made in order to avoid these consequences. The figure below summarizes what was stated in this section [13] (Fig. 12.3).

146

D.-A. Dragomir

Fig. 12.3 Relationship types between sustainability and circular economy

12.4 Conclusions First and foremost, based on key literature, we can conclude that the concept of circular economy can be defined as a regenerative approach in which emission, resource input, energy leakage and emission are reduced or minimized by bringing material and energy loops to their narrowest, slowest pint ad by closing them as much as possible. This, of course, can be achieved through the four steps mentioned earlier: repairing a broken resource, remanufacturing, reusing and recycling. Of course, the four main principles of the circular economy were defined and explained. We also delved deeper into its main levels of operations: products, networks, policies and companies. Regarding its predecessor, the linear model, we made an antithetic comparison and tried to emphasize the benefits the CE would bring to the environment. More than that, we also stated that negative effects brought to the table by the linear economy must not be nullified in order to succeed in migrating from one to another. Second of all, we define sustainability as the balanced integration of performance in the economy, social inclusiveness and resilience in the environment, to benefit current and, why not, future generations. This is stated because the circular economy has gained popularity and has increased research interest because of its emergence. Its roots are European, but we saw Chinese scholars who have taken up this topic, exponentially growing the number of publications in this region. To answer the first question stated in this paper—Can you tell exactly what the main differences and similarities between these two concepts (CE and sustainability) are?—the paper does exactly this: it summarizes the main similarities and differences between these two ideologies. Although these two are often used in similar contexts, the differences and similarities have not been made explicit in the literature, therefore blurring their conceptual

12 Research on Data Analysis (Environmental, Social …

147

meaning and constraining the opportunities of usage. By shedding light on their differences, the paper helps not only on the conceptual level of development, but it also serves as a great tool to better reveal and understand the interests, motivations and practical implications of their use in the public and private sectors. Moreover, the paper addressed the following question—Is circular economy conceptually related to sustainability? If it is the case, then how is it? It was found that the system of the circular economy represents—or it is viewed as a—condition for sustainability, a beneficial relation or a trade-off, if we are to base this affirmation on literature. This can be broken down into eight different types of relationships. The latter can be used to bring diversity and shed light on the vast range of strategies that managers and policymakers can adopt.

References 1. Stahel WR. The circular economy, 23 March 2016 [Online]. https://www.nature.com/news/ the-circular-economy-1.19594 2. Vanessa Prieto-Sandoval CM (2018) Towards a consensus on the circular economy. J Clean Prod 3. Sariatli F. Linear economy versus circular economy: a comparative and analyzer study for optimization of economy for sustainability, 23 June 2017 [Online]. https://content.sciendo. com/view/journals/vjbsd/6/1/article-p31.xml 4. Ellen Macarthur Foundation [Online]. https://www.ellenmacarthurfoundation.org/ 5. G. o. t. Netherlands. Opportunities for a circular economy in Netherlands [Online]. https:// www.government.nl/documents/reports/2013/10/04/opportunities-for-a-circular-economy-inthe-netherlands 6. Skånberg AWK. The circular economy and benefits for society [Online]. https://www.lagaze ttedescommunes.com/telechargements/etude-club-rome-eng.pdf 7. A. f. t. E. M. Foundation. The circular economy and supply chains. The Geography of Transport Systems [Online]. https://transportgeography.org/contents/chapter4/transportation-sustai nability-decarbonization/circular-economy-supply-chains/ 8. European Commission. Netherlands pulls ahead in circular economy race [Online]. https:// ec.europa.eu/environment/ecoap/about-eco-innovation/policies-matters/netherlands/nether lands-pulls-ahead-in-circular-economy-race_en 9. European Commission. Single market for green products initiative [Online]. http://ec.europa. eu/environment/eussd/smgp 10. Wikipedia.org. Material flow analysis [Online]. https://en.wikipedia.org/wiki/Material_flow_a nalysis 11. Kenton W. Input-output analysis, 28 Oct 2020 [Online]. https://www.investopedia.com/terms/ i/input-output-analysis.asp 12. MartinGeissdoerfer PNMEJ (2017) The circular economy—a new sustainability paradigm? J Clean Prod 13. Ellen Macarthur Foundation (2013)Towards the circular economy—economic and business rationale for an accelerated transition. Ellen Macarthur Foundation

Chapter 13

Applying a Sustainable Vector Model to Generate Innovation Marian Pompiliu Cristescu , Maria Flori, and Raluca Andreea Nerisanu

Abstract Innovation is the main promoter of technological progress, whether in neoclassical perspective or evolutionary models or theory of economic growth. In all classical, neoclassical or evolutionary models of economic growth, innovation is marked as a quantitative parameter, which, changing its volume, leads to a quantitative growth of the economy. Thus, it is questionable how could innovation be sustainable and how it could be emphasized. The present model proposes a qualitative approach to social processes, including economic ones, noting that these qualitative measurements are based on a measurement scale which, once established for each point in the model, changes depending on the direction and intensity of changes in its links. The model is constructed on a group of automorphisms, feedback loops and algebraic fractals, generating a sustainable and evolving structure that can be used in any type of system, especially within a universe of interrelated systems. Thus, the model stabilizes and supports itself, if the decisions made are rational, becoming a sustainable model of economic growth.

13.1 Introduction The general methods of measuring social, economic or other systems have always interfered with their quantitative approach, a Cartesian approach, which has generated a mathematical, rigid increase in some parameters of interest. In this paper, we present a new concept of modeling one or more systems, especially social or economic, that is based on qualitative measurements, integrating a construction based on a group of automorphisms, feedback loops and algebraic fractals, generating a sustainable and evolving structure that can be used in any type of system, especially within a universe of interrelated systems. M. P. Cristescu · R. A. Nerisanu (B) Lucian Blaga University of Sibiu, Calea Dumbravii, no. 17, 550324 Sibiu, Romania e-mail: [email protected] M. Flori Department of Mathematics and Informatics, Lucian Blaga University of Sibiu, Sibiu, Romania © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_13

149

150

M. P. Cristescu et al.

13.2 Innovation and Its Main Generators Innovation has been approached from various perspectives by classical, neoclassical or evolutionary economists. For example, in Smith’s work, technological progress is driven mainly by machine builders, in order to sell their improvements. This process creates new and useful information for the economy. Smith introduces the concept of recombination of existing knowledge in order to obtain new knowledge, a concept also taken over by Marx, which synthesizes, in itself, the act of creation, under the careful convergence of managerial capacity, based on accumulated knowledge [1]. Ricardo promoted technological development as having several forms and as being based on the modification of natural resources, as well as on the ingenuity and creativity of employees, in the production of new goods or means of production [2]. Ricardo introduced multiple forms of technological development, being noted for the innovation of machinery, equipment, which would have negative effects on the population, generating technological unemployment (as Marx later predicted). Based on Harrod-Domar’s Keynesian model [3, 4], both Robert Solow and Trevor Swan have developed a model of economic growth based on capital accumulation, population growth and, implicitly, labor and productivity, in the form of technological progress [5, 6]. In his book, The Theory of Economic Development, Joseph Schumpeter introduced the concept of creative destruction as the main engine of economic growth, a negative event but necessary for economic growth. The main assumptions of his theory begin with the fact that long-term economic growth is based on innovation. Schumpeter introduced four types of innovation: product innovation, organizational, process or innovation in new markets [7]. The second presumption is that innovation is the result of investment in research and development. The third and most important presumption is related to the introduction of destructive creativity, as an effect that cannot be avoided in economic growth. Destructive creativity refers to the obsolescence, out of necessity, of past innovations, which have been overtaken by new technologies (also discovered through innovation) [8]. Romer [9] and Lucas [10] have become pioneers in the neoclassical approach to economic growth [8] by endogenizing technological progress in the Solow-Swan model. Paul Romer and Robert Lucas endogenize technological progress first by establishing that technology is growing at the same rate as capital (thus generating the AK approach, based on capital accumulation, capital being made up of physical, intangible and human capital) [11] and secondly by increasing the technological parameter, A, by expanding the variety of products, introducing new products, which are not necessarily improved, thus emphasizing the horizontal innovation [9]. Another approach to endogenizing technological progress was Arrow’s approach to introducing the ability of “repetitive learning” of workers, which permanently streamlines their performance, thus generating growth [12]. Grossman and Helpman also introduced a vertical product innovation model, by making “repeated product improvements across a continuum of sectors” [13], structured in three sectors (research sector, intermediate product sector and final production sector). The model

13 Applying a Sustainable Vector Model to Generate Innovation

151

is stochastic and the quality of the product shows a continuous improvement. The growth rate of the economy is constant and positively correlated with research and development. The model also includes an approach to horizontal innovation, but is based on emphasizing vertical progress [14]. Reinganum has also built a model of “creative destruction”, involving the monopoly of the company that manages to innovate and a continuum of innovations that restore the balance of the economy by establishing another monopolist. This model also involves all Schumpeterian innovations: a new method of organization, new methods of production or transport, opening up to new markets or developing new products [15]. Evolutionary theories and models of economic growth are based on the work of Nelson and Winter [16], Dosi [17] and Sahal [18] and are based on Veblen [19] and Schumpeter [7] theories. “In the literature, the emergence of innovation is endogenous according to an evolutionary direction of reasoning” [8]. Within these models, the economy is heterogeneous, with economic actors that have distinct characteristics, otherwise, the market imposes a selection process similar to the selection equations in evolutionary theory. Thus, the decision-making foundation is different from actor to actor. Here, innovation also results from research and development activities. The driving force of economic growth in the evolutionary vision is the application of the replication equations [20]. All mentioned theories are empirically proven. Thus, it is questionable how could innovation be sustainable and how it could be emphasized. In this perspective, we could argue that innovation is also a destructive force, its rebound affecting previous innovations, as stated in [21], a model based on Schumpeterian theory. Thus, it is called the “creative destruction”. It is denoted that the sustainability of any innovation should come in the form of partially or fully eliminating the necessity of creative destruction, by constructing such innovations that not only support, but foster future ones. The inherent connection between creativity and innovation is considered to be the primary factor in the process of generating innovation [22], viewed as a potential investment in [23, 24]. The connection is also sustained in [25], where creativity fosters innovation when already mature firms are involved. Moreover, a strong connection was found in [26–28] and also in [29], where not only creativity, but the creative workforce is a determinant of innovation. Thus, an important distinction is there to be found between invention and innovation, as it follows: Schumpeter and Rosenberg made a clear distinction between invention and innovation [30, 31], the invention is considered the middle phase in the process of innovating. It is also the phase in which sustainability could be achieved. The commercialization phase, that follows, is stated in [7]. As innovation and creativity are two different phases [32, 33], they differ themselves by their inner purpose, one being to develop and extend the benefits of an already known process, the other being to find divergent solutions to a problem. Also, creativity can foster as a mediator in the impact of innovation [34]. As not only creativity generates innovation, there are other examples that should be mentioned. For example, in [7, 35], motivation is the generator of gaining innovation, dependent itself on competition or state of flow [36]. The strong positive relation with

152

M. P. Cristescu et al. Creativity

Invention

Innovation

Commercialization

Fig. 13.1 Innovation process, authors source

motivation is stated also in [37, 38], and it is illustrated as a passion for the innovation process in [22]. Process innovation is also found to be strongly linked to collaboration and the learning capability of an organization, as stated in [27]. Besides the learning capability, intelligence is a significant influencer of both the creativity phase [39] and innovation process [40]. It is also a significant determinant for economic growth [41, 42]. Of course, intelligence can manifest in many different ways, but in particular knowledge transfer between sectors [43] or between geographical areas [44] can foster innovation. In [44], another strong correlation was found between the level of innovation and the number of local universities and their disinterested research. Cooperation among entrepreneurs, external capital, educational level, selfconfidence, future orientation, and leadership with innovation was found in the empirical research of [25, 45]. Education is also considered an important factor of innovation in [46], when closer to the technological frontier. Risk inclination, selfconfidence, future orientation, flexibility, and control, as characteristics of personality, have a significant influence over innovation [45]. Not only personality traits, but also thinking styles such as problem focus [47], intuition and contradiction [48], ideation and analogy [45] or scenario building, planning or responsibility for decision [49] are related to innovation. Regarding capital, not only external capital but also investments or technological opportunities [50–52] and research and development governmental expenditure [26] have a direct influence on the level of innovation. Thus, Fig. 13.1 should be extended as follows (Fig. 13.2).

13.3 A Sustainable Vector Approach for Modeling In abstract algebra, an automorphism is described as an isomorphism from an algebraic structure to itself. This isomorphism is a term that can be used having both the meaning of bijective homomorphism and the meaning of order isomorphism, and automorphism is, practically, a permutation that can be one of the two uses [53]. Therefore, an automorphism is an isomorphism from a mathematical object to itself, and the set of all automorphisms of an object forms a group called a group of automorphisms, thus generating the symmetry group of the object [54] (Fig. 12.3). Douglas et al. [55] states that any transformation that induces an automorphism is represented when the result is not distinguished from the original, there are several notions of equivalence between supermultiples. If an external transformation induces

13 Applying a Sustainable Vector Model to Generate Innovation

153

Culture

External capital, in-

I Creativity

Personality traits

Invention

Motivation, Education, Thinking styles, Knowledge,

Innovation

Cooperation, Flexibility, Control, Leadership

Fig. 13.2 The innovation process, extended, authors source

Fig. 13.3 Two isomorphic equivalent class structures [55]

an automorphism, then it may depend on a particular model, and the permutations of the labels have the possibility to keep or not the equivalence. Algebraic fractals can be described by the composition of tables of the composition of the automorphisms of a projective line that can be found in the cluster packs of information linked by feedback packets with the same shape [56]. Basically, in algebraic fractals the properties are transferred from one level of complexity to the next, thus leading to the possibility of general laws that are particular to a level of complexity, but not found in lower levels, but only in higher levels of complexity. Therefore, in other words, “The universe develops by preserving its history and adding new levels of complexity to existing ones” [57]. The automorphisms of a projective line are cyclic structures if they are generated by points 0, 1 and 1/2, thus being able to obtain numerous cycles that can be structured as semantic vocabulary. From this vocabulary are obtained semantic cones consisting of six letters, F1, F2, F3, F4, F5, F6, based on the same model, but which respond to different situations with a different logic of tracing the transformations characteristic of automorphisms, and subsequently, be considered as logical models [56]. In Colceag’s model [58], 6 functions are proposed that form a group automorphism:

154

• • • • • •

M. P. Cristescu et al.

f1 = x; f2 = 1 − x; f3 = 1/x; f4 = 1 − 1/x; f5 = 1/1 − x; f6 = x/x − 1.

From this group of automorphisms, a feedback loop can be generated [56]. Starting from the group of automorphisms generated by the six equations [59], he demonstrates that there is an example in which feedback cycles can be obtained from the reflections of two parallel mirrors that reflect an image to infinity, and can be transformed into new ones. Higher order feedback cycles because they are in isomorphic relation to the first subgroup of equations. Semantic cones can be described using feedback cycles characterized by algebraic fractals. A mathematical feedback cycle can be characterized in different ways, but all these modes are isomorphic [56]. Flori [60] in his research states that the existence of large groups of automorphisms in the study of geometry, it is often desirable to limit the action of the group to a certain subgeometry. The six functions that form a group automorphism can be composed as follows (Table 13.1). If we look closely, we notice that the following list of functions forms a feedback cycle: F5, F6, F2, F4, F3, F2, so that F2 * F6 = F5, F2 * F4 = F3; F6 * F4 = F2 and F2 * F3 = F4; F2 * F5 = F6; F3 * F5 = F2. According to [57], the six functions have the following semantic meaning: • • • •

f1 (x) = x defines the assertion of existence (e.g. who), f2 (x) = 1 − x defines the complementary symmetry on finite space (e.g. how), f3 (x) = 1/x defines the inversion to the unit (e.g. what), f4 (x) = 1 – 1/x defines the symmetry complementary to the inverse of the unit (e.g. where), • f5 (x) = 1/(1 − x) defines the inverse of the complementary symmetry on finite space (e.g. when),

Table 13.1 Composition table for the functions that form a group automorphism of the projective space, taken from [56] Function

F1

F2

F3

F4

F5

F6

F1

F1

F2

F3

F4

F5

F6

F2

F2

F1

F4

F3

F6

F5

F3

F3

F5

F1

F6

F2

F4

F4

F4

F6

F2

F5

F1

F3

F5

F5

F3

F6

F1

F4

F2

F6

F6

F4

F5

F2

F3

F1

13 Applying a Sustainable Vector Model to Generate Innovation

155

• f6 (x) = x/(1 − x) defines the relation of existence of complementary symmetry on finite space (e.g. why). In [56], it is argued that these feedback cycles that are generated from the abovementioned functions, can be arranged in the form of a cube in which any face or perpendicular section can be formed in both directions by the feedback cycles. If we want to have a good image of this cube, we can use a computer program based on algebraic fractals, modeling the information that passes through different fractal levels. This model can be considered as a simplified model of structuring information in a living network. The functions that describe the feedback cycles are connected with vectors in a feedback circuit, and the structures are connected to vertices in that circuit, being able to provide a system of self-determination or self-generation that characterizes a well-balanced feedback circuit [56]. According to his research, [56], a feedback loop is a double set of mathematical objects that are connected to operators, having the property that: any two objects in the first set, generate an object in the second set and vice versa, being an operation induced on the set of objects, and the operators also form a double set of generators having the same property. Colceag, in his model, claims that only six generators together with six operators, can form a feedback cycle, and by composing the operators one after the other in sets of three, thus obtaining the neutral element for the operation [58] (Fig. 13.4). This structure model will characterize other complex structures in various feedback cycles, we can characterize the function of a global structure if we refer to the same perspective and the same level of perception, being easy to model using algebraic fractals [58]. If we refer to Colceag’s research [57], the whole universe leads to the idea that any stage of fractal evolution in the universe with the same level of complexity

Fig. 13.4 Feedback cycle [59]

156

M. P. Cristescu et al.

and respecting the stable structures from which it evolved, we can determine new characteristic structuring rules. level of development and the current stage. Haramein, in [61] citing various researchers, argues that the growth environment of the Universe can be shaped by hexagonal structures in the plane and balanced vectors in space (Fig. 13.5). Where • A source (S) = is generating variation, • A sensor (&) = is able to know the essence of the variation, • A decident (D) = is able to decide the subsequent behavior of the source, thus being able to decrease the level of variation (self-inhibition) or increase the amplitude of variation (self-stimulation cycle). This hexagonal figure is constructed on the basis of hexavalent logic, starting from the trivalent logic expounded by [58, 62], where it is necessary to double the truth values of the trivalent logic creating a structure of six values that they derive from each other and define the modeling of a phenomenon in a certain context. Fig. 13.5 Fractal configuration based on hexavalent logic from Colceag’s model [59]

13 Applying a Sustainable Vector Model to Generate Innovation

PEOPLE

157

BUSINESS

INOVATION

TECHNOLOGY Fig. 13.6 The essential characteristics of the innovation process, author’s source

Fig. 13.7 Sustainable model for generating innovation based on feedback cycles, author’s source

13.4 A Sustainable Vector Model for Generating Innovation Starting from the following figure, we can see that innovation is supported by three factors: people, business and technology, which involve processes of desirability, viability and feasibility (Figs. 13.6 and 13.7).

13.5 Discussions Innovation is the main promoter of technological progress, whether in the neoclassical perspective or evolutionary models or theory of economic growth. Either we

158

M. P. Cristescu et al.

talk about horizontal innovation in [9, 14], exogenous [6, 63] or endogenous [9, 10, 12, 14, 64] type of vertical innovation, the learning-based innovation of [12] or the evolutionary vision based on the replicator principle [16–18, 65–68], innovation is not only desirable, but always necessary. Within endogenous economic growth models, e.g. [69], a series of correlations are formed that allow bivalent relationships of the entered parameters [64]. In the fractalized model, these correlations can be exposed using feedback cycles that form inside or between hexagons on different levels of fractalization [57, 58]. Aghion Howitt’s endogenous model is based on bivalent logic, where variations in the output parameter can be either increased or decreased. In the fractalized model, the logic used is trivalent, so that a parameter is identified by source, sensor and decision-maker. Thus, the parameter expressed by the source, measured by the sensor and capitalized by the decision-maker can have several valences depending on the size of the sensor. The externalities of the hexagonal system will always determine new actions or processes, due to the feedback cycles in which they are involved. The externalities of endogenous models will have effects on other parameters only if they are introduced as determinants in the equations of those parameters. The relationship within the hexagonal fractalization system is done through feedback loops and commutative diagrams, which allow self-stimulation and self-inhibition of the system as well as the formation of accumulation zones, while endogenous growth models develop their relationship through determination functions. Both types of models allow the addition of parameters for continuous endogenization. Thus, in the fractalized model, a new level of granulation can be added and in the endogenous model new functions for defining the included parameters can be added. Both types of models allow the determination of empirical evidence and comparative statistics. While the endogenous economic growth model allows the empirical study of the causality of the introduced functions, the fractalized model allows a causal network. If the fractalized approach model is transposed into a cellular automaton, then it helps in decision making and can become a decision model. The fractalized model is evolutionary in the sense that new levels of granulation can be created [70]. This is not an evolutionary model of growth, in the sense that it does not include Fircher’s replication equations [8], but it is an evolutionary modeling system, by developing new and new levels of granulation. The fractalized model allows a more complex structuring through the network of feedback loops it generates, as well as the fusion of several interrelated systems. In endogenous growth models, the modeling is quantitative, the units of measurement are quantitative, while the fractalized model involves a qualitative measurement, using syntactic operations. Automorphisms are interpreted as syntactic operations. This allows the correlation of the parameters with the help of a qualitative mathematics [57].

13 Applying a Sustainable Vector Model to Generate Innovation

159

Within the fractalized system, complex relationships are formed, such as those of inter-relationship between different systems (initially formed in a hypercubic dimension). This allows the effects of changes in one parameter to be observed, even if the effects occur in another system. Future research may focus on developing the model in three-dimensional space or developing a lattice automaton based on the present model.

13.6 Conclusions In all classical, neoclassical or evolutionary models of economic growth, innovation is marked as a quantitative parameter, which, changing its volume, leads to a quantitative growth of the economy. The present model proposes a qualitative approach to social processes, including economic ones, noting that these qualitative measurements are based on a measurement scale which, once established for each point in the model, changes depending on the direction and intensity of changes in its links. At the same time, the changes cannot be generated automatically, hence the character of qualitative measurement. The human factor is decisive in the changes that will occur in the model. Thus, a modification of a parameter will not only modify the endogenous or exogenous parameters related to it, but will modify, like a spiderweb, the whole intercorrelated universal of the hyperbole that underlies this model. The automatic latching function of the model reaches either the critical point, if the scaling is done automatically, but with interventions from the feedback included in the links of the model. Thus, the model stabilizes and supports itself, if the decisions made are rational. The model thus becomes a sustainable model of economic development, based on the principle of fractals and built with the author of groups of automorphisms.

References 1. Marx K (1923) Capital and other writings of Karl Marx 2. Kurz HD (2013) On the growth of knowledge about the role of knowledge in economic growth. Innov Knowl Growth Mod 87–115 3. Harrod RF (1939) An essay in dynamic theory. Econ J 49(193):14 4. Domar ED (1946) Capital expansion, rate of growth, and employment. Econometrica 5. Solow R (1957) Technical change and the aggregate production function. Real Bus Cycles 39(3):543–551 6. Swan T (1957) Economic growth and capital accumulation. Econ Rec 33(64):103–108 7. Schumpeter JA (1934) The theory of economic development 8. Mulder P, De Groot HLF, Hofkes MW (2001) Economic growth and technological change: a comparison of insights from a neo-classical and an evolutionary perspective. Technol Forecast Soc Change 68(2):151–171 9. Romer PM (1990) Endogenous technological change. J Polit Econ 98(5):S71–S102 10. Lucas RE (1988) On the mechanics of economic development. J Monet Econ 22(1):3–42

160

M. P. Cristescu et al.

11. Romer PM (1986) Increasing returns and long-run growth. J Polit Econ 94(5):1002–1037 12. Arrow KJ (1962) The economic implications of learning by doing. Rev Econ Stud 29(3):155 13. Grossman GM, Helpman E (1991) The Review of Economic Studies, Ltd. quality ladders in the theory of growth quality ladders in the theory of growth. Rev Econ Stud 58:43–61 14. Guarini G (2011) Innovation and growth in the Grossman-Helpman’s 1991 model with increasing returns. Econ Bull 31(1):147–155 15. Reinganum JF (2014) Innovation and industry evolution. Q J Econ 100(1):81–99 16. Nelson RR, Winter SG (1982) An evolutionary theory of economic change 17. Dosi G, Nelson RR (1994) An introduction to evolutionary theories in economics. J Evol Econ 4(3):153–172 18. Sahal D (1981) Alternative conceptions of technology. Res Policy 10(Ilxi):2–24 19. Veblen T (1898) Why is economics not an evolutionary science? Q J Econ 12(4):373–397 20. Hofbauer J, Sigmund K (2003) Evolutionary game dynamics 21. Aghion P, Akcigit U, Deaton A, Roulet A (2019) Creative destruction and subjective wellbeing. Stat F Theor 53(9):1689–1699 22. Petrakis PE, Kafka KI (2016) Entrepreneurial creativity and growth. In: Entrepreneurship— practice-oriented perspectives passion 23. Sternberg RJ, Lubart TI (1992) Buy low and sell high: an investment approach to creativity. Curr Dir Psychol Sci 1(1):1–5 24. Sternberg RJ, O’Hara LA, Lubart TI (1997) Creativity as investment. Calif Manag Rev 25. Heunks FJ (1998) Innovation, creativity and success. Small Bus Econ 10(3):263–272 26. Alexopoulos T, Leontsinis S (2014) Benford’s law in astronomy. J Astrophys Astron 35(4):639– 648 27. Ar IM, Baki B (2011) Antecedents and performance impacts of product versus process innovation: empirical evidence from SMEs located in Turkish science and technology parks. Eur J Innov Manag 14(2):172–206 28. Lee SY, Florida R, Gates G (2010) Innovation, human capital, and creativity. Int Rev Public Adm 14(3):13–24 29. Knudsen B, Florida RR, Stolarick K (2005) Beyond spillovers: the effects of creative density on innovation 30. Seiliev AA et al (2016) Creativity as a determinant of the development of homo sapiens. Int J Biomed 6(4):255–258 31. Nathan R (1979) Perspectives on technology, vol 70, no 3. Cambridge University Press 32. Hall CM, Williams AM, Hall CM, Williams AM (2019) Knowledge, creativity, and innovation. Tour Innov 84–133 33. Williams LK, McGuire SJ (2008) Economic creativity and innovation implementation: the entrepreneurial drivers of growth? Evidence from 63 countries. Small Bus Econ 34(4):391–412 34. Baron RA, Tang J (2011) The role of entrepreneurs in firm-level innovation: joint effects of positive affect, creativity, and environmental dynamism. J Bus Ventur 26(1):49–60 35. McClelland DC (1961) The achieving society 36. Bevan-Roberts EM, Csikszentmihalyi M, Rathunde K, Whalen S (1994) Talented teenagers— the roots of success and failure. Br J Educ Stud 42(3):299 37. Romero I, Martínez-Román JA (2012) Self-employment and innovation. Exploring the determinants of innovative behavior in small businesses. Res Policy 41(1):178–189 38. Martínez-Román JA, Romero I (2013) About the determinants of the degree of novelty in small businesses’ product innovations. Int Entrep Manag J 9(4):655–677 39. Nusbaum EC, Silvia PJ (2011) Are intelligence and creativity really so different? Fluid intelligence, executive processes, and strategy use in divergent thinking. Intelligence 39(1):36–45 40. Squalli J, Wilson K (2014) Intelligence, creativity, and innovation. Intelligence 46(1):250–257 41. Jones G, Schneider WJ (2006) Intelligence, human capital, and economic growth: a Bayesian averaging of classical estimates (BACE) approach. J Econ Growth 11(1):71–93 42. Weede E, Kämpf S (2002) The impact of intelligence and institutional improvements on economic growth. Kyklos 55(3):361–380 43. Jacobs J. The economy of cities. Random House, New York

13 Applying a Sustainable Vector Model to Generate Innovation

161

44. Zucker LG, Darby MR, Armstrong J (1998) Geographically localized knowledge: spillovers or markets? Econ Inq 36(1):65–86 45. McMullan WE, Kenworthy TP (2015) Creativity and entrepreneurial performance: a general scientific theory 46. Vandenbussche J, Aghion P, Meghir C (2006) Growth, distance to frontier and composition of human capital. J Econ Growth 11(2):97–127 47. Gryskiewicz N (1993) Entrepreneurs’ problem-solving styles: an empirical study using the Kirton adaption/innovation theory. J Small Bus Manag 31(1):22–31 48. Allinson CW, Chell E, Hayes J (2000) Intuition and entrepreneurial behaviour. Eur J Work Organ Psychol 9(1):31–43 49. Baron RA (1998) Cognitive mechanisms in entrepreneurship: why and when enterpreneurs think differently than other people. J Bus Ventur 13(4):275–294 50. Levin SL, Scherer FM (1986) Innovation and growth: Schumpeterian perspectives. South Econ J 52(3):888 51. Scherer FM (1965) Firm size, market structure, opportunity, and the output of patented inventions. Am Econ Rev 55(5):1 52. Scherer FM (1983) The propensity to patent. Int J Ind Organ 1:107–128 53. DiaganaT (2013) Almost automorphic type and almost periodic type functions in abstract spaces 54. Vinberg EB (2003) A course in algebra. Graduate studies in mathematics, vol 56 55. Douglas BL, Gates SJ, Segler BL, Wang JB (2015) Automorphism properties and classification of Adinkras. Adv Math Phys 2015:1–17 56. Colceag F (1987) The universal language. Bio/Technology 5(5):520 57. Colceag F (2000) Universul evolutiv 58. Colceag F (2001) Cellular automata; algebraic fractals, Bucures, ti 59. Colceag F (2003) Informational fields, structural fractals [Online]. http://austega.com/florin/ INFORMATIONALFIELDS.htm 60. Flori M (2020) Qualitative study of a computer model in the cybernetic field. In: The Annals of the University of Oradea. Economic Sciences Tom XXIX 2020 61. Haramein N, Val Baker A (2019) Resolving the vacuum catastrophe: a generalized holographic approach. J High Energy Phys Gravit Cosmol 05(02):412–424 62. Prigogine I, Isabelle S (1984) Order out of Chaos: man’s new dialogue with nature. Bantam New Age Books 63. Solow RM (1956) A contribution to the theory of economic growth. Q J Econ 70(1):65–94 64. Aghion P, Howitt P (2014) Chapter 5: The schumpeterian model. In: New growth economics, no 1992, pp 1–36 65. Conlisk J (1989) An aggregate model of technical change. Q J Econ 104(4):787 66. Silverberg G, Lehnert D (1993) Long waves and ‘evolutionary chaos’ in a simple Schumpeterian model of embodied technical change. Struct Chang Econ Dyn 4(1):9–37 67. Verspagen B (1993) Uneven growth between interdependent economies: a[n] evolutionary view on technology gaps, trade, and growth. Avebury 68. Hodgson GM, Verspagen B (1994) Uneven growth between interdependent economies: an evolutionary view on technology gaps, trade and growth. Econ J 104(426):1214 69. Aghion P, Howitt P (1992) A model of growth through creative destruction. Econometrica 60(2):323 70. Caraiani C, Lungu CI, Dasc˘alu C, Colceag F (2015) Green accounting initiatives and strategies for sustainable development

Chapter 14

Optimal Employment Contracts with Several Types of Agents Laura-Stefania Constantin and Dana Luiza Grigorescu

Abstract Lack of information affects the relationship between a worker and the company he works for. In the Principal–Agent model, the Principal can be an individual (worker) or a group of workers that offers labor to a company, which in this case represents the Agent. We will assume that the Principal has all the bargaining power in relation to the company. The Agent obtains a profit quantified by the production function, an efficiency parameter, and the transfer of the company to the worker. The efficiency parameter is specific for each Agent type: inefficient, medium, and very efficient. The company’s goal is to maximize the profit. The utility function of the Agent depends on consumption and work, the disutility of work being evaluated in monetary terms. In the situation of informational symmetry (optimal of rank I), the optimal contract is also Pareto-optimal, regardless of the Agent type. If in the situation of informational asymmetry, the worker would offer this type of contracts (of rank I), the company is incited to claim that the very efficient state has been achieved and obtain more labor. To avoid this behavior, the Principal should propose a bundle of contracts, one for each type. With the help of incentive compatibility constraints, each type will choose exactly its dedicated contract. There is a loss of efficiency for the inefficient and medium Agents. Only the contract designated to the very efficient Agent remains Pareto-optimal.

14.1 Introduction The theory of incentives follows the problems that appear in the Principal–Agent relationship when the Agent has private information. The private information can be classified into two types. The first type appears when the Principal is not able to observe an action that the Agent might take, this case is called hidden action or moral hazard. The second type appears when the principal ignores private information L.-S. Constantin (B) · D. L. Grigorescu Doctoral School of Economic Cybernetics and Statistics, Bucharest University of Economic Studies, Bucharest, Romania © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_14

163

164

L.-S. Constantin and D. L. Grigorescu

about the Agent’s valuation or costs, this case is called hidden knowledge or adverse selection [1]. The theory is meant to find the optimal approach for the Principal when the private information represents a problem. In the literature, another type of information problem is also found, it appears when the Principal and the Agent are sharing the same information ex-post, but no third party is able to observe it [2]. Lack of information affects the relationship between a worker and the company he works for. In the Principal–Agent model, the Principal can be an individual (worker) or a group of workers that offers l volume of labor to a company, which in this case represents the Agent. We will assume that the Principal has all the bargaining power in relation to the company, which has the reserved utility level equal to zero. The Agent obtains a profit quantified by the function γ F(l) − t where F(l) is the production function, γ an efficiency parameter, t is the transfer of the company to the worker.   The efficiency parameter γ belongs to the set γ B , γ M , γ G with the probabilities  B ,  M , G corresponding to the three types: inefficient, medium, and very efficient. The company’s goal is to maximize the profit: U (l, t) = γ F(l) − t The utility function of the Agent depends on consumption and work and has the form: B(t, l) = v(t) − l The disutility of work  in monetary terms. The function v(·) is  being evaluated increasing and concave v  > 0, v  < 0 . In the situation of informational symmetry (optimal of rank I), the optimal contract is also Pareto-optimal, regardless of the Agent type. If in the situation of informational asymmetry, the worker would offer this type of contract (of rank I), the company is incited to claim that state G has been achieved and obtain more labor. To avoid this behavior, the Principal should propose a bundle of contracts, one for each type. With the help of incentive compatibility constraints, each type will choose exactly its dedicated contract. There is a loss of efficiency for types B and M. Only the contract for type G remains Pareto-optimal.

14 Optimal Employment Contracts with Several Types of Agents

165

14.2 Optimal Contracts Under Symmetric Information (Rank I) If both participants are sharing the same information, the optimal contract is determined as a solution of the following optimization program: Max[v(t) − l] (l,t)

w.r. γ F(l) − t ≥ u l ≥ 0, t ≥ 0,

(14.1)

where u is the minimum threshold reserved by the market (possibly equal to zero)? The Lagrange function becomes L(l, t, λ) = v(t) − l + λ[γ F(l) − t − u] and for an optimal interior, the necessary conditions are also sufficient, they can be stated according to the properties of the functions v(·) and F(·). So ∂L = 0 => −1 + λγ F  (l) = 0 ∂l

(14.2)

∂L = 0 => v  (t) − λ = 0 ∂t

(14.3)

∂L = 0 => γ F(l) − t − u = 0 ∂λ

(14.4)

Solving the system formed by Eqs. (14.2), (14.3), and (14.4) results in the optimal solution (l ∗ , t ∗ ), this represents exactly the optimal contract. Next, we will examine in detail the case where the Principal is risk-neutral, i.e., v(t) = t. Then, model (14.1) will be written like this: Max[t − l] (l,t)

w.r. γ F(l) − t ≥ u

166

L.-S. Constantin and D. L. Grigorescu

l ≥ 0, t ≥ 0 where the Lagrange function becomes   L(l, t, λ) = t − l + λ γ F(l) − t − u = 0, where −1 + λγ F  (l) = 0

(14.5)

1−λ=0

(14.6)

γ F(l) − t − u = 0

(14.7)

From Eqs. (14.5) and (14.6), we obtain F  (l) =

1 γ

or l ∗ = (F  )

−1

 1 γ

and then from Eq. (14.7), we obtain t ∗ = γ F(l ∗ ) − u For each of the three studied types of Agents, (B, M, G), we have the following:

B 1 B , γ F l −u (l , t ) = ((F) γB 

M 1 M M M , γ −u (l , t ) = ((F)−1 F l γM 

G 1 G G G , γ (l , t ) = ((F)−1 F l −u γG B

B

−1



Because there is a relationship between the efficiency parameters: γB < γM < γG We have

14 Optimal Employment Contracts with Several Types of Agents

167

1 1 1 > M > G B γ γ γ Hypothesis The production function F(·) has the usual properties: F  (·) > 0 (strictly increasing); F  (·) > 0 (strictly concave, with decreasing yields to scale).  −1 Then there is F −1 = g. We denote by h = F  . Proposition 14.1 In the above conditions, we have the following results: g  (·) > 0 and g  (·) > 0 h(·) is strictly decreasing. Proof 1

(Fog)(x) = x => F(g(x)) = x

The derivative with respect to x is F  (g(x))g  (x) = 1 where g  (x) > 0 Because F  (g(x)) > 0 The second derivative with respect to x is 





F (g(x)) g (x)

2

 2 F  (g(x)) g  (x) >0 + F (g(x))g (x) = 0 => g (x) = − F  (g(x)) 





Proof 2 

 F  oh (x) = x => F (h(x)) = x

The derivative with respect to x is F  (h(x))h(x) = 1 Because F (h(x)) < 0 => h  (x) < 0, Then  −1 is strictly decreasing [3]. h = F

168

L.-S. Constantin and D. L. Grigorescu

Considering that the (F  )−1 function is strictly decreasing, so strictly due to the concavity, we obtain B

l 0). H1.2 : There could be a negative correlation between the variables under analysis (ρ < 0). where ρ represents the correlation coefficient. Table 16.2 highlights the results obtained from data processing through SPSS statistical software. In terms of statistical significance, the existence of correlations between the DESI Index and two of the dependent variables was observed, i.e., Employment/Population Ratio and Labor Force Participation Rate (Sig. coefficient 0.05). The null hypothesis is rejected in the case of the association between the DESI Index and the Employment/Population Ratio, as well as between the DESI Index and the Labor Force Participation Rate. In the given circumstances, the positive correlation between the Digital Economy and Society Index and the two variables could be considered strong (the correlation coefficient for the Employment/Population Ratio = 0.61285 and the correlation coefficient for the Labor Force Participation Rate = 0.66740). Given the results presented above, subsequent research efforts were focused on the two dependent variables for which statistically significant correlations were identified, without considering the Unemployment Rate. Linear regression was used in order to determine, in particular, the relationships between the dependent variables, the Employment/Population Ratio and the Labor Force Participation Rate, with the DESI Index predictor. Consistent with the model summaries, we can state that the variation of the Digital Economy and Society Index explains about 37.6% of the Employment/Population Ratio (Table 16.3) and about 44.5% of the Labor Force Participation Rate (Table 16.4).

16 The Labor Market in Relation to Digitalization …

193

Table 16.2 Correlations between the independent variable (the DESI Index) and the Dependent Variables (Employment/Population Ratio, Labor Force Participation Rate, and Unemployment Rate) Correlations DESI

DESI

Pearson 1.00000 correlation

0.61285a

0.66740a

−0.23748

Sig. (1-tailed)

0.00053

0.00010

0.22366

28

28

28

1.00000

0.90900a

−0.68983a

0.00000

0.00005

N

28

Pearson 0.61285a correlation

Employment population ratio

Labor force participation rate

Employment/Population Labor force Unemployment ratio participation rate rate

Sig. (1-tailed)

0.00053

N

28

28

28

28

Pearson 0.66740a correlation

0.90900a

1.00000

−0.32655

Sig. (1-tailed)

0.00010

0.00000

N

28

28

Unemployment Pearson −0.23748 −0.68983a rate correlation

0.08988 28

28

−0.32655

1.00000

Sig. (1-tailed)

0.22366

0.00005

0.08988

N

28

28

28

28

a

Correlation is significant at the 0.01 level (2-tailed) Source Authors’ results after data processing using SPSS software

Table 16.3 Model summary (Dependent Variable: Employment/Population Ratio) Model summaryb Model

R

R square

Adjusted R square

Std. error of the estimate

1

0.613a

0.376

0.352

4.36645

a

Predictors: (Constant), DESI Index Dependent Variable: Employment/Population Ratio Source Authors’ results after data processing using SPSS software b

Table 16.4 Model summary (Dependent Variable: Labor Force Participation Rate) Model summaryb Model

R

R Square

Adjusted R square

Std. error of the estimate

1

0.667a

0.445

0.424

3.35334

a

Predictors: (Constant), DESI Dependent Variable: Labor Force Participation Rate Source Authors’ results after data processing using SPSS software b

194

I. A. Bogoslov et al.

ANOVA tables (Tables 16.5 and 16.6) indicate that the regression models significantly predict the considered dependent variables. For each of the analyzed cases, the statistical significance (Sig. column) is less than 0.05. In Tables 16.7 and 16.8, column B highlights the unstandardized coefficients, providing the values for B0 (51.866) and B1 (0.340). Being measured in their natural units, the unstandardized coefficients have a greater significance when used in the model, as their measurement can be done on different scales, instead of trying to compare them. Therefore, the equation for the linear regression between the DESI Index and the Employment/Population Ratio could be depicted as follows: Yx = 51.866 + 0.340x. Table 16.5 ANOVA statistical test (Dependent Variable: Employment/Population Ratio) ANOVAa Model 1

Sum of squares

df

Mean square

F

Sig

Regression

298.177

1

298.177

15.639

0.001b

Residual

495.712

26

19.066

Total

793.890

27

a

Dependent Variable: Employment/Population Ratio Predictors: (Constant), DESI Index Source Authors’ results after data processing using SPSS software b

Table 16.6 ANOVA statistical test (Dependent Variable: Labor Force Participation Rate) ANOVAa Model 1

Sum of squares

df

Mean square

F

Sig

Regression

234.823

1

234.823

20.883

0.000b

Residual

292.367

26

11.245

Total

527.190

27

a

Dependent Variable: Labor Force Participation Rate Predictors: (Constant), DESI Source Authors’ results after data processing using SPSS software b

Table 16.7 Coefficients (Dependent Variable: Employment/Population Ratio) Coefficientsa Model

1 a

Unstandardized Coefficients

Standardized Coefficients

B

Std. Error

Beta

(Constant)

51.866

4.697

DESI

0.340

0.086

0.613

Dependent Variable: Employment/Population Ratio Source Authors’ results after data processing using SPSS software

t

Sig

11.042

0.000

3.955

0.001

16 The Labor Market in Relation to Digitalization …

195

Table 16.8 Coefficients (Dependent Variable: Labor Force Participation Rate) Coefficientsa Model

1

Unstandardized coefficients Standardized coefficients B

Std. Error

(Constant)

58.375

3.607

DESI

0.302

0.066

t

Sig

16.182

0.000

4.570

0.000

Beta 0.667

a

Dependent Variable: Labor Force Participation Rate Source Authors’ results after data processing using SPSS software

Thus, for every one-point increase in the DESI Index (expressed in scores from 0 to 100), the Employment/Population Ratio is estimated to be higher by 0.340, i.e., by 3.4%. Similarly, based on unstandardized coefficients from Table 16.8, the regression equation for predicting the dependent variable Labor Force Participation Rate from the independent variable DESI Index can be presented as follows: Yx = 58.375 + 0.302x. Under these conditions, we expect that at an increase of one unit (in this case point in the score) in the DESI Index an increase of 3.02% in the Labor Force Participation Rate will be recorded, all the other variables remaining constant.

16.5 Conclusion and Future Research Directions In the context of the modern world, digitalization is considered an indisputable factor for increasing the competitive advantages of a country. The beneficial effects of technology integration have been identified and recognized over time, especially in terms of the world economy and society development. On the other hand, employment represents a key indicator and contributor to economic and social development. In fact, the stability of the overall society and economy is often correlated with the ability to obtain and maintain a high employment rate and a low unemployment rate. Given that the EU Member States undertake considerable efforts in order to ensure the digitalization, we naturally wonder if and how the results of this process could influence the labor market. The subject in question has often been a point of interest in the literature, and the results obtained reveal both positive and less beneficial effects of digitalization on the labor market. The present research considered the determination of a possible correlation between the variables under analysis, namely the DESI Index and the three measures related to the labor force, i.e., Employment/Population Ratio, Labor Force Participation Rate, and Unemployment Rate. After analyzing the data, the possibility of a strong correlation between digitalization and Employment/Population Ratio, respectively, Labor Force Participation Rate

196

I. A. Bogoslov et al.

was found. Regarding the correlation between the DESI Index and the Unemployment Rate, it was observed that this is not statistically significant. Based on the linear regression model, it can be concluded that, while all other variables remain constant, at an increase of one unit in the DESI Index, an increase of 3.4% in the Employment/Population Ratio is expected, as well as an increase of 3.02% in the Labor Force Participation Rate. The limitations of the present research are mainly given by the number of factors considered relevant and analyzed regarding the labor market. At the same time, the number of countries included in the analysis may represent a limitation of the research, as the study is conducted on the EU Member States. However, we consider the present research a good starting point in the analysis of possible interdependencies between digitalization and the labor market. The future directions of the research are meant to cover the identified limitations, by extending the analysis on additional significant indicators and by including in the research other states.

References 1. Acemoglu D, Restrepo P (2018) The race between man and machine: implications of technology for growth, factor shares, and employment. Am Econ Rev 108(6):1488–1542. https://doi.org/ 10.1257/aer.20160696 2. Arntz M, Gregory T, Zierahn U (2019) Digitalization and the future of work: macroeconomic consequences. In: Handbook of labor, human resources and population economics. https://pap ers.ssrn.com/sol3/papers.cfm?abstract_id=3413653 3. Balsmeier B, Woerter M (2019) Is this time different? How digitalization influences job creation and destruction. Res Policy 48(8). https://doi.org/10.1016/j.respol.2019.03.010 4. Ba¸sol O, Yalçin EC (2020) How does the digital economy and society index (DESI) affect labor market indicators in EU countries? Hum Syst Manag 1–10. https://doi.org/10.3233/HSM200904 5. Cirillo V, Evangelista R, Guarascio D, Sostero M (2020) Digitalization, routineness and employment: an exploration on Italian task-based data. Res Policy. https://doi.org/10.1016/j.respol. 2020.104079 6. European Commission (2020) The Digital Economy and Society Index (DESI). European Commission. https://ec.europa.eu/digital-single-market/en/desi. Accessed 8 Feb 2021 7. Evangelista R, Guerrieri P, Meliciani V (2014) The economic impact of digital technologies in Europe. Econ Innov New Technol 23(8):802–824. https://doi.org/10.1080/10438599.2014. 918438 8. Organization for Economic Co-operation and Development (2019) LFS—sex and age indicators (dataset level metadata). OECD.Stat. https://stats.oecd.org/Index.aspx?DataSetCode=LFS_SEX AGE_I_R. Accessed 12 Mar 2021

Chapter 17

The Impact of Bitcoin in the Financial Market. A Cybernetics Approach Nora Chirit, a˘ , Ionut, Nica , and Mihaela Popescu

Abstract The cryptocurrency market is now a decentralized system used more and more often, based on the concept of blockchain. A blockchain is essentially a growing list of records that are linked and secured using cryptography. This article presents the current situation and predicts possible situations that may arise in the future in the cryptocurrency market, blockchain, and more. Both individuals and legal entities are starting to invest in cryptocurrencies, creating a quick and easy way to make a profit from them. In the near future, states and governments may also use cryptocurrencies for purposes such as storing fractional resources, thus replacing currently used resources such as gold. The main purpose of the paper is to explain this new emergence of cryptocurrencies from a cybernetic approach. Analyzing the cryptocurrency market from a cybernetic perspective means approaching this market as a complex adaptive system from the perspective of system dynamics. We believe that the results and analyses of this article can contribute to the development of existing literature. The topicality of this research is the analysis performed from the cybernetic perspective, but also the construction of a complex adaptive system of the financial market to which we add the cryptocurrency market that interacts with the other markets that define the cybernetics system of the financial market.

17.1 Introduction Outlining an analysis of innovative elements in the economic field, we noticed a trend that is increasingly present in all fields, finding new implementations and uses that define a core of innovation and innovation globally, namely cryptocurrencies. They do not only appear with independent properties, but on the contrary, propagate over a wide range of characteristics and implementations meant to lead the technological, economic, financial, and why not human, evolution to a new stage of digitalization and the new beginnings of future reality. Cryptocurrencies represent and promote a N. Chirit, a˘ · I. Nica (B) · M. Popescu Bucharest University of Economic Studies, Bucharest, Romania e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_17

197

198

N. Chirit, a˘ et al.

new world of money and more, in which power is not managed by anyone other than those who use it. The beginning of the third millennium marked a major evolution in the field of online commerce, through the Internet, financial institutions being the only means by which it could be achieved. Electronic payments were made only with the help of these institutions which constituted a third party in the transaction process. They could not be completely irreversible, and the cost of mediating subsequent disputes also increases the cost of transactions. The possibility of reversibility automatically increases the need for trust that both parties require. Traders thus have to ask customers for more information that they would not normally need. When it comes to physical money, these uncertainty costs can be easily avoided, but until the advent of cryptocurrencies, there was no mechanism by which payments could be made without another party to give that confidence in the discussion. Cryptocurrencies are a new type of currency, online, through the Internet, which presents a solution to current problems of physical currency, establishing another level of technology. The main purpose of the paper is to explain this new emergence of cryptocurrencies from a cybernetic approach. Analyzing the cryptocurrency market from a cybernetic perspective means approaching this market as a complex adaptive system from the perspective of system dynamics. The article first addresses the methodological and technical conceptual dimensions that we will use in the construction of the case study. Therefore, from a practical approach, in the first part of the case study, we will analyze the evolution of Bitcoin using the computer tool Altreva. Subsequently, we will realize the new complex adaptive system of the financial market, in which we will also include the cryptocurrency market in order to analyze the effect that it can transmit in the entire system. Thus, we will have a holistic approach to this concept, representing also the element of originality and novelty of the work. At the same time, it is interesting to approach the concept of financial contagion from this perspective in order to analyze the negative effects that can spread throughout the financial network.

17.2 The Stage of the Knowledge in the Field In 2009, Satoshi Nakamoto launched a publication, “Bitcoin: A Peer-to-Peer Electronic Cash System” [1] announcing the first modern cryptocurrency, Bitcoin, which marked the beginning of all that cryptocurrency means today. Cryptocurrencies are a new type of currency, online, through the Internet, which presents a solution to current problems of physical currency, establishing another level of technology. Bitcoin solves the weaknesses faced by previous currencies, being an electronic payment system based on cryptographic proof, which allows any two parties to trade directly, without the need for a third party to give this “trust”. At the same time, it represents a solution to eliminate additional costs, implementing a decentralized server network, and transactions being made directly, from

17 The Impact of Bitcoin in the Financial Market …

199

one person to another, through a timestamp, which is a computational proof of the chronological order of transactions. The transactions are irreversible and pseudo anonymous, because neither the accounts nor the transactions are connected to real entities, everything being encrypted through cryptographic addresses stored in the blockchain [2]. A characteristic that represents a strong point of them consists in the global and fast character of the transactions that it facilitates, the money being able to be transmitted in a very short time, of a few minutes. Given the global nature of the computer network, physical location does not play a significant role in conducting transactions [3]. Looking at the macro level, the network formed around a cryptocurrency outlines an exceptionally complex adaptive system, in which in the first place is the cyber security established at the system level through Blockchain technology. The technology on which most cryptocurrencies were created is called the Blockchain, a mechanism that defines one of the most intelligent and useful complex adaptive systems. It all started in 2008 when an anonymous person (or group of people) under the name “Satoshi Nakamoto” invented bitcoin. In October 2008, he published a paper called “Bitcoin: A Peer-to-Peer Electronic Cash System” [1]. The official introduction of the digital currency bitcoin has been a real success on the financial market due to the considerable value increases, bitcoin has offered investors a new investment opportunity. It also revolutionized the concept of digital money by introducing the blockchain system [4, 5]. Terms such as “Bitcoin” or “Blockchain” became increasingly popular with the advent of “Bitcoin” in the 2008 article by “Satoshi Nakamoto”, “Bitcoin: A Peer-toPeer Electronic”. “Cash System”, where the blockchain is defined as “a system of electronic transactions that is not based on trust”. In the meantime, other articles have appeared that have brought up other definitions of the blockchain, such as “a certain type of DLT, a way of recording and sharing data in several databases” or “a digital register of distributed transactions, with identical copies kept on several computer systems controlled by different entities” [4]. Well-known Canadian business director, consultant, and author Don Tapscott says blockchain technology will usher in “the second age of the Internet.” Before that, we had an Internet of information and now, he says, we get an Internet of value, where any object of value—from money to art—can be stored, traded, and secured confidentially. In his speech, Tapscott compared our days to 1994, when the Internet was on the verge of discovery [5]. The Internet of Information has brought many changes to the economy and the Internet of Values, he says, will continue to go down this disruptive path. The Internet of Things “seems to be transforming a number of important industries that provide or rely on third party insurance.” Using blockchain technology can speed up transactions by reducing the need to keep records on paper. It can help to track and verify ownership, ensure the accuracy of documents and transfer property documents. Alternatively, on platforms like Uber, the blockchain can be used to create

200

N. Chirit, a˘ et al.

decentralized peer-to-peer sharing applications, allowing both car owners and users to arrange terms and conditions securely without having to pay the third party (Uber) a considerable fee, with each transaction that was made between the passenger and the driver [6] In the technology sector, IBM and Samsung have produced proof of concept— partly incorporated using Ethereum, a blockchain-based framework distinct from the bitcoin blockchain—to illustrate how the blockchain could accept “Internet of Things” applications. (IoT) by facilitating transaction processing and coordination between interacting devices. The distributed nature of the common register may be particularly suitable for fostering coordination between a large number of devices. And the cryptographic security that blockchain relies on can help alleviate the security challenges facing IoT deployments [6]. Digital currencies, and in particular those with a built-in decentralized payment mechanism based on the use of a distributed register, are an innovation that could have a number of impacts on various aspects of financial markets and the economy in general. These impacts could include potential disruptions to business models and systems, as well as the facilitation of new interactions and economic links. In particular, the potential implications of digital currencies and distributed registers on retail payment services will be particularly important, as these schemes have the potential to facilitate certain retail payments [7]. One of the most well-known and respected people in the field of bitcoin, entrepreneur Andreas Antonopoulos (2017), describes Bitcoin as follows: “Bitcoin is a collection of concepts and technologies that underlie an ecosystem of digital currencies. Currency units called bitcoin are used to store and transmit value among participants in the bitcoin network Bitcoin users communicate with each other using the bitcoin protocol mainly via the Internet, although there may be other transport networks used. The bitcoin protocol stack, available as open-source software, can be run a wide range of computing devices, including laptops and smartphones” [8]. According to Antonopoulos, Bitcoin is also a peer-to-peer network and a distributed computing innovation. There is an important ideological component in Bitcoin, invented by a person named Satoshi Nakamoto, following the financial crisis of 2007/08, who set out to create a decentralized network that could operate without any central control authority. In an online forum post, Nakamoto suggested that his reason for creating Bitcoin was outrage at the financial system: “The main problem with the conventional currency is all the confidence it needs to make it work. The central bank needs to be reliable, not to diminish the value of the currency, because the history of currencies is full of violations of this trust. We need to trust banks to keep our money and electronic transfers” [9]. Critics point out that cryptocurrencies are not free from fraud and scandals. For example, several million dollars were stolen in Bitcoin from the Japanese platform Mt. Gox in 2014 and $ 50 million in Ether during the Decentralized Autonomous Organization (DAO) in 2016. Moreover, cryptocurrency payments, being largely unregulated, do not restrict purchases, including illegal ones. Böhme et al. provide summary data showing that, at least in the early Bitcoin era, most transactions were used to purchase drugs. Foley et al. estimate that approximately 46% of Bitcoin

17 The Impact of Bitcoin in the Financial Market …

201

transactions are associated with illicit activities, but that the illegal share of Bitcoin activity has decreased over time with the emergence of several opaque cryptocurrencies. In addition, users seem unprotected because payments are often irreversible and an erroneous transfer cannot be canceled, unlike credit card payments [9, 10]. The active aspect of digital currencies has some similarities to the previous analysis in other contexts (for example, there are analytical papers from the late 1990s on the development of electronic money that could compete with a central bank and commercial bank money). However, unlike traditional electronic money, digital coins are not a debt of an individual or an institution and are not backed by an authority. Moreover, they have zero intrinsic value and, as a result, derive value only from the belief that they could be exchanged for other goods or services, or for a certain amount of sovereign currency, at some point. As a result, digital currency holders may face substantially higher costs and losses associated with price and liquidity risk than sovereign currency holders. The truly innovative element seems to be the distributed register, especially in combination with digital currencies that are not linked to money denominated in any sovereign currency. The innovation consists in the possibility to make peer-to-peer payments in a decentralized network in the absence of trust between the parties or in any other third party.

17.3 The Network of Cryptocurrencies Analyzed as a Complex Adaptive System In terms of the level of complexity, the sciences involved in this field demonstrate that most systems can be considered complex. There is no doubt that the system formed around the blockchain is a complex one, but more than that, it is an exceptionally complex adaptive system [11]. We frame this network as such, through the definition of Mitleton-Kelly [12], which aims at ten generic characteristics that we will detail in the following lines. The first features are connectivity and interdependence, and within this network, it is verified, any decision or event of a network agent affects all other agents. For example, if a transaction is processed, all nodes must validate that transaction to be correct, and if one invalidates, the information becomes invalid across the system. Co-evolution is the ability of the system to evolve according to the environment to which it belongs. It can be exogenous, relative to other systems outside, or endogenous, relative to agents inside the system. Blockchain technology fulfills the property of co-evolution, due to its improvement over time, to the new innovations that have always been added, and endogenous, due to the great influence that the participating agents have on each other. It is also a dissipative structure, the technology being always influenced by the economic environment, by discoveries in the field, etc., and in turn, influences the rest of the industry, so there is a constant exchange of energy.

202

N. Chirit, a˘ et al.

Far-from-equilibrium operation also creates a new order, and the history and dependence of the trajectory is definitely present, any decision, any new block mined in the blockchain chain determines an evolution. At the macro level, any new innovation determines a further path based on sources of innovation and diversification. The space of possibilities is always explored, generating variety at the level of evolutionary technological implementations, and feedback processes are found through continuous bivalent regulation, either through systemic changes or through balancing. Self-organization and emergence are an essential property, the blockchain network being a system where irreversible structures or ideas are created that become the basis for the history of agents, and some goals and tasks are exercised automatically, without the need for an external entity to assign tasks. To analyze the evolution of the Bitcoin cryptocurrency and to build a simulation model, we will use the Altreva software tool. It uses one of the methods approached in cybernetics, agent-based modeling.

17.4 Case Study With the evolution of cryptocurrencies in the past decade, their impact on industries, technology, and at the macro level, on the world and the general functional process carried out in everyday life is amplifying [13]. In the banking and financial field, the concept of a centralized system has existed for hundreds of years, and the introduction of cryptocurrencies and the blockchain technology that underlies them gives rise to a new concept, namely decentralization. Thus, it offers more financial freedom to consumers and personal financial management, increasing transparency and freedom. In the field of remittances, cryptocurrencies are gaining ground due to the possibility and speed of transferring large sums of money directly from one person to another, involving very low transaction costs. Therefore, the impact is major because, through these new types of currency, any transactional process is facilitated, regardless of the distance at which the parties involved are located. In the monetary system, banks have the power to print money, this action having an inflationary effect, positioning itself antithetical to cryptocurrencies, which have a fixed character in terms of their volume. This reduces the effect of inflation and therefore keeps the demand for foreign currency consistent. In the field of FinTech—Financial Technology, the blockchain mechanism is certainly the solution to the challenges encountered. Companies in this field are in direct competition with a large part of financial institutions, wanting to sell innovative solutions and services to customers. This gives rise to applications such as the Robinhood app (trades without commission), Lending Club (facilitates direct loans: peer-to-peer), etc.

17 The Impact of Bitcoin in the Financial Market …

203

The analyzed period is January 2018–April 2021. The evolution of the model starts from November 2018, the first months being used to train the model. The simulated model starts from an initial population of 5,000 agents, the price forecast is based on the value of the best price offered by an agent. The best agents in the model represent a share of 2.5% of the agent population. The simulator is based on a starting capital of 10,000 monetary units. The simulation started with an initial state in which all 5,000 agencies hold 100,000 cash units and 0 shares, and they will have random trading rules. In the first histogram, the one representing “Wealth Distribution”, we can see that before starting the training of agents, all 5,000 have a fortune of 100,000 units. However, following the simulation, the largest bar in the histogram, representing the fortune of over 2.500 agents, is located in the vicinity of the average value, 210.709 monetary units. In the figure above, you can see how the population of agents evolves according to their life cycle and wealth. The correlation coefficient is 0.88, the quadratic deviation R = 0.77 and the regression line is constructed according to the function: f = 2500, 668 ∗ x + 7145, 477. The slope of the curve has a value of 2500,668. Figures 17.1 and 17.2 show an agent-based model of the evolution and prediction of the Bitcoin cryptocurrency. In all cases, we observed the shock of the first part of 2020, when the COVID-19 pandemic had a significant impact on the financial market worldwide. Complex Adaptive Systems describe the necessary properties to understand, quantify, and propose methods of regulation and self-regulation at the level of financial markets that have an impact on the entire financial network [14].

Fig. 17.1 Bitcoin cryptocurrency modeling output. Source Authors design in Altreva Software

204

N. Chirit, a˘ et al.

Fig. 17.2 Evolution of the simulated agent population in Another adaptive modeler. Source Authors design in Altreva Software

In recent years, important steps have been taken to better understand the critical phenomena existing in complex networks, especially the dynamic processes in networks that can have a significant importance in the study of the mechanism of operation and control of real processes. Over time, there have been more and more systemic banking events that have caused shocks and dominance effects that have spread either throughout the financial network at a country level or even globally [15]. In the following, I will use the Stella IT software solution to analyze the dynamics of a proposed new financial market system in which I have also included the cryptocurrency market. The structure proposed by the system dynamics characterizes four main elements: the mechanism of the feedback loops, the rhythms and levels of the systems, their limit, and the input/output components as well as the conditions observed in the system and the desired actions (Fig. 17.3). The figure above is a representation of the financial market system. This system consists of three main subsystems that determine the entire financial market: the

Fig. 17.3 Financial market dynamics as a cybernetic system. Source Authors design in Stella Software

17 The Impact of Bitcoin in the Financial Market …

205

money market, the capital market, and the foreign exchange market, together with the interactions between them. Along with the three subsystems, the cryptocurrency market was introduced, in order to determine new connections and interactions and to perform a cybernetic analysis on the current financial market. The symbols illustrate the limits of the system, in the sense that through those places cash flows enter or leave. These closed limits cause a causal closure and reveal that not every external change changes the dynamics of the system, separating the interior from other factors that cannot affect it. The amount of money at any given time in each of the four markets is represented and represents the level. It is illustrated next to the symbol , meaning the by rhythm, i.e., in a level, respectively market (capital, foreign exchange, monetary), the inflows and outflows of monetary units are controlled with the help of these rhythms. Auxiliary variables that are intended to change cash flows as appropriate are represented by . The interactions between the represented elements are represented by arrows and verify the premise of the system dynamics, that all the characteristics of a system, not only those of the individual parts, determine the behavior of the system. As for feedback loops, they are a basic component of the system, amplifying (positive feedback loops) or damping (negative feedback bubbles), making certain phenomena quite short on the financial market [13, 16]. At the bottom of the figure above is the Central Bank, which controls and supervises the money market according to the money supply on the market, being able to inject or withdraw a certain amount of money. The interbank market is a money market strongly affected by the cryptocurrency market. Commercial banks record losses due to the basic principle of these new currencies, namely the elimination of the supervisory authority and the need for a “third party” to give confidence in a transaction. People choose to transfer money directly through this new concept, especially due to the speed, you can transfer money to any two places in the world, the distance not being an influencing factor on the duration of the transfer. Remittance systems are also affected. Abroad, the field of remittance has a large share in economic growth, with many people working abroad sending money regularly to families back in the country. Likewise, the money must be managed by intermediaries, the process is quite long, a few days. The cryptocurrency market introduces its influence through instant transfer everywhere, today, there are over ten Bitcoin-based remittance systems, such as Ribbit, BitPesa, Abra, etc. The deposit market is another market affected by the cryptocurrency market. This is due to savings in households and businesses, who want to deposit their money in exchange for interest. The influence spreads if the fees involved in holding these deposits increase, or become an impediment. Cash flows are also passed on to the real economy for commercial transactions in different markets. The influence is revealed by the many areas and industries in which payment can now be made in the form of cryptocurrencies, instead of the usual currency.

206

N. Chirit, a˘ et al.

Furthermore, within the network, the money supply is transmitted to the capital market, characterized by the stock market, the bond market, the derivatives market, etc. This is an extremely important market, where money can flow in the form of investments, those who have excess funds can finance needs in order to achieve a future income. In this market, cryptocurrencies can be a type of financial asset that investors can use to reduce risk and gain significant returns. Due to the high volatility, investors may speculate to some extent the increase or decrease of the Bitcoin price through the halving process. Thus, Bitcoin units can be bought when they are at a low level, and with its increase, there can be major gains. They can also be used to diversify the investment portfolio. Also, the action of a feedback mechanism is noticed, when an investor/group of investors takes advantage of the price volatility, highlighting a positive feedback loop. However, with the spread of the action, these large gains are eliminated, outlining a negative feedback loop. The foreign exchange market is one of the most representative markets for the influence of cryptocurrencies, due to the connection it makes with the external environment, and therefore with the subsystem introduced by me. It consists of the spot market and the futures market. The spot market is the place where domestic currency transactions are made against foreign currency, thus, most of the money supply in the system circulates through this channel, and will spread to the rest of the markets. In the present case, as mentioned above, transactions are not brokered by commercial banks or ordinary exchange offices, but can be brokered through specific exchanges. At the same time, through the foreign exchange market, different flows of foreign investments can enter the capital market, these being characterized by a high level of mobility. The business sector (private sector) is the set of enterprises in the economy whose main activity is the production of goods and services. This sector is also severely affected due to a new field ready to be exploited. Following the emergence of cryptocurrencies, companies have been set up, new companies whose main objective is to provide goods and services related to them, such as: other new cryptocurrency companies, exchanges, remittance systems, etc. Financial contagion has become a topic of research with a recently rising level of interest. Contagion is the transmission of shocks to other countries or the correlation between these countries, beyond any fundamental link between them or any common shock [13, 17]. Understanding the phenomenon of financial contagion is closely linked to its transmission through various channels. In recent decades, a distinction has been made between contagion and interdependence in terms of these transmission channels. If crises are transmitted through fundamentally stable links, then only countries with weak economic foundations will be affected. On the other hand, if the irrational behavior of agents (in the form of speculative attacks, financial panic) is the power of transmission, then countries with good foundations may be affected. In this case, we are only talking about interdependence and not contagion.

17 The Impact of Bitcoin in the Financial Market …

207

Financial contagion was classified in various forms according to Masson [18], and was later developed by Forbes and Rigobon [19]. In the following, we will analyze the spillover contagion on the cryptocurrency market. This involves the onset of a crisis in one country and the spread of this crisis to a large number of other countries. We choose to study this type of contagion in the context of cryptocurrencies due to an identified channel through which it can spread, namely blockchain technology. One of the most important channels of influence of the cryptocurrency market was that at the technological level, by promoting blockchain technology. In the first chapter of this work paper, we described how it works and the impact it has on the world today. A concrete example that we will analyze in this section is the implementation of this technology in Estonia. The country has implemented a blockchain KSI technology that protects eservices. E-services represent practically the digitization of all the existing services from health, to legislation, banking services, police, etc. These are called e-Health Record, e-Prescription database, e-Law, e-Court systems, e-Police, e-Banking, e-Business Register, e-Land Registry, etc. Due to this sometimes poorly managed technology, Estonia’s economic system has been exposed to a major risk. Thus, in April and May of 2007, Estonia became the target of a cyber-attack, for a period of 3 weeks, some of these services described above becoming the target. The attack, such as blocking a service, was a predictable risk that was quite easy to fight, but only with external support. At the information level, the attack targeted the media and many other websites, blocking the access of Estonian citizens from obtaining information, news, updates from the government, or even from information on their bank balance data. By disrupting access to information or cash flow, the attack highlighted the state’s digital dependence, which had major economic and political consequences. At the economic and financial level, banks and other institutions were affected, highlighting the fact that the attackers were aware of the vulnerability of e-services and that they will generate disruptions and problems in government, business, citizens, the country being 97% dependent on internet banking. Hansabank and SEB Eesti Ushibank were particularly affected, and the web interfaces for online services were offline for approximately 45–90 min, with monera external transfers being unavailable. Citizens were denied access to financial services, and Estonia has been isolated in terms of financial flow [20]. The financial blockade was a key element, the ability to deny the government, business, citizens access or transfer money is a significant tool of national power. Thus, Estonia suffered billions of euros in losses, and the whole policy and economy were extremely vulnerable. Fortunately, the attacks have stopped and the situation has not led to an economic crisis, but if they had continued or Estonia had suffered even greater losses, it is intuitive to say that a crisis would have taken place could install. Therefore, at the level of the “spillover” contagion, due to this evolution promoted in the technological branch by cryptocurrencies, it also brings a vulnerable point at

208

N. Chirit, a˘ et al.

the economic level, which could cause an economic crisis. Thus, a crisis at the level of one state can spread to the level of other states, states with which strong economic cooperation relations are manifested.

17.5 Conclusions Following the entire application process, we found that the subject of cryptocurrencies is one that is gaining more and more popularity and whose applicability is spreading in various fields such as banking, finance, remittances, monetary system, Fin-Tech and enriches the world of technology with each passing day. The domain and the market created around cryptocurrencies is a relatively new one and solves one of the problems that the population faces, namely the need for an intermediary in managing transactions. Now they can be performed directly, regardless of location, irreversible and pseudo-anonymous with the help of the exceptional Blockchain technology that underlies them. At the same time, we discover that their market is constantly expanding, the number of cryptocurrencies growing under multiple typologies and characteristics (Tether, Ripple, Bitcoin, etc.), and the economic value relative to the US dollar always increases in waves according to the halving event. This leads to self-sustaining of the entire system. In addition, in this article, we analyzed the influence of cryptocurrencies (Bitcoin) and their market on the current economic system and through which channels it is transmitted. Also, with the identification and analysis of these channels, we speculated on the effects of a possible contagion that spreads through the cryptocurrency market throughout the financial network. With the help of the Stella Architect software, we made a scheme of system dynamics through which we illustrated the main channels of influence. Therefore, they influence the money market through the interbank market, which may be placed in an unfavorable position due to the promotion of the elimination of the supervisory authority, along with remittance systems that are inferior to the new technology of transferring money abroad. The deposit market is also declining, due to the interest rates required for these deposits, with citizens choosing to convert their currency into Bitcoin for a better means of storing value. In the capital market, cryptocurrencies can be a type of financial asset through which investors can speculate due to high volatility and can make significant gains or diversify their investment portfolio in a smart way. In terms of the foreign exchange market, one of the most important markets, because this is where the money supply inflows occur when people choose to convert their Bitcoin currency into Lei through various exchanges. The corporate sector is also influenced due to the newly established companies that aim at a strong activity in the development of the cryptocurrency market.

17 The Impact of Bitcoin in the Financial Market …

209

References 1. Nakamoto S (2008) Bitcoin: a peer-to-peer electronic cash system. Satoshi Nakamoto Institute 2. DeVries P (2016) An analysis of cryptocurrency, bitcoin, and the future. Int J Bus Manage Comm 3. Krishnan A (2020) Blockchain empowers social resistance and terrorism through decentralized autonomous organizations. J Strat Secur 4. Schatsky D, Muraskin C (2015) Beyond bitcoin: blockchain is coming to disrupt your industry. Deloitte University Press 5. Tapscott A, Tapscot D (2017) How Blockchain changing finance. Financial Markets 6. Higgins S (2015) IBM reveals proof of concept for blockchain-power Internet of Things, CoinDesk 7. BIS, CPMI report on digital currencies. https://www.bis.org/press/p151123.htm, 2015. Accessed 01 Apr 2021 8. Case-Podcast. Conversation about software engineering. https://www.case-podcast.org/16-bit coin/transcript. Accessed 15 Mar 2021 9. Bohme R, Christian N, Edelman B, More T (2015) Bitcoin: economics, technology, and governance. J Econ Perspect 10. Foley S, Karlsen J, Putnins T (2019) Sex, drugs, and bitcoin: how much illegal activity is financed through cryptocurrencies? Rev Fin Stud 32(5):1798–1853 11. Chirita N, Nica I (2020) An approach to the use of cryptocurrencies in Romania using data mining technique. Theoret Appl Econ 12. Mitleton-Kelly E (2003) Ten principles of complexity & enabling infrastructures. Elsevier 13. Nica I (2020) Modeling and simulation of regulation and self-regulation processes at the Banking Institutions tier using system dynamics. Doctoral thesis, University of Economic Studies, Bucharest 14. Chirita N, Nica I (2019) Cibernetica Firmei. Aplicat, ii s, i Studii de caz, Economica 15. Scarlat E, Chirita N (2019) Cibernetica Sistemelor Economice, 3rd edn. Economica 16. Nica I, Chirita N, Scarlat E (2020) Approaches to financial contagion in the banking network: theory and Case Studies. LAP LAMBERT Academic Publishing 17. Nica I, Chirita N, Ciobanu F (2020) Analysis of financial contagion in banking network. Vision: sustainable economic development and application of innovation management 18. Masson P (1998) Contagion: monsoonal effects, spillovers, and jumps between multiple equilibria. IMF Work Pap 98(142) 19. Forbes K, Rigobon R (2002) No contagion, only interdependence: measuring stock market co-movement. J Fin 57(5):2223–2261 20. Insel A, Korkmaz A (2010) The contagion effect: evidence from Former Soviet Economies in Eastern Europe. Int Res J Fin Econ

Part III

Artificial Intelligence, Data-mining & Machine Learning

Chapter 18

Privacy-Preserving Framework for Deep Learning Cybersecurity Solutions Constantin Nil˘a , Marius Preda, and Victor Patriciu

Abstract Experimentation with artificial intelligence (AI) and machine learning (ML) has rapidly advanced in the last decade, mainly due to the progress made in data storage and processing technologies. As this technology is implemented in everyday devices, ranging from smart appliances to personal assistants, we observe an increase in interest in more rigid to change sectors, like governmental and military. Utilizing a machine learning service is a commodity for today’s society, introducing data privacy challenges for data owners and security concerns for model developers. As the EU plans to build a network of AI-enabled Security Operations Centers across Europe and NATO believes in including artificial intelligence in its decisionmaking process, we need to focus intensely on the security and privacy offered by machine learning-based applications. This paper contains our summarization of the current concerns regarding privacy-preserving machine learning and an analysis of the present frameworks highlighting possible attacks and methodology. Additionally, we present our approach as a potential solution for privacy-preserving models used in cybersecurity applications. Our research shows that even though all three methods guarantee privacy at a certain level, a holistic approach proves to be more efficient.

18.1 Introduction At the root of any AI system, we encounter machine learning algorithms. ML technology is widely used to produce models that classify images, authenticate based on biometric information, recommend products, choose which ads to display, and identify fraudulent transactions. Deep learning (DL) is just a sub-class of machine learning that focuses on replicating human brain abilities. The privacy and security of the data used in intelligent solutions are subject to threats that we have grown accustomed to in cybersecurity and new risks that arise from the AI technology itself [1]. Machine learning solutions are at a disadvantage. C. Nil˘a (B) · M. Preda · V. Patriciu Military Technical Academy “Ferdinand I”, 050141 Bucharest, Romania e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_18

213

214

C. Nil˘a et al.

Unlike other applications that guarantee the data’s confidentiality through encryption, these models have to work with private information and transform it accordantly to deliver their functionalities. Computing encrypted data has been a cryptography goal since the concept was first proposed by Rivest et al. in 1978 [2]. Gentry made a significant breakthrough in 2009 when he published his dissertation explaining his full homomorphic encryption (FHE) scheme [3]. The interest in this area has busted in the last decade, researchers rethinking the systems, implementing, and applying them in their projects. Nevertheless, the path to a complete privacy-preserving solution, which can be used in machine learning and artificial intelligence platforms, still needs to be trodden.

18.2 Privacy in ML-Base Systems 18.2.1 Challenges As long as the new machine learning techniques are introduced into more and more security solutions, it is expected that the offensive side of cybersecurity will also evolve. From this point of view, the number of attack platforms focused on machine learning capabilities increases, three main categories standing out: • platforms based on machine learning technologies that target classic IT&C systems; • platforms that target the machine learning technology implemented in some IT&C solutions; • platforms with machine learning used for DeepFake actions. Adversarial leveraging of machine learning. In the target research phase, attackers or pentesters may use solutions based on machine learning mechanisms. The valuable information may be collected and processed with a combination of natural language processing algorithms, computer vision, and artificial intelligence to highlight possible attack vectors. Several applications based on artificial intelligence have been developed to improve present pentest solutions [4–8]. The pentests done with AI support can be more accurate than automatic scans because they need minor manual proofing and a smaller human resource. Additionally, using fuzzy logic can reveal zero-day vulnerabilities that are not detected by traditional security scanners. Targeting of machine learning. Malicious actors also target artificial intelligence systems by exploiting the implemented machine learning technology. From this perspective of cyber-attacks, and considering the specific processes of a machine learning system, three entities may interfere with the data: the owner of the input data, the computing service provider, and the model provider. In a machine learning system, the data owner sends the data to the computing service provider, which compiles a prediction base on a proprietary model and

18 Privacy-Preserving Framework …

215

sends the results to the beneficiary. The computational operator acts like a Machine Learning as a Service provider or MLaaS. Finally, the MLaaS sends the forecasts to the beneficiary, which uses them to make new suggestions to their customers. Usually, there are two possibilities; the operator can provide the machine learning model as a result of the service or test new samples on request and send back the prediction. If the tasks are distributed between two or more entities, security mechanisms and policies are required. An attacker can enter malformed data into the training sets provided by the data owners. He can also attack the computing service provider’s infrastructure and alter the predictions offered by its model. If the product is the machine learning model itself, then all future forecasts will be affected by the attack. Attacks on machine learning solutions can be divided, similar to pentests, on the premise of the adversary’s knowledge of the system [9]: black-box, white-box, and gray-box. However, Mohammad et al. describe in their paper [10] four types of attacks specific to machine learning systems that must be considered when discussing privacy-preserving frameworks: • reconstruction attack represents an attack in which the opponent reconstructs the raw data from the training set using the extracted feature set. This attack has a white-box approach, which implies that the opponent has access to the extracted features. To defend against this type of attack, the developers of machine learning solutions should avoid algorithms like support vector machine (SVM) and k-nearest neighbors (kNN) or limit access to the resulting model [10–13]; • model inversion attack presumes that the attacker has access to the machine learning model (which does not contain features stored as in SVM) or its results. This black-box approach involves performing queries on the model and comparing the results to determine the training characteristics. It is recommended to return some approximated results (rounding the value or just the class) and restrict the access to the model to limit the impact of this attack [14, 15]; • membership inference attack considers a machine learning model and a sample. The attacker sets out to determine whether his sample is part of the training set. Limiting the result offered to just the belonging class is the most effective risk-reducing measure, although it does not provide 100% safety [16]; • de-anonymization or re-identification is the attack that targets the “anonymized” personal data residing in the publicly available training sets [17]. Anonymizing the data is not enough to protect personal information. DeepFake actions. Machine learning mechanisms have also been successfully applied to create applications that allow DeepFake attacks. DeepFake algorithms can generate fake recordings, images, and videos that cannot be distinguished from authentic ones [18].

216

C. Nil˘a et al.

18.2.2 Possible Solutions Group-based anonymity. Even the earliest machine learning datasets rely on some kind of mechanism that hides sensitive data through anonymization. From medical records [1] to helicopter flight trajectories [19], we can encounter numerous instances where sensitive information has been disguised or removed to protect some entity’s identity. The use of anonymity schemes for dataset generation to leverage machine and deep learning techniques without violating users’ privacy is not a new idea. The concept was initiated by Samarati and Sweeney [20] in 1998 by introducing k-anonymity to address the problem of releasing personal-specific data while safeguarding the anonymity of the individuals. Still, this methodology is subject to some deficiencies, which may lead to personal information deanonymization. Cryptography. For areas where sensitive data is transferred and processed, information security is essential. Machine learning systems are no exception, as they need mechanisms to protect the data they work with, both in the training phase and in production. An effective way to protect the information stored or in transit is data encryption. Both security specialists and attackers use cryptographic algorithms [21]. Most cryptographic algorithms have generally been designed to transmit and store data, and their implementation in machine learning systems usually raises difficulties. To preserve data confidentiality while used and operations are conducted, a new encryption scheme is generally required. Homomorphic encryption (HE). HE is an encryption method that allows any data to remain encrypted while being processed and manipulated. This characteristic is beneficial when the data needs to be processed by a third party (such as an MLaaS provider), allowing the data provider to benefit from the results without disclosing its private information. In a homomorphic encryption scheme, each user has a unique private key with which they perform data encryption. The encrypted data is sent to the MLaaS for processing, usually in the cloud. Prediction algorithms extract specific features and return an encrypted result. This result is returned to the user who decrypts it with his private key. Encrypting a model is simple; employing it in this form comes with certain challenges. An encryption scheme is completely homomorphic when it allows addition and multiplication operations on plain text only by manipulating encrypted data [22]. The project developed by Gentry and some of the FHE schemes designed later are, to some extent, somewhat completely homomorphic (SHE) through bootstrapping [23]. A SHE scheme performs addition and multiplication operations on encrypted data but is limited in the number of such operations due to added noise. This noise, also referred to as padding, ensures protections against chosen-plaintext attacks (CPA). Functional encryption (FE). Functional encryption was proposed in 2005 by Sahai and Waters [24] and consisted of a generalization of public-key encryption in which possessing a secret key allows one to learn a function of what the ciphertext is

18 Privacy-Preserving Framework …

217

encrypting. Although this cryptographic scheme allows computation over encrypted data, most implementations support only limited function classes. Secure multi-party computation (sMPC). sMPC is a subfield of cryptography in which the model protects participants’ privacy from each other. Contrasting traditional cryptographic solutions, where cryptography assures security and integrity of the stored or send data from an outsider, this method allows parties to jointly compute a function over their inputs while keeping those inputs private. An example is SPDZ (pron. “Speedz”), developed by Damgård et al. [25], a somewhat homomorphic model in which the processed data is encrypted. The SPDZ addresses the issue by providing a mechanism that allows different parties to run joint operations on private information to guarantee that only the calculated results will be disclosed [26]. Differential privacy. An algorithm is differentially private if an observer that sees its output cannot tell if a particular individual’s information was used in the statistical dataset’s computation. Dwork et al. [27] concluded that a person’s privacy could not be compromised by a statistical release through ε-differential privacy, offering each individual roughly the same privacy that would result from having their data removed from the dataset. This results in a solid resilience to identification and re-identification attacks. From a deep learning application stand of view, the implementer has to balance the protection of the analyzed data in contrast to its usability.

18.3 Privacy-Preserving Trefoil Model 18.3.1 Model Defining Privacy-Preserving models represent an evolutionary step from the classical ML methodology, emerging in the deep learning field as a need to use more data in the training process without repudiating privacy and security. At first evaluation, we observed the incompatibility that surrounds privacy-preserving techniques and modern deep learning models. We considered three main dimensions that have to be countified while working on a machine learning system, primarily when the case solution is intended for critical domains like cybersecurity, medical, military or similar. We concluded that the data’s sensitivity should define the chosen privacy mechanism. Although limiting sensitive data feed to the model seems like the right move, some DL models require vast amounts of data, including sensitive information, to perform as intended. Another element that needs to be considered is the computational cost. While the processing power has exponentially expanded in the last decade, we still need to consider the networking thruput. 5G promises incredible speeds for Machine Type Communication (MTC), also known as Machine to Machine (M2M). Nevertheless, we should still consider the cost determined by the provided computational power, time, and

218

C. Nil˘a et al.

allocated resources to ensure communication between the beneficiary and the service provider. Due to the repetitive nature of the operations specific to ML systems, we encounter an exponential growth in cost when scaling such a service. Data sensitivity. When discussing specific systems that work with big data, utilizing data science and a wide variety of machine learning techniques, we immediately find ourselves evaluating the sensitivity of the ingested information and the opportunities raised to a potential attacker that could exploit the intended functionalities. Bearing in mind the above classification of privacy-preserving techniques used in machine learning applications, we consider that the most efficient mechanism derives from a differential privacy scheme. Private Aggregation of Teacher Ensembles (PATE) is a machine learning privacypreserving framework proposed by Papernot et al. [28] in 2017, which allows for semi-supervised learning with private data while retaining both intuitive and robust privacy guarantees. This state-of-the-art approach tries to ensure data privacy during training by using the teacher-student model, in which the teacher learns from the private dataset, and the student models learn from the teacher using a voting-based differential privacy method [29]. The student models are still subject to model inversion attacks. Standard PATE can be implemented when the student’s data privacy is not relevant or necessary, or bidirectionally private, which allows the teacher to analyze the data without having access to it as long as the architecture allows Additional Secret Sharing [30]. This differential privacy scheme achieves high privacy guarantees, the model not giving the adversary any confidential information. However, this approach cannot provide accuracy for complex datasets [29]. The added complexity to achieve adequate results on complex data makes it an unreasonable approach for everyday scenarios [30]. Model fidelity. If our model’s accuracy is the most critical dimension for our machine learning prototype, we need to consider cryptographic schemes that allow operations on encrypted data. Data used in machine learning models is often sensitive and may come from several sources with different confidentiality requirements [31]. Regulations such as the NIS [32] and GDPR [33] directives have to be considered when pooling data from various sources to train accurate models. When dealing with customer data that needs to be processed by machine learning model, using the encrypted output in the process may be a reasonable solution that ensures confidentiality and oblige all legal norms. FHE offers the possibility to perform an arbitrary calculation on encrypted data and has no limitations associated with other promising privacy technologies. Another reason for using homomorphic cryptography is when a customer wants a machine learning model to train and use in their own IT infrastructure. There are currently several libraries for implementing open-source homomorphic encryption schemes available under different licenses (e.g., MIT, GNU GPLv3) [34– 39]. Some approaches facilitate the execution of homomorphic algorithms on graphic cards (GPU) to reduce processing overhead up to 100 times:

18 Privacy-Preserving Framework …

219

• cuFHE, or CUDA-accelerated Fully Homomorphic Encryption Library, is a library that implements the TFHE scheme (Fast Fully Homomorphic Encryption Library over the Torus) [37, 40] proposed by Chillotti et al. in CUDA C++. Compared to the TFHE library, which reports the fastest CPU performance, the cuFHE is about 26 times more potent on an NVIDIA Titan Xp graphic card. The cuFHE library benefits from an improved CUDA implementation of the Number-Theoretic Transform (NTT) proposed by Dai and Sunar [41, 42]; • nuFHE is another library that implements the fully homomorphic encryption algorithm from TFHE using CUDA and OpenCL. Unlike TFHE, where Fast Fourier Transform (FFT) is used internally to accelerate polynomial multiplication, nuFHE can use either FFT or NTT. The latter is based on the NTT scheme from cuFHE [43]. Computational cost. For differential privacy and HE schemes, we encounter a substantial computational cost that can be supported internally, or it may be reflected in the price of the MLaaS. If the same entity owns the data, model, and processing capability, it would be inefficient to perform computation on encrypted or hashed out information. Nevertheless, some details could be subject to internal or external policies and may require obfuscation. This scenario is ideal for applying group-based anonymity. Group-based anonymity mechanisms should provide anonymity, unlinkability, and security [44], enhancing privacy. In cybersecurity systems, information that may be anonymized to protect the end user’s privacy includes, without being limited to, IP addresses, usernames, email addresses, and biometrics. This approach allows for efficient anonymized searching of large datasets, such as breached passwords [45]. Privacy-Preserving Trefoil Model. We determined that the three privacy-specific dimensions indispensable for machine learning system design are data sensitivity, model fidelity, and computational cost. Our framework provides a quantifiable scale for machine learning developers. More precisely, it helps the feasibility team identify the levels at which they can compromise and choose an appropriate privacy-preserving scheme for their application. Upon choosing a critical requirement intrinsic for the application design, the proposed framework indicates the most suitable privacy-preserving scheme for the developing architecture (see Fig. 18.1). By aligning the most crucial requirement at the bottom of the framework, the Privacy-Preserving Trefoil Model indicates the necessary implementation for the dataset, making it very intuitive.

18.3.2 Implementation As stated above, our trefoil privacy-preserving model can help developers identify the most suitable solution for the held data and the purpose of the application. This aspect is also valid for applications intended for the cybersecurity domain. Depending

220

C. Nil˘a et al.

Fig. 18.1 Privacy-preserving trefoil model

on our system’s field, we may require vectors of complex features or ones that can be easily anonymized by the techniques mentioned above. For a Security information and event management (SIEM) solution, we can have a holistic approach, combining all the mentioned schemes. We split the privacy problems raised by the SIEM and apply the model for each of them. Basically, we apply algorithms for feature extraction and sensitive information anonymization schemes on the client’s data. For essential elements of the feature vectors, indispensable to the learning process, we apply a context-triggered piecewise hashes (CTPH) algorithm [46]. CTPH or fuzzy hashes can match inputs with homologies, similar inputs exhibiting ordered sequences of identical bytes, although bytes in between these sequences may differ in content and length [47]. Telemetry data can be transmitted between the customer and the service provider through an FHE architecture (see Fig. 18.2). The encrypted machine learning scheme can be implemented in TensorFlow to streamline the process and implicitly minimize the time allocated for processing [48]. Running on the GPU, or even better on the Tensor Processing Unit (TPU), we can reduce the processing time by 100 times. With dedicated systems expressly developed for AI, the efficiency could be increased even more [49]. The SIEMs functions will operate based on a Differential Privacy-based model in which the solution provider hosts the teacher model, and the customer hosts the student model based on a generative adversarial network (GAN) (see Fig. 18.3). The solution provider will train the teacher model with his proprietary Cyber Threat Intelligence (CTI). The teacher model is then used to train the student model, consisting of a generator and discriminator. Random noise is added to the generator to produce fake training data. The teacher model trains the student model using enriched client

18 Privacy-Preserving Framework …

221

Fig. 18.2 Our proposed FHE scheme for telemetric data

Fig. 18.3 Our approach to the differential privacy-based model

data. The student model works by solving a zero-sum game between the generator and the discriminator. Then, the student model is ready to be used for the prediction process. The beneficiary sends queries through the on-premises interface to the student model and receives its predictions. This architecture can use a homomorphic scheme for the interaction between the teacher and the student model.

18.4 Conclusions The machine learning phenomenon faces multiple challenges regarding its implementation in a complex production environment. Data security and confidentiality

222

C. Nil˘a et al.

concerns remain the most crucial issues for resolving and maintaining trust in artificial intelligence-based applications. Predefined security solutions at every developmental level are still susceptible to cyber-attacks, and the successful implementation of privacy-preserving algorithms can significantly contribute to future AI and other big data systems. This study contributes by presenting a new framework for choosing privacypreserving schemes suitable for different applications. We consider that the PrivacyPreserving Trefoil Model should be used in the designing phase of future solutions. It offers an intuitive mechanism for determining the most appropriate privacypreserving scheme at any developing stage, based on the ingested data, applicable machine learning algorithm, or available computational resources. As new privacy and ML-supporting cryptography schemes are proposed and developed, the Privacy-Preserving Trefoil Model can be useful to discern functional structures to fix identified issues. To exemplify the benefits of the framework, we used it to define a SIEM implementation for cybersecurity. The proposed system highlights our approach to a cyber security-specific system that employs ML technology to address common privacy challenges. In our implementation case, we isolate three functionalities of the system where privacy comes to play. For the client dataset used in the training phase, groupbased anonymity seems to be more applicable. Considering that most of today’s solutions are cloud-hosted, we determined that telemetry data should be shared using an FHE scheme, and the analytics capability, custom to SIEMs, could be based on a teacher-student DL model, offering differential privacy. This example shows that homomorphic cryptographic algorithms are not the only solution to machine learning privacy concerns. As further work, it is essential to look at new ways to improve existing implementations and research methods in which other emerging technologies like blockchain can help achieve AI objectives and solve upcoming incitements.

References 1. Witten IH, Data mining with Weka. https://www.cs.waikato.ac.nz/ml/weka/mooc/dataminin gwithweka/slides/Class5-DataMiningWithWeka-2013.pdf. Last accessed 7 Feb 2021 2. Rivest RL, Adleman L, Dertouzos ML (1978) On data banks and privacy homomorphisms. In: Foundation of secure computations. Academic Press, Massachusetts, United States, pp 160–179 3. Gentry C, A fully homomorphic encryption scheme. https://crypto.stanford.edu/craig/craigthesis.pdf. Last accessed 7 Feb 2021 4. ImmuniWeb. https://www.immuniweb.com. Last accessed 6 Feb 2021 5. Pentoma. https://se.works/product/pentoma. Last accessed 6 Feb 2021 6. Wallarm platform. https://www.wallarm.com. Last accessed 6 Feb 2021 7. Takaesu I, Masafumi M, Yoneyama T, GyoiThon: next generation penetration test tool. https:// github.com/gyoisamurai/GyoiThon. Last accessed 7 Feb 2021 8. Takaesu I, DeepExploit. https://github.com/13o-bbr-bbq/machine_learning_security/tree/mas ter/DeepExploit. Last accessed 7 Feb 2021

18 Privacy-Preserving Framework …

223

9. Molloy I, Sinn M, Nicolae I, Adversarial machine learning. http://research.ibm.com/labs/ire land/nemesis2018/pdf/tutorial.pdf. Last accessed 7 Feb 2021 10. Al-Rubaie M, Chang JM (2018) Privacy preserving machine learning: threats and solutions. IEEE Secur Priv Mag 17(2):49–58 11. Kasiviswanathan S, Rudelson M, Smith A, The power of linear reconstruction attacks. https:// simons.berkeley.edu/sites/default/files/docs/1119/kasiviswanathanslides.pdf. Last accessed 7 Feb 2021 12. Cortes C, Vapnik VN (1995) Support-vector networks. Mach Learn 20(3):273–297 13. Altman NS (1991) An introduction to Kernel and nearest neighbor. Am Statistic 46(3):175–185 14. Fredrikson M, Jha S, Ristenpart T (2015) Model inversion attacks that exploit confidence information and basic countermeasures. In: CCS ’15: proceedings of the 22nd ACM SIGSAC conference on computer and communications security. CCS 15 Conference Committee, Denver, Colorado, United States, pp 1322–1333 15. Tramèr F, Zhang F, Reiter MK, Ristenpart T (2016) Stealing machine learning models via prediction APIs. In: USENIX security symposium. Austin, Texas, United States 16. Shokri R, Stronati M, Song C, Shmatikov V (2017) Membership inference attacks against machine learning models. In: 2017 IEEE symposium on security and privacy (SP). IEEE, San Jose, California, United States 17. Lee W-H, Liu C, Ji S, Mittal P, Lee RB (2017) Blind de-anonymization attacks using social networks. In: WPES ‘17: proceedings of the 2017 on workshop on privacy in the electronic society. Association for Computing Machinery, New York, New York, United States, pp 1–4 18. Nguyen TT, Nguyen CM, Nguyen DT, Nguyen DT, Nahavandi S (2019) Deep learning for deepfakes creation and detection: a survey. Comput Vis Patt Recognit 19. Weinert A, Campbell S, Vela A, Schuldt D, Kurucar J (2018) Well-clear recommendation for small unmanned aircraft systems based on unmitigated collision risk. J Air Transport 26(3):113–122 20. Samarati P, Sweeney L (1998) Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. Carnegie Mellon University— Journal contribution 21. Young A, Yung M (1996) Cryptovirology: extortion-based security threats and countermeasures. In: IEEE symposium on security and privacy. IEEE, Oakland, California, United States, pp 129–140 22. Gentry C (2009) Fully homomorphic encryption using ideal lattices. In: STOC ‘09: proceedings of the forty-first annual ACM symposium on theory of computing. Association for Computing Machinery, New York, New York, United States, pp 169–178 23. Graepel T, Lauter K, Naehrig M (2012) ML confidential: machine learning on encrypted data. In: Kwon T, Lee MK, Kwon D (eds) Information security and cryptology—ICISC 2012. ICISC 2012. Lecture notes in computer science, vol 7839. Springer, Berlin, Heidelberg 24. Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: Cramer R (eds) Advances in cryptology—EUROCRYPT 2005. EUROCRYPT 2005. Lecture notes in computer science, vol 3494. Springer, Berlin, Heidelberg 25. Damgård I, Pastro V, Smart N, Zakarias S (2012) Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini R, Canetti R (eds) Advances in cryptology— CRYPTO 2012. CRYPTO 2012. Lecture notes in computer science, vol 7417. Springer, Berlin, Heidelberg 26. Chen V, Pastro V, Raykova M, Secure Computation for Machine Learning With SPDZ. https:// arxiv.org/abs/1901.00329. Last accessed 7 Feb 2021 27. Dwork C, McSherry F, Nissim K, Smith A (2006) Calibrating noise to sensitivity in private data analysis. In: Halevi S, Rabin T (eds) Theory of cryptography. TCC 2006. Lecture notes in computer science, vol 3876. Springer, Berlin, Heidelberg 28. Papernot N, Abadi M, Erlingsson U, Goodfellow I, Talwar K, Semi-supervised Knowledge transfer for deep learning from private training data. https://arxiv.org/abs/1610.05755. Last accessed 7 Feb 2021

224

C. Nil˘a et al.

29. Tanuwidjaja HC, Choi R, Baek S, Kim K (2020) Privacy-preserving deep learning on machine learning as a service—a comprehensive survey. In: IEEE Access. IEEE, pp 167425–167447 30. Aristizabal A, Making PATE bidirectionally private. https://towardsdatascience.com/makingpate-bidirectionally-private-6d060f039227. Last accessed 7 Feb 2021 31. Mohassel P, Rindal P (2018) ABY3: a mixed protocol framework for machine learning. In: CCS ’18: proceedings of the 2018 ACM SIGSAC conference on computer and communications security. Association for Computing Machinery, New York, New York, United States, pp 35–52 32. NIS Directive. https://www.enisa.europa.eu/topics/nis-directive. Last accessed 7 Feb 2021 33. General Data Protection Regulation (GDPR). https://www.enisa.europa.eu/topics/data-protec tion. Last accessed 7 Feb 2021 34. Microsoft SEAL. https://github.com/Microsoft/SEAL. Last accessed 7 Feb 2021 35. Helib. https://github.com/shaih/HElib. Last accessed 7 Feb 2021 36. Ibarrondo A, Gomez L, Python for homomorphic encryption library. https://github.com/iba rrond/Pyfhel. Last accessed 7 Feb 2021 37. Chillotti I, Gama N, Georgieva M, Izabachène M (2016) Faster fully homomorphic encryption: bootstrapping in less than 0.1 seconds. In: Cheon J, Takagi T (eds) Advances in cryptology—ASIACRYPT 2016. ASIACRYPT 2016. Lecture notes in computer science, vol 10031. Springer, Berlin, Heidelberg 38. Ducas L, Micciancio D (2015) FHEW: bootstrapping homomorphic encryption in less than a second. In: Oswald E, Fischlin M (eds) Advances in cryptology—EUROCRYPT 2015. EUROCRYPT 2015. Lecture notes in computer science, vol 9056. Springer, Berlin, Heidelberg 39. TFHE: fast fully homomorphic encryption library over the Torus. https://github.com/tfhe/tfhe. Last accessed 7 Feb 2021 40. Chillotti I, Gama N, Georgieva M, Izabachène M (2017) Faster packed homomorphic operations and efficient circuit bootstrapping for TFHE. In: Takagi T, Peyrin T (eds) Advances in cryptology—ASIACRYPT 2017. ASIACRYPT 2017. Lecture notes in computer science, vol 10624. Springer, Cham 41. Dai W, Sunar B (2016) cuHE: a homomorphic encryption accelerator library. In: Pasalic E, Knudsen L (eds) Cryptography and information security in the Balkans. BalkanCryptSec 2015. Lecture notes in computer science, vol 9540. Springer, Cham 42. cuFHE. https://github.com/vernamlab/cuFHE. Last accessed 7 Feb 2021 43. NuFHE, a GPU-powered Torus FHE implementation. https://nufhe.readthedocs.io/en/latest/. Last accessed 7 Feb 2021 44. Slamanig D, Stingl C (2009) Investigating anonymity in group based anonymous authentication. In: Matyáš V, Fischer-Hübner S, Cvrˇcek D, Švenda P (eds) The future of identity in the information society. Privacy and identity 2008. IFIP advances in information and communication technology, vol 298. Springer, Berlin, Heidelberg 45. Li L, Pal B, Ali J, Sullivan N, Chatterjee R, Ristenpart T (2019) Protocols for checking compromised credentials. In: CCS ‘19: proceedings of the 2019 ACM SIGSAC conference on computer and communications security. ACM SIGSAC, London, United Kingdom, pp 1387–1403 46. ssdeep—Fuzzy hashing program. https://ssdeep-project.github.io. Last accessed 7 Feb 2021 47. Kornblum J (2006) Identifying almost identical files using context triggered piecewise hashing. Digit Investig 3(Supplement):91–97 48. TFEncrypted. https://github.com/tf-encrypted/tf-encrypted. Last accessed 7 Feb 2021 49. NVIDIA A100 Tensor Core GPU. https://www.nvidia.com/en-us/data-center/a100/. Last accessed 2 Feb 2021

Chapter 19

Cyber Security Maturity Model for Critical Infrastructures Aurelian Buzdugan

and Gheorghe Capatana

Abstract Critical infrastructures have one of the most important roles for our economy, society and government. The information systems that are often controlling and managing processes from this type of organizations, must fulfill stringent safety and security requirements. As a result, cyber security management becomes a challenging task due to the number, interdependencies and role that information systems have. In this paper we will propose a model to evaluate the cyber security maturity in critical infrastructures, taking into account both technological and human dimension aspects. This will support decision makers in identifying priorities and gaps when it comes to cyber security. This model will be customized for the given context, however it can be adapted and used by any type of organizations.

19.1 Introduction Cyber risk management can represent a challenge for senior managers or decision makers, due to the simple fact that cyber risks can affect any of organizational processes. The emergence of digital technologies (DT) brings numerous benefits for cost and resource optimization as well as economic competitiveness of an enterprise. However, DT also introduces new cyber security risks in the organization. The perceived link between cyber risks and technology has established the mindset that DT improvements are solutions for minimizing cyber risks. On the other side, the human dimension is a very complex domain and its role is often underestimated when it comes technology or managing cyber risks. Therefore, from the critical infrastructure (CI) organizational standpoint it would be necessary to holistically identify the priorities and areas that require attention, in order to ensure that information and operational technologies are secure. We consider that a decision support system (DSS) can be an efficient solution for managing cyber risks in CI domain. Previously, we have elaborated the architectural considerations for the language and presentation systems for the proposed DSS. A. Buzdugan (B) · G. Capatana Moldova State University, Chisinau, Moldova © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_19

225

226

A. Buzdugan and G. Capatana

The remaining architectural items of a DSS, the problem solver and database and knowledge base system, are heavily related to the technology, algorithms and models used. These architectural systems can be considered as the backbone of the DSS. On the other side, human factor elements are most of the times identified as causes of cyber incidents [1, 2], and can have a significant impact upon the perceived efficiency of a DSS. Therefore, we believe that a complete overview is key in ensuring that the DSS is accepted and will fulfill the predefined scope in the organization. In the context of improving cyber risks management in the CI, we identified solutions related to the DSS user interface, human factor elements, result format and content, or organizational policies [3]. We believe solutions that reduce negative impact of human factor have a major role in the efficiency of the DSS, and furthermore upon the cyber risk management process in the organization. Nonetheless, there are also recommendations in terms of technology that can help improve a system and reduce costs, such as the use of common taxonomies or standards. Having so many elements to focus on can create confusion. We consider that a holistic assessment in order to establish priorities for improving the cyber risk management would improve the overall security stance of the CI. For this scope, we want to propose a rating model that will help identify the major issues preventing the development of the cyber security culture. To build this model, we will relate to the findings and recommendations on the analysis of human dimension impact upon the proposed DSS [4], as well as extend upon existing frameworks such as Human Factor Integration [5]. In next sections, we will evaluate the current state of art of evaluating human dimension in relation to information systems as well as the impact of human dimension upon the cyber security. Afterwards, we will describe a proposed model to evaluate the cyber security maturity in critical infrastructures. We will conclude with the potential use cases for implementing the proposed model, as well as the main findings of this research.

19.2 Current Research in This Area As a result of a previous review, we found that DSS for cyber risks management in CI were only partially explored, however no references to systems in production were found [6]. Taking into account that an analysis for the specific problem was performed, we will conduct a brief study on the impact of human dimension among all information systems, however maintain focus for the critical infrastructure domain. We chose as methodology the selective literature review, which will allow us to summarize the current state of art of impact and solutions of human factor elements in information systems. We performed a query using the terms “human factor” and “role” and “information systems” and “critical infrastructure”, as we believe this would cover the research question. The selected publisher for querying was SpringerLink, which represents an online collection of scientific and technological journals or books. Based on the initial query, a total of 165 results were returned. Afterwards, we performed another

19 Cyber Security Maturity Model for Critical Infrastructures

227

query and replaced the term “human factor” with “human dimension”, as these terms are most frequently used. We found another 18 papers and books, 4 of which were duplicates from the initial search. Therefore, we note that “human factor” is a more commonly used term, which is mentioned in the majority of relevant studies. Further on, we did a triage on the studies found by examining the title, keywords and abstracts. In the end, 25 studies were selected which best match the research question. We will summarize the main findings and comment upon their impact upon the research question. The first impression created by the studies could be biased as only one platform was used for querying. However, we note that the majority of research is focused on technological solutions. The same observation is mentioned in one of the studies, which mentions that the initial goal of technology as solution to improve the humansolver, is ignored shortly after the system was implemented [7]. The implication of human dimension in information systems has been analyzed since decades [7, 8], and studied from different standpoints. From one side, the focus of senior management is to invest in technical solutions [1], as there can be significant impact if systems are unusable and don’t meet the scope [7]. However, human factor is still identified as source of many incidents [1, 2], and there are consequences that derive from human error [9], that are used as attack techniques, such as social engineering to compromise the network of a CI [10]. Furthermore, no matter of the impact and role that human dimension has in relation to information systems, most of the studies identified solutions that focus on technology [11, 12]. We found other human factor elements being identified as potential causes, such as cognitive and affective reactions in relation to information systems [3] or behavioral reaction in critical moments [13, 14]. Among the solutions discussed for improving human dimension stance, the most common recommendation is to improve training and raise awareness [11]. There are also solutions to improve organizational as well as national policies [2], or improve systems from technical point of view based on requirements derived from the human dimension perspective, such as work domain analysis, human factor engineering concept [15], or ergonomics for ensuring safety of end-users [16]. The design phase is also tackled in several papers in relation to implementing the needs of end-users [8]. Among the effects that can originate from the design phase are: the cost of ignoring the human dimension, the influence of designer [7] and influence of developer upon the system [17]. Another critical aspect is the crossdomain knowledge and language used [7], which can have an impact upon the final product. Moreover, the importance of presentation format and content upon system acceptance [7], quality of decisions [18] or information security behavior [19], were also among the addressed topics. We note that there is a research convergence that efficiency and productivity is heavily dependent on the human dimension, which is often perceived as the weakest link [2], but also as the solution [11]. In more recent studies, the topics of ethics for a responsible development process [20], as well as guidance on safe use of using artificial intelligence [21] are on the rise. We also note a shift in perceiving resilience as the combination of social

228

A. Buzdugan and G. Capatana

and organizational factors, and not solely from application or hardware perspective [2, 12]. Overall, we see that that the human dimension is partially considered when it comes to usability, efficiency or benefits of an information system. However, we note that the analysis of factors and solutions is fractional, as there is no holistic view or approach. Whereas some solutions focus on reducing negative impact of certain human factor elements, we find there is space to interpretation in understanding what would be the approach and desired end results. On the other side, technological improvements are identified the most often as solutions, even to known human factor errors.

19.3 Cyber Security Maturity Model Based on the results of the selective literature review as well as from previous studies [4], we consider that a model that would allow decision makers to have a holistic assessment upon the organizational cyber security stance, starting from human factor up to technology, would drastically improve the efficiency of the cyber risk management process. This will also assist decision makers in the process of evaluating the security maturity level in a CI, and could be complementary to existing models, for example the ones used for evaluating the safety program. Compared to existing frameworks, such as Human Factors Integration (HFI) that focuses on acquisitions in the defense sector and is specific due to the domain and requirements, we want to build a model that is simple to read and comprehend by CI decision makers, or even operators. In addition, we will propose different levels that would contain known cyber security issues or barriers, when it comes to operational technologies used in a CI. In addition, this model will also serve as means to evaluate the current cyber security culture. As this model is multidimensional, it can also serve as a means to evaluate of performance and features offered by the problem solver and knowledge base system, which are components of the DSS. Moreover, it can also serve as a model to be implemented in the problem solver system. For example, some of the attributes can be assessed by the DSS and automatically updated. This will help decide cyber risk management can be improved via technological improvements or actions in relation to human dimension. The premise for constructing such a model is driven by the fact that cyber risk management is a socio-technical process, due to the impact that human dimension has upon the security of the system. From the organizational standpoint, ensuring that cyber security is adequately tackled can contribute to other development goals, such as economic competitiveness [22]. Additionally, some of the selected study also highlights the difficulties of conducting risk assessment for complex and interconnected systems [23], which the CI represent. Moreover, Linkov recommends to build new management systems to address risks from different domains of cyber systems, from different perspectives, such as physical, cognitive or social [24, 25].

19 Cyber Security Maturity Model for Critical Infrastructures

229

In order to ensure the integration of the model into the current environment of the CI, as well as for optimization purposes, we will relate to existing frameworks used to assess the security culture in domains with stringent safety and security requirements [26, 27]. The proposed model is customized for the CI domain, however it can be used as a reference for other types of information systems or domains. We will use attributes related to human factor elements that were previously identified as required for evaluation in the context of the proposed DSS [3, 4]. The most important aspects used, but not limited to, are: perception, impact and self-efficacy in terms of cyber risks, organizational culture, professional skills, resilience, evaluation of impact, cost of a cyber security incident as well as the Technology Acceptance Model [4, 5, 28, 29]. We will use five levels to evaluate the general cyber risk management maturity that will comprise both technological and human dimension criteria. The levels range from “Very High” to “Very Low”. The “Very High” level would correspond to the highest values for all criteria, starting with administrative and policy level, up to cyber training and performance. The model will contain criteria for each of the categories that we identified as part of a cyber security program. The condition we followed was to describe in general terms the conditions that have to be met for ensuring an adequate cyber security maturity in a CI organization. Based on our assumptions, most CI should aim to reach the High or Very High level. An additional advantage of the structure of this model, is that organizations can evaluate their stance and identify the criteria that require attention. For example, one organization might assess that it meets three criteria for the High level, however one criterion corresponds to Low level. This might be used as an input to further improve the insufficient criteria. While we believe that most of the criteria are inter-correlated, there can also be cases when a certain criterion is significantly below or above the other criteria. This can show that the security program is not holistically overseen and there are areas that require urgent attention. However, this can also show the beginning of a change in the organization. One example in this sense would be the adoption of new organizational policies and structures that identify and prioritize a cyber security program, and establish new policies and functions. It is a time and resource question, to ensure that the other criteria, such as education, cyber risk management or work environment are improving and meeting the conditions for the desired level. The proposed DSS for cyber risk management in CI can be integrated with this model. From one side, the cyber security model will ascertain whether conditions such as administrative policies or education are supporting adequately the cyber risk management process. This can reflect upon the perceived and actual efficiency of the DSS in the organization. From another perspective, this model can be supported by the DSS and present a high-level overview of this topic to decision makers. Therefore, we consider this model as complementary to the DSS in any CI, no matter of the form or means in which it is used (Table 19.1).

230

A. Buzdugan and G. Capatana

Table 19.1 Cyber security maturity model Definition of category and attributes Category I: Very high Administrative criteria Requirements for cyber security and resilience are considered from the design and system evaluation phase, and are acknowledged as the combination of technology and human dimension In the decision-making process, cyber security and resilience factor have a higher weight compared to costs The responsibilities for cyber security are clear and well defined according to the respective structure and functions. The information exchange process is well established vertically and horizontally, including externally Management and monitoring functions are established and have a major role in the decision-making process Education and assessment criteria Regular training programs are established and reviewed based on existing good practices in the field. Training is performance based and contains assessments Training program takes into account human dimension. Training for information system end-users is mandatory Procedures and requirements apply to the all roles within the organization. The assessment considers the real impact and risk of this factor Compliance with performance-based indicators is mandatory to perform operational tasks Work environment criteria Work environment and policies are staff friendly; feedback is positive All staff understand the impact of cyber threats, attack vectors and system vulnerabilities impact, and are able to implement the necessary mitigation and prevention according to their role The degree of social comfort of workers is considered as an important factor Cyber risk management criteria Cyber risk management is well defined on the best practices and integrated with the organizational risk management. Cyber risks are managed from both technological and human dimension perspectives Cyber risks are understood and recognized from senior management/decision makers/individuals Training and tabletop exercises are common and cover real-life scenarios DSS is used for critical tasks; automation for tasks is implemented at full extent possible; the supervisory roles are assigned accordingly to the position held Technology Acceptance Model has very high indicators Category II: High Administrative criteria Requirements for cyber security and resilience are inherited from organizational/national policies or regulations, and are acknowledged as the combination of technology and human dimension The cost factor has a minor influence on decision-making, at times it can have the same weight compared to functional requirements (continued)

19 Cyber Security Maturity Model for Critical Infrastructures

231

Table 19.1 (continued) Definition of category and attributes There is a function in charge of cyber security. The information exchange can take place both vertical and horizontal, but also with external parties Management and monitoring functions are established, however don’t have a role in the decision-making process. This responsibility belongs to the higher administrative staff Education and assessment criteria Regular training programs are established, and cover most of the organization processes. Training is performance based and contains assessments Training program takes into account human dimension. Training for information system end-users is selective Procedures and requirements apply to the majority of the organization only to mandatory for high-risk roles. The assessment considers the real impact and risk of this factor Minimum performance-based indicators are defined to perform operational tasks Work environment criteria Work environment and policies are oriented to minimize most of the negative impact of potential human factors The potential impact of cyber threats upon operational technologies is understood by the entire organization, however there is a gap in acknowledgment self-efficacy in deterring and preventing these The degree of social comfort of workers is considered during policy development Cyber risk management criteria Cyber risk management is defined and integrated with the organizational risk management. Cyber risks are managed from both technological and human dimension perspectives Cyber risks are understood and acknowledged by senior management/decision makers and most of operators. Risks assessed as impactful, are adequately and timely managed Training programs and exercises are defined and institutionalized DSS are used in critical tasks where possible. Automation is partially used. There is a great dependence on information systems for operational processes Technology Acceptance Model has high indicators Category III: Average Administrative criteria Requirements for cyber security and resilience are considered by senior management as technology related The cost factor can have at time higher weight compared to functional requirements Education and assessment criteria Regular training programs are set for all users. These include formal and general aspects related to the organizational processes Training program take into account only certain human factor elements. Training for information system end-users is optional Procedures and requirements apply to selectively roles based on the risk profile. The assessment is in correspondence with selective roles (continued)

232

A. Buzdugan and G. Capatana

Table 19.1 (continued) Definition of category and attributes Minimum indicators to perform operational tasks are related to completion of training or development programs, however training programs are perceived by all as a burden Work environment criteria Work environment and policies minimize of the only major negative impact of potential human factors The potential impact of cyber threats upon operational technologies is partially acknowledged The degree of social comfort of workers is considered a partially important factor, thus feedback is satisfactory Cyber risk management criteria Incident management, monitoring and instrumentation are oriented to follow good practices and standard Risk treatment focuses mainly on high risks, and is often seen as a technological improvement. Potential impact of cyber risk is acknowledged partially in organization Training programs and exercises are periodically defined and institutionalized DSS are used only by certain users and for most of the critical task; most needs are covered by DSS, but its performance and benefits are seen as average Technology Acceptance Model has average indicators Category IV: Low Administrative criteria Requirements for cyber security and resilience are inherited from regulations outside the organization, however not considered to the full extent in the technology, nor organization. The main resilience factors are only related to safety of the CI Costs represent leading factors in decision making, often in the disadvantage of functional requirements Education and assessment criteria Training for information system end-users is seen as necessary only for limited technical roles Generic strategies and general training programs are defined, which also contain a cyber security aspect Procedures and requirements apply to selectively roles based on the risk profile, however the importance and beneficial impact of training is not acknowledged. The assessment is formal and does not take into account the real impact and risk Work environment criteria Work environment and policies are formally in place and considered selective as results of incident among the staff The potential impact of cyber threats upon operational technologies is not acknowledged. The cyber security culture is assessed limited in terms operational needs The degree of social comfort of workers is not considered an important factor. The feedback is below average Cyber risk management criteria Incidents are identified by operators and managed ad-hoc procedures close to standardized ones (continued)

19 Cyber Security Maturity Model for Critical Infrastructures

233

Table 19.1 (continued) Definition of category and attributes Cyber risks are acknowledged, however required support is offered only under pressure of circumstances Training programs and exercises are occasionally organized DSS are used for basic tasks; while certain use cases are implemented—only some are used; the benefits of IS are seen as reduced Technology Acceptance Model has low indicators Category V: Very low Administrative criteria Decision makers do not recognize the importance of cyber security and resilience of information systems. These requirements are perceived from all points of view as a burden on the basic technological process. Importance to these criteria is usually given temporarily, after an incident has already occurred Costs represent determinant factors in decision making Education and assessment criteria The training program is formalized to the maximum, often exclusively through reports and recordings without live sessions The value of training and exercises is not acknowledged, and is considered a burden. The training is seen mostly as compliance requirement Work environment criteria The working environment and policies are not considered, nor formally adopted The importance of cyber security for operational systems is understood only by some individuals. This fact is not reported, nor escalated Cyber risk management criteria Incidents are most often elucidated by external entities followed by a management of occasional operating procedures DSS are not available; if available—are not used and the benefits are not recognized Technology Acceptance Model has very low indicators

19.4 Conclusions The categorization and definition regarding cyber security cannot be universal, therefore the proposed model can be extended or reduced depending on the requirements and needs of the organization. We have adapted it to the critical infrastructure domain, and included as attributes the most common issues and barriers in advancing cyber security in such organizations. The criteria are transparently formulated, in order to ensure that the model can be adapted by other organizations. Among the most important attributes, having individual responsibility for the cyber security is a challenge for all domains. No matter of how far digitalization process is, many times cyber security is viewed as someone else’s problem, or a technology problem. In order to ensure that risks are identified and mitigated timely, it is trivial to have the entire organization on board, and the support of senior managers.

234

A. Buzdugan and G. Capatana

The integration of IT in operational technologies is another attribute, heavily interconnected with other. By understanding the impact of cyber threats upon processes in a CI, as well as self-efficacy factor, cyber risk management will become much more efficient. The change from having incidents or vulnerabilities reported from external entities, to having them identified internally, is an attribute that can define the level of cyber security in an organization. Moreover, in the case when human dimension is among the leading causes for cyber security incidents, a well-developed and comprehensive cyber security program can ensure that CI organizations fulfill their mission safely and securely. The human dimension also goes through a continuous change. Adapting the routines, procedures and evaluations to cover new type of threats has to start from the individual level. Technologies are not the sole and only solution to improve the cyber security culture. Whereas the perception is still as such, the results of the selective literature review show that there is a consensus that human factor elements play an important role in relation to information systems. Therefore, a continuous and complex training program can minimize risks from the negative impacts of the human dimension. We believe this model is easy to read to adapt to the needs and requirements of each organization. We consider that the simplicity and clarity increase the adoption rate in organizations, while keeping costs and effort low. This model can support a better decision-making process in terms of cyber risk management, as it can show the areas that require attention in order to increase the maturity level. Moreover, it is multidimensional and can both be used to assess the efficiency of the proposed DSS from the technological and human dimension standpoint, but also, serve as a baseline for the features or algorithms developed within the problem solver system in a DSS.

References 1. Leszczyna R (2019) Cybersecurity controls. In: Cybersecurity in the electricity sector. Springer, Cham. https://doi.org/10.1007/978-3-030-19538-0_7 2. Giacomello G, Pescaroli G (2019) Managing human factors. In: Kott A, Linkov I (eds) Cyber resilience of systems and networks. Risk, systems and decisions. Springer, Cham. https://doi. org/10.1007/978-3-319-77492-3_11 3. Buzdugan A, Capatana Gh (2020) Decision support systems for cyber risk management. In: Proceedings of the workshop on intelligent information systems WIIS2020, December 04–05, 2020, Chisinau, Republic of Moldova 4. Buzdugan A, Capatana Gh (2021) Impact of Human Dimension upon Decision Support Systems. In: Romanian J Inf Technol Autom Control 31(3):31–44 5. Davis F (1989) Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Q 13(3):319–340 6. Buzdugan A (2020) Review on use of decision support systems in cyber risk management for critical infrastructures. J Eng Sci XXVII(3):134–145. https://doi.org/10.5281/zenodo.3949684 7. Ledgard H, Singer A, Whiteside J (1981) Directions in human factors for interactive systems. In: Ledgard H, Singer A, Whiteside J (eds) Directions in human factors for interactive systems.

19 Cyber Security Maturity Model for Critical Infrastructures

8.

9.

10. 11. 12.

13. 14.

15.

16.

17.

18.

19.

20. 21.

22.

235

Lecture notes in computer science, vol 103. Springer, Berlin, Heidelberg. https://doi.org/10. 1007/3-540-10574-3_2 Krückeberg F (1983) Human factor aspects in organizations and information systems supporting them. In: Blaser A, Zoeppritz M (eds) Enduser systems and their human factors. IBM 1983. Lecture notes in computer science, vol 150. Springer, Berlin, Heidelberg. https:// doi.org/10.1007/3-540-12273-7_20 Altaf A, Faily S, Dogan H, Mylonas A, Thron E (2020) Identifying safety and human factors issues in rail using IRIS and CAIRIS. In: Katsikas S et al (eds) Computer security. CyberICPS 2019, SECPRE 2019, SPOSE 2019, ADIoT 2019. Lecture notes in computer science, vol 11980. Springer, Cham. https://doi.org/10.1007/978-3-030-42048-2_7 Ghafir I, Saleem J et al (2018) Security threats to critical infrastructure: the human factor. J Supercomput 74:4986–5002. https://doi.org/10.1007/s11227-018-2337-2 Mushi M, Dutta R (2018) Human factors in network reliability engineering. J Netw Syst Manage 26:686–722. https://doi.org/10.1007/s10922-017-9440-1 Anderson T, Busby J, Gouglidis A, Hough K, Hutchison D, Rouncefield M (2020) Human and organizational issues for resilient communications. In: Rak J, Hutchison D (eds) Guide to disaster-resilient communication networks. Computer communications and networks. Springer, Cham. https://doi.org/10.1007/978-3-030-44685-7_32 Padayachee K (2012) Taxonomy of compliant information security behavior. Comput Secur 31(5):673–680. https://doi.org/10.1016/j.cose.2012.04.004 Safa NS, Sookhak M, Von Solms R, Furnell S, Ghani NA, Herawan T (2015) Information security conscious care behavior formation in organizations. Comput Secur 53:65–78. https:// doi.org/10.1016/j.cose.2015.05.012 Wang H, Lau N, Gerdes R (2012) Application of work domain analysis for cybersecurity. In: Tryfonas T (eds) Human aspects of information security, privacy and trust. HAS 2017. Lecture notes in computer science, vol 10292. Springer, Cham. https://doi.org/10.1007/978-3319-58460-7_27 Górny A (2014) Human factor and ergonomics in essential requirements for the operation of technical equipment. In: Stephanidis C (eds) HCI international 2014—posters’ extended abstracts. HCI 2014. Communications in computer and information science, vol 435. Springer, Cham. https://doi.org/10.1007/978-3-319-07854-0_78 Guveyi E, Aktas MS, Kalipsiz O (2020) Human factor on software quality: a systematic literature review. In: Gervasi O et al (eds) Computational science and its applications—ICCSA 2020. ICCSA 2020. Lecture notes in computer science, vol 12252. Springer, Cham. https:// doi.org/10.1007/978-3-030-58811-3_65 Pommeranz A, Broekens J, Wiggers P et al (2012) Designing interfaces for explicit preference elicitation: a user-centered investigation of preference representation and elicitation process. User Model User-Adap Inter 22:357–397. https://doi.org/10.1007/s11257-011-9116-6 Orehek Š, Petriˇc G, Šinigoj J (2020) Assessing the human factor of cybersecurity: can surveys tell the truth? In: Stephanidis C, Marcus A, Rosenzweig E, Rau PLP, Moallem A, Rauterberg M (eds) HCI international 2020—late breaking papers: user experience design and case studies. HCII 2020. Lecture notes in computer science, vol 12423. Springer, Cham. https://doi.org/10. 1007/978-3-030-60114-0_18 Schieferdecker I (2020) Responsible software engineering. In: Goericke S (eds) The future of software quality assurance. Springer, Cham. https://doi.org/10.1007/978-3-030-29509-7_11 European Commission: Ethics Guidelines for Trustworthy AI, p. 41. European Commission High-Level Expert Group on Artificial Intelligence, Brüssel (2019) https://ec.europa.eu/dig ital-single-market/en/news/ethics-guidelines-trustworthy-ai. Last accessed 31 Jan 2021 Buzdugan A (2014) IT Security as a driver of economics competitiveness. In: International conference—SMEs development and innovation: building competitive future of South-Eastern Europe: book of abstracts/international conference, Ohrid, 3–4 October, 2014.—Prilep: Faculty of economy, 2014.—155 ctp.; 23 cm ISBN 978-9989-695-55-1. https://doi.org/10.13140/2.1. 4082.4324

236

A. Buzdugan and G. Capatana

23. Linkov I, Kott A (2019) Fundamental concepts of cyber resilience: introduction and overview. In: Kott A, Linkov I (eds) Cyber resilience of systems and networks. Risk, systems and decisions. Springer, Cham. https://doi.org/10.1007/978-3-319-77492-3_1 24. Linkov I, Eisenberg DA, Bates ME, Chang D, Convertino M, Allen JH, Flynn SE, Seager TP (2013) Measurable resilience for actionable policy. Environ Sci Technol 47(18):10108–10110 25. Linkov I, Eisenberg DA, Plourde K, Seager TP, Allen J, Kott A (2013) Resilience metrics for cyber systems. Environ Syst Decis 33(4):471–476 26. Buzdugan Ar, Buzdugan Au (2014) The increasing role of TSO in the Moldovan nuclear and radiological infrastructure. In: International conference on challenges faced by technical and scientific support organizations (TSOs) in enhancing nuclear safety and security, IAEA CN-214 27. Buzdugan Au, Buzdugan Ar (2015) Information security development in the Moldovan nuclear and radiological infrastructure. In: IAEA international conference on computer security in a nuclear world: expert discussion and exchange, 1–5 June 28. Schepers J, Wetzels M (2007) A meta-analysis of the technology acceptance model: investigating subjective norm and moderation effects. Inf Manage 44(1):90–103 29. Legris P, Ingham J, Collerette P (2003) Why do people use information technology? A critical review of the technology acceptance model. Inf Manage 40(3):191–204. https://doi.org/10. 1016/S0378-7206(01)00143-4

Chapter 20

A GIS-Based Approach in Support of Monitoring Sustainable Urban Consumption Variables Julian Vasilev , Maria Kehayova-Stoycheva , and Boryana Serbezova

Abstract Urban consumption is critical to achieving the UN’s sustainable development goals. In recent years, the tendency of the earth’s population to concentrate in urban settlements has become increasingly clear. This brings to the fore the task of managing the consumption of cities. Sustainable urban consumption management processes require constant monitoring of key indicators and variables related to it. Maintaining good information of the solutions for sustainable consumption management of the cities requires maintaining adequate data and information. For various reasons, local administrations are not always able to provide the necessary data to derive up-to-date levels of monitoring variables and trends. Such problems put the whole system for monitoring variables for sustainable consumption to the test. The purpose of this article is to show the application of a GIS-based approach to vectorize cadastral data in support of monitoring sustainable urban consumption variables. The main approach is giving a methodology for using raster data, their vectorization in GIS and analysis of the vectorized data with Delphi. The use of free GIS software and a Delphi program allows fast calculations of the density of built area within several seconds. The practical implication of the research is for people who want to make fast and reliable analysis of raster data concerning the calculation of the density of built area. The research is funded by the Research Fund of Republic of Bulgaria in 2019 and is part of the scientific project “Sustainable Urban Consumption – Regional Diversity” № KP-06-H35/7.

J. Vasilev (B) · M. Kehayova-Stoycheva · B. Serbezova University of Economics Varna, Varna 9002, Bulgaria e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_20

237

238

J. Vasilev et al.

20.1 Introduction 20.1.1 Current State and the Need of This Study The application of the principles of sustainable development [23] in populated areas and especially in the cities is of particular relevance to the speed of civilization’s transition into a sustainable one. The cities continue to be the key source of the GDP in Europe and therefore the problem of sustainable urban development is of major importance. The cities are the main resource consumers. Transforming the urban territories to a healthy, attractive and filled with life and energy places that ensure the quality of life to their current and future citizens is the core idea of the cities’ policies in EU and around the world. One of the key European documents regarding this matter is the Leipzig Charter on Sustainable European Cities, adopted in 2007, with which the ministers with responsibility for urban development agreed that the cities’ management should consider all dimensions of sustainable development with the same weight: economic prosperity, environmental balance and healthy environment as well as cultural aspects. To implement this policy, it is important for all entities, other interested parties and the society as a whole to work in cooperation and synergy. Two dimensions are very important to achieve such goals. The first is related to the overall management of the urban system. It refers to the overall policies and their implementation by the city administrations and can provide the framework for sustainable functioning of the urban system. This includes the managing of the sustainable consumption in the city. The second dimension is related to the functioning of families and households, specifically consumption. This study is part of a 3-year research project funded by the Research Fund of the Republic of Bulgaria entitled “Sustainable urban consumption – regional differences” № KP-06-H35/7. One of the tasks of the research team is to create a system of variables that will allow local administrations to monitor the sustainable consumption of the city. The data collection process encountered difficulties because for a large part of the variables secondary data could not be provided by the Territorial Statistical Offices. Some of the data has to be extracted from public datasets, containing row data in different form. The purpose of this article is to show the application of a GIS-based approach to vectorize cadastral data in support of monitoring sustainable urban consumption variables. The main approach is giving a methodology for using raster data, their vectorization in GIS and analysis of the vectorized data with Delphi. The use of free GIS software and a Delphi program allows fast calculations of the density of built area within several seconds. The practical implication of the research is for people who want to make fast and reliable analysis of raster data concerning the calculation of the density of built area.

20 A GIS-Based Approach in Support …

239

20.2 Literature Review 20.2.1 Literature Review Concerning Sustainable Urban Consumption Variables In recent years, issues of sustainable consumption have been the subject of research in a number of scientific publications [3, 4, 6–8, 15–17, 21, 25]. There are relatively few studies that focus on sustainable urban consumption, and even fewer on generally accepted monitoring methodology. For the construction of the system of variables for monitoring consumption at the city level, a basic framework and guidelines can be found mainly in reports and documents of world organizations [18, 24]. One of the variables that have an important starting point for forming a decision on whether consumption in a city is sustainable is the density of built-up area of the city. In order to be accurate, it is necessary to include information both on the built-up living area and on the built-up area of the plots with industrial or public purpose. This variable gives a clear orientation of how densely the territory of a city is covered with buildings. Derived variables can be calculated, such as: water consumed per unit built-up area; consumed electricity per unit of built-up area, etc. In this way, good comparability between different cities can be ensured. The National Statistical Institute monitors only the living built-up area, which creates conditions for distortion of the whole picture. Such information is contained in the cadastral maps, but the Cadaster Agency also does not maintain summarized data on the density of general construction in the settlements. This necessitates the search for an innovative solution for extracting such information from the public registers of the Cadaster Agency of the Republic of Bulgaria.

20.2.2 Literature Review Concerning IT Aspects of This Study The use of GIS is quite common for solving spatial tasks. In many cases [2, 9, 12, 14] GIS are used together with another software, e.g. artificial neural network or a specialized program. The idea is to make prediction based on using current data for several time periods [10, 19]. This idea may be useful in the current context since the proposed methodology may be used for screening the density of built area for several time periods. Analyzing the current state of epidemic situation with GIS is a popular approach [20] when describing and visualizing processes of COVID-19 on a map. In these cases, GIS retrieve data from databases [13] and specialized software programs are written (sometimes in R).

240

J. Vasilev et al.

All digitalization techniques require time [22]. Using GIS for vectorizing is a timeconsuming operation. Thus, performance issues and using the appropriate algorithm [1, 5, 11] are crucial when using GIS.

20.3 Materials and Methods 20.3.1 A Brief Description of the Proposed Methodology Analyzing data using GIS is an interesting and challenging task. Many researchers have worked so far and good practices are available. Even though some operations in GIS (e.g. vectorization of raster data) require large amount of time (they are timeconsuming). Moreover, the vector data created through vectorization of raster data have to be purified. A process that is also time-consuming. Solving these two main problems a new methodology is offered. The Bulgarian geodesy, cartography, and cadaster agency (https://kais.cadastre. bg/en) provides geo data. But this service is paid and it quite expensive if one wants to get data for a region. Geodesists buy vector data for a parcel and building. The calculation of the service is made on each point. Getting all vector data for a region is quite expensive and time-consuming. The geodesist has to make several queries for each parcel and each building. Raster data from the Agency is free, but it has to be digitized to become vector data. The process of digitizing raster maps and converting them to digital vector data is done using GIS software. Automatic digitizing functions are available in most GIS software. The whole process is time-consuming. At the end manual fixing and manual purifying of vector data is done. Scaling down the raster image is process with loss of data. All these difficulties opened an advantage to propose a new methodology for fast and reliable conversion of raster data into vector geo data. Firstly, data is taken from the official website of the cadaster. Data may be taken in raster format or just a screenshot is taken. Raster data is saved as a TIF file. No scale down is done, because we do not want to lose data. Secondly, the free version of the GIS software Easy trace is used for vectorization. The vectorization process is used to clear the noise from the image. The actual conversion from raster to vector data is not done in Easy trace, due to the need of lots of efforts in manual fixing of vector data. Easy trace is used for clearing the noise of the image. After vectorization, the image is transformed as a JPG and a BMP file with 24-bit color. Thirdly, the image is analyzed in a Delphi program, pixel by pixel and the density of built area is calculated. The analysis categorizes each pixel: (1) as pixel from a parcel (land) or (1) as a pixel from a building. Using only GIS, the vectorization process takes several hours. Using GIS and a Delphi program the whole process of calculating built area takes about 3 s for an image with 900 000 pixels.

20 A GIS-Based Approach in Support …

241

Fig. 20.1 Screen shot from kais.cadastre.bg for part of region “Primosrski”, district “Euxinograd” of Varna

20.3.2 A Detailed Description of the Proposed Methodology The website of the cadaster of Bulgaria is used (https://kais.cadastre.bg/). Different regions of Varna have different normative for the indicator density of built area. One of the regions of Varna is used, where the allowed built area is 25%. It is a normal situation to have a parcel with built area that is less than 25%. Some parcels may have greater built area in case of the existence of illegal buildings. It must be noted that our analysis is based on the geodesical network, not on the administrative division of town of Varna. Administrative regions have the form of a polygon. The geodesical network allows using rectangular areas. In this example rectangular area is used of a region of Varna on the way to the “Golden sands” resort before the “St. St. Constantine and Elena” resort (see Fig. 20.1). On the first step, this image is copied with the Print Screen button. It is copied in Paint and saved as a JPG (or TIF file). An operation that takes several seconds. The image is not scaled down. On the second step of the proposed methodology the image in imported into Easy Trace Pro 8.65 FREE (www.easytrace.com). A special procedure “Subject layer extraction” is executed (see Fig. 20.2). The vectorization process requires a lot of time—several hours. Manual fixing of parcels takes additional time. That is why some image conversions are done in Easy Trace Pro 8.65. The command is Edit/Subject layer extraction. Subject layer extraction does some work like vectorizing raster data. Roads, borders of parcels, green areas and filling of parcels (unbuilt area) are cleared—given in white color. Buildings and the main road are left on the image (see Fig. 20.3).

242

Fig. 20.2 Subject layer extraction in Easy Trace PRO

J. Vasilev et al.

20 A GIS-Based Approach in Support …

243

Fig. 20.3 The image of the region after executing the procedure “Subject layer extraction”

The procedure “Subject layer extraction” takes less than a second. The image is saved as a BMP file with 24-bit color. This image may be digitized in GIS. In other words, we may try to vectorize this raster image. Several tests are made using the “Auto trace” function in several open source and free GIS software. The procedure took several hours, and the results were not satisfactory. Using rasterized images from screen captures is not a good approach, because a lot of pixels are lost from the original image. Moreover, if the image is scaled down, pixels are lost. That is why we decided to analyze the image pixel by pixel with a computer program. The third step of the methodology is analyzing the image in a computer program. Since we do not have such a program, its source code is written in Delphi. The idea of the program in Delphi program is to read the image pixel by pixel and to count all pixels that are not white (see Fig. 20.4). Since the built area is in some nuances of bright brown color, dark yellow color, contours are black or gray, all nonwhite pixels are counted. Benchmarking of the program shows that it gives result within 3 s for an image with more than 900 000 pixels. The calculated built area for this district is 22.3%, which is within the legally allowed limit 25%. The calculated density of built area may be used as a variable for monitoring sustainable urban consumption. The source code of the Delphi program is given in Appendix.

244

J. Vasilev et al.

Fig. 20.4 The computer program in Delphi calculating the density of built area

20.4 Results and Discussion In this way, an accurate result is obtained for the density of building in the city of Varna. Thus, the variables can now be analyzed at different levels—city, region, subregion. When the procedure is repeated at regular intervals, for example annually, it becomes possible to observe in dynamics. It also becomes possible to calculate the necessary derived indicators for the consumption of resources generated by a unit of built-up area. A very important result of the proposed innovative solution is the saving of time to produce result information, as well as the possibility to achieve the result using free public geo data. The results of the proposed methodology show that the density of built area may be easily calculated using free raster data from the cadaster, free GIS software and a Delphi program. The most important novelty of the proposed methodology is saving a lot of time in the process of vectorization and using GIS software. The proposed methodology can be used to achieve completeness in monitoring the system of variables for sustainable consumption of the city. It can serve both researchers dealing with problems in urban areas and the local administration. The proposed methodology may be used by other researchers to calculate the density of built area for a very short period. The whole methodology may be applied several times to create time series data for further analysis and forecasts of the density of built area.

20 A GIS-Based Approach in Support …

245

20.5 Conclusion The density of built area may be easily calculated using free raster data from the cadaster, free GIS software and a Delphi program. One of the novelties of the proposed methodology is saving a lot of time in the process of vectorization of raster data and using GIS software. The process of converting raster data into vector data is helped by GIS software but lots of operations concerning purifying data are still manual. The proposed methodology may be used by other researchers to calculate the density of built area for a very short period, for other cities or regions. The whole methodology may be applied several times to create time series data for further analysis and forecasts of the density of built area. From a research point of view, this fills a very important information gap. It makes possible to monitor several indicators of resource consumption in the city more easily.

Appendix: The Source Code of the Delphi Program

246

J. Vasilev et al.

References 1. Ana-Maria Ramona S, Marian Pompiliu C, Stoyanova M (2020) Data mining algorithms for knowledge extraction. In: Fotea S, Fotea I, V˘aduva S (eds) Challenges and opportunities to develop organizations through creativity, technology and ethics. GSMAC 2019. Springer Proceedings in Business and Economics. Springer, Cham, pp 349–357 2. Bankov B (2020) Game design principles in enterprise web applications. In: 20th international multidisciplinary scientific geoconference proceedings, informatics, geoinformatics and remote sensing 2020. SGEM, Albena, Bulgaria, pp 161–168 3. Bentley M, Leeuw B (2011) Sustainable consumption indicators. In: Dimensions of sustainable development (2), EOLSS Publishers, Oxford (2011). https://www.semanticscholar.org/ paper/Sustainable-Consumption-Indicators-Bentley-Leeuw/c3bdbb1a2ca410be71ad0dd91a6 b4c70a4327039 4. Charter M, Tukker A (2006) Sustainable consumption and production: opportunities and challenges. In: Proceedings of launch conference of the sustainable consumption research exchange (SCORE!) network 2006. Wuppertal, Germany, pp 1–414 5. Cristescu M (2019) Specific aspects of the optimization of the reengineering processes of the distributed information applications. In: International multidisciplinary scientific geoconference surveying geology and mining ecology management 2019, vol 19 (2.1). SGEM, Sofia, Bulgaria, pp 627–636 6. Dursun ˙I, Kabadayi E, Koksal C, Tuger A (2016) Pro-environmental consumption: is it really all about the environment? J Manage Market Logist 3(2):114–134 7. Goldbach K (2011) Sustainable consumption. https://www-docs.b-tu.de/fg-sozum/public/pub likationen/hausarbeiten/Essay-SustainableConsumption.pdf 8. Kraleva V, Ivanov S, Mari´c R (2020) Zones of activism and sustainable consumption—insights from Bulgaria, Romania and Serbia. J Sustain Dev 10(24):66–78. http://fbe.edu.mk/images/ stories/JSDv24.pdf 9. Kuyumdzhiev I (2020) A model for timely delivery of it solutions for Bulgarian universities. In: 20th international multidisciplinary scientific geoconference proceedings, informatics, geoinformatics and remote sensing 2020. SGEM, Albena, Bulgaria, pp 3–10

20 A GIS-Based Approach in Support …

247

10. Medvedev A, Sergeev A, Shichkin A, Baglaeva E, Subbotina I, Buevich A, Sergeeva M (2020) The forecast of the methane concentration changes for the different time periods on the arctic island bely. In: AIP conference proceedings 2020, vol 2293, no 1, AIP Publishing 11. Mishra J, Polkowski Z, Mishra S (2020) Performance of cloudlets in task implementation using ant colony optimization technique. In: Proceedings of the 12th international conference on electronics, computers and artificial intelligence, ECAI 2020. IEEE, Bucharest, Romania, pp 1–6 12. Peponi A, Morgado P, Trindade J (2019) Combining artificial neural networks and GIS fundamentals for coastal erosion prediction modeling. Sustainability (Switzerland) 11(4):1–14 13. Petrov P, Ivanov S, Aleksandrova Y, Dimitrov G, Ovacikli A (2020) Opportunities to use virtual tools in start-up fintech companies. In: 20th international multidisciplinary scientific geoconference proceedings, informatics, geoinformatics and remote sensing 2020. SGEM, Albena, Bulgaria, pp 247–254 14. Pólkowski Z, Prasad S, Mishra S (2021) Retrieval mechanisms of data linked to virtual servers using metaheuristic technique. In: Khanna A, Gupta D, Pólkowski Z, Bhattacharyya S, Castillo O (eds) Data analytics and management, vol 54. Lecture notes on data engineering and communications technologies. Springer, Singapore, pp 901–909 15. Rees W, Wackernagel M (2008) Urban ecological footprints: why cities cannot be sustainable— and why they are a key to sustainability. In: Marzluff JM et al (eds) Urban ecology. Springer, Boston, MA, pp 537–555 16. Reisch L, Cohen M, Thøgersen J, Tukker A (2016) Sustainable consumption: research challenges. MISTRA, Stockholm 17. Schröder P, Vergragt Ph, Brown H, Dendler L, Gorenflo N, Matus K, Quist J, Rupprecht Ch, Tukker A, Wennersten R (2019) Advancing sustainable consumption and production in cities-a transdisciplinary research and stakeholder engagement framework to address consumptionbased emissions and impacts accepted manuscript advancing sustainable consumption and production in cities-A transdisciplinary research and stakeholder engagement framework to address consumption-based emissions and impacts. J Clean Prod 213:114–125 18. Science for Environment Policy: Indicators for Sustainable Cities. In-depth Report 12. Produced for European Commission DG Environment by the Science Communication Unit, UWE, Bristol (2018). http://ec.europa.eu/science-environment-policy 19. Sergeev A, Buevich A, Shichkin A, Baglaeva E, Subbotina I, Medvedev A, Sergeeva M (2020) Prediction the dynamic of changes in the concentrations of main greenhouse gases by an artificial neural network type NARX. In: AIP conference proceedings 2020, vol 2293, no 1, AIP Publishing 20. Smida J, Loosova J, Prattingerova J, Zabka V, Vrbik D, Harman J, Vaclavikova L, Sembera J (2020) Digital epidemiology supported by GIS as a way for effective communication of the epidemic situation. Eur J Pub Health 30(5) (2020) 21. Spaargaren G (2003) Sustainable consumption: a theoretical and environmental policy perspective. Soc Nat Resour 16(8):687–701 22. Stoyanova M (2020) Good practices and recommendations for success in construction digitalization. TEM J 9(1):42–47 23. UNCED: Earth Summit 92. The UN conference on environment and development, in reproduction. Rio de Janeiro, Brazil, p 351 (1992) 24. United Nations—Department of Economic and Social Affairs Chapter III: towards sustainable cities, World Economic and Social Survey, 53–84 (2013) 25. Wei Y, Huang C, Lam P, Sha Y, Feng Y (2015) Using urban-carrying capacity as a benchmark for sustainable urban development: an empirical study of Beijing. Sustainability (Switzerland) 7(3):3244–3268

Chapter 21

Data Mining in Smart Agriculture Andreea-Elena Ogrezeanu

Abstract This paper aims to present the ways in which data from agriculture can be analyzed in order to make predictions that could contribute in decision-making processes. With the industrialization of agriculture, the amount of data collected through this environment has increased considerably. In this paper, data mining methodologies were applied on a public data set that contains agriculture indicators from Romania in the year of 2016. For this purpose, two algorithms were trained: Multiple Linear Regression (MLR) and Generalized Linear Model (GLM), in order to identify the one that offers the best predictions.

21.1 Introduction In agriculture, Internet of Things has gained more and more territory through various sensor devices and sensing technologies capable of sending data through the Internet. A great development has been experienced through achievements in non-destructive imaging, spectral analysis, robotics and intelligent machines which contribute to obtaining environmental data, textual data, experimental metadata, images and spectral data that allow the accurate and economical collection of multidimensional plant information. This is an important technical support for high efficiency modern agriculture and a great step in monitoring crops and production to streamline decisionmaking [1]. The use of new technologies in agriculture leads to a better management of resources (water, energy, consumption) that generates a more significant economic return and mitigates the environmental risks [2]. Through the use of advanced technologies, smart agriculture is a combination between data acquisition, network communication, perception technology and intelligent processing technology that permits the achievement of automated production and intelligent decision-making process. Intelligent agriculture system can be defined as a network of distributed physical sensors of various geographical locations that A.-E. Ogrezeanu (B) Bucharest University of Economic Studies, Bucharest, Romania e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_21

249

250

A.-E. Ogrezeanu

generates a large amount of data of many types (text, pictures, videos). The need of real-time data processing and analysis is important in the agricultural management process that directly affects the growth of crops [3]. For example, the determination of soil temperature at different depths can contribute to frost forecasting in the soil. Various plants’ growth is being influenced by soil temperature because it affects vegetative growth and yield performance [4].

21.2 Related Work Iaksch et al. performed an analysis of digitization and Big Data in smart farming. Technological development has also had an impact on the agricultural sector by applying new IT solutions necessary for data collection and processing. The term Agriculture 4.0 is a new concept that aims to increase business efficiency through the Internet of Things (IoT) and Big Data. Intelligent farm production systems have the ability to adapt in real time to situations encountered and to provide optimal solutions. Cloud computing is another important element for digitization of agriculture because it provides access to the large amounts of data needed for agricultural predictions. In this paper, an analysis was carried out on the technologies and tools used in the digitalization of agriculture, based on the methodology of ProKnow-C (Knowledge Development Process-Constructivist). Proknow-C is a tool for researchers to manage information and articles relevant to a study [5]. Aarthi and Sivakumar recent address advances about an enhanced agricultural data mining technique for dynamic soil texture prediction. Soil is an essential component in the agricultural sector and can be divided into several categories depending on its composition. Even if the particles in the soil composition have different dimensions, only those below two millimeters (mm) are used to analyze the texture. These particles are considered fine earth, and those over two millimeters are called gravel because they do not retain water very well. In this paper, the authors used the texture triangle method for soil classification. This method is often used in the USA and allows identification of texture classes. To determine the quantities of sand, clay and slit was used the TEXTRI-FCM classification algorithm which involves combining the texture triangle with the Fuzzy C-Means Clustering grouping algorithm. The analysis and simulation of the TEXTRI-FCM algorithm was carried out in MATLAB, and the model obtained good prediction results [6]. Sabu and Kumar recent address advances about predictive analytics in agriculture and price forecasting. Agriculture is an important component in the economy of each country having a significant impact on GDP. In India, the agricultural sector accounts for 17.32% of GDP. Thus, prediction technologies can be used to minimize the negative effects produced by price fluctuations in agriculture. In this paper, the authors developed a solution for predicting the Arecanut culture of Kerala using the following three models: SARIMA (Auto-Regressive Integrated Moving Average), the Holt-Winter seasonal method and the LSTM (Long short-term memory) neural network [7].

21 Data Mining in Smart Agriculture

251

21.3 Data Mining for Prediction Data Mining is a high-efficient process through which information and hidden patterns are discovered in the collected and complexed data. The techniques used in this kind of analyzes gather concepts and methods from multiple areas that facilitate the predictive and explanatory analysis: artificial intelligence, mathematical optimization, linear algebra and statistical analysis [8]. Support Vector Machines (SVM) Support Vector Machines (SVM) is a supervised machine learning model used for solving problems of classification and regression, many researchers opting for it in predictive analyzes on data originated from various fields. Maione et al. applied SVM for the determination of the geographical origin of lettuce by analyzing micronutrients and soil properties. In this case, the SVM algorithm was used with the radial basis (RBF) kernel function in order to project the original data into a new dimensional space and find a linear decision boundary [8]. Support Vector Machines (SVM) uses a linear classifier in order to separate the data into two groups, building a hyperplane. The algorithm scope is to find the most optimum hyperplane and the support vector points that give the best solution [9]. Multiple Linear Regression (MLR) Multiple Linear Regression (MLR) is a regression method that is used to establish linear relationships between multiple independent variables and a dependent variable. In other words, it studies which of the independent variables are important predictors for the dependent variable (the one that is influenced by them) [10]. The multiple linear regression model can be represented as a mathematical equation: Y = a0 + a1 X 1 + a2 X 2 · · · + an X n + e, where variables; Y —dependent variable; X 1 , X 2 , . . . , X n —independent a1 , a2 , . . . , an —coefficients of each independent variable; a0 —constant term; e—error term. Peter et al. propose multiple linear regression to study how the biological activity of a system is influenced by molecular descriptors obtained from different representations [11]. Generalized Linear Model (GLM) Generalized Linear Model (GLM) is an algorithm that generalizes linear regression describing patterns of interactions and associations between variables. GLM unifies other statistical models including linear regression, logistic regression, and Poisson regression [12]. Estiri et al. used the Generalized Linear Model algorithm to predict the risk of human mortality after COVID-19 virus infection. In their analysis, they used patients’ existing medical information and trained age-stratified GLM models. Thus, they

252

A.-E. Ogrezeanu

found that age and history of pneumonia are the main predictor of mortality caused by COVID-19 [13]. Decision Tree Decision Tree (classification tree or reduction tree) is a predictive model built from the mapping of observations about an item and conclusions about its target value. In the tree structures, leaves represent classifications, non-leaf nodes are features, and branches represent conjunctions of features that lead to the classifications [14]. Random Forests algorithm is a supervised learning algorithm for classification and regression that consists of multiple decision trees composed from randomly selected subsets of data and features. The output is calculated by averaging the individual decision tree predictions [15].

21.4 Case Study In order to exemplify the applicability of data mining techniques in agriculture we will use a public data set that contains data related to the agricultural vegetal production in each county of Romania for the year of 2016. The dataset is described by an explained quantitative variable (dependent)—the value of production from vegetal agriculture (millions lei)—and six independent quantitative variables—cultivated area (hectares), quantity of fruits produced (tons), quantity of grapes produced (tons), quantity of vegetables produced (tons), quantity of cereals produced (tons), quantity of chemical fertilizers used (tons). Data identification is made by a variable that provides the county name for which the respective data has been recorded. My objective is to obtain a model that allows us to make predictions about agricultural vegetal production. In this scope, we will use two data mining techniques: Multiple Linear Regression (MLR) and Generalized Linear Model (GLM).

21.4.1 Data Preparation and Data Visualization Before applying the data mining algorithms, the dataset has been imported and the dependent and independent variables have been specified. In Fig. 21.1 a graphic that describes the value of the production from vegetal agriculture in each county of Romania in the year of 2016 is represented. Data visualization contributes to the understanding of the data that is used for future analysis.

21 Data Mining in Smart Agriculture

253

Fig. 21.1 The production from vegetal agriculture in Romania in 2016

21.4.2 Correlations In order to apply the data mining techniques for the selected dataset, we aim to identify the correlation between variables. The correlation between all the variables can be visualized in the correlation matrix represented in Fig. 21.2. From the heatmap we can see that the strongest positive correlations are between the variables Cultivated area and Cereals quantity (0.98) and between the variables Cultivated area and Production value (0.91). This is indeed a true consideration because Romania is a known cereals producer, the agriculture being based mostly on this kind of plants.

Fig. 21.2 Correlation matrix

254

A.-E. Ogrezeanu

Fig. 21.3 Multiple linear regression output

21.4.3 Multiple Linear Regression (MLR) Applying the multiple linear regression algorithm on the agriculture dataset, the output represented in Fig. 21.3 has been obtained. Therefore, we can see that the cultivated area has the greatest influence on the value of production from vegetal agriculture. If we analyze the results, we can conclude that production of cereals, grapes and fruits contributes to the growth of the value of production in vegetal agriculture only for certain counties, these being cultivated only in specific regions of the country. For example, cereals are produced only on the plain region, fruits mostly on the hill and mountain regions and grapes in the north region. The value of R-Square is 90%, and the value of Adjusted R-Square is approximately 88%. Between the two values there is not much difference. The high value recorded by R-Square denotes that the model is a good one, explaining 90% of the data validity, the independent variables being 90% correlated with the dependent variable.

21.4.4 Generalized Linear Model (GLM) On the agriculture dataset, a second algorithm was applied. Generalized Linear Model has been unified with the Poisson regression. The results can be visualized in Fig. 21.4.

21 Data Mining in Smart Agriculture

255

Fig. 21.4 Generalized linear model output

The above model proves to be a good one because the variables have low p-values (they tend to 0), which means that they are significant.

21.4.5 Results After training the multiple linear regression and the generalized linear model for the dataset, an algorithm for predicting the production value (the dependent variable) has been applied. In Figs. 21.5 and 21.6 we can observe a comparison between the actual production value and the predicted one by using the two statistical models. Analyzing the two outputs we can conclude that the values predicted by the Multiple Linear Regression model are closer to the actual ones, in this way being proved that, in this case, this is the algorithm that should be chosen for future predictions. In Fig. 21.7 a graphic that describes the difference between the current production values and the predicted ones by using the Multiple Linear Regression is represented.

21.5 Conclusions This study has been concentrated on existing data mining algorithms considered efficient in prediction analysis. My objective was to evidence the applicability of the statistical algorithms by using an agriculture public data set that consists of multiple prediction variables and one target variable. Multiple Linear Regression (MLR) and Generalized Linear Model (GLM) algorithms were applied in order to identify the

256

A.-E. Ogrezeanu

Fig. 21.5 MLR prediction

Fig. 21.6 GLM prediction

one that determines the most accurate predictions. After studying the results, MLR provided a prediction closer to the reality, but both algorithms had a very good output. Future studies will aim to replicate results of the application of Data Mining techniques on larger agriculture datasets in order to identify the effectiveness and applicability of various algorithms.

21 Data Mining in Smart Agriculture

257

Fig. 21.7 Current versus predicted values

References 1. Fan J, Zhang Y, Wen W, Gu S, Lu X, Guo X (2021) The future of internet of things in agriculture: plant high-throughput phenotypic platform. J Clean Prod 280:123651 2. López-Morales JA, Martínez JA, Skarmeta AF (2021) Improving energy efficiency of irrigation wells by using an IoT-based platform. Electronics 10(3):250 3. Huang J, Zhang L (2017) The big data processing platform for intelligent agriculture. In: AIP conference proceedings, vol 1864, no 1, p 020033. AIP Publishing LLC 4. Sattari MT, Avram A, Apaydin H, Matei O (2020) Soil temperature estimation with meteorological parameters by using tree-based hybrid data mining models. Mathematics 8(9):1407 5. Iaksch J, Fernandes E, Borsato M (2020) Digitalization and big data in smart farmingbibliometric and systemic analysis. In: Transdisciplinary engineering for complex sociotechnical systems—real-life applications: proceedings of the 27th ISTE international conference on transdisciplinary engineering, July 1–July 10, 2020, vol 12, p 115. IOS Press 6. Aarthi R, Sivakumar D (2020) An enhanced agricultural data mining technique for dynamic soil texture prediction. Procedia Comput Sci 171:2770–2778 7. Sabu KM, Kumar TM (2020) Predictive analytics in agriculture: forecasting prices of Arecanuts in Kerala. Procedia Comput Sci 171:699–708 8. Maione C, Araujo EM, Santos-Araujo SND, Boim AGF, Barbosa RM, Alleoni LRF Determining the geographical origin of lettuce with data mining applied to micronutrients and soil properties. Sci Agricola 79(1) 9. Malik AS, Mumtaz W (2019) EEG-based experiment design for major depressive disorder: machine learning and psychiatric diagnosis. Academic Press 10. Djuris J, Ibric S, Djuric Z (2013) Chemometric methods application in pharmaceutical products and processes analysis and control. In: Computer-aided applications in pharmaceutical technology, pp 57–90. Woodhead Publishing 11. Peter SC, Dhanjal JK, Malik V, Radhakrishnan N, Jayakanthan M, Sundar D (2019) Quantitative structure-activity relationship (QSAR): modeling approaches to biological applications 12. Zhao Y (2012) R and data mining: examples and case studies. Academic Press 13. Estiri H, Strasser ZH, Klann JG, Naseri P, Wagholikar KB, Murphy SN (2021) Predicting COVID-19 mortality with electronic medical records. NPJ Digit Med 4(1):1–10 14. Tan L (2015) Code comment analysis for improving software quality. In: The art and science of analyzing software data, pp 493–517. Morgan Kaufmann 15. Reinders C, Ackermann H, Yang MY, Rosenhahn B (2019) Learning convolutional neural networks for object detection with very little training data. In: Multimodal scene understanding, pp 65–100. Academic Press

Chapter 22

Machine Learning and Data Mining Techniques for Human Resource Optimization Process—Employee Attrition Laura-Gabriela Tanasescu and Ana-Ramona Bologa Abstract This paper will present how machine learning and data mining techniques can be used in order to address one important challenge in human resources processes, more specifically employee attrition. For this purpose, the following sections include general techniques applied for classifications scenarios, ways in which a model can be built and analyzed and also the factors that need to be taken care into consideration when choosing an algorithm with which we should proceed to prediction. All the steps and implementations address a business need that exists in organizations worldwide and which could, once correctly targeted, reduce time, costs and improve company environment and performance.

22.1 Big Data Analysis for Human Resources Human resources, especially in this new era of data, includes dynamic processes that can add a lot of value to a company when correctly executed. Additionally, it is also important to remind here the impact of technology on processes that actually organize the people that represents the core of the company and who work for the success of it. Currently, it is of utmost importance to collect as much data as possible, to quickly analyze it and to leverage the insights collected that are useful to make business decisions and that are going to grow the company and its employees as well [1]. One of the most discussed subjects in Human Resources area is the churn prediction that can help a company observe, from time, who are the employees that are going to leave it. This is actually a major issue for the companies because annually there is a lot of time invested in recruiting and training an employee that can, as well, leave anytime to another competitor. All the processes that are followed in this particular case require a lot of time and there is a great financial loss to replace a trained employee [2]. In order to help on many types of processes, including a L.-G. Tanasescu (B) · A.-R. Bologa Bucharest University of Economic Studies, Bucharest, Romania © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_22

259

260

L.-G. Tanasescu and A.-R. Bologa

Human Resources one from an organization, data mining has been intensely used. This is a method that helps in discovering patterns from big volumes of data, using also different procedures [3]. Data mining also involves the issue of diverse data analysis tools that can help us to discover previously unknown, valid patterns and relationships that exist in large data set. Regarding the tools, we can think of statistical models, machine learning methods or even mathematical algorithms [4]. Therefore, we can say that data mining means not only collecting and managing data, but also its analysis which has, on top, predictions on different variables. Furthermore, machine learning, as a subset of artificial intelligence, allows a machine to learn and also to improve with experience. Machine learning utilizes in all its process the raw input data, in order to make predictions. A task of machine learning starts with the gathering of the input data, followed by the preparation of it. Additionally, we can move to the point where the data is fed into an algorithm that can draw important insights and patterns, if correctly chosen and applied, process that we can correctly name, as previously defined, data mining [5]. Data related to human-resources processes have a high level of complexity and can be collected in a structured and un-structured way. Therefore we can include the concept of big data on top of the data mining techniques and artificial intelligence. Nowadays, it is starting to be of great importance to leverage all the data showing feelings, behaviors and attitudes, but it becomes a challenge to deal with it. In the next pages, we are going to apply different algorithms on the dataset selected, with the aim of building models that can predict the attrition for the employees analyzed. The purpose of testing multiple types of algorithms is to observe their performance and to select the best one for our business goal: to be able to predict in team those employees that might leave the company and generate unexpected critical situations or costs. However, due to the data set used to exemplify above details, the paper will not observe many characteristics coming from the big data area.

22.2 Proposed Methodology 22.2.1 Data Set Used for the Analysis The data set that is going to be used on the analysis described above is a public available one, published by IBM, called HR Analytics Employee Attrition & Performance (available at: https://www.kaggle.com/pavansubhasht/ibm-hr-analytics-attrit ion-dataset). This dataset contains different characteristics of the employees, as well as an “Attrition” column that shows, for every person the behavior adopted in terms of leaving the company.

22 Machine Learning and Data Mining Techniques for Human …

261

22.2.2 Machine Learning Methods In order to correctly predict the behavior of an employee, and also reach to a conclusion, it is important to choose correctly the algorithms used. On machine learning side, classifications can have two different meanings. On one hand, we may receive a set of observations with the scope of deciding the existence of different clusters and class in the data. On other hand, we may know for certain that there is an exact number of classes. In this second scenario, the aim is to establish the rule that we can further use to classify new observations into the classes previously detected. Therefore, the former category is known as Unsupervised Learning, while the latter as Supervised Learning [6]. This paper is going to deal with classification, in its Supervised Learning form, considering that, on the chosen dataset, the attribute contains two different values, “Yes” and “No” [6]. In the following lines, there is a brief description of the most used and known Supervised Learning classifications algorithms. Decision Tree It is a tree-structured classifier in which the internal nodes represent the features of a dataset, while the branches represent the decision rules and each leaf node represents the outcome. In a Decision tree, there are two nodes, which are defined as Decision Node and Leaf Node. Decision nodes are generally used to make any decision and also have multiple branches, whereas Leaf nodes are the output of those decisions and do not contain any further branches. The decisions or the tests are performed on the basis of features of the given dataset. It is a graphical representation for getting all the possible solutions to a problem/decision based on given conditions [7]. Random Forest Random Forest algorithm is a popular tree-based ensemble learning technique. Here, as a technique, we will take into consideration bagging. In bagging, successive trees do not depend on earlier trees—each is independently constructed using a different bootstrap sample of the data set. In the end, a simple majority vote is taken for prediction. Random forests are different from standard trees in that for the latter each node is split using the best split among all variables. In a random forest, each node is split using the best among a subset of predictors randomly chosen at that node. This additional layer of randomness makes it robust against over-fitting [7]. Logistic Regression Logistic regression is a basic linear model used for classifications. This is actually a specific category or regression that is widely used in order to predict binary or categorical dependent variables. Moreover, this model is used with regularization, in the form of penalties, based on the L1-norm or L2-norm in order to avoid over-fitting [6].

262

L.-G. Tanasescu and A.-R. Bologa

Using this technique, we are going to obtain the poster probabilities, considering that a model for the same and also estimates the parameters that are involved in the assumed model. Naïve Bayesian This technique is a popular classification one that it is mostly known for the simplicity and the performance that brings to the analysis. Naïve Bayes runs classifications that are based on probabilities arrived. The base assumption is that all variables are conditionally independent of each other. Additionally, in order to estimate the parameters used in the model, the classifier will require only a small amount of training data [6]. Support Vector Machine Support Vector Machine is another classification algorithm, based on supervised learning, that implements some principles of the statistical learning theory. This one can solve linear and nonlinear classifications problems, building a hyperplane or set of these, in higher dimension space, for accomplishing class separation. It is considering that a good separation might be achieved by the hyper plan that manages to have the largest distance to the nearest data points of any class used for training [6].

22.3 Data Analysis and Results In order to achieve the above-mentioned goals from analyzing the used dataset, we applied different methods and techniques using R programming. This language has been chosen as it is one of the most popular one in data science words and it brings important value by the visualizations provided by different library and it is also an open-source language.

22.3.1 Dataset Observation and Analysis The below table includes all the variables and their types that were included in the dataset used for different types of classification. We are going to find out about our employees some different details regarding their career (like their department, business travel, daily rate, job, job level, overtime, etc.), but also themselves (like age, gender, marital status, environment satisfaction, relationship satisfaction). All these variables taken into consideration are, in general, important for every person’s happiness and equity in their daily routine (Fig. 22.1). We can also run descriptive statistics in order to observe the distribution, as well as different visualizations that can add value by explaining the data we are analyzing and its particularities.

22 Machine Learning and Data Mining Techniques for Human …

263

Fig. 22.1 A view of the data set used for analysis and the types for all the variables

At this step, we can choose to see the distribution of the variables, to observe if there is missing data or if we need to adjust the dataset due to the existence of outliers. In some cases, we also need to prepare the data for further analysis by applying different techniques or by adding a step of selecting those principal variables that describe the most the predicted one. One example can be seen below, where some interesting correlations can be observed. People from Life Science or Medical areas are clearly more oriented to leaving the current job than all the others. However, it also seems that job satisfaction is not decisive for one’s decision to leave the current job (Fig. 22.2).

22.3.2 Classifications Models As already mentioned above, we applied different types of classification algorithms, based on supervised learning, in order to correctly predict variable “Attrition” that we have in the original dataset as well. The original dataset was split between the training data set and the test one. We used the training data set in order to build models with the algorithms mentioned and then we obtained predictions by applying the model on the test dataset. Next step after creating the models with the chosen algorithm was the observation of the models obtain. A first action performed in order to observe the quality of the model was to create and observe the ROC curve. These ROC curves show how any predictive model can distinguish between the true positives and negatives. So,

264

L.-G. Tanasescu and A.-R. Bologa

Fig. 22.2 Data visualization of Attrition employees seen by education field, department, job satisfaction and marital status

a model needs to not only to correctly predict a positive as a positive, but also a negative as a negative [8]. Therefore, the ROC curve does this by plotting sensitivity, the probability of predicting a real positive will be a positive, against 1-specificity, the probability of predicting a real negative will be a positive. The best decision rule is high on sensibility and low on 1-specificity. These rules actually predict modes true positives will be positive, and few true negatives will be positives [8]. In the following steps, we are going to take the train data previously separated from the dataset and apply the 5 algorithms chosen above in order to finally conclude on the best one we can use for our attrition prediction. First, we will take a closer look at Decision Tree model. The confusion matric and different statistics obtained for it are presented in the next table (Fig. 22.3). Followed up by the ROC curve corresponding to the same (Fig. 22.4). The same steps were followed for all the other remaining algorithms, in order to be able in the end to make a comparison between all of them (Fig. 22.5). Considering the models that were obtained in this paper analysis, we will notice that the best results are coming from Naïve Bayes model, coming right after the General Linear model. However, this type of analysis is not sufficient so we can finally choose the best model to implement for our scenario. Therefore, we may need to look at other differentiators. In the short analysis below, we can see all five models from the perspective of Precisions, Recalls, F1 Scores and Balances Accuracies [9] (Fig. 22.6).

22 Machine Learning and Data Mining Techniques for Human …

265

Fig. 22.3 Confusion matrix and statistics for decision tree

Fig. 22.4 ROC curve for decision tree

Precision calculates the ration between the true positives and all the positives, more exactly: Precision =

TP [9], TP + FP

266

L.-G. Tanasescu and A.-R. Bologa

Fig. 22.5 The ROC curves for all the 5 classification models built

Fig. 22.6 A comparison between all the five models obtained in R, in terms of Precisions, Recalls, F1-Scores and Accuracy

22 Machine Learning and Data Mining Techniques for Human …

267

where TP FP

is the number of true positive cases; is the number of false positive cases.

Recall is the measure of the model correctly identifying True positives. Therefore: Recall =

TP , TP + FN

where TP FN

is the number of true positive cases; is the number of false negative cases.

Accuracy will show as the ratio of the total number of correct predictions and the total number of predictions: Accuracy =

TP + TN TP + FP + TP + TN

where TP TN FP

is the number of true positive cases; is the total number of predictions; is the number of false positive cases.

Even if these metrics might give us the direct answer to finding the best model to use in predictions, it is also advisable to use this along with Precision and Recall. This is happening because, even if the Accuracy is very high, we would really need to minimize the false negatives [9]. Finally, F1- Score is the harmonic mean of Precision and Recall and it gives us a better measure of the incorrectly classified cases, than the Accuracy metric.

22.4 Conclusion and Future Work Finally, we left from some historical employee data and their perspective regarding the associated wish of attrition, in order to find a model that can best predict this behavior of future employee. We managed to observe the variables that contribute to the dependent one we want to predict and to also build different models based on popular algorithms, so that, after observing their impact and quality on the predicted value, we can finally choose one that best address the business needs of the organization. Therefore, considering the aim of this investigation, it might be safer for us to use in our final prediction the F1-score. In this case, the false negative and false

268

L.-G. Tanasescu and A.-R. Bologa

positives are crucial [9] as we would like to know from time who are going to be the people leaving the company (it might be better to find out about some of them that are leaving, but that actually won’t, instead of not knowing about them at all). So, having all these ideas and explanations regarding the above described models, we can say that in terms of business needs for this particular case, the generalized linear model is the best one to use with a value of 0.927 [10]. Of course, considering the analysis made and the aim of it, we should be careful to improve the performance of the model that is going to be used. In future analysis, we aim to pay more attention to the variables that we are using for prediction. Even though we built in this paper correct models with good results, it is important to overcome the bias and to also make sure that one model is not overfitted. Therefore, in this particular challenge there can be invested more time in observing the data and the correlations between the variables and also to apply different methods to select those that are contributing the most to the variable we want to predict. In the same time, we can also pay special attention to the resources invested in exploring and choosing the variables contained in the dataset used, as well as the technologies and tools (for example, we could observe by comparison the performance and results of a cloud-based tool). Also, these models applied for one data set can perform well at the moment. However, depending on the amount of data we want to train for a specific prediction and the power needed by every algorithm to train the data accordingly, we can consider different approaches in the future. Finally, there are plenty of other studies analyzing the same scenario for employee attrition using the classification techniques also mentioned in this paper. However, as Alduayj and Rajpoot [11], or Fallucchi and Coladangelo mentioned [12], on different type of data where different steps were followed before building the actual model, the algorithms performing the best are different as well. Therefore, it is important to underline the need to apply the algorithms for the data used and techniques applied, so a general rule cannot be stated. Last, but not least, there are other studies showing that, regarding the data used for this kind of prediction, it should be taken care of outside opportunities that are having a great contributing to employee attrition, as well as different working factors like promotion details, social support or discrimination [13]. Therefore, a new analysis with a higher performance might be generated by different type of data used for it. Acknowledgements This work was supported by a grant of the Romanian Ministry of Research and Innovation, CCCDI—UEFISCDI, project number 462PED/28.10.2020, project code PN-IIIP2-2.1-PED-2019-1198, within PNCDI III.

References 1. Bernik M, Bernik I (2011) Decision making in human resource management using data mining techniques. Int Inst Inf Syst

22 Machine Learning and Data Mining Techniques for Human …

269

2. Hamed S, Yigit IO (2017) An approach for predicting employee Churn by using data mining. Int Artif Intell Data Process Symp 3. Jaffar Z, Noor DW, Kanwal Z (2019) Predictive human resource analytics using data mining classification techinques. Int J Comput 32 4. Phyu TN (2009) Survery of classification techniques in data mining. In: International multi conference of engineers and computer scientists. Hong Kong 5. Greer Z Data mining versus machine learning: key differences you should know, cprime 6. Rohit P, Pankaj A (2016) Prediction of employee turnover in organizations using machine learning algorithms. Int J Adv Res Artif Intell 5 7. Sharma A (2020) Decision tree versus random forest—which algorithm should you use? Anal Vidhya 8. Martin KG What is an ROC curve. Anal Factor 9. Kanstrén T A look at precision, recall, and F1-score. Towards Data Sci 10. Blog MC (2007) Integration of data mining in human resource. MIS Class Blog 11. Alduayj SS, Rajpoot K (2018) Predicting employee attrition using machine learning 12. Fallucchi F, Coladangelo M, Giuliano R, William De Luca E (2020) Predicting employee attrition using machine learning techniques 13. Böckerman P, Ilmakunnas P, Jokisaari M, Vuori J (2011) Who stays unwillingly in a job?

Chapter 23

Machine Learning Techniques for Network Intrusion Detection—A Systematic Analysis George-Bogdan Mertoiu and Gabriela Mes, nit, a˘

Abstract As the world evolves toward a high dependency on computers and technology, systems and network security became one of the main challenges faced in the last decade. The number of threats that cause potential damage to the network system is rising exponentially due to the increasing complexity of networks and services of modern networks, while situational awareness of the critical assets thus becomes extremely important. The main objective of Cyber security is to protect the electronic data from attacks such as unauthorized network access, intrusion attack, or malware. This study aims to provide an overview of the trends of Machine Learning requirements in supporting the efforts to defend electronic data. The first part of this study is a quantitative analysis of the results obtained from consulting the Scopus and Web of Science databases. In this part, in addition to the most important authors and keywords used, we aimed to find if the countries that are the main targets of cyberattacks are also involved in researching new ways to improve defending techniques. The second part reveals a brief analysis of Machine learning techniques, risks and innovations and how the next research activity should be conducted, considering the constant evolution of both sides: defenders and attackers.

23.1 Introduction In nowadays society, the threat of cyber intrusion is growing and with devastating effects, depending on the field of activity. With the increased use of computer systems, criminal activity has also shifted from physical to cyber activity. According to statistical data, in the first quarter of 2021, the number of known cyber incidents was 713, compared to 520 in 2020 and 433 in 2019 [1]. Thus, according to a McAfee report, the financial damage caused by them is in a continuous growth, in 2020 being estimated globally as reaching the value of 945 million dollars, compared to 522.5 million dollars in 2018 [2]. Cyber-attacks have become more prevalent as intruders G.-B. Mertoiu (B) · G. Mes, nit, a˘ Alexandru Ioan Cuza University of Ias, i, Ias, i, Romania e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_23

271

272

G.-B. Mertoiu and G. Mes, nit, a˘

take advantage of system vulnerabilities, for intellectual property theft, financial gain or even damage of the infrastructure and equipment that make it up. Warnings about cyber-attacks are becoming more frequent and serious, which indicates a disturbing trend. The time it takes to detect a security breach can be measured in days, as attackers are aware of existing security and are continually improving their attacks. In many cases, a security breach is unavoidable, making early detection and mitigation the best plan to survive an attack. Against this background, intrusion detection is a major component of cyber security. Increasingly, statistical techniques of data analysis, machine learning, data extraction, and natural language processing are being used in challenges given by ensuring cyber security and data confidentiality [3]. Thus, the existence of a way to recognize and extract relevant information and integrate it into data that can be used in empirical analysis or qualitative/quantitative variables for probability theory [4] has a major utility for cyber security systems. This is also the purpose of Machine Learning (ML) techniques, to learn and then support decisions to ensure a secure electronic data processing environment. The study conducts an analysis of ML techniques used to ensure the security of IT infrastructures, in supporting the efforts to defend electronic data, by highlighting the innovative pros and cons of this technology in research, becoming a starting point for the integration of data and knowledge necessary for further research. This need has arisen due to the fact that in most cases, the learning process is based on an outdated data set, which does not contain new types of attack. The same types of established learning processes are used and often do not consider the existence of possible vulnerabilities, when being implemented in real situations. Therefore, the study aims to find conclusive answers to the following questions: • How are ML techniques used in cyber security to detect unauthorized intrusions? • What are the innovative aspects in the use of ML techniques for cyber security? • Are there vulnerabilities associated with the application of ML techniques? To achieve this goal, second section of the study will explain the research methodology that will allow a bibliometric analysis, in third section, for all identified studies. The third section will reveal an overview for the importance of using ML techniques in network intrusion detection. The fourth section will focus on the content analysis of the main research identified in the bibliometric analysis, providing a quick description of known ML techniques and algorithms used in network intrusion detection, based on which we highlighted some of the innovative forms of ML techniques and the most common vulnerabilities.

23 Machine Learning Techniques for Network …

273

23.2 Research Methodology to Establish ML Application Models in the Intrusion Detection Process The methodological approach of the study will be a mixed one, which is based on the quantitative research through the bibliometric analysis of the studies in the field, and the qualitative research expressed through the content analysis of the selected specialized literature, respectively. In the quantitative research, the identification of specialized works and their bibliometric analysis will be considered to determine the most relevant bibliographic sources in terms of the established purpose, using the Web of Science (WOS) databases [5] and Scopus [6]. The search results include only scientific articles from journals and papers published in the volumes of specialized conferences. The obtained results will be subjected to a bibliometric analysis, as a basis for selecting the articles that will be the subject of the next stage. This method involves the use of software tools capable of analyzing bibliographic data and performing structural analysis, graphical representations of distributions such as countries of origin of authors, citations of authors, keywords, etc. [7, 8]. The analysis was performed using the VOSviewer software tool (version 1.16.16) [9]. In the qualitative research, the analysis of the content of the selected studies based on the results of the quantitative research will be considered, using the software tool, NVivo 12. This tool is used to analyze unstructured data in text, audio, video, and images, including (but not limited to) interviews, focus groups, surveys, social media, and journal articles [10]. During this stage, the verification of the abovementioned 4 research questions will be considered by analyzing the keywords in the selected articles, and the possible links between the words and the examined articles, respectively, issuing a conclusion or launching new challenges. For a comprehensive investigation of the use of ML techniques in the process of ensuring cyber security, as a whole that includes both protecting the infrastructure against intrusions and recognizing unauthorized access or malicious applications, a query of Scopus and Web of Science (WoS) databases was conducted over the period 2005–2020. The initial search was performed in the title and summary of studies published in journals or conference volumes, using the following terms of reference: [“machine learning”] and [“cyber security” OR “cybersecurity” OR “cybersecurity”]. These led to the following results: Scopus—4548 results, containing research conducted between 2005 and 2020; WoS—814 results, containing research conducted during 2010–2020. These data show that the authors of research in the field of using ML for cyber security have focused mainly on Scopus, as a platform for publishing their own studies, on WoS no materials were identified before 2010. The choice of keywords was obtaining an overview of studies on the use of ML techniques in cyber security, an area that includes the identification and blocking of all forms of threats to computer systems and infrastructures, such as network intrusions, malicious applications, fileless attacks, etc.

274

G.-B. Mertoiu and G. Mes, nit, a˘

23.3 Bibliometric Analysis of Results In order to have an overview of research in the field of ML techniques with application in ensuring cyber security, a bibliometric analysis was conducted. The cyber security is an area that also includes protection against network intrusions. The aim of this analysis was to identify the main authors with a significant contribution in the field and key words representing the studies in the field. Simultaneous, this type of research checks the level of involvement of the countries known as the main targets of cyberattacks, in the process of supporting studies on improving the techniques of defense of their own systems. The query of the two databases in order to identify the studies containing the bibliometric analysis of the research on the use of ML techniques for cyber security revealed the existence of a single article on this topic, published in both databases. The paper is dealing with the bibliometric analysis by categorizing the referred papers using the implementation method, article type, publishers, and article efficiency to provide insights for researchers, students, and publishers to study research trends [4]. The analysis of the results obtained after consulting the two databases shows that on the WoS platform, the publication of research in the field of use of ML techniques for cyber security dates from 2010, with a significant increase in numbers in 2019. On the Scopus platform, the publication started in 2005, a significant contribution being identified in 2017, the number of articles increasing continuously after that. The chart in Fig. 23.1 also highlights these aspects, resulting in the predominant use of the Scopus platform, by researchers, in the field of ML techniques, for the publication of their own papers (Table 23.1). Given the identified areas and the scope of the key terms, an evaluation of the authors of the studies was performed as a result of the database query, the main data being included in Table 23.2. According to them, authors such as Kozik R., Soman K.P. or Vinayakumar R. have important contributions on both platforms, as lead authors or co-authors, with studies in the field of ML techniques. Their research focuses on innovative aspects in the field, such as deep learning or neural networks for network intrusion detection Fig. 23.1 Annual graph of the number of articles registered in WoS and Scopus (Source Self-representation)

23 Machine Learning Techniques for Network …

275

Table 23.1 Most used keywords by number of occurrences The most significant keywords WoS

Scopus

Machine learning

405

Deep learning

86

Machine learning

2657

Intrusion detection

764

Cyber security

195

Security

72

Learning systems

1953

Computer crime

741

Cyber security

184

Classification

56

Network security

1080

Artificial intelligence

724

Intrusion detection

101

Artificial Intelligence

47

Learning algorithms

880

Cyber security 699

Anomaly detection

86

Malware

43

Deep learning

770

Malware

656

Table 23.2 Top authors published in WoS and Scopus The most important authors according to the number of published works Scopus

WoS

Author

#

Author

#

CHOO, K.K.R.

33

CHORAS, M.

20

ELOVICI, Y.

25

KOZIK, R.

20

KOZIK, R.

25

SOMAN, K.P.

12

SOMAN, K.P.

24

POORNACHANDRAN, P.

11

VINAYAKUMAR, R.

22

VINAYAKUMAR, R.

11

(Vinayakumar R., Soman K.P., and Poornachandran P.), and the use of ML in the protection of data transmitted at application level for web platforms or industrial systems (Kozik R.), respectively. Based on citation statistics, the most cited authors on Wos and Scopus, are Soman K.P. (545 citations on 30 documents in Scopus and 204 citations on 12 documents in Wos), and Vinayakumar R. (578 citations on 27 documents in Scopus and 204 citations on 11 documents in Wos). According to statistics published by Cybersecurity Insiders [11], the United States is the main target of cyber-espionage campaigns, while China and India are the most targeted countries for malware infection, respectively ransomware. The analysis of the country of origin for the studies published in WoS and Scopus emphasized the fact that the three countries mentioned above are also those most actively involved in supporting research on the use of ML techniques in the field of cyber security and other additional fields, exemplified graph in Fig. 23.2. An important aspect within the bibliometric analysis was identifying the most important keywords, in order to implicitly evaluate the research area. To this purpose, by using VosViewer, a graphic analysis was carried out in order to highlight the most representative keywords as extracted from each of the article data, as shown in Fig. 23.3.

276

G.-B. Mertoiu and G. Mes, nit, a˘

Fig. 23.2 Graph of countries of origin of studies published in WoS (top) and Scopus (bottom) (Source Self-representation)

According to the graphical representation, the studies published in WoS focused on 3 main areas, grouped around the terms “machine learning” and “cyber security”: 1. 2. 3.

Use of artificial intelligence to identify malicious applications (artificial intelligence, deep learning, malware, malware detection, classification); Use of ML techniques for intrusion detection (intrusion detection, anomaly detection, attacks, intrusion detection system); Use of ML in infrastructures that contain other types of equipment (IoT, Internet of things, internet, big data, system, security). Compared to WoS, the studies in Scopus focused on the following 5 areas:

1. 2. 3. 4.

5.

Generic aspects of the ML techniques (decision trees, random forests, feature extraction, supervised learning, support vector machines); ML techniques for mobile devices and detection of related malicious applications (machine learning, malware, classification, android, mobile security); Innovations of ML techniques (learning algorithms, neural networks, deep learning, convolutional neural networks); ML techniques for the protection of industrial devices or those in the category of Internet of Things (automation, internet of things, personal computing, cryptography, electric power transmission); ML techniques for protecting infrastructures by intrusion detection (network security, intrusion detection, intrusion detection system, computer crime).

The usage degree of the key terms in the figures above is completed by the number of their occurrences from Table 23.1. Therefore, the studies identified by consulting the two databases, analyze the ML techniques as an integral part of artificial intelligence (artificial intelligence). The articles explore as well, the algorithms used

23 Machine Learning Techniques for Network …

277

Fig. 23.3 Graphical representation of keyword correlations for the WOS (top) and Scopus (bottom) (Source Self representation with the VosViewer tool)

by ML techniques, and their classifications, to ensure the cyber security (cybersecurity/cyber security) of the information infrastructure (network security), by detecting intrusion (intrusion detection), anomaly behavior (anomaly detection) or malicious applications (malware).

278

G.-B. Mertoiu and G. Mes, nit, a˘

23.4 Results of Content Analysis The previous bibliometric analysis highlighted an upward trend for the studies that are using ML techniques to ensure cyber security of single IT systems and IT & C infrastructures, against the main threats: malicious applications and unauthorized access through vulnerabilities exploitation. To meet the research aim, it was necessary to refine the results, starting from the most important keywords (network intrusion, anomaly detection, network security) identified in studies on the use of ML techniques for intrusion detection in the process of ensuring cyber security. Following the refining process, the number of selected articles was reduced to 16, which are the subject of content analysis. The selected articles were analyzed using the NVivo 12 software tool, extracting the most common keywords that appear in association to each document (Fig. 23.4). From the graphical representation of the keyword frequency, a high use number of the words “network”, “data”, “based”, “detection”, “machine”, “learning” can be observed, highlighted by color and size font. Analyzing the “word cloud”, we can infer that, in the selected articles, ML techniques are researched as tools for protecting data infrastructures, by detecting attacks and intrusions and identifying the particularities of these techniques in the security process. For an eloquent exploratory research, the inductive coding method was used, through which codes and sub-codes were grouped on the following differentiated themes: • • • •

IT&C infrastructure security (code: security); Machine Learning Techniques (code: ML techniques); Machine Learning Innovations for IT Security (code: ML innovations); Machine Learning Vulnerabilities (code: ML vulnerabilities).

After establishing the topic delimitation codes, new sub-codes were created for each of them, all containing aspects/definitions or relevant theories extracted from the content of the studies under analysis. In this respect, in the analyzed studies, a special emphasis was placed on the types of ML techniques and related learning processes (unsupervised, supervised), on their use to protect against attacks on IT&C infrastructures (threats, network security) and to eliminate or counter threats (cyber Fig. 23.4 Graphical representation in NVivo12 of keywords by frequency (Source Self representation with the Nvivo12 tool)

23 Machine Learning Techniques for Network …

279

security). Also, the analyzed studies reveal that the research on ML techniques is marked by innovative aspects (ML innovations), but also by vulnerabilities (ML vulnerabilities), in high levels. For the detailed research of the data obtained from the previous analysis, the data extracted on the 4 topics mentioned above were analyzed in terms of content. The purpose was a systematic analysis of data on ML techniques and corresponding algorithms in the intrusion detection process, as a complementary solution in the process of ensuring cyber security. On the other hand, the analysis was conducted and for the identification of innovative aspects in the application of ML and vulnerabilities that may have a major negative impact on platforms using these techniques. IT infrastructure security. According to specialized literature, cyber security refers to the set of policies, techniques, technologies, and processes that work together to protect the confidentiality, integrity, and availability of computing resources, networks, software, and data, from attacks [12]. One of the main aims of security breaches on computer systems or mobile devices is the obtaining of unauthorized access and information altering/exfiltration. The risk of all such security breaches is called threats and any attempt to commit any breach is called an attack [13]. Cyber security plan can be implemented at different levels, such as application, network, devices, host, and data. For cyber security, a large number of application tools and procedures are available, such as firewalls, antivirus software, intrusion detection systems (IDS), and intrusion protection systems (IPS) [3]. Even so, there are a number of reasons for which researchers have considered using ML in network intrusion detection. One such reason is the ability of ML to find similarities in a large amount of data, the main hypothesis being that an intrusion creates distinct patterns and that these patterns can be effectively detected using ML approaches [14]. Some solutions combined signature-based and anomaly detection to improve malware detection, while others used ML in conjunction with active learning to detect anomalies [15]. Use of ML techniques for intrusion detection. The use of ML techniques as a component of artificial intelligence is expanding rapidly in various fields of life, such as finance, education, medicine, manufacturing, and especially in cyber security [3]. Generally speaking, ML techniques work in two phases: training and testing. In the training phase for network intrusion detection, mathematical calculations are performed on the training data set, and traffic behavior is observed over a period of time. This phase creates the ground rules for detection. In the testing phase, an instance is classified as normal or intrusive based on the learned behavior [16]. After completing the two phases, an ML model is created with a certain success rate in detecting intrusions within the infrastructure. Depending on the success rate, the activity in the two phases could be resumed. In regard to the learning process, ML techniques can be classified into three broad categories: A. Supervised Learning—The labels or classes are already known for data, and these labels and classes are used to perform prediction calculations, e.g., classification and regression [17]. According to the analysis of the definitions in the selected articles, the most used algorithms in the intrusion detection process are the

280

G.-B. Mertoiu and G. Mes, nit, a˘

following: Decision Tree, Naive Bayes Classifier, Artificial Neural Network [16], Support Vector Machine [18], Genetic Algorithms [19], K-means Clustering [20], K-Nearest Neighbor Approach [16], Fuzzy Logic [21], Hidden Markov Model [16], Swarm Intelligence [22] and Autoencoder [23]. B. Unsupervised Learning—The target value is not already known, unsupervised learning focuses mainly on finding the relationships between samples and works by finding patterns among data, such as clustering [17]. Depending on the manner in which they are applied, Unsupervised Learning are divided into the following major categories: Hierarchical Learning, Data Clustering, Latent Variable Models, Dimensionality Reduction, Outlier Detection [24]. Compared to Supervised Learning, Unsupervised Learning usually work only in the training phase. C. Semi-supervised Learning—This process generally uses supervised learning, requiring the intervention of human experts in cases where there is a portion of labeled data or during the acquisition/obtaining of data [17]. Although currently the most widespread is the Supervised Learning process, the next subchapter will highlight the fact that the future of ML techniques is to combine the types of learning processes in order to obtain results with the highest percentage of accuracy. Innovations in ML techniques in intrusion detection. The practical application of ML techniques for intrusion detection has highlighted the need to identify new approaches which would identify anomalies or situations that require increased attention with a higher degree of accuracy. Thus, an innovative aspect is provided by research on the two sub-branches of Machine Learning, Deep Learning, and Reinforcement Learning, in a continuous and updating development, with applications particularly in the field of cyber security. The studies on the two sub-branches are supported by the fact that there is an increasing emphasis on deep neural networks, stacked in increasing the hierarchy of complexity, as well as on abstraction, because traditional ML algorithms are linear. Thus, each layer applies a nonlinear transformation to its input and creates a statistical model as a result of what it learns [25]. Another innovative direction in the field of ML is Ensemble Learning, a learning process that involves training several classifiers at a time and integrating their results [26]. Each learning model works differently and exploits different sets of features. The integration of different learning models offers better performance than individuals, completing their limitations and using their different mechanisms [8]. The innovative aspects mentioned denote the need to maximize the success rate of ML models, considering that any technology, in addition to its contribution to the field, is also affected by a number of vulnerabilities with different degrees of impact. Vulnerabilities of ML. Being involved in independent activities, ML techniques are affected by a number of vulnerabilities which, if not consider, can affect the systems that should be protected. According to studies, the best-known vulnerabilities that should be considered when developing ML models are the following:

23 Machine Learning Techniques for Network …

281

• Classical linear/superficial learning tends to be more reliable, but slower or less accurate. The higher frequency of false alarms has had a negative impact on security personnel. Also, it has led to loss critical alarm or slow response time. Most of the data sets available are the result of a lack of adequate documentation describing the network environment, simulated attacks and data set limitations [27]. • Due to privacy and security issues, most of the data sets that represent the most recent attacks are private. Instead, publicly available data sets are anonymized and suffer from various problems. In particular, these data sets do not usually show real-world and recent attacks. Due to these problems, the exemplary and most recent reference data set has not yet been discerned. [13]. • There is a lack of practical applications of ML solutions in operational networks— especially for applications such as network intrusion detection that pose difficult problems for several reasons, including (1) the very high cost of errors; (2) lack of training data; (3) the semantic gap between the results and their operational interpretation; (4) enormous variability of input data; and, finally, (5) fundamental difficulties in conducting sound performance assessments [28]. • Failure to comply with the current realities of operational networks will undermine the effectiveness of ML-based solutions. We should expect ML-based solutions to expand and complement, rather than replace, other solutions that are not based on machine learning—at least for the foreseeable future [13]. • Many network issues, such as anomaly detection, are contradictory issues in which the malicious intruder continually tries to deceive network administrators (and the tools used by network administrators). In such settings, machine learning that learns from historical data may not work due to cleverly developed attacks specifically to circumvent any schemes based on previous data [13, 29]. As pointed out by research, the scientific literature highlights that ML techniques, in addition to being useful in intrusion detection and ensuring the cyber security of infrastructures, need more detailed and careful analysis, because they can turn into vulnerabilities for systems. Last but not least, like other technologies, ML techniques are used by cyber attackers in the identification of vulnerabilities and sophisticated attack methods to avoid protection systems [13].

23.5 Conclusions Research reveals that studies on the use of ML techniques in the process of protecting IT infrastructure date from 2005, resulting in the predominant use of the Scopus platform by researchers to publish their own papers. The most numerous articles focused on the most targeted countries of different types of cyber-attacks, namely, the United States, China, and India. The contribution of research institutions in these countries is highlighted, especially by the studies published by the most important authors. Their papers in the field of ML techniques are mainly focused on innovation,

282

G.-B. Mertoiu and G. Mes, nit, a˘

to create and find new methods for network intrusion detection and data protection. In addition, the innovative aspects, like deep learning or neural networks, are considered to be applied for protecting all systems, from the web platforms to industrial ones. As a result of the increased number of cyber-attacks, the traditional cyber security measures are overcomed and ML techniques could be a future solution. On the other hand, based on bibliometric analysis we identified a relevant number of research studies related to ML techniques used in cyber security which emphasis on the need for a continuous attention due to their own vulnerabilities. This result reflects a more concrete answer to the three main questions from introduction: ML Techniques, through their learning process, could sustain the cyber security measures as long as they get improved and possible vulnerabilities are considered. Thus, the combination of supervised and unsupervised learning processes was considered, all the while identifying new ways to achieve a high percentage of accuracy of the applied model. Also, as an answer to the first main question, it highlights a continuous and constant involvement of researchers to diversify and improve machine learning techniques, within the complex process of ensuring cyber security, during the diversification of forms of attack. Whether we are talking about Supervised Learning, Unsupervised Learning or even Ensemble Learning, all learning techniques and methods will depend to a large extent on the human factor, the same one that, in fact, should be overcome. A computational super-intelligence is taken into account, which would be able to learn and make decisions, independent of the human factor, to identify and possibly block unauthorized traffic within IT&C infrastructures. In this process, an important emphasis underlines the existence of “false positive” situations, the increased number of which could lead to the invalidation of the model or to the generic treatment of alerts. A brief review of the vulnerabilities of this branch of AI reveals a situation that requires immediate involvement of research to eliminate or reduce the risks. Otherwise, from the decision support tool in cyber security, ML techniques will become a new type of back-door. Exploiting this vulnerability will destroy what cyber security of systems means, with major financial and, why not, negative effects on human integrity. Against this background, future research directions can be focused on identifying and counteracting scenarios in which the possibility that the same technology, used for beneficial purposes, is be used by different actors to perform actions aimed at unauthorized access to systems that affect institutions, companies or even individuals. Following the analysis conducted in the study, it can be argued that the research of ML techniques for intrusion detection is constantly improving through direct and indirect input, brought by those who understood that protection against cyber-attacks is not limited to the electronic environment but also to the social or financial one. Future research into the use of ML techniques for network intrusion detection should focus on testing different types of ML algorithms on real traffic logs for establishing a clear picture of how they work and what are the main differences between them. Furthermore, while this activity measures the accuracy of ML algorithms, a deeper analysis should be able to highlight the main vulnerabilities of some of the algorithms.

23 Machine Learning Techniques for Network …

283

References 1. Cyber Attacks Timeline. https://www.hackmageddon.com/category/security/cyber-attacks-tim eline/. Last accessed 30 Apr 2021 2. The Hidden Costs of Cybercrime. https://www.mcafee.com/enterprise/en-us/assets/reports/rphidden-costs-of-cybercrime.pdf. Last accessed 01 May 2021 3. Ali R, Ali A, Iqbal F, Khattak A, Aleem S (2020) A systematic review of artificial intelligence and machine learning techniques for cyber security. Commun Comput Inf Sci 1210 CCIS, pp 584–593. https://doi.org/10.1007/978-981-15-7530-3_44 4. Makawana PR, Jhaveri RH (2018) A bibliometric analysis of recent research on machine learning for cyber security. Intell Commun Comput Technol 19:213–226. https://doi.org/10. 1007/978-981-10-5523-2_20 5. Web of Science Homepage. https://apps.webofknowledge.com/. Last accessed 10 Jan 2021 6. Scopus Homepage. https://www.scopus.com/home.uri. Last accessed 10 Jan 2021 7. Kumar A, Shivarama J, Choukimath PA (2015) Popular scientometric analysis, mapping and visualisation softwares: an overview. In: 10th caliber-2015 on innovative librarianship: adapting to digital realities. Shimla 8. Kumar G, Thakur K, Ayyagari MR (2020) MLEsIDSs: machine learning-based ensembles for intrusion detection systems—a review. J Supercomput 76:8938–8971. https://doi.org/10.1007/ s11227-020-03196-z 9. VOSviewer Homepage. https://www.vosviewer.com/. Last accessed 10 Jan 2021 10. Nvivo12 About page. https://www.qsrinternational.com/nvivo-qualitative-data-analysis-sof tware/about/nvivo/who-its-for/academia. Last accessed 10 Jan 2021 11. List of Countries which are most vulnerable to Cyber Attacks. https://www.cybersecurityinsiders.com/list-of-countries-which-are-most-vulnerable-to-cyber-attacks/. Last accessed 01 Mar 2021 12. Vacca J (2012) Computer and information security handbook, 2nd edn. Morgan Kaufmann 13. Shaukat K, Luo S, Varadharajan V, Hameed IA, Xu M (2020) A survey on machine learning techniques for cyber security in the last decade. IEEE Access 8:222310–222354 14. Fadlullah Z, Tang F, Mao B, Kato N, Akashi O, Inoue T, Mizutani K (2017) State-of-theArt deep learning: evolving machine intelligence toward tomorrow’s intelligent network trafic control system. IEEE Commun. Surv Tutor 19:2432–2455 15. Stokes JW, Platt JC (2008) ALADIN: active learning of anomalies to detect intrusion. Microsoft Netw Secur, Redmond, WA, USA 16. Mishra P, Varadharajan V, Tupakula U, Pilli ES (2019) A detailed investigation and analysis of using machine learning techniques for intrusion detection. IEEE Commun Surv Tutor 21(1):686–728 17. Buczak AL, Guven E (2016) A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun Surv Tutor 18(2):1153–1176 18. Chen W-H, HSU HS, Shen HP (2005) Application of SVM and ANN for intrusion detec-tion. Comput Oper Res 32(10):2617–2634 19. Owais S, Snasel V, Kromer P, Abraham A (2008) Survey: using genetic algorithm approach in intrusion detection systems techniques. In: Computer information systems and industrial management applications, 2008, CISIM’08. IEEE, pp 300–307 20. Depren O, Topallar M, Anarim E, Ciliz K (2005) An intelligent intrusion detection system (ids) for anomaly and misuse detection in computer networks. Expert Syst Appl 29(4):713–722 21. Hosmer H (1993) Security is fuzzy!: applying the fuzzy logic paradigm to the multipolicy para-digm. Association for computing machinery, New York, United States. In: Proceedings on the 1992–1993 workshop on new security paradigms. ACM, pp 175–184 22. Kolias C, Kambourakis G, Maragoudakis M (2011) Swarm intelligence in intrusion detection: a survey. Comput Secur 30(8):625–642 23. Kebede TM, Djaneye-Boundjou O, Narayanan BN, Ralescu A, Kapp D (2017) Classification of malware programs using autoencoders based deep learning architecture and its appli-cation

284

24. 25.

26. 27. 28.

29.

G.-B. Mertoiu and G. Mes, nit, a˘ to the microsoft malware classification challenge big dataset. In: 2017 IEEE national aerospace and electronics conference, Dayton, OH, USA, pp 70–75 Usama M et al (2019) Unsupervised machine learning for networking: techniques, application challenges. IEEE Access 7:65579–65615 Vigneswaran RK, Vinayakumar R, Soman KP, Poornachandran P (2018) Evaluating shallow and deep neural networks for network intrusion detection systems in cyber Se-curity. In: 2018 9th international conference on computing, communication and networking technologies, ICCCNT Bengaluru, India, pp 1–6 Zhou ZH (2012) Ensemble methods: foundations and algorithms. CRC press Mahfouz AA (2020) Ensemble classifiers for network intrusion detection using a novel network attack dataset. Future Internet 12(11):1–19 Sommer R, Paxson PV (2010) Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE symposium on security and privacy, Oakland, CA, USA, pp 305–316 Zizzo G, Hankin C, Maffeis S, Jones K (2019) Adversarial machine learning be-yond the image domain. In: 2019 56th ACM/IEEE design automation conference (DAC), Las Vegas, NV, USA, pp 1–4

Chapter 24

Web Scraping and Ethics in Automated Data Collection Marius Cristian Mazilu

Abstract As a Ph.D. student doing research in Big Data and Data Mining, the data collection is a big part of the process. Because I am also a programmer, the technique of Web Scraping became a fast and reliable method to collect the data that I needed. But once starting this process, a lot of legal and ethical questions appeared for me. Questions regarding the legality of the process itself or regarding what type of data can be collected and how. This paper does not try to represent legal advice but tries to present a perspective of how we could do data collection, by presenting techniques and what are the laws, rules and guidelines that can apply to web scraping and what we can do, to keep the whole process not only legal but also ethical.

24.1 Introduction The age that we live in is characterized by the ability to transmit information without restrictions and to have access to information in a way that was impossible in the past. The idea is linked to the concept of “digital revolution”, which also includes the idea that the next step after the industrial revolution is to move to an economy based on the transmission, processing and storage of information. We live in a new age, that was called The Information Age or The Digital Era. Now, the main factor that makes the difference in any field is easy and fast access to relevant information. But by making information easily available, making the access to it fast and reliable, opens a lot of previous unexplored doors and can raise questions like: What information can we just “take” What information can we just store, use, re-use and distribute? Where is the line drawn, legally and ethically? This work is a preliminary attempt to reflect on some of the legal and ethical issues surrounding Web Scraping and data collection in general and I will try to summarize my research and conclusions on this particular topic.

M. C. Mazilu (B) The Bucharest University of Economic Studies, Bucharest, Romania © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_24

285

286

M. C. Mazilu

24.2 Data Collection—The Essential Part of Any Research In order to define and categorize web scraping, we first have to discuss about data and data collection. The data is the center point in any application or system. Any action that we do in the technical world creates data. This data is collected, saved, stored, organized, used and later, can be distributed to third parties. When we take into consideration the data collection part of this process and the effect that the further described actions can have, it’s important to first underline the means and source of the data that we collect.

24.2.1 First Party Data In this first case, we collect the data directly from the source. All this information comes directly from your audience or customers or user. This is also usually considered the most valuable data as it can be the most relevant and, in most cases, it is free. In this scenario, we can talk about a responsibility that we have, to each person that provides us with the specific information. Two case examples of this can be: – Polls or subscription data, data collected with a CRM, online listings (like a sales ad), where data is asked for directly and the user input is required. – Other user generated data, that is not directly an input of the user but are actions and information that are collected, usually, from the usage of a service or an application. This can include data from behaviors, actions or interest demonstrated by the user. The main difference that needs to be underlined, in the ethics of the collection, in the two presented scenarios, is that: – By directly requesting the data, the user has a direct knowledge that he is providing that information. In this case, a specific must would be to specify what we do with that data, how it can be potentially shared, to clarify who has access to the data and means taken to protect the information. Also, it is important to create a clear way for the user to opt out and choose in the future to delete his details from your system, application or database. – By saving behavior information (or any other user generated data), the collection can be less transparent to the user. So not only the purpose, sharing and possibility of opting out that must be explained to the user, but also what type of data is collected.

24 Web Scraping and Ethics in Automated Data Collection

287

24.2.2 2nd & 3rd Party Data The main aspect to underline when we talk about the data collected from 2nd and 3rd parties should be that in this scenario, there is always the other entity that stands between us as data collectors and the original source of the information, the user. The difference between 2nd and 3rd party data is that for the 2nd party data, all the information is essentially collected by an entity and can be considered their first party data, but in the case of the 3rd party data, all information is usually aggregated and collected by a 3rd party from multiple entities that are first party data collectors. In this case, we can talk about a cascading path of responsibility that we have, as data collectors, for each step of the distribution of information. Starting with responsibility for the provider, from where we collect the information and ending with the responsibility for the end-user, that has originally owned or shared the data. This mostly applies to 2nd Party Data, because in the case of 3rd Party Data, all information is sold directly aggregated and with ownership rights transferred through sale.

24.3 What is Web Scraping Web scraping, also known as web extraction or harvesting, is a technique to extract data from the World Wide Web and save it to a file system or database for later retrieval or analysis. Commonly, web data is scrapped utilizing Hypertext Transfer Protocol (HTTP) or through a web browser. This is accomplished either manually by a user or automatically by a bot or web crawler. Due to the fact that an enormous amount of heterogeneous data is constantly generated on the internet, web scraping is widely acknowledged as an efficient and powerful technique for collecting big data. To adapt to a variety of scenarios, current web scraping techniques have become customized from smaller ad hoc, human-aided procedures to the utilization of fully automated systems that are able to convert entire websites into well-organized data set. Stateof-the-art web scraping tools are not only capable of parsing markup languages or JSON files but also integrating with computer visual analytics and natural language processing to simulate how human users browse web content [1].

24.3.1 Usefulness of Web Scraping If we put aside the ownership of the data that we are collecting and look just at the technical aspect of web scraping, any information that exists and is published on the web can be extracted and collected. All this information can be stored, organized (structured) and analyzed in a database. Making web scraping a form of data mining (Fig. 24.1).

288

M. C. Mazilu

Web site (html)

Web scraping

Structured Data

Fig. 24.1 Structure of web scraping. Parsing the html content of a website, using different web scraping technologies and resulting in structured data like SQL or semi-structured like XML, XLS or CSV files [2]

Website scraping techniques can be used in various practices like: – Data collection for research purposes – Market analysis and market monitoring – Website change detection—this can be considered a practice that also search engines, like Google, use to rank web pages. A method patented by Google, in this regard, is “Document segmentation based on visual gaps” [3] – Extracting offers and discounts from online shops – Extracting contact details, contact scraping – Aggregating property listings from real estate platforms – Aggregating job posts from job portals. As an example case, let’s suppose that we have an online shop where we sell our products. We are interested in keeping track of our competition and their prices. We could visit their website regularly and check the prices and compare them to our own. But this would be time-consuming and impractical. A web scraper could give us the practical solution of viewing all competitor’s prices at once. From another point of view, a customer could use a web scraper to monitor the prices for one of our products and to check for discounts and sales. And last, from a bigger stand point of view, Google is continuously monitoring the state of our shop, to rank it in the search engine. All these processes include data collection by web scraping and aggregating the resulting data.

24.3.2 Methods and Techniques Even though web scraping is a process that is regarded as fully automated, this is not necessarily always the case. From an automation point of view, we can regard this type of data collection as: – Manual with traditional copy/paste. In particular cases, the manual examination and copy-and-paste can be a simple solution for low quantities of data. But manual collection is prone to errors and can be time-consuming. – Semi-automated scraping. This can be done in a variation of methods. From text grapping by using UNIX commands and using regular expressions to filter the data, to using online tools (or desktop applications). An example of this type of tool is webscraper.io. By using a browser extension, you can map the html content on different pages to collect specific data. After making the initial work of mapping,

24 Web Scraping and Ethics in Automated Data Collection

289

you can repeat the same action in time and also in volume. The semi-automated process can be helpful for data collection with low or moderate technical skill. – Automated process. Whether we talk about Hypertext Transfer Protocol (HTTP) Programming, where static and dynamic content is extracted from a webpage, whether it is DOM Parsing, where the web page is read into a DOM tree, based on a full-fledged web browser control, when we talk about automated web scraping, we describe dedicated software with the capacity to read and interpret web pages automatically and use pre-determined rules to structure data. This technique requires technical skill or expensive dedicated software, but it is also the technique that defines web scraping as a data mining process. Even though the manual and semi-automated methods are simpler to start with, the main issues, of volume and added complexity in time, will always make the automated process better. Existing techniques of implementing an automated web data scraper fall mainly in three categories can be as vast as using libraries with general purpose programming languages, using frameworks built specifically for data scraping or using plug and play environments or platforms built specifically for this purpose. Somme solutions for scraping worth mentioning would be: – Scrapy is a fully customizable framework, built with Python that provides a complete set of libraries for scraping and has super-fast performance. – BeautifulSoup is a Python based open-source web scraping library. The sole purpose of this library is to access different elements in DOM. It is usually used on top of other frameworks and uses Scrapy as a dependency. – Goutte is a go to open-source web crawling framework for PHP developers. It is easy to use and can handle all the complexities that go along with scraping the web at scale. It is a screen scraping and web crawling library that provides a good API to crawl websites and extract data from the HTML/XML responses. – Selenium. Even though selenium is a tool built for automating browser activities, it is worth mentioning since it also provides methods to access a page and its DOM, so you could easily use it for scraping as well. – DiffBot comes also as a relevant solution because it represents a new breed of web scraping tools. Instead, of visually telling the tool what to scrape from a website when you make a request to the DiffBot API it uses sophisticated computer vision to identify and scrape the data you need. Although not ideal for mission-critical data extraction project where data quality is of the highest importance, DiffBot is a great option for scraping huge amounts of data at scale from news websites and e-commerce pages [4].

290

M. C. Mazilu

24.4 Legality and Ethics While the methods and tools of web scraping evolve and get more complex but easier to use, the legality of the technique still stands in a “gray area” from the legal point of view.

24.4.1 The Legal Aspect of Web Scraping The legality is mostly defined, not by direct laws of the specific practice, but by compliance with a series of laws and legal theories, like: – Copyright infringement, mostly represented by reproducing, scraping and republishing of information that is explicitly copyrighted and owned. – Breach of contract, that is represented mostly by breach of the “Terms of use” published by the website. When explicitly prohibiting the practice is added in the terms of use, it is argued that by scraping data from the website, the implied contractual obligation between the user and the website is breached, in lack of a specific agreement with the website owner; – Wrongful purpose of scraping can be also argued if there is an illegal or fraudulent use of the data obtained. This point specifically would apply if it is known that the information was either confidential or protected. – Another action that can be also catalogued as wrongful purpose is the reselling of scraped data, if the data is considered as premium content via an unauthorized channel. In this specific case, the accessing of the data would also be considered illegal. – Property damage can also be claimed by the owner if the result of accessing the data have caused any overloads, damage or interruptions of the website. This can happen because of a multitude of reasons, including because of large volumes of requests that can be considered a denial-of-service attack (DoS attack) that is a cyber-attack. An important issue to underline, by taking into account the GDPR rules in the European Union, would also be about the type of data that is processed. If the data can be considered personal data, then the rules apply to us in the process of scraping and we should take the details presented below into consideration. When can personal data be processed The following terms apply to a broad understanding of data processing but will indirectly impact the scraping process. – – – –

Having the consent of the individuals concerned Having a contractual obligation that allows the data collection To meet a legal obligation under EU or national legislation Carrying a task in the public interest and complying with EU or national legislation

24 Web Scraping and Ethics in Automated Data Collection

291

– To protect the vital needs of a person – For the organization’s legitimate interests but only after having checked that the fundamental rights and freedoms of the person whose data you’re processing aren’t seriously impacted [5]. From all listed above, even though all are legal reasons to process data, a case can be made that only the first two can be regarded as legitimate reasons for data scraping, when we take into consideration that personal details are scraped. When is consent valid For consent to be valid, the consent must be freely given, informed, for a specific purpose, explicit and given via a positive act. Also, for a consent to be freely given the individual must have a free choice and must be able to refuse or withdraw consent without being at a disadvantage. When someone consents to the processing of their personal data, you can only process the data for the purposes for which consent was given [6]. Sensitive data processing In the case of data that is labeled as sensitive, from the EU point of view, the rules are separately specified and conditioned also by use and requirement. The main point to address here is the need of the data in your specific use-case. As an example, if the collected data is for statistics on medication, pertinent sensitive information like patient symptoms or medication prescribed can be pertinent, but details like clients’ political views are in no case necessary for the current use and must not be collected. In the sensitive data category, we can find data reveling race, ethnicity, political/religious/philosophical views, genetic or health-related data, sex life or sexual orientation details. 2nd & 3rd Party Data As far as rules and recommendations, in case of 2’nd and 3rd party data, the implications can be drawn mostly from the E.U. point of view, researching the European GDPR Guidelines, recommendations and best practices and also articles about third party data processing. I will note here two conclusions: For data collection for commercial purposes, the answer from the European Commission website is the clearest: Before acquiring a contact list or a database with contact details of individuals from another organization, that organization must be able to demonstrate that the data was obtained in compliance with the General Data Protection Regulation and that it may use it for advertising purposes. For example, if the organization acquired it based on consent, the consent should’ve included the possibility to transmit the data to other recipients for their own direct marketing. Your company/organization must also ensure that the list or database is up-to-date and that you don’t send advertising to individuals who objected to the processing of their personal data for direct marketing purposes. Your company/organization must also ensure that if it uses communication tools, such as email, for the purposes of

292

M. C. Mazilu

direct marketing, it complies with the rules set out in the ePrivacy Directive (Directive 2002/58/EC1) [7]. Such lists are processed on grounds of legitimate interests and individuals will have a right to object to such processing. Your company/organization must also inform individuals, at the latest at the time of the first communication with them, that it has collected their personal data and that it will be processing it for sending them adverts [8]. For data collection for scientific research, the General Data Protection Regulation (GDPR) also applies, if a researcher based in the EU collects personal data about a participant anywhere in the world or a researcher outside the EU collects personal data on EU citizens. Although the GDPR creates heightened obligations for entities that process personal data, it also creates new exemptions for research as part of its mandate to facilitate a Digital Single Market across the EU. Specifically, the GDPR exempts research from the principles of storage limitation and purpose limitation so as to allow researchers to further process personal data beyond the purposes for which they were first collected. The Regulation also allows researchers to process sensitive data and, in limited circumstances, to transfer personal data to third countries that do not provide an adequate level of protection. To benefit from these exemptions, researchers must implement appropriate safeguards, in keeping with recognized ethical standards, that lower the risks of research for the rights of individuals [9].

24.4.2 Ethics in Web Scraping Even though, as we have previously seen, there are some rules and regulations that can impact some areas of data collection, the law regarding web scraping can be, in some cases not clear enough, complex and up for reform. But there are always basic principles, that should be respected, and that can make the data collection more transparent and as I might say, ethical. – API’s or data feeds are always the first and best choice. Not only that are easier to use but this will also guarantee that you are doing it according to the rules and you are authorized. – Ask for permission. This should be a first go to before we start scraping data. Good manners cost nothing. They have something that we value and a good rule should be to always ask and not assume that is from the start free to take. – Respect the “Terms and conditions”. This point can also be made as a law, by breach of contract. But even if there is no possibility of a lawsuit, the rules are there for a reason. Respecting the terms of service and all conditions from a website will guaranty the lack of future problems. – Respect the robots.txt file. The robots’ execution standard can be also considered as terms and conditions for robots and crawling software. This file will indicate do’s and don’ts on that specific platform.

24 Web Scraping and Ethics in Automated Data Collection

293

– Add details of contact and intention by using the User-Agent. The User-Agent request header is a characteristic string that lets servers and network peers identify the application, operating system, vendor, and/or version of the requesting user agent. This action will make your requests more transparent. – Do not overdo it in speed. Crawling at a reasonable rate is always good. This will also avoid legal problems by creating damage but also will avoid any misunderstandings, like to be confused for a DDoS attack. – Do not overdo it in volume of data. This means that always be sensitive of what you keep. If we do not need it, we should not take it. Always have a good reason for taking the data in the first place. – Always respect and protect the content. This starts with depositing it securely, not distributing it without authorization or passing it as your own. This rule will not only will categorize the collection as ethical but can protect you from a lot of potential legal issues. – Always respond to complaints and be ready to communicate. This can mostly concern possible changes that can happen in time. People change their mind. Websites can change the rules. By ignoring any complaints or by not completely deleting any data on request, we are open to a lot of possible disputes.

24.5 Conclusions As technology progresses at a very fast pace, the need for data and data sources will probably always increase. And because a lot of websites do not have opened API’s it is very likely that the practice of web scraping as a data collection tool will also increase. And with so many tools, frameworks and libraries that help you grab and parse the HTML from any page, the process itself has also become easy to do. So easy that not only legal use, but also responsible use of such tools should be more important than ever. Of course, I could say that proper and strict laws could maintain good practices but as taking the global nature of the matter into account, laws can differ and also do not necessarily apply to all use-cases. So it becomes a matter of respect and good manners to keep web scraping healthy and ethical.

References 1. Zhao B (2017) Web scraping. Encycl Big Data 1–3 2. Sirisuriya S (2015) A comparative study on web scraping. In: Proceedings of 8th international research conference, KDU 3. Egnor and Daniel (2004) United States patent application 20060149775, 11/024851 4. Daniel N (2020) Founder of scraper API, the best web scraping tools. APIs and Frameworks, medium.com 5. Regulation (Eu) 2016/679 of the European parliament and of the council (2016) 6. Article 4(11), Article 7 and Recitals 32, 42, 43 of the GDPR, Regulation (Eu) 2016/679 of the European parliament and of the council (2016)

294

M. C. Mazilu

7. Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic com-munications sector (Directive on privacy and electronic communications), (OJ L 201, 31.07.2002 p 37) 8. European Commission Rules for business and organizations/legal grounds for processing data/can data received from a third party be used for marketing? https://ec.europa.eu/info/law 9. Gabe Maldoff (2016) CIPP/US, moderator at IAPP summit sessions 2020 online, how GDPR changes the rules for research

Chapter 25

Classical Machine-Learning Classifiers to Predict Employee Turnover Les, an Maria-Carmen

Abstract In the context of the increasing migration of employees from one company to another and given the career changes that many people desire in order to avoid monotony, the dynamics of the workforce puts great pressure on the stability of a company. HR departments can establish more effective mechanisms for preventing employee turnover and better recruitment strategies when given a reliable Machine Learning tool. Facing a classification problem (employees are either tagged as “left” or “not left”), this investigation attempts to conduct experiments with traditional methods such as Logistic Regression, Decision Tree, Random Forest, and Support Vector Machine to predict employee turnover. In our analysis Support Vector Machine showed promising results in predicting employee turnover. We conclude that we obtained sufficient results in order to trust a Machine Learning classifier to label correctly the employees that left the company and to advise practitioners to integrate such tools into the everyday activity of the HR department.

25.1 Introduction The success of any company is dependent on the effectiveness of its human resource. Employee voluntary turnover is a major issue for organizations nowadays because of the instability it creates, with a major detriment on effectiveness. Employee resignation is strongly associated with decreased profits [1]. Retention of talented and high-quality employees is more important today than ever before [2]. This will represent a major problem in the future [3]. Employee turnover is a dominant concern in companies because whenever an employee leaves the company, urgent replacement costs appear. According to the Harvard Business Review, on average, it takes twentyfour days to replace an employee, and hiring costs can reach four thousand dollars, depending on the industry [4]. In addition to these replacement costs, the production flow and customer satisfaction are also influenced. This demonstrates that employee L. Maria-Carmen (B) Business Informatics Research Center, Babes-Bolyai University, Cluj-Napoca, Romania e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_25

295

296

L. Maria-Carmen

resignations, if not handled properly, will have a negative impact on the profitability of the organization. Given the costs presented above, it is a great concern for the HR department to keep unwanted employee fluctuations to a minimum. Turnover prediction presents one of the main applications of ML regarding the classical activities of the HR department. Although Machine Learning applications are unlocking value across business functions, the HR department in most companies has yet to utilize this technology. There are many studies on employee retention regarding their thoughts when leaving [5], but the advantage appears when we know their intention of leaving beforehand. These being mentioned, we notice that Machine Learning algorithms are already proven to be effective on employee turnover prediction in large companies: IBM has a patent for an ML algorithm that can predict flight risk with 95% accuracy [6]. According to IBM CEO, Gini Rometty, this algorithm saved IBM nearly $300 million in retention costs [7]. Previous research work includes Jain et al. [8] which used a novel model for predicting Employee Attrition, XGBoost which is highly robust. Alao et al. [9] used the WEKA workbench to analyze different decision trees models. Yadav et al. [10] compared different data mining techniques to predict employee attrition, obtaining promising results with AdaBoost. A lot of work was done on employee attrition since the IBM HR Analytics dataset has been made public four years ago on Kaggle [11]. Most of the work on this task is done by comparing the accuracy of the models. By accuracy, we refer to the correct identification of both the departing employees and the remaining ones. However, on an imbalanced dataset, the accuracy is not the best indicator of performance [12]. Meanwhile, we want to identify as many employees from those who have intentions of leaving, thus we should rather search for ML models with high specificity. Our contribution consists of selecting a different evaluation metric for the constructed ML models, the recall, which could better respond to the employees’ attrition problem: detecting as many of the employees that could leave the company as possible. This evaluation approach will help us deliver a more efficient model with respect to the business goals. In our experiments, we use the HR Analytics dataset available on Kaggle [13]. Given this dataset, our objective is to train and test several classification models. We aim to obtain the highest specificity, using four ML methods: Logistic Regression [12], CART Decision Trees [14], Random Forest [15], and Support Vector Machines [16]. For our specific purpose, we will use the Recall and Area Under ROC (AUC) score to interpret the results and extract valuable business conclusions. We conducted multiple experiments with each of the four models and we refined the parameters until a final accepted model emerged. Results show that Support Vector Machines generally outperforms the other classical tested classifiers. This paper is structured as follows: In the following section, we present the evaluation metrics and the Machine Learning models. In Sect. 25.3 we analyze the dataset. Section 25.4 highlights the exploratory data analysis process. In Sect. 25.5 we present in a comparative manner the results obtained with the four classifiers. Section 25.6 concludes the paper and presents future work recommendations.

25 Classical Machine-Learning Classifiers to Predict Employee Turnover

297

25.2 Background In this section, we detail the problem of employee turnover and present related studies that involved ML to solve it. Furthermore, as we intend to apply some ML tools, we shortly describe them.

25.2.1 A Machine-Learning Approach for Employee Turnover Prediction Due to the complexity of the factors that may underlie a human decision, no exact conclusion has been reached so far on the mix of variables that influence the resignation decision [17]. Given the fact that an employee-driven culture is very popular and considering that employees are the most valuable resource of a stable organization, HR activities represent a great context for developing new machine learning algorithms in order to improve decisions. Considering the huge costs of employee turnover and the preventive methods that have been studied by experts in the past years, an important task remains to be done: the prediction of employee turnover. The evolution of technology in the last decade combined with a more and more open mindset regarding the idea of grounding decisions on algorithms that analyze large datasets resulted in new applications of Machine Learning and the HR industry is reshaped by them. HR professionals see value in these computer-science-based methods, and Machine Learning is showing promising advantages [18]. Machine Learning gives us the chance to find the root causes of the problem and helps us see beyond behaviors. Based on the analysis made, HR departments can establish more effective mechanisms for preventing employee turnover and better recruitment strategies.

25.2.2 Evaluation of Machine-Learning Classifiers With respect to our task, we are interested in deriving a model to label each employee of the company whether that person will leave or stay in the company. From an ML perspective, this represents a binary classification problem [12]. Supervised classifiers are fed with training datasets consisting of instances already classified in the target categories, from which they learn to classify novel data according to predetermined categories. In the training process, a subset of the data set is provided (training dataset) to the model. Based on this, the method determines a model that classifies as accurately as possible the affiliation of instances to one class or another. This model is then tested on another subset (test dataset), not used during training, to verify the predictive power of the derived model. The final result is this estimated

298

L. Maria-Carmen

model whose parameters are adapted toward the best possible prediction on novel data. The performance of a model is evaluated with different standard metrics established by the literature [12]: accuracy, precision, recall, f1-score, the area under ROC (AUC), confusion-matrix, and others. A confusion matrix is a table that divides the classification results into four quadrants: true-positive (TP), true-negative (TN), falsepositive (FP), and false-negative (FN). The AUC (Area Under the Receiver Operating Characteristics) measures the cost expressed in false-positive predictions to obtain a given true-positive rate. The higher the ROC Curve and the bigger the area under the curve is, the better the model performs at predicting instances as being part of the correct class. This metric is considering various threshold settings. Accuracy is the ratio of correctly predicted observation in the total observations (TP + TN)/(TP + FP + FN + TN). When the dataset is not balanced, this is not the best metric to consider when evaluating our models. Precision is the ratio of correctly predicted positive observations to the total predicted positive observations TP/(TP + FP). Recall is the ratio of correctly predicted positive observations to all observations in actual class TP/(TP + FN). Recall computed for the minority class is called specificity. This metric is more suitable for our imbalanced dataset because it is measuring the proportion of the employee that left the company, i.e., which the model correctly labeled as “left”. F1-score for a given class is the weighted average of Precision and Recall and is usually more useful than accuracy or recall itself, especially when there is an uneven class distribution. In general, when learning models for imbalanced datasets, searching for a higher AUC or a good specificity is seen as equivalent [12]. Sometimes models can bend too precisely on the training data set and provide very good results in the evaluation but are unable to obtain good results on new data sets and thus proving inefficient on test and unseen datasets. This is called overfitting. There are models more prone to overfitting, as Decision Trees. We must optimize the tree to stop it from overfitting, e.g., tuning the maximum depth, minimum samples leaf, etc.

25.2.3 Machine Learning Models Implied in This Research A Machine Learning model is a mathematical representation of the patterns hidden in data, and it is obtained by combining statistical knowledge with the computer’s ability to compute huge amounts of data very fast. The models selected for this research are Logistic Regression, Decision Trees, Random Forest, and Support Vector Machine. They are among the most popular models, and they are widely used. Logistic Regression. LR is a model that determines the probability of an instance to belong to a given class. Given a membership threshold, the class to which each instance is mapped is determined by comparison with this threshold. When the data set is unbalanced, the default value of 0.5 for the threshold may be unfavorable, and therefore a change in the threshold leads to a more appropriate model. The fact that

25 Classical Machine-Learning Classifiers to Predict Employee Turnover

299

the cost of one type of misclassification is more important than another one leads us to manipulate the threshold [12]. Decision Tree. DT model has 3 components: root, nodes, and leaves. Each internal node of the tree represents a division of the instances according to a certain attribute, and the leaves represent the classes. This structure determines an inductive decisionmaking process based on tree branching. The result of the prediction is the class to which the instance belongs based on the traversal of the tree. Fully grown trees lead to overfitting, so decision trees need attention in the parameter tuning process [14]. Random Forest. RF model creates an ensemble of decision trees. Sometimes base classifiers such as Decision Trees do not deliver the best performance and the literature established meta-classifiers in order to improve their performance. Bagging is one of the strategies used to create meta-classifiers. It is designed to improve stability, to reduce variance and overfitting. Given a training set, bagging creates new training sets by resampling the training data with replacement. A model is created for each subset. In the end, the classification of a novel instance is obtained by voting, i.e., averaging the results of constructed trees. Bagging applied exclusively on CART decision trees leads to Random Forest, which is one of the most powerful classification methods. Random Forest adds extra layers of randomness to the branches, thus preventing the model from overfitting [15]. Support Vector Machines. SVM is based on the idea of finding a hyperplane that best divides a dataset into the expected classes. In creating an SVM model we look at the C parameter (to control error), at the Kernel, which for our problem is identified as radial (Gaussian RBF Kernel). Related to radial kernels, Gamma represents how rounded the decision boundary should be around the data. We will find the best values for these parameters by using a search grid. SVM can use different kernels in order to better fit the scenario. A radial kernel is very different from a linear kernel as it is drawing a circular area around the data points. When looking at data points that tend to form clusters, the radial kernel is the best choice [16].

25.3 Data Set For this study, we used the HR Analytics dataset from Kaggle [13]. It has the following attributes: satisfaction_level, last_evaluation, number_project, average_montly_hours, time_spend_company, work_accident, quit, promotion_last_5years, department, and salary. The data set had no missing values and 14,999 instances. They are tagged either as 0 (stayed in the company) or 1 (left the company). We consider this dataset as unbalanced as the ratio of employees that left versus employees that are still working at the company is 23:76. In the first step of data preparation, the categorical variables (salary, department) were converted into dummy/indicator variables, by which each of the distinct values in the categorical fields was converted to binary fields. The dataset was split into a training dataset (80% of the instances) and a test dataset (20% of the instances). We kept the same proportion of employees who quit or who stayed in both datasets.

300

L. Maria-Carmen

Analyzing the top 5 most voted notebooks by this date for this challenge on Kaggle we can conclude that most of the work is done regarding the exploratory data analysis. This research will bring an important contribution to the community by using both a detailed training and an evaluation process. For running our experiments, we used the high-performance computing facility of Babes-Bolyai University [19].

25.4 Exploratory Data Analysis Our primary objectives are creating an overview of the data, analysis of the dependent variable, intuitively determining the variables that seem important (salary, department, years at company, satisfaction, work accidents), studying the interaction between variables, identifying some clusters in data, etc. From a quick data analysis perspective, we confirm that the dataset has 10 variables (5 numerical, 3 boolean, 2 categorical), 14,999 observations, there are no missing values inside the data set. The dependent variable is “left”, while the independent variables are satisfaction_level, last_evaluation, number_project, department, average_montly_-hours, time_spend_company, work_accident, promotion_last_5years, and salary. If we analyze the dependent variable, we see that the percentage of those who left the company is 23.80% and the percentage of those who did not leave the company is 76.19%. Salary analysis (see Fig. 25.1) shows us that 48.7% of employees have or had a low salary, 42.98% medium salary, and 8.25% high salary. Very few of those with high salary left (6.62%), 29.69% from those with low salary left, and 20.43% from those with medium salary. Going further we also pay attention to the department analysis (see Fig. 25.2). 27.60% of employees work or worked in the sales department. 24.5% of those who worked in Sales left the company. 25.5% of those who worked in the technical department left the company. 29% of those who worked in HR left the company. The inter-quartile range for satisfaction level for those who did not leave the company is smaller than for those who left. The median for those who left is lower than for the other group, indicating that the satisfaction level is smaller for those

Fig. 25.1 Salary analysis

25 Classical Machine-Learning Classifiers to Predict Employee Turnover

301

Fig. 25.2 Departments analysis

who left. Most of the employees have a satisfaction level above 0.5. Overall satisfaction level in a company is a very important aspect. In terms of satisfaction, studies showed that payment, promotion, supervision, benefits, rewards, working conditions, co-workers, communication, and the nature of work should be considered when measuring satisfaction [20]. Also, one of the main reasons why employees leave a company is dissatisfaction [21]. Job satisfaction is strongly related to employee performance and turnover [22]. Among those who leave the company, 8 behaviors are identified. First, they are very well evaluated (good performance) and very dissatisfied. Second, they are unsatisfied and have low evaluation. Third, they leave even if their performance is outstanding, and their satisfaction level is very high. Fourth, they are working long hours and are unsatisfied. Fifth, they work normal hours and are unsatisfied. Sixth, they work long hours, and they are also satisfied. Seventh, their performance is bad, and they also work for few hours. Eighth, they work long hours and have very good performance. People who left the company had a lower satisfaction level (see Fig. 25.3), they were working many hours (see Fig. 25.4), they had low to medium salary (see Fig. 25.1), and most of them left from sales, technical, and support departments (see Fig. 25.2). A very interesting group is that of employees who worked long hours had good results in the evaluation and they left (see Fig. 25.4). The assumption is that the company overburdens employees. Another interesting group is that of employees who left the company even though they had a high level of satisfaction and very

Fig. 25.3 Satisfaction level analysis

302

L. Maria-Carmen

Fig. 25.4 Correlation between satisfaction level, average monthly hours, and last evaluation

good performance. If we isolate this cluster and analyze the other variables, we can observe that 562 (out of 923 isolated instances) employees had a low salary and only 39% of them had a medium or high (1.3%) salary. The company may want to reevaluate the salaries of hard-working and motivated employees in order to keep them.

25.5 Predictive Analysis In this section, we will go through the process of training, testing, and evaluation of predictive machine learning methods. We will separate the data set into 2 subsets: for training and testing. The training set is used by a specific algorithm that learns the pattern and particularities of the data. We will thus obtain a model, which we will test based on test data, not used in training. After obtaining the models created based on 4 different classifiers, we will validate them to see the performance, and eventually we will compare them to decide which model has the desired outcome.

25.5.1 Logistic Regression Using the Scikit-learn [23] and Statsmodels API [24] libraries we created 3 logistic regressions. The first variant contained all the attributes. The second variant was obtained by selecting those features that have the greatest impact on the prediction (they have very low p-values) analyzed using Statsmodels. For the third variant, we modified the threshold of the previous model from 0.5 to 0.37 to improve the recall of the instances that left the company. We varied the threshold because the cost of one type of misclassification proved to be higher than another type of misclassification (Fig. 25.5). Model number 3 for Logistic regression brings the best results for Recall and F1 Score. This model uses 8 of the 20 features available after dummy-encoding of

25 Classical Machine-Learning Classifiers to Predict Employee Turnover

303

Fig. 25.5 Logistic regression models comparison

Fig. 25.6 Default and final estimators for decision tree and random forest

categorical variables. These features were selected based on p-value, and the model has a threshold set at 0.37.

25.5.2 Decision Tree and Random Forest The parameters controlling the size of the trees (e.g., max_depth, min_samples_leaf, etc.) lead to fully grown, unpruned trees. The first Decision Tree model trained (see Fig. 25.6) had default values for all parameters. On the training dataset, the accuracy was 100% and on the test dataset accuracy was 98.13%. To highlight the importance of modifying the parameters, we will compare in the table below two estimators (decision trees), the one that uses the default values of the parameters and the final adjusted model (max_depth = 7, min_samples_leaf = 50). Training the Random forest model with default parameters led to the same problem—overfitting. The first Random Forest model trained had 100% accuracy on training and 99.16% accuracy on the test dataset. To train the final Random Forest classifier we used the parameters found to be the best ones for the Decision Tree. Smaller Decision Trees also have the advantage of interpretability, and the results from a decision tree visualization can be easily read and understood by nonprogrammers. Also, Decision Tree does a feature selection automatically, and the outcome was that the satisfaction level is the most important factor.

25.5.3 Support Vector Machines To build radial kernel SVM models, the C and gamma parameters must be adjusted. Four models were built based on Support Vector Machines. The first 2 of them involved intuitive selections of parameters. Before creating the third model, we run a search grid. The best estimator evaluated using these parameters had C = 60 and gamma = 0.4. This model had a very good evaluation, but it was continued with

304

L. Maria-Carmen

Fig. 25.7 Support vector machines classifiers comparison

a manual adjustment to obtain the last model, which has the best performance for recall (Fig. 25.7).

25.5.4 Evaluation The specificity of a model quantifies its ability to correctly predict employees that left the organization. Accuracy, precision, recall, and F1 Score are calculated based on the confusion matrix. The confusion matrix helps us to determine if the classifier is specific enough to be able to correctly determine the belonging to the smallest class (quit = 1). In the next evaluation, we will look at True Positive values (Fig. 25.8). Analyzing the four models by their confusion matrix (see Fig. 25.8), we can conclude that the model with the best specificity is the Support Vector Machines model. It has a higher number of correctly identified employees that quit their jobs. Going further with these results, we can analyze the scores for these final models. By analyzing the results from Fig. 25.9 we can see that the Support Vector Machine classifier has the best result for Recall of the “left” employees (specificity). Even though the Random Forest has the best F1 Score, it has a recall score with 0.04 Fig. 25.8 Confusion matrix of the final models

Fig. 25.9 Metrics comparison of the final models

25 Classical Machine-Learning Classifiers to Predict Employee Turnover

305

lower than the SVM, and the SVM’s F1 Score is only 0.01 lower than the result from Random Forest. As we decided that the Recall is the most important for our business problem, we can say that there is no major difference between RF and SVM in terms of F1 Score, but the SVM result for Recall is very promising and we can use it with confidence. The area under ROC has also the best result when we use the SVM model. A 0.99 score for the ROC area for the Support Vector Machines classifier (see Fig. 25.9) is a very good and promising result in addition to the high Recall score (95%) and the other metrics that resulted for this model. Compared with the Logistic Regression ROC curve, we can see a very good improvement. These results are due to the entire improvement process that the models went through in order to obtain a high-performance model. The iterative process in which the models were built enables us to trust the results.

25.6 Conclusion and Future Work As a tool, Machine Learning proved to be a real addition to the HR department. Developing a model that can predict with high specificity the employees prone to leave their jobs could increase the efficiency of the HR department, increase the profit of the company, and decrease instability and risks. Going through problem definition, data set analysis, data preprocessing, model selection, model adjustment, evaluation metrics, and comparison of built models we presented the entire flow of machine learning development for this specific business problem: the prediction of employee turnover. Based on our multiple experiments with Logistic Regression, Decision Trees, Random Forest, and Support Vector Machines, we conclude that the Support Vector Machines classifier is a reliable approach in predicting employee turnover. With the recall value at 95%, accuracy value at 97%, and the AUC equal to 99%, this model meets our criteria for making it suitable for this business problem. With these numbers in mind, we can confirm that Machine Learning adoption in this department would be productive. Given the vastness of the existing models, as future research work, we recommend experimenting with boosting algorithms, or with more recent machine learning methods such as deep learning. The question is how much more can the results be improved and whether the use of more expensive methods in terms of resources (such as Deep Learning) will bring radically improved results.

References 1. Simons T, Hinkin TR (2001) The effect of employee turnover on hotel profits: a test across multiple hotels. Cornell Hotel Restaur Admin Quart 42(4):65–69 2. Holtom BC, Mitchell TR, Lee TW, Eberly MB (2008) 5 turnover and Retention research: a glance at the past, a closer review of the present, and a venture into the future. Acad Manage Annals 2(1):231–274

306

L. Maria-Carmen

3. Lee TW, Hom P, Eberly M, Li JJ (2018) Managing employee retention and turnover with 21st century ideas. Organ Dyn 47(2):88–98 4. Christiansen J (2019) 8 things leaders do that make employees quit. Harv Bus Rev. https://hbr.org/2019/09/8-things-leaders-do-that-make-employees-quit?registration=suc cess. Last accessed 05 May 2021. 5. Bhatnagar J, Budhwar PS (2007) Talent management strategy of employee engagement in Indian ITES employees: key to retention. Empl Relat 29(6):640–663 6. Eddolls T (2019) IBM knows you’re leaving. IBM Commun. https://community.ibm.com/com munity/user/ibmz-and-linuxone/blogs/destination-z1/2019/12/23/ibm-knows-youre-leaving. Last accessed 05 May 2021 7. Tsai SC, Chen C-H, Shiao Y.-T, Ciou J-S, Wu T-N (2020) Precision education with statistical learning and deep learning: a case study in Taiwan. Int J Educ Technol High Educ 17(12) 8. Jain R, Nayyar A (2018) Predicting employee attrition using XGBoost machine learning approach. In: 2018 international conference on system modeling & advancement in research trends (SMART), pp 113–120. IEEE 9. Alao DABA, Adeyemo AB (2013) Analyzing employee attrition using decision tree algorithms. Comput, Inf Syst, Dev Inf Allied Res J 4(1):17–28 10. Yadav S, Jain A, Singh D (2018) Early prediction of employee attrition using data mining techniques. In: 2018 IEEE 8th international advance computing conference (IACC). IEEE 11. Pavansubhash (2017) IBM HR analytics employee attrition & performance, Version 1. https://www.kaggle.com/pavansubhasht/ibm-hr-analytics-attrition-dataset. Last accessed 05 May 2021 12. James G, Witten D, Hastie T, Tibshirani R (2013) An introduction to statistical learning: with applications in R. Springer 13. Pujar G (2018) HR analytics, Version 1. https://www.kaggle.com/giripujar/hr-analytics/ver sion/1. Last accessed 05 May 2021 14. Breiman L, Friedman J, Olshen R, Stone CJ (1984) Classification and regression trees. Chapman and Hall 15. Breiman L (2001) Random forests. Mach Learn 45:5–32 16. Cristianini N, Shawe-Taylor J (2000) An introduction to support vector machines and other kernel-based learning methods. Cambridge University Press 17. Ribes E, Touahri K, Perthame B (2017) Employee turnover prediction and retention policies design: a case study. Working papers hal-01556746, HAL.W 18. Hong C, Wei SY, Chen YF (2007) A comparative test of two employee turnover prediction models. Int J Manage 24(4):212–229 19. Bufnea D, Niculescu V, Silaghi GC, Sterca A (2016) Babes, -Bolyai university’s high performance computing center. Studia Universitatis Babe¸s-Bolyai, Seria Informatica 61:54–69 20. Sila E, Širok K (2018) The importance of employee satisfaction: a case study of a transportation and logistics service company. Management 13(2):111–136 21. Lee TW, Mitchell TR, Wise L, Fireman S (1996) An unfolding model of voluntary employee turnover. Acad Manage J 39(1):5–36 22. Bowling NA (2020) & Sessa, vol I. Routledge, Essentials of job attitudes and other workplace psychological constructs 23. Pedregosa F, Varoquaux G, Gramfort A, Michel V, Thirion B, Grisel O, Blondel M, Prettenhofer P, Weiss R, Dubourg V, Vanderplas J, Passos A, Cournapeau D, Brucher M, Perrot M, Duchesnay E (2011) Scikit-learn: machine learning in python. J Mach Learn Res 12:2825–2830 24. Seabold S, Perktold J (2010) Statsmodels: econometric and statistical modeling with python. In: Proceedings of the 9th python in science conference

Chapter 26

Assessing the Share of the Artificial Ad-Related Traffic: Some General Observations Marek Gajewski, Olgierd Hryniewicz , Agnieszka Jastrze˛bska , ´ , Mariusz Kozakiewicz, Karol Opara , Jan W. Owsinski Sławomir Zadro˙zny , and Tomasz Zwierzchowski

Abstract Online advertising campaigns are adversely affected by bot traffic. In this paper, we develop and test a method for the estimation of its share, which is necessary for the evaluation of campaign efficiency. First, we present the nature of the problem as well as the underlying business rationale. Next, we describe the essential features of Internet traffic, which ought to be accounted for, and the potential methodologies, which can be used to reach the objective of the project. Finally, some of the results are provided, along with the respective discussion, followed by both technical and also more general conclusions.

The work reported here was carried out in the framework of the project named ABTShield, implemented by EDGE NPD Ltd. Co. in cooperation with the Systems Research Institute of the Polish Academy of Sciences under the regional operational program of the province of Masovia in Poland, financed from the European Regional Development Fund, contract no. RPMA.01.02.0014-B448/18-00. M. Gajewski · O. Hryniewicz · A. Jastrze˛bska · K. Opara · J. W. Owsi´nski (B) · S. Zadro˙zny Systems Research Institute, Polish Academy of Sciences, Warsaw, Poland e-mail: [email protected] O. Hryniewicz e-mail: [email protected] K. Opara e-mail: [email protected] S. Zadro˙zny e-mail: [email protected] M. Kozakiewicz · T. Zwierzchowski EDGE NPD Ltd. Co, Warsaw, Poland e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_26

307

308

M. Gajewski et al.

26.1 Introduction and Problem Formulation Advertising activities are the essential moving force behind the World Wide Web or the Internet. It is truly difficult to assess what proportion of the Internet content would disappear were the advertising elements to be removed or banned, but we would have been dealing, then, with just a skeleton of what we have today (“money makes the world go round...”). This key activity is organized and realized within an ample and relatively complex market, in which one can distinguish several roles, and which can be twisted in a variety of ways. The present paper reports on the work done within a project, which addressed the primary manner, in which the web-based advertising market can be twisted. Payments for ads are usually settled based on a certain (minimum) number of clicks. Hence, if an automatically functioning software robot (bot) clicks a certain proportion of times on the ad, some participants of the online advertising market benefit but the advertiser incurs a loss. Such traffic exists and is claimed to reach as much as 50% of total traffic volume; see, for instance, [3].1 For different market participants, bot traffic has different effects. It is a loss to the ultimate advertising agent (producer or seller of goods, or both), and perhaps also to the designing agency (less actual views by humans) but it is a bonus for those, who get paid for a definite number of clicks (various intermediaries), and, in a specific manner, to the competitors. Beyond this, a secondary (or “underpinning”) market would develop instruments and tools for operating on the primary market, i.e., the one for producing the respective bots or robots, and also for counteracting, in some manner, their activity. One of the components of the latter is the capacity of estimating the dimensions of the artificial traffic, or even better: identifying the artificially produced events. It serves a clear business need, namely the verification of the reliability of ad campaigns. Operation and modelling of the digital advertising market can indicate potential behaviour patterns of its different participants but this is beyond the scope of this study. Nevertheless, artificial traffic has some of the (interrelated) basic characteristics which are necessary to make its use profitable, notably low cost of individual action, and low cost of producing and operating the bots, with a large scale of interventions (impressions, clicks, etc.). Identification of artificial traffic is challenging. If this were simple (and hence cheap), bots would have been easily filtered out leading to a “clean” market in which the advertisers would be paying for the true glimpses of the ads they ordered. However, three reasons make the identification of artificial traffic complex: (1) very high variety of human behaviour patterns; (2) relatively low cost of producing bots that do not act truly “weird”; (3) it is hard to compare different bot detection systems as the ground truth data is unavailable or, at best, scarce. The operation of most bots remains relatively simple, though not “simplistic”. One of the reasons is that the production or acquisition of an instrument that closely 1

Note that we do not consider here the crawlers and bots that have no “negative” objectives, like those that gather statistical data, and are used for scientific purposes, etc.

26 Assessing the Share of the Artificial Ad-Related Traffic …

309

imitates human behaviour is expensive and more complicated in operation. Moreover, such a bot would struggle to produce the required scale of interventions (just because it would behave like a human). Altogether, there should be some characteristics that differentiate artificial and human Internet traffic. We discuss them in the subsequent section.

26.2 Feature Engineering The objective of our work was to devise a mechanism that differentiates humans from bots based on website activity logs. The method was delivered to be used by publishers who, alongside their standard content, display advertisements and wish to analyse the traffic on their end. Tracking the nature of actors (bots or humans) that are displaying advertisements is a cornerstone for fair settlements in pay-per-click billing schema. There is an organic movement in the community of stakeholders of the digital advertisement market that is concerned with the credibility of certain publishers and advocates for more transparent information about the share of bot clicks on their advertisements [7]. The proposed solution can be used for this purpose provided that an independent party will have access to raw data (logs) necessary to analyse the share of human and bot activities on a given publisher’s website. Besides, it can be used by publishers autonomously, to gain insight into the nature of the traffic on their pages. The difficulty of the task of bot detection is increased by the so-called botnets, in which a click fraud is organized in a distributed manner [5], and bot farms, where humans are hired to click on advertisements [11]. The proposed solution analyses the temporal characteristics of activities performed by actors accessing a given webpage. At the moment, we analyse data using a 7-day-long window. The proposed approach processes information at the elementary level, that is, raw data organized into rows, where one row corresponds to one event registered in logs. The most fundamental function of the developed solution is an external, proprietary fingerprinting algorithm that we use to assign each event to one actor. Each actor accessing a given webpage receives a unique identifier. This task is quite challenging. The algorithm must include actors reconnecting with dynamic IP addresses, changing details of their user-agent (technical environment), clearing cookies, and so forth. After fingerprinting, we produce an intermediate secondary data format, where raw data is annotated with user identifiers and split into chunks called sessions. Each session describes a coherent sequence of browsing activities for a given actor, sorted according to timestamps. Finally, we proceed to the extraction of numerical features describing the behaviour of each actor in the registered sessions. After this aggregation, one row corresponds to a single actor distinguished by its unique identifier. Consequently, we have as many rows as distinct actors who accessed our webpage during the analysed 7-day-long window. The described interchanges between information representation formats are illustrated in Fig. 26.1.

310 Fig. 26.1 Subsequent data transformations

M. Gajewski et al.

Online acvity logs: raw data, one row corresponds to one click

fingerprinng

User acvity log: raw data annotated with user idenfier, split into sessions, each session describing a coherent sequence of acons

aggregaon

Weekly user stascs: numerical features describing behaviour of each logged actor in all sessions recorded in a 7-day-long window

The discrimination between humans and bots is performed with the use of the final data representation format, which contains numerical descriptors of the actor’s behaviour. The features were hand-crafted with the use of expert knowledge of this domain. The main descriptors that can allow distinguishing human and artificial traffic are utilizing the following notions: – Quantity of clicks; – The regularity of clicks; – Frequency of clicks (we distinguish the two given the different time frames that may intervene; see also below); – Unusual activity hours computed with the use of the knowledge about the time zone of the actor (e.g., nighttime visitors); – “Logic” of clicks—it is an actor using referrals when clicking on next items; – Changes of user agent details and the agent details themselves; – Frequency of cookie rotation that may indicate suspiciously high browsing activity. The presented notions rely on information about the agent’s time zone and technical properties of the machine, from which the agent has established a connection. To the greatest extent, we utilize the data on clicks, as this is the activity that we need to trace in the first place. We utilize various timescales. The features are computed using data concerning sessions that were registered in the time frame of 7 days. We aim to describe not only the behaviour of an actor during a session but also the relations between consecutive sessions. This was motivated by an observation that the simplest bots perform quick actions within a single session, while more sophisticated bots make certain intervals so their actions may be recorded in several sessions. The total number of clicks in the latter scenario is still vast, but it is split to conceal the true nature of an actor.

26 Assessing the Share of the Artificial Ad-Related Traffic …

311

The features considered allow for detecting the behavioural patterns of actors accessing the webpage. A similar focus is mentioned in several other studies on bot detection, for example, [1, 2]. We use the following groups of features (for each group we list below the concrete features included in it): – Concerning the technical environment of the actor: distinct user agent count, is the actor’s declared browser name the same as the true browser name, is the actor’s declared browser language name the same as the true browser language, is the actor’s declared operating system name the same as the true operating system name, is the actor’s declared screen resolution name the same as the true screen resolution, distinct IP address count, average time in seconds between events happening within a cookie in the last 7 days, variance (in seconds) of the time-lapse between changes within a cookie, the number of assigned cookies for the past 7 days, whether the actor is on a whitelist of useful bots (helpers in indexing), the ratio of the number of events logged with whitelisted IP to the number of events logged with a notwhitelisted IP. – Concerning activities within a single session: average time in seconds to the next event in the sessions with more than three events, the maximum number of distinct web pages visited within one hour, the same but within a one-minute window, the maximum number of page views in a one-hour window, the same but within a one-minute window, and total page views count. – Concerning relations between sessions: the number of sessions with more than three events, the average time in seconds between consecutive events occurring in the last 7 days, variance (in seconds) computed for the number of events is sessions longer than three events, and variance (in squared seconds) of the period occurring between events in sessions longer than three events. – Concerning the nature of clicking: distinct page view count, referrals share in all clicked URLs, referrer count, the number of visited campaigns, and the number of unique renderers. – Concerning actor’s time zone: the number of page views in hours 0–6 in the actor’s time zone (hours 0–6 are supposed to be of rather low activity for humans), and the share of actor’s page views in hours 0–6 per the total number of page views. The proposed set of features emerged in a series of experiments and analyses on several data sets. The initial set comprised over 100 features and was gradually reduced to the set shortly characterized above. Still, the given set of features shall be critically analysed and there is a potential for its further reduction, depending on the properties of a particular data set one needs to process (see further on this). Each row in the final data frame is labelled as either a bot or a human. The label is attached using a rule-based method developed by the experts. The rule comprises several compound if-then clauses. The rule is generally enough to be applied to different data sets but occasionally provides incorrect predictions. We use those labels as an approximate reference to guide our data-driven approach to the mining of this data set.

312

M. Gajewski et al.

26.3 Feature Analysis—A Case Study Let us present a brief case study, in which we will showcase the presented set of features on a real-world example of a marketing campaign promoting one specific product. For the sake of anonymity, we do not give further details on the matter of the company and the product being advertised. The campaign was delivered in the form of banners. We trace the campaign in 7-day-long windows starting from the beginning of this campaign (4th day of August, 2020). Thus, we have the opportunity to examine aspects such as the popularity of the campaign. In Fig. 26.2, we can see how many bots (red) and humans (green) were registered in subsequent 7-day-long windows starting from the beginning of the campaign. The labels, as mentioned, were attached using our expert-made rule. We observe a gradually increasing interest in the campaign, both on the side of humans and bots. The red line, corresponding to bots, seems to be flatter, but it is due to a rather large scale of the vertical axis. In fact, both in the case of humans and bots, we see a linear increase and then a stabilization around August 11th, 2020, we see that there is an overwhelming majority of humans accessing our site. However, let us look at the key specifics of bot and human activities—the number of page views. We illustrate this in Fig. 26.3. Bots are on average substantially more active than humans. Moreover, there are changes in the tendencies when we compare results for different time windows. All in all, bot traffic is dominating human traffic in terms of intensity. Not only the number of page views allows for distinguishing bots from humans. In Fig. 26.4, the histograms of values of selected features for the 7-day-long window starting on August 11th, 2020, are shown. The task of distinguishing humans from bots is challenging. Histograms use slightly transparent colours to illustrate overlapping values. There is no clear split between the two types of actors. Nonetheless, we see that in the case of some features, such as max page views per minute, the distribution concerning bots is slightly more skewed to the left which suggests that the majority of recognized bots view more pages than humans. Analogous properties,

Fig. 26.2 The number of bots (red) and humans (green) registered in subsequent 7-day-long windows starting from the beginning of the campaign

26 Assessing the Share of the Artificial Ad-Related Traffic …

313

Fig. 26.3 The number of displayed pages by bots and humans divided by the number of, respectively, bots and humans

Fig. 26.4 Histograms of selected features concerning bots (red) and humans (green) logged during a 7-day-long window starting from August 11th, 2020

only slightly less visible, concern the distinct page views feature. In other cases, like in the case of referrals share feature, the distribution of bots is substantially different from the distribution of humans. Finally, in Fig. 26.5 we present a feature correlogram for this data set. Overall, we have, in this example, 32 features and the 33rd feature is the bot feature (marked in red) that was computed by the aforementioned rule-based method. The correlogram reveals that several features are strongly correlated which leads us to the conclusion that there is a capacity to reduce this set further. Analysis of the correlations contributed to the selection of the following subset of features for further analyses: distinct page views, agent count, max distinct page views per hour, uid count, max page views per hour, referrals share, variance s to next event in session over 3 events, tw avg s to next event, referer count, avg s to next event in session over 3 events, has lied resolution, max page views per minute, max distinct page views per minute, tw variance s to next event cookie, page view cnt, tw avg s to next event cookie, and tw variance s to next event. While the above selection of attributes was justified by the results from the correlation analysis reported, an important conclusion from numerous analyses performed was that the overall stream of data considered displayed essential internal diversification. If a similar analysis was carried out for a different segment of data, or

314

M. Gajewski et al.

Fig. 26.5 Correlogram of used features

the choice of attributes was based on a different methodology, another set of features would most probably result. One of the essential aspects of the diversification mentioned concerned the different advertising campaigns, with, apparently, the differences resulting from both the proper characteristics of a given campaign and the behaviour of agents, either human or artificial. This observation seems to be crucial for the potential methodologies of coping with the here considered issue.

26.4 The Approaches Tested The work on the problem involved a broad array of methodologies, first concerning the choice of attributes and then identification (classification) of observations. To address the latter, we tried clustering (a couple of diverse clustering algorithms), reverse clustering [8], identification of association rules, as well as diverse classifier

26 Assessing the Share of the Artificial Ad-Related Traffic …

315

building techniques. A special effort oriented at the comparison of classification results was undertaken, in which such techniques were applied as, in particular, those from the WEKA toolset, namely bagging, random forest, LMT (using logistic regression), and JRip (using rule system). Some hybrid or combined approaches were also tested in the framework of this research, consisting of the conjoint application of clustering and classifier training, i.e., partitioning the set of observations into subsets and then training of the classifiers properly for the subsets. This general concept was implemented in a variety of manners, with, for instance, not only tuning of parameters and selection of variables corresponding to different subsets, but also the selection of different techniques for the particular subsets, or even abandoning of classifier identification if the subsets obtained were “clean” (i.e., all elements, or definite proportions of them belonged to either human or bot categories). The subsequent section of the paper reports on one of such attempts.

26.5 Building Classifiers—A Case Study We aimed at developing a two-tier approach to the analysis of human and bot activity data. At first, we partition the data into clusters. Next, we use a classifier to recognize elements in selected clusters. Classifiers are used only in these clusters, which contain mixed observations. The method is endowed with two parameters, k is the number of clusters to be extracted and t is the threshold level determining in which clusters we build a classifier. The choice regarding clustering and classification algorithms to be used in this approach can be made depending on the preferences of the model designers. We recommend the use of k-means as the clustering algorithm and decision tree as the classifier. The argument for choosing k-means is that it produces an output that is straightforward to interpret: clusters are represented with centroids, which inform us about a typical instance falling into a given cluster. Decision trees are recommended for the same reason. In this case, the model is present in the form of a tree structure, where splits encode the level of a feature that decides about class label assignment. The second tier—supervised clustering is treated as a fine-tuning step. Most of the heavy lifting is expected to be executed by the clustering algorithm. An important factor when choosing the right algorithms is time complexity. The kmeans algorithm is known to have a time complexity of O(n 2 ), where n is the input data size [9], while the process of constructing a decision tree using the popular CART algorithm can be estimated as O(mn log2 n) where m and n are the numbers of attributes and observations, respectively [10]. The decision regarding the number of clusters to be created can be made in two ways. One is the application of a selected internal cluster validity index. The literature of the area offers a plethora of such measures, often evaluating the similarity of points belonging to the same cluster, dissimilarity of points categorized to different clusters, both these elements or other features related to the shape and characteristics

316

M. Gajewski et al.

Table 26.1 Splitting into different number of clusters Split into k = 2 clusters Cluster ID Cardinality Bot share (%) C1 21749 49.91 C2 4927 50.40 Split into k = 3 clusters Cluster ID Cardinality Bot share (%) C1 7089 78.25 3115 39.78 C2 C3 16472 39.78

Split into k = 6 clusters Cluster ID Cardinality Bot share (%) C1 4975 90.43 C2 1968 60.57 13637 33.17 C3 C4 1043 37.20 4177 44.51 C5 C6 876 100.00

of clusters. While reviewing particular cluster validity indexes, we often come across measures such as variance, entropy, distances, diameters, the density of clusters, and so on [4]. Internal indexes measure clustered data itself. They promote clusters that are compact and regular: well-separated clouds with a small variance between members of the cluster. Internal cluster validity indexes are usually based on similarity measures corresponding to similarity measures used in clustering algorithms [6]. The second approach is to apply an external cluster validity criterion benefiting from expert labelling of bots and humans and choose the partitioning that assures the best separation between these categories. The former approach (internal index) is more universal, however, in practice we obtain quite different results depending on the choice of an index and on the preprocessing scheme of the data set. In our experiments with internal indexes, we often obtained recommendations concerning 2, 3, and 6 clusters for the analysed data set. In Table 26.1, we provide an example partitioning obtained for these three cases on a randomly selected balanced sample of instances. The average separation for these three cases is equal to 50.25%, 66.23%, and 72.69%, respectively. Thus, we choose the split into six clusters as the most suitable for this data set. In this case, we obtain one cluster made with bots only (C6), one cluster almost exclusively made of bots (C1), and four rather mixed clusters. Looking at the obtained clusters, we can set the threshold level to 0.1 which will define that decision trees will be built in four clusters (C2, C3, and C4). An alternative way of determining the threshold level would be to set it to the desired recognition rate. To evaluate the quality of bot/human identification, we need to choose appropriate measures. Since the data is skewed, besides standard accuracy measure, we propose to apply the F1 score which is the harmonic mean of precision and recall. The formula for accuracy is given as accuracy =

TP + TN TP + TN + FP + FN

(26.1)

26 Assessing the Share of the Artificial Ad-Related Traffic …

317

where TP is the number of correctly identified bots, and TN is the number of correctly identified humans. FP and FN are incorrectly identified as humans and bots. Based on the values of TP, TN, FP, and FN we can compute precision and recall which are precision =

TP TP + FP

(26.2)

TP TP + FN

(26.3)

precision · recall precision + recall

(26.4)

recall = And finally, F1 is given as F1 = 2 ·

The chosen quality measures allow for verifying if a recognition mechanism is not leaning towards one of the two classes, which may happen for skewed data. We propose to execute the experiments in the following manner. – The training set should be made of randomly selected samples from one day. There should be an equal number of bots and humans in this sample (it should be balanced). – Test set, the same day: bots and humans from the same day as the training set, but samples disjoint from the train set. Balanced set. – Test set, next day: bots and humans from the next day (train set is from the previous day). This set is not balanced. Using the above-mentioned sets allows estimating the quality of the procedure. Results concerning the training set are not reported, since they may be too optimistic in the case of overfitting. Our results for these two kinds of test sets are presented in Table 26.2. All constructed models were based on six clusters. Results show that there is concept drift in the data. The next day test set turned out to be much more challenging than the same day test data. This difference can be up to 10%. We observe that the quality of the model varies slightly from one day to another. In the worst-case scenario, that is, when the model was trained on data coming from August 12, 2020, we obtained an accuracy of 64.08% for the same day test set and 82.84% for the next day test set when using only clusters. Adding decision trees to the cluster-based model in the vast majority of cases improved the recognition rate. On average, accuracy on the same day test increased from 75.45 to 85.68%, and F1 on the same day test increased from 70.47 to 85.16%. On average, accuracy on the next day test increased from 84.34 to 87.08%, and F1 on the same day test increased from 54.60 to 66.84%. The achieved recognition rates are satisfactory knowing that the data is drifting, which, in particular, was also clearly visible in Fig. 26.3.

318

M. Gajewski et al.

Table 26.2 Accuracy and F1 measure (in %) for models constructed using samples from different days. All models are built with k = 6 and t = 0.9 Train date Clusters Clusters + decision trees Same day test Next day test Same day test Next day test F1 Acc. F1 Acc. F1 Acc. F1 Acc. 3 Aug. 2020 4 Aug. 2020 5 Aug. 2020 6 Aug. 2020 7 Aug. 2020 8 Aug. 2020 9 Aug. 2020 10 Aug. 2020 11 Aug. 2020 12 Aug. 2020 13 Aug. 2020 14 Aug. 2020 15 Aug. 2020 16 Aug. 2020 17 Aug. 2020 18 Aug. 2020

86.3 61.2 90.5 75.6 81.4 87.4 89.0 63.9 62.5 50.0 64.6 67.0 68.2 54.0 60.5 65.5

85.2 69.0 90.1 77.9 83.4 87.6 89.3 70.6 69.4 64.1 71.1 72.4 72.4 65.8 67.2 71.6

66.6 54.7 59.2 55.6 67.6 65.8 66.5 51.2 51.6 41.6 53.4 49.8 50.1 44.1 45.9 50.0

83.1 87.9 83.7 86.5 91.0 87.8 88.0 81.6 81.9 82.8 84.3 82.2 80.8 83.8 80.8 83.4

86.3 87.5 90.5 93.7 88.1 95.0 93.5 83.6 80.3 79.2 81.8 82.9 78.9 80.1 80.9 80.3

85.2 87.3 90.1 93.5 88.7 95.0 93.4 85.1 82.5 79.6 82.6 83.5 80.5 81.8 80.9 81.2

66.6 55.3 59.2 78.4 75.3 85.4 72.4 71.6 68.4 59.6 65.9 67.0 61.4 64.5 57.8 60.4

83.1 84.5 83.7 93.4 92.5 95.4 89.7 89.4 88.2 81.4 86.6 87.1 85.0 86.9 81.7 84.7

The use of both accuracy and F1 score is necessary since we observe that the accuracy is higher than F1 score, and we need to monitor this difference.

26.6 Conclusions In the paper, we have presented a rudimentary approach for the identification of bot and human traffic on a webpage. We exploit features describing the actor’s behaviour. The approach itself is a combination of unsupervised and supervised learning. At first, we partition the data into clusters. Next, in selected clusters, we build decision trees. The number of clusters and the choice of when to build a tree within a cluster parameterize the proposed model. The former can be determined using an internal cluster validity index, for instance, the silhouette index. The latter can be determined as a target accuracy one wishes to obtain. The model can be instantiated with the use of k-means and CART decision tree which both have the advantage of being straightforward to interpret by a human being. Because the data is skewed, it is necessary to trace both the accuracy and the F1 score (or a similar measure or quality)

26 Assessing the Share of the Artificial Ad-Related Traffic …

319

of the constructed models. We illustrate the proposed procedure on a selected realworld data set. The objective was to obtain satisfying results knowing that the data is drifting. The achieved average accuracy reaches about 87% on a test set originating from a date different than the training set date.

References 1. Aberathne I, Walgampaya C (2018) Smart mobile bot detection through behavioral analysis. Advances in data and information sciences. Springer Singapore, pp 241–252. https://doi.org/ 10.1007/978-981-10-8360-0_23 2. Cai Y, Yee GOM, Gu YX, Lung CH (2020) Threats to online advertising and countermeasures. Digit Threats Res Pract 1(2):1–27. https://doi.org/10.1145/3374136 3. CHEQ: what is bot traffic? Digital advertising fraud. https://www.cheq.ai/blog/what-is-bottraffic. Accessed 13 Mar 2021 4. Halkidi M, Batistakis Y, Vazirgiannis M (2001) On clustering validation techniques. J Intell Inf Syst 17(2/3):107–145. https://doi.org/10.1023/a:1012801612483 5. Khattak S, Ramay NR, Khan KR, Syed AA, Khayam SA (2014) A taxonomy of botnet behavior, detection, and defense. IEEE Commun Surv Tutor 16(2):898–924. https://doi.org/10.1109/ surv.2013.091213.00134 6. Kryszczuk K, Hurley P (2010) Estimation of the number of clusters using multiple clustering validity indices. Multiple classifier systems. Springer Berlin Heidelberg, pp 114–123. https:// doi.org/10.1007/978-3-642-12127-2_12 7. Mouawi R, Elhajj IH, Chehab A, Kayssi A (2019) Crowdsourcing for click fraud detection. EURASIP J Inf Secur 2019(1). https://doi.org/10.1186/s13635-019-0095-1 8. Owsi´nski JW, Sta´nczak J, Opara K, Zadro˙zny S, Kacprzyk J (2021) Reverse clustering. Springer International Publishing. https://doi.org/10.1007/978-3-030-69359-6 9. Pakhira MK (2014) A linear time-complexity k-means algorithm using cluster shifting. In: 2014 international conference on computational intelligence and communication networks. IEEE. https://doi.org/10.1109/cicn.2014.220 10. Sani HM, Lei C, Neagu D (2018) Computational complexity analysis of decision tree algorithms. Lecture notes in computer science. Springer International Publishing, pp 191–197. https://doi.org/10.1007/978-3-030-04191-5_17 11. Thejas G, Dheeshjith S, Iyengar S, Sunitha N, Badrinath P (2021) A hybrid and effective learning approach for click fraud detection. Mach Learn Appl 3:100016. https://doi.org/10. 1016/j.mlwa.2020.100016

Part IV

E-Society, Enterprise and Business Solutions

Chapter 27

Experimental Results Regarding the Efficiency of Business Activities Through the Use of Chatbots Cîmpeanu Ionut, -Alexandru

Abstract In this article we take into consideration the chatbots, describing some models used in different fields of activity comparing how to achieve them, the estimation effort given by the specialists who worked on their implementation, the benefits, and efficiency at work. A chatbot is a computer program that has the role of connecting a verbal or written dialogue with a person. Over time, chatbots became necessary in all areas. They are used in healthcare, education, nutrition, transportation, finance, tourism, relaxation, and rest. The trend of companies is to replace the customer service department with chatbots that are efficient, do not mean very high costs, and work 24 h a day helping employees with personalized explanations, sending messages, or emails regardless of location, with possibility to upload some documents in the application. Chatbots are secure, and for a user to log into the chatbot, he/she must go through several steps. In this article we present the way of working, original solutions, and experimental results analyzed in the development of three chatbots from different fields. Conversational skills are described, but the emphasis are on the four dimensions of the chatbot development in the chosen areas of activity: interaction, integration, testing, and analysis. Moreover, we want to highlight the concern of business people for using the chatbot in any field of activity, streamlining economic activities, and achieving the success of the chatbot.

27.1 Introduction In 1950, Alan Turing said that an intelligent machine differs from a human being only through a written conversation. His ideas were the basis of the chatbot revolution. In 1966, Eliza was created to have conversations with people by following the user’s requests to get scripted answers [8]. It was another step in the evolution of the chatbots. Research continued, and other chatbot models began to appear at an C. Ionut, -Alexandru (B) Faculty of Cybernetics, Statistics and Economic Informatics, The Bucharest University of Economic Studies, Bucharest, Romania e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_27

323

324

C. Ionut, -Alexandru

interval of about 10 years, revolutionizing the market and bringing novelty, diversity, technology, and innovation. Through intelligence and creativity, man discovers new ways to revolutionize the world by putting into practice ideas that seemed impossible to implement a few decades ago. In 1980, Jabberwacky was developed, a chatbot that simulates human feelings and emotions in a humorous and relaxing way [9]. In 1992, Dr. Sbaitso was developed, a chatbot who assumes the role of psychologist in interacting with people [1]. Of course, all the inventions, the results obtained in the field of artificial intelligence and natural language processing, all the advances made by the human mind through study, long research and hundreds of hours of observing how a machine can take over much of the tasks that a man can do them, bring long-term benefits, make man’s work easier by allowing him to focus only on aspects that cannot be achieved by a robot. In order to develop a chatbot, one may need expertise in specialized areas, such as machine learning and natural language processing. Chatbot development is based on frameworks already made (for example, Microsoft Bot Framework) that provide components for user interaction and platforms for understanding natural language [3]. The multitude of chatbot studies helps IT specialists, groups of researchers to obtain customized chatbot models by providing data on how to implement, the basic architecture of the chatbot made, the messaging client platform, the channels made, the connectors in the platform, dialogue management, training chatbot (a chatbot must be created and trained based on a data set). Messaging platforms (such as Facebook, Instagram, Telegram, Whatsapp, TikTok) [10] are the main form of communication and exchange of information between people [11]. Most of the emerging messaging platforms support the integration of chatbot applications [5]. These applications make it possible to interact with users of the platform. There are studies that show the widespread use of chatbots in education, e-commerce, automated customer service, and even social media [13]. All these studies talk about the fact that in the near future, the design and implementation of the chatbot will become a necessity, and IT specialists will have to find solutions so as to improve the work of the company’s employees, to make a profit, to take over a large part of the tasks, basic needs of employees, to bring novelty and constructive solutions in the company [12]. Other forecasts say that in the coming years, 80% of companies will use chatbots, and banks will automate up to 90% of the interaction with their customers [14]. The high interest and widespread demand for chatbot applications reflects the desire of people to find solutions and quickly build complex chatbot applications by talking easily, in many languages and at any time with the user [6]. It is also necessary to access internal and external services to perform the actions desired by the user (for example, requesting verification of the data that is transmitted to the user, querying this data, performing query response actions).

27 Experimental Results Regarding the Efficiency of Business Activities …

325

27.2 Description and Comparison of Three Chatbot Models The areas in which the chatbot is gaining more and more ground and people are gaining courage and calling in their companies specialists to implement profitable IT solutions are as follows: Ecommerce, Medical, Customer relations, Travel, Tourism and HoReCa, Banking services, Financial and Fintech, HR & Recruitment, Education [15]. Here are 3 chatbot models used in the medical and educational fields, examples that improve people’s lives and work by storing data necessary for medical observation or intervention or helping students and teachers to prepare for exams and get very good results. With the help of the articles and studies read, I made below a comparative analysis of these 3 models of chatbots in which we have presented their development, we tested them and estimated the results in the used fields.

27.2.1 @tensiobot @tensiobot is a chatbot used in the medical field. It has the role of measuring patients’ blood pressure. Both people suffering from heart disease and people who want to take anticipatory their blood pressure in order to prevent the onset of some diseases can use this chatbot that displays blood pressure several times a day. Thus, this application helps the doctor to discover in time possible medical complications of patients, to control the blood pressure of the consulted person with the medical database stored in the application, can intervene in time to prevent the evolution of the disease. @tensiobot has the option to ask patients to measure their blood pressure twice a day, one week before meeting with the doctor and going for a check-up. Chatbot has customizable alert times so that every person who comes to the control receives an alert if they forget to take their voltage at the indicated time, forget to write down their measured voltage or are alerted if the measured voltage is too low or too high and can medical problems occur. After the user receives the alert, he must write down the highest and lowest blood pressure values while answering the chatbot’s questions. Following the answers received, the chatbot detects the incorrectly typed values, high or low blood pressure values that should alert the patient. The chatbot also offers the option of watching a video about the correct use of the sphygmomanometer and taking into account the reported alerts. The chatbot also presents the user with an evolution chart with all the blood pressure values stored in the database so that both the patient and especially the doctor go on the same prescription and the same treatment or change the approach to the disease. This chatbot was designed with the help of a doctor and a nurse from the public health system. The application also collects data that can be accessed later by the doctor or nurse or by the doctors to whom the patient goes in connection with other diseases discovered at a medical examination. Options in this chatbot include: – videos explaining to the patient how to use the chatbot; – information on blood pressure values over a longer period of time;

326

C. Ionut, -Alexandru

– detection of high/low blood pressure values and their correction through customized solutions for each patient; – medical advice; – personalization of messages (conducting medical conversations and advice/recommendations on medication and treatment of the disease, as well as medical prevention); – daily alerts to patients; – setting (and reminding) the program for the next medical check-up or for going to another doctor in another medical unit; – displaying graphs that show the evolution of blood pressure.

27.2.2 @dawebot @dawebot is a chatbot used in education. It has the role of instructing students by using questionnaires that have multiple choice questions. Unlike single-answer questions, multiple-choice questionnaires offer students the opportunity to train and develop their intelligence, to make logical connections between different study disciplines. Chatbot was evaluated for 15 weeks by 23 students on a computer science subject. Teachers’ interaction with students was set in terms of tests using the appropriate signatures. The student can be tested in any discipline. The chatbot displays the name of the test and the number of questions the test has. Thus, the student sees how he enters the test, how long the test is, what discipline the test is given and in what time frame he must fall. The next student selects the questionnaires, and the first question appears in the test they select. The chatbot keyboard is designed to display only the buttons for the answers that are available. During the test, the student clicks on any of these buttons, and the robot responds immediately by giving feedback. This chatbot has implemented working techniques that have been designed to allow different degrees of student participation in tests, as well as success/failure in tests. When needed, students can request through the chatbot a meeting with the lecturer or teacher who teaches the tested subject, which brings transparency in the preparation of students and fairness in the evaluation through tests. These online meetings have the role of preparing students better for testing, obtaining additional explanations where students have gaps in their preparation but also in the increased quality of the educational act. When students request a meeting with the teacher, the chatbot finds a space in the teacher’s calendar using the Google Calendar API, notifies the teacher to set up meetings with various groups of students. The appointment is recorded and the teacher is notified by email and the calendar is updated automatically. Options in this chatbot include: – displaying the list of topics to be studied; – for each topic, the teacher creates multiple-choice questions that the chatbot will take into account in assessing students; – inclusion of images, graphs and diagrams in the questions;

27 Experimental Results Regarding the Efficiency of Business Activities …

327

– displaying explanations about correct and wrong options encountered by students in the given tests; – requesting an online or physical meeting with the teacher; – customizable messages (for questions and answers); – following the evolution of each student after several tests, in each discipline; – display the number of questions with correct and incorrect answers, as well as the time to solve each question and the whole test; – assessment of the difficulty of some questions based on the answers of several students and the time spent finding the correct answer; – displaying the student’s evolution in terms of progress and test results.

27.2.3 @retosmoocbot @retosmoocbot is a chatbot that has applications in the field of education but can also be used by Internet users in interactive forums to find useful information in various fields of activity. This chatbot leads to an increased efficiency of interactions among online communities with quick feedback on questions asked by various users of the forum or answers given by other users in the online discussion on a proposed topic. @retosmoocbot challenges students with questions from different fields using Massive Open Online Courses (MOOCs), online courses that are specifically aimed at participation in large numbers, even unlimited and open access via the Internet, but also interactive courses with user forums that they aim at the interaction of the community among students, teachers, pedagogical assistants, receiving in a short time and feedback both to questions asked by students on different topics, different subjects, and different disciplines, but also questions asked by teachers and pedagogical assistants. The chatbot also provides feedback to answers given by students or teachers in the forum. One of the tasks of the application is to challenge students to interactive dialogue based on responses that are recorded using voice messages. Once the message is recorded, the chatbot distributes the answers to other people with whom the student interacts. The evaluation is carried out through a section similar to a chat conversation, namely, the challenges require the evaluator to introduce and classify in a scale from 1 to 10 different aspects of the recording. For a more accurate evaluation, the use of the voice of students or teachers was introduced, an option that contributes to the efficiency of the evaluation. Options in this chatbot include: – voice recording of the answers given by students or teachers/users; – sharing questions that answered voice messages among students; – recording responses and storing them in the application database (voice messages); – assessment of voice—based responses using a scale from 1 to 10; – customizable messages (for questions and answers); – students are alerted when new questions/answers appear; – displaying the list of teachers who evaluate the students’ tests/answers.

328

C. Ionut, -Alexandru

27.2.4 Development Dimensions of the Described Applications These three chatbot models described above can be presented in two main variants, in terms of the user interface that participates in the conversation: we are talking about scripts programmed versus NLP [7]. The first category in this description, namely chatbots that follow scheduled scripts, uses a limited conversation since they only use predetermined paths. However, these applications in which the chat is based on scripts can go a long way and a lot of information can be gathered. Studies have shown that other dimensions have proven to be more influenced when it comes to building and implementing a chatbot. There are four dimensions: – – – –

Interaction dimension; Integration dimension; Analytics dimension; quality assurance dimension.

The interaction dimension takes into account how the user interacts with the chatbot. Every user needs to know the options of the chatbot, how to use it so that the entire application is made to help find effective answers for each employee of the company in a short time and wherever the user is. Of course, the internet is a necessity in using the chatbot [2]. With the help of design applications that simulate how chatbot tasks are completed, developers consider designing the conversation script. In addition, the aim is to weigh the means of interaction, obtaining information from the user (buttons, text commands, audio messages), as well as displaying the content to the user (text, images, videos, links, buttons). The integration dimension refers to the environment in which the chatbot is implemented. It should be noted that in all this data that is going to interact and make possible the operation of the chatbot, Backoffice still matters. The chatbot must interact with the application resources and in all this action the user experience makes the chatbot options to be used with great skill. There are many issues with database integration and API integration when chatbot developers work and gather data to build the application. The database is needed to gather all the necessary data, including user history, domains searched by users, and their interactions. The interaction with external systems is also performed through REST or GraphQL APIs [2]. The developer aims to connect to the business logic of the chatbot with all external services. This task includes actions related to configuration management, such as storing credentials (authentication, password, and token) for both testing and implementation, or making natural language closely related to what expressions the user would have in API. Regarding the analytical dimension, we will talk about users and trackers. Users are the people who interact directly with the chatbot. Given that this category makes a direct connection with the chatbot, we are now talking about an antonym of users, namely trackers. By contract with users, trackers do not have a direct action with the chatbot.

27 Experimental Results Regarding the Efficiency of Business Activities …

329

They monitor how to use the chatbot using the application indirectly. In this sense I give some examples: in @dawebot, students are the users, so they use the chatbot directly. Teachers are trackers, meaning they are the ones who follow the students’ results. In @tensiobot, patients are the users, and doctors are the trackers because they need to follow the results obtained by patients at medical evaluations. Doing a comparative analysis between users and trackers I can say that each case is different in both the way users/trackers interact with the chatbot and the information obtained from the chatbot using all its options. The analytical dimension involves the performance of analyzes and control panels. The developers classify the most used chatbot commands, divide the users using well-established criteria, and create statistics using diagrams, tables, drawings, images through which they interpret different results. Among the stages pursued in the development of the chatbot is the perfective and corrective maintainability. This assumes that developers also consider test environments. The functionality of a chatbot is difficult to test given the multitude of requirements. Any user is free to enter what data, what commands they want and the chatbot to be able to interpret this data and respond as quickly as possible. Regarding the testing of these commands, it cannot be said that this can be done in full. The table below reflects how these dimensions were addressed in the three chatbot examples. Each table cell introduces an estimate of the effort involved for each dimension in terms of hours invested in design/development. When we talk about the integration size, we refer to the chatbot database and API [4]. The chatbot database consists in creating custom tables that are necessary for the implementation of the chatbot to the client. The creation of these tables has a constant estimate, around five hours. Chatbot API must be able to integrate with other APIs of other applications (to communicate with each other, chatbot to be able to send data to other applications and receive data from other applications). This table presents different APIs with which the chatbots described above integrate and communicate. APIs must also capture errors and store them in the database (whether we are talking about the chatbot API or the APIs of other applications with which the chatbot integrates). When we talk about APIs, the estimation is no longer constant because the business logic differs from one application to another depending on the customer’s requirements. At the level of the interaction dimension, we are talking about UI. A trigger (such as a button) is needed for the chatbot API to communicate with another API. In the UI are built the web elements that will call different methods exposed by the API. Thus, each element invokes a unique method that can in turn invoke another API of another application or can perform different actions. The estimation of the duration of the activities is different—the realization of the triggers that call the business logic from the API differs from one application to another. When we talk about the size of the analysis, we refer to how to use the chatbot and control panels. The chatbot should have a user manual, with readable instructions and as easy to understand as possible. Being a new and constantly changing technology, this manual must be maintained, when an update of the chatbot is made, an update of the user manual must be made and new things added. When we talk about how to use the chatbot, the preparation of the necessary documentation has a relatively constant estimate. Control panels have a constant estimate if they assume a standard

330

C. Ionut, -Alexandru

Table 27.1 Development dimensions for 3 chatbot applications presented Chatbot

Integration

Interaction

Analytics Usage

Quality assurance

DB

API

UI

@dawebot

Custom tables for data storage (5 h)

Integration with Google Calendar and Plotly (15 h)

Buttons for botan.io for selecting documentation answers (6 h) (23 h)

Option for PHP unit answers (8 h) and additional questions (6 h)

@tensiobot

Custom tables for storing medical measures (4 h)

Integration with R and with package ggplot2 (22 h)

Buttons to use the chatbot (11 h)

Custom panel for order management (7 h)

Control panel for editing patient data (6 h)

Integration Audio with recordings ffmpeg (7 h) (11 h)

Custom administration panel (8 h)

Audio Manual recording testing panel (6 h) evaluation (16 h)

@retosmoocbot Custom tables for storing results (6 h)

Control panels

Testing

TDLib and Tgcil (23 h)

of activities (to answer questions, to ask other questions, to write information). If they include other options (audio recording), the realization time will increase. The dimension of quality assurance refers to the fact that quality needs to be delivered. Any new development and any innovation also lead to various bugs. Here the specialists who test intervene and the clients will not get any more bugs or the danger of getting a bug is close to 0. Chatbot testing, over time, differs depending on the domain in which the chatbot is implemented and its business logic (Table 27.1).

27.3 Conclusions In this paper we have highlighted some of the benefits that the use of chatbot brings in different sectors of activity, saving money, effort, and time. Users communicate easily and quickly with the chatbot and can have control over the professional activity using services in which natural language is used. The development of applications have as necessary steps the realization of special expertise, such as machine learning or conversation design they are different from computer systems built in the early years of artificial intelligence. Many things are gradually discovered as developers join forces by inventing new machines, new applications in which inventiveness and creativity have no limits. However, many unknowns remain and the IT revolution is ongoing and it is a permanent challenge to work in this field. Many studies show that some developers want, at

27 Experimental Results Regarding the Efficiency of Business Activities …

331

the request of managers and business owners, to build chatbots that perform particular, personalized tasks. It is an upward trend that reflects the high demand for such models designed especially for people working in different industries and face specific problems in solving tasks. The development and implementation of a chatbot also requires advanced technical knowledge through which users interact with the chatbot. This knowledge must be constantly evaluated, refreshed and perfected so as to evolve with the requirements, development and needs of the company, but also with what is happening on the market so that we can talk about the company’s profit. The three chatbot models described in this paper reflect some of the benefits that these applications bring to people’s lives, in different sectors of activity. You can see the steps followed by the developer in building and implementing a chatbot, the different way of testing the chatbot depending on what it has to do and the field of activity in which it is used, the need to customize the application according to customer needs and requests. Through the work we collected some of the experimental results on the efficiency of using the chatbot in various fields of activity. These actions document the evolution of the chatbot over time, its development according to the evolution of society, the needs of companies and various needs in existing fields of work, how to implement the solutions created and the growing requirements of society regarding the chatbot as a necessity. In each field, observing the changes, improvements to an implemented application lead to the improvement of developers, helps them to create ingenious solutions to meet customer expectations. It is the first stage in the formation and development of the person who wants to create such models. My article will certainly benefit developers who are at the beginning of the road and who must first go through the stages of documentation and in-depth study in the field, so that later, they can create original models.

References 1. Abdellatif A, Costa D, Badran K, Abdalkareem R, Shihab E (2018) 2. Pereira J, Díaz Ó (2018) Chatbot dimensions that matter: lessons from the trenches. University of the Basque Country, Manuel Lardizabal Ibilbidea 3. Multi-platform chatbot modeling and deployment with the Jarvis framework (2018) 4. Shahriare Satu Md, Hasnat Parvez Md, Shamim-Al-Mamun (2015) Review of integrated applications with AIML based chatbot 5. Daniel G, Cabot J, Deruelle L, Derras M (2020) Xatkit: a multimodal low-code chatbot development framework 6. Adamopoulou E, Moussiades L (2020) An overview of chatbot technology 7. Hallili A (2020) Toward an ontology-based chatbot endowed with natural language processing and generation 8. Weizenbaum J (1966) Eliza—a computer program for the study of natural language communication between man and machine. Commun ACM 9(1):36–45 9. Jorin V, Zhang G, Busch C (2017) Chatbots: development and applications. Berlin 10. LNCS Homepage. https://www.youtube.com/watch?v=ihnUg0_eS8Q. Accessed 15 Feb 2021 11. LNCS Homepage. https://www.youtube.com/watch?v=yJ3TTV0Il4o. Accessed 13 Feb 2021

332

C. Ionut, -Alexandru

12. LNCS Homepage. https://www.getjenny.com/blog/chatbot-use-cases-25-real-life-examples. Accessed 17 Feb 2021 13. LNCS Homepage. https://botcore.ai/blog/top-chatbot-use-cases-in-different-industries/. Accessed 25 Feb 2021 14. LNCS Homepage. https://chatbotsmagazine.com/chatbot-report-2019-global-trends-and-ana lysis-a487afec05b. Accessed 05 Feb 2021 15. LNCS Homepage. https://www.todaysoftmag.ro/article/2645/ce-este-un-chatbot. Accessed 08 Feb 2021

Chapter 28

Agile Perspectives in Higher Education Margarita Bogdanova

and Evelina Parashkevova-Velikova

Abstract The objective of the paper is to outline adaptable practices for the application of agile principles in higher education, further provoked by the COVID-19 pandemic. In the short term, agility can lead to more effective and creative ways to solve problems caused by environmental uncertainty, but in the medium and long term, it can be the basis for developing a modern vision for the successful transformation of the university business models. An empirical study in conditions of remote learning due to the imposed anti-epidemiological measures was conducted using an electronic questionnaire among 105 students from “Tsenov” Academy of Economics—Svishtov. Various aspects of the application of the agile methodologies in education during the COVID-19 pandemic are analyzed, related to the more frequent feedback between students and teachers, to the overall attitude toward enhancing digitalization, and the introduction of hybrid forms of education. The study does not provide a definite answer to the question of students’ readiness to apply agile approaches in teaching and assessment. The probable reason is that some of the agile forms were introduced partially due to the need for a rapid pandemic response. Effective agile university governance entails a combination of a bottom-up approach, in which learners are more motivated and willing to put in more personal effort when they are given more self-organization rights, and a top-down approach, in which the system allows and encourages initiative of teachers to develop interactive teaching and research.

28.1 Introduction The challenges facing universities today lay down new and new requirements for their modernization, both in terms of education and research. The dynamics of the M. Bogdanova (B) · E. Parashkevova-Velikova “Tsenov” Academy of Economics, 5250 Em. Chakarov 2, Svishtov, Bulgaria e-mail: [email protected] E. Parashkevova-Velikova e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_28

333

334

M. Bogdanova and E. Parashkevova-Velikova

environment, the growing needs of business for innovation, and the need for trained staff to immediately join the work process and bring added value to the organization require a fundamentally new approach to the management of processes in higher education. The objective of the paper is to outline adaptable practices for the application of agile principles in higher education, further provoked by the COVID-19 pandemic. In the short term, agility can lead to more effective and creative ways to solve problems caused by environmental uncertainty, but in the medium and long term, it can be the basis for developing a modern vision for a successful transformation of the university business models. Uncertainty can be caused by a wide range of factors, but in this case, it is seen in the context of the health and economic crisis during the COVID-19 pandemic, which exacerbated existing problems, such as cuts in public funding for education, increased competition between universities, etc. Even before the crisis, higher education institutions were faced with the need to change their business model, but the pandemic further forced the necessity to reconsider the way of management and to clear inefficient activities and processes. While in the first months of the crisis, universities have managed to take short-term reactive measures, in the medium and long term they already need a new philosophy to give them a starting point in planning. Agile management principles have the potential to create such a perspective by offering an alternative to the current practice of bureaucratic, ineffective management especially in state universities with a long tradition. Agile project management in the broadest sense of the term is part of the lean methodology as a way of thinking whose main value is to produce higher value for users with fewer resources by minimizing losses and continuously improving workflows [1]. The transfer of the agile management principles in practice is a process of introducing organizational innovation, as they lead to a change in internal work processes and procedures, attitudes, and behavior of participants in the course of work. In education, this transformation is necessary for many reasons. In recent decades, universities have been seen as active participants in national and regional innovation systems. They are part of the concept of triple helix [2] and even quadruple helix [3], where participants, government, business, universities, and civil society, interact with each other, exchanging and sharing knowledge, ideas, experiences, complementing their resources, and looking for ways for faster and more efficient construction of added value. Universities are becoming an increasingly important player in the theory and practice of regional development. They are one of the most important endogenous growth factors as developers and transmitters of knowledge in various regional innovation coalitions and as generators of activities to support entrepreneurship [4]. However, higher education institutions do not always manage to meet the high public expectations toward them. Universities with established traditions are usually cumbersome structures, which in many cases operate by inertia. This is good in a stable environment that remains unchanged for a long time. But in the face of dynamic

28 Agile Perspectives in Higher Education

335

change, especially during a pandemic, universities, like all other organizations, had to make changes in the way they carried out their core activities. This process, which was initially seen only as a temporary measure, is becoming more and more widespread, and the necessary changes are now becoming qualitative and sustainable. The sooner the fact that the processes are sustainable and regular is accepted, the sooner the necessary transformation will take place. The idea of the present study is provoked by the need to seek a systematic approach to crisis management in higher education, i.e., it should be directed, not observed from the side. To this end, the changes that have taken place should be seen in the context of an adequate model that explains the behavior and provides a perspective for future action. Such a perspective can give agile project management, as a philosophy of working in a dynamic environment.

28.2 Research Methodology The research approach applied to develop this article is based on standard scientific methods. A wide range of secondary sources of information has been studied. Through content analysis, a gathering of participant meanings, focusing on a single concept or phenomenon and through induction, basic formulations for the application of Agile in the field of higher education are derived. On this basis, specific characteristics and features of Agile are defined by deduction, which through the methods of synthesis are implemented in the main visions for application in the field of education. Primary information was collected through an electronic survey among 105 students at the “D. A. Tsenov” Academy of Economics—Svishtov. The survey was conducted in February 2021 when the training took place in a completely electronic environment due to the imposed lockdown measures. Respondents are master’s and bachelor’s degree students in disciplines associated with agile management in the field of planning, as well as students studying Agile in the field of computer science. The data are summarized and analyzed with SPSS software. The defined research hypotheses were tested using standard statistical methods.

28.3 Literature Review Agile project management is emerging in the IT industry but is already entering many other sectors. According to the XIV report on the state of agile project management for 2020 [5], the sectors of financial and professional services, insurance, industry, telecommunications, healthcare, education, trade, media, transport, energy, and NGOs are indicated as applying the agile approach. The basic principles of the methodology are part of the Agile Manifesto [6], adopted in 2001. They are a philosophical vision rather than a recipe for success:

336

• • • •

M. Bogdanova and E. Parashkevova-Velikova

Individuals and interactions over processes and tools Working software over comprehensive documentation Customer collaboration over contract negotiation Responding to change over following a plan

To these core values are inscribed 12 principles, which today are translated into 68 languages and are signed and recognized by thousands of supporters. Royle and Nikolic note that Agile is easily adaptable to educational structures, despite the significant difference in the goals of business organizations and universities [7]. Without neglecting the processes, tools, documentation, contractual relationships, or plan, the emphasis is on intangible assets that add value to each organization. Researches conducted in recent years [8] show that the agile approach forms a much higher degree of interest and participation of students in the educational process compared to traditional methods. The Agile Pedagogy Manifesto, defined by Royle and Nikolic [7], emphasizes the value of the approach to education in the following areas [8]: • • • • • •

Practice preferred to theory Learner choice and agency preferred to learners being limited and con-trolled Learning and applying skills preferred to learning facts Collaboration preferred to competition Customized learning preferred to standardized one size fits all, and Co-constructed learning preferred to teacher-led learning.

The globalization of the environment in which the higher education system is developing, and the ever-increasing demands of the labor market, combined with the powerful development of IT, is extremely favorable for the development of these values. The suitability of educational and scientific production demands that the emphasis be on the person and not on the process, on the result, and not on the documentation. In this way, fast cycles of educational tasks can be realized, and an individual approach can be used with an emphasis on practice and feedback, giving information about the progress and expected changes in students’ decisions based on knowledge. However, to make such progress in the educational process, universities need to redefine their values and policies and focus on building an environment for implementing Agile. This suggests respect for organizational culture in the context of the principles set out in the 2011 Agile Schools Manifesto [9]: • • • •

Teachers and students over administration and infrastructure Competence and collaboration over compliance and competition Employability and marketability over syllabus and marks, and Attitude and learning skills over aptitude and degree.

The modern conditions of intensive and comprehensive implementation of IT allow for advanced development of universities not in response to emerging needs, but as organizations that define needs. Based on research and development, it is

28 Agile Perspectives in Higher Education

337

possible to conduct training that is in response to the demand for specialists in the future. As stated in the Agile Manifesto in Higher Education [10], universities are expected to train professionals for jobs that do not exist today. The dynamics of the environment require a change in management, training, and science practices, as traditional approaches do not work. The cumbersome administrative apparatus does not focus on the results but the documentation and the evidence. Processes related to educational documentation, examination procedures, and research projects require a high degree of administrative compliance with established and approved standards and a long period of preparation. This goes against the needs of the labor market, the interests of students, and the need of society for educational and scientific achievements. Of course, not everything in the activities of a university is possible to be accompanied by light administrative procedures, but where this is possible without violating the regulatory framework, it is imperative to start the process of seeking flexible forms. In practice, the Agile approach outside the IT sector can have different applications. Twidale and Nichols see the agile approach as a way to achieve disruptive innovations [11]—ones that keel over the whole sector and can challenge and destroy established competitive models [12]. Most often, destructive innovations in higher education are identified with the advent of online learning. Although in the first years it was criticized as lower quality, even before the pandemic online learning was already widespread—because it is cheaper, more accessible, and adaptable to the needs of learners. In this regard, Clayton Christensen, the author of the idea of destructive innovation and ‘The Innovative University’ [13] in 2011 predicted that online learning (MOOCs) will destroy half of American universities and colleges by 2030 [14]. The pandemic will strongly influence the process of digitalization of education in all its stages. How sustainable this impact will remain to be seen in the coming years. The interpretation of agile principles can take many different forms. • Agility can be focused on creating an internal dynamic university environment for more creative problem-solving. Most universities are large organizational structures with difficulty to trace internal interconnections. They are like big projects that are not implemented on time, are immersed in the documentation, and do not achieve the necessary results. A flexible approach can put people at the center of the process (rather than documents) and provoke a new, modern, and efficient way of working. • Agility in research teams is particularly important, aimed at ensuring the freedom of self-determination of teams to prepare motivated project proposals for grant funding, as the university clears the way for teams and creates a suitable environment and comprehensive cooperation. In well-managed universities, this is an applicable practice, with adequate support for small, adaptive teams, access to funding, libraries, etc. Sometimes, however, various internal inflexible regulations and restrictions complicate the process, distort it, and hinder teams.

338

M. Bogdanova and E. Parashkevova-Velikova

• Agile may be more often delivering visible results to students instead of detailing comprehensive curricula and study documentation [11]. • Agile is also constantly scanning students’ learning needs, even in the middle of the semester, and changing the context of teaching to be closest to learners. • Agile may be seeking frequent feedback from students, employers, and other stakeholders instead of the detailed implementation of planned policy indicators. This is especially relevant in the context of rapidly changing labor needs and structural imbalances, the emergence of new professions, the demise of established ones, etc. • Agile is the lessons learned from successful and unsuccessful projects to be used as input and output in projects. • Agile is the support for the personal development of the students, for their growth, the building of trust between trainers and trainees. This is the student-centered approach, which is one of the most important principles of the agile methodology. • Agile can also mean a change in the university structure, from hierarchical to matrix for example or another more liberal type, which allows the creation of ad hoc teams on various projects. Agile governance seems at first sight inapplicable to universities. Unlike modern startups, universities seem to be an unreliable host of such an innovative management methodology. In this respect, universities are a real paradox. They can generate ideas on how best to govern the world and at the same time are unable to apply these ideas in improving their governance [11]. Nevertheless, the agile principles are already making their way and are gradually entering the higher education sector. The process is slow because it is not just a change of internal instruction, but an awareness of the importance of the principles and values. Agile demands, above all, the conviction of university leaders to give lowlevel teams a chance to self-organize and prove themselves. This transfer of power is not always welcomed by traditional university managers, which drives conflicts between different levels of government.

28.4 Empirical Research The pandemic has triggered many different processes in university governance. It is not yet clear which of them will be sustainable over time and which will be temporary. Those who have the potential to be destructive innovations will continue to evolve and can change the way they teach and evaluate forever. Remote/distance learning is one of those phenomena that is perceived with mixed success by various users of educational services. During a pandemic, it is forced, and it has some advantages. Whether they are enough to displace other forms of education remains to be seen in the coming years. The present study seeks to find an answer to this question. However, it shows the results of only one separate case. The derivation of the regularity needs the

28 Agile Perspectives in Higher Education

339

accumulation of new knowledge and continuous observation. Important issues in future research are those related to the attitude of teachers and society as a whole, which have not been studied in this case. The empirical study was conducted in February, 2021. The questionnaire was sent to scholars studying at the Academy of Economics “D. A. Tsenov”, Svishtov in full-time, part-time, and distance form, which at the time of the research are entirely in the mode of remote learning due to the restrictions imposed by the COVID-19 pandemic. Those who filled in the questionnaire are 105 respondents, distributed as follows: regular form—28%; part-time—34%; distance—38%. The last group of learners studies for a bachelor’s or master’s degree. Although they are in distance form, in principle they also have a present part of the training, although in a reduced amount compared to other groups of students. Under normal circumstances, they have consultations, and exams are held only face-to-face. Exclusively in the defense of diploma theses, after a positive evaluation by reviewers, a remote examination is used. During the pandemic, however, all groups of students were examined entirely in a remote manner. The first group of questions in the survey is related to students’ attitudes to the frequency of assessment during the semester. The questions are provoked by one of the principles of the agile management approach, in which regular feedback is an important condition for the quality of the product or service that is provided to customers. In education, frequent feedback is provided in the form of assignments and tasks during the semester, in which both teachers and students check the level of preparation of students and, respectively, the effectiveness of teaching. Usually, the results of the test are cumulated with some weight in the final grade during the exam session, with each teacher (or team of teachers) deciding what the criteria are for performing the individual tasks and the weight of the components. In this regard, the respondents had to indicate what their preferences are a single assessment at the end of the semester or multiple appraisals, where the final grade is cumulated with semester assignments and a grade for the final exam. In general, students cannot choose their way of examination. The question was asked not so much to change the measuring system but to check the students’ attitude toward an agile assessment approach. The results showed a minimal predominance of students’ preferences for a onetime assessment only at the end of the semester—in half of the respondents. However, the predominance of preferences is determined mainly by students in distance form, who have entered with the attitude to have more limited contact during the semester, incl. in terms of more frequent testing of knowledge. In the other two groups—full-time and part-time form of education, the preferences for single or multiple assessments are distributed equally, i.e., the distribution of answers is symmetrical. Of those who still declared a desire for multiple assessments, the predominant wish is for single testing in the semester (before the final exam)—in 32% of respondents.

340

M. Bogdanova and E. Parashkevova-Velikova

Nearly 18% have stated a desire for a higher frequency—twice a semester and only 2.6%—for testing twice a month. The majority of students (nearly half of the valid answers) do not have a preference for the number of tests. These answers should be considered in the context of the grading system until the beginning of the 2020/2021 academic year at the Academy of Economics, according to which students were not necessarily graded during the semester. The semester intermediate grades were at the choice of the teacher. In this sense, students’ attitudes are for relatively rare assessment during the semester, i.e., for a less flexible approach in which the result of the educational service becomes clear at a later stage of training. The feedback that students can receive from teachers—either in the form of consultations or in the form of questions and intensive communication during the semester was also the subject of the study. The answers show that 36% of the respondents prefer to ask questions during lectures to consult on the unclear aspects. However, almost a quarter (24%) never ask questions about the subject matter. 18% are those who rarely ask questions, even if they have uncertainties. The same is the share of students who ask questions only if they feel the teacher’s attitude to expand the explanations and communication. These results should be interpreted carefully, as far as asking questions or refraining from asking questions can be explained not only by the presence or absence of interest in the topic but also by the behavioral, cultural, and other attitudes of the learners. But in any case, teachers should encourage students to get feedback and look for ways to expand communication with them. This becomes even more important during remote learning, where the contacts are not face-to-face, but mediated by technical means. Teamwork is another aspect of the agile approach that is used in education, although not as widely as in project work. Therefore, the respondents were asked a question related to the attitude of teamwork in the training process. Almost half (49%) declare that they have no difficulty working in different teams when completing semester assignments. 19% prefer to work independently. 15% prefer to choose colleagues to work with, and 17% indicated that they can work, but only if the task is set by the teacher and the responsibilities in the team are distributed. The latter answer is most closely linked to the philosophy of the traditional project management model. It can be assumed that the students who indicated this answer are strong supporters of a more traditional model of a teacher-student relationship, where the tasks are distributed by the teachers and the students only perform them. The relationship with external stakeholders was examined by asking for the opinion of the respondents about the participation of external lecturers from the practice in the training process. By reducing those who have not had the opportunity to attend such lectures, there is generally a high percentage of approval for the participation of external lecturers. This is a perspective that should be strengthened at the Academy of Economics, to strengthen the university-business-government link. In the conditions of remote learning, the possibilities are even greater, albeit for indirect contact.

28 Agile Perspectives in Higher Education

341

Respondents had the opportunity to point out, according to them, the biggest weaknesses of remote learning during the pandemic, marking up to three possible answers from a list of the most frequently mentioned in the studies of different authors and with an open option for additional response. In general, three groups of problems are formed: • Related to communication. Students lack contacts mostly with other students, and 2/3 of the respondents mentioned this as a problem. Difficult communication with teachers was also noted as a disadvantage—in 25% of respondents. This group may also include communication problems arising directly from constraints during a pandemic. Such is Misunderstandings of the tasks—in 28% of the answers, as well as a general lack of support from teachers (16%) as a deficit in training compared to the regular and part-time forms of training. • The second group of problems is related to the quality of training. 30% are worried about whether they will receive quality educational service, 6% believe that teachers are not always well prepared, and 10% find the training materials are insufficiently adapted / not flexible. • The third group of questions is related to attitudes toward the process of remote teaching. 21% have difficulty managing their time, 20% feel isolated, 17% are demotivated, and 9% say that distance learning requires a different attitude to learning, higher motivation than they do not have. About 3% of respondents believe that remote learning has no disadvantages. The benefits of remote learning were also discussed with the respondents. The highest share of respondents indicated that they can join from anywhere—77%. This is becoming a very serious advantage of remote teaching and is highly valued in many other studies. It suggests the great potential of remote teaching and the likely transition to hybrid forms after the pandemic. Advantages of an economic nature, according to the students, are the reduced costs for travel and accommodation, which is indicated by 60% of the respondents. However, it is not clear how sustainable this advantage is, as it is not compared to other costs that have increased during the lockdown, such as costs for the purchase of better equipment, better internet connectivity, etc. Time management is mentioned as an important advantage. On the one hand, it saves travel time—to the university, especially for those living in other settlements, such as most of the students at the Academy of Economics. On the other hand, students indicate that they can better manage their time and the distribution of their commitments. This is a very sustainable advantage as far as an agile approach allows, individual efforts that stimulate students to develop their organizational skills for coordinating tasks. Last but not least—26% of students find that distance learning is more individual and creates a different rhythm of work and study, which they approve of. 13% are also motivated to seek new knowledge. Students were asked to indicate which form of education they would choose if they had the opportunity. For this purpose, a comparison was made between their form of training and the choice they indicated as potentially possible. The results

342

M. Bogdanova and E. Parashkevova-Velikova

show that about half of the students in each group would choose the same form of study again. The other half is distributed among the others, with the choice of “Distance Learning” dominating. 10% of all answers are for a hybrid form, but it is not clear which combination (which hybrid) is preferred. A hypothesis was tested on whether students’ preferences changed after the forced transition to distance learning during the pandemic. For this purpose, the two hypotheses were formulated: The null hypothesis H0 states that there is no relationship between the form of education of students and the statement about the preferred form of education. The alternative hypothesis H1 states that there is such a connection. χ2 analysis was applied, which showed high empirical values: χ2 em = 33.5, χt = 15.51 (at 8 degrees of freedom and significance level 0.05). The analysis showed that there is a statistically significant relationship between the current form of education and the one that students would choose if they had the opportunity to make their choice again. As the number of cases in which the answer “Other” and the answer “hybrid form of training” are indicated is small (total n = 11) and this violates the condition for the number of cells with less than 5 to be less than 20%, these responses are reduced as a preference. The remaining cases (n = 94) out of a total of 105 were considered. The hypothesis test results show that Pearson Chi-Square shows a value of 34,875 with 4 degrees of freedom and p = 0,000. χ 2 (4, N = 94) = 34, 875, p < 0.001. Since p < 0.05, the null hypothesis H0 that there is no connection between the two variables is rejected and the alternative hypothesis is accepted, there is a dependence between the current form of education and the one that students would choose if they have the opportunity to choose again and it is statistically significant. In this sense, it can be concluded that the pandemic did not affect the choice of students. They do not consider distance learning to be preferable, despite the advantages they report for it. The symmetry test shows an estimate of the strength of the relationship or the magnitude of the effect between the two variables. The data show a high strength of the relationship, as the Kramer coefficient is above 0.35 (for three categories of the variable). Cramer’s V = 0.431. The students were asked to choose one of several formulated statements related to their attitude toward traditional learning and the distance approach that best fits their understanding. The answers are as follows: • The highest grade is given to the possibility for unlimited access to educational resources for students who did not have one before the pandemic, but received it precisely because of the opening of educational resources for all students at the Academy of Economics. 34% of the respondents evaluate this, and for understandable reasons this opportunity is the highest evaluated by the group of respondents in full-time education.

28 Agile Perspectives in Higher Education

343

• A quarter of students believe that combining traditional forms with distance learning provides a better opportunity for learning and self-learning than only traditional or only distance learning. At the same time, they did not recognize the hybrid forms mentioned in the previous question. A possible explanation is that they do not fully understand the meaning of hybrid forms. • 24% of the respondents are completely supporters of the traditional face-to-face forms of education, as they believe that the modern electronic distance forms of education cannot replace the traditional ones. However, the reasons for this response, which may be related to infrastructural, cultural, emotional, etc., have not been studied. • Two statements were also made related to the equality of remote and face-to-face learning. 10% of the respondents put them on the same level as the knowledge, skills, and competencies they receive. 7% disagree and deny remote learning.

28.5 Conclusion The study does not provide a definite answer to the question of the advantages and/or disadvantages of remote learning. The probable reason is that some of the agile forms were introduced partially due to the need for a rapid pandemic response. Respondents are divided, as is the society in this term. However, the experience that the whole education system has gained and continues to gain will lead to various forms of digitalization in a hybrid version. The most efficient and effective solutions, which combine different trade-offs, will be imposed naturally, proving their advantages on the market. To some extent, the pandemic has imposed some of the practices of agile management, but only in part. Especially important is the issue of motivation and self-motivation, the self-organization of individual learners, who must invest more personal effort and energy to have access to training, not to interrupt communication channels and compensate for the weaknesses with something else. In the IT industry, the agile approach arises in response to the great dynamics of the environment and the impossibility of the traditional approach to respond to this dynamic. The COVID-19 pandemic has caused huge shocks in all sectors and the normal response is to look for an approach to overcome these shocks. The agile methodology cannot be applied directly in higher education, but its ideas can find a place in the way activities are organized in search of higher success. Universities can become much more flexible if they orient themselves in time. Those who are more adaptable are already taking steps in this direction. There are many training systems, and the main character is their adaptability to user preferences, educational goals, learning style, level of knowledge, behavior in the system, etc. The agile approach in educational institutions can be integrated with adaptive learning. Adaptive learning, which includes learning materials and educational e-services with adjustability to adaptive learning, allows for personalization of the educational process to the specific needs of a learner with the appropriate

344

M. Bogdanova and E. Parashkevova-Velikova

pedagogical strategy to improve the learning process. Web 2.0-based training tools, and not only, enable studying in an interactive environment, which is a prerequisite for implementing Agile. The relationship Agile–Adaptive Education, incl. and Adaptive Educational Hypermedia is poorly researched, but can logically be well substantiated and tested in future studies, especially those related to the impact of COVID-19 on the educational process. The creation of a personal learning path is a tool for reducing the cognitive load, through which it is possible to orient the learning to results under the principles of Agile. More broadly, organizational agility also requires building a supportive culture that enables the empowerment of capable people and collective leadership. These are components of the general framework developed by PMI [15], which is applied in prosperous organizations. This will be a way to successfully combine in universities both approaches, bottom-up, where teams thrive, and top-down, in which a mature leadership sees the potential of agility and provides freedom for its development.

References 1. Bogdanova M (2020) Lean management in the higher education. In: Proceedings Ikonomikata na Bulgariya - 30 godini sled nachaloto na promenite: Nauchno-prakticheska konferentsiya, pp 25–31, Akademichno izdatelstvo “Tsenov”, Svishtov 2. Carayannis E (2009) Campbell DFJ ‘Mode 3’ and ‘Quadruple Helix’: toward a 21st century fractal innovation ecosystem. Int J Technol Manag 46(3):201–234 3. Leydesdorff L (2012) The triple helix, quadruple helix, …, and an N-tuple of helices: explanatory models for analyzing the knowledge-based economy? J Knowl Econ 3:25–35. https://doi. org/10.1007/s13132-011-0049-4 4. Nieth L, Paul Benneworth. Universities and neo-endogenous peripheral development. Universities and regional economic development. Engaging with the periphery. Routledge 5. 14th annual state of Agile report 2020 https://stateofagile.com/. Accessed 4 Feb 2021 6. Manifesto for Agile software development. https://agilemanifesto.org/. Accessed 24 Feb 2021 7. Royle K, Nikolic J (2016) Agile work practices for learning and teaching: what we can learn from agile work practices about learning and teaching in schools. Un-published white paper. https://doi.org/10.13140/RG.2.1.3501.0161 8. . Krehbiel TC, Forren J, Gannod G, Havelka D, Hulshult AR, Merhout J, Cosmah ML (2017) Agile manifesto for teaching and learning. J Eff Teach 17(2):90–111 9. Peha S (2011) Agile schools: how technology saves education (just not the way we thought it would. Izvleqeno ot InfoQ. https://www.infoq.com/articles/agile-schools-education/. Accessed 14 Feb 2021 10. Kamat V (2012) Agile manifesto in higher education. In: IEEE fourth international conference on technology for education, pp 231–232 11. Twidale MB, Nichols DM (2013) Agile methods for agile universities. In: Besley TAC, Peters MA (eds) Re-imagining the creative university for the 21st century. Sense Publishers, pp 27–48 12. Christensen CM, Raynor ME, McDonald R (2015) What is disruptive innovation? Harvard Bus Rev 13. Christensen CM, Eyring HJ (2011) The innovative university: changing the DNA of higher education from the inside out. Jossey-Bass, San Francisco, 475 pp. ISBN-13: 978-1118063484

28 Agile Perspectives in Higher Education

345

14. Fellingham C (2018) Will half of all US Colleges and Universities shut down by 2030? https://medium.com/human-learning/will-half-of-all-us-colleges-and-universities-shutdown-by-2030-a152d57ea6cb. Accessed 20 Feb 2021 15. PMI (2015) Capturing the value of project management through organizational agility

Chapter 29

Digitalization of Business and Public Organizations—Communication Problems with IT Companies and Possible Solutions Desislava Serafimova , Andriyana Andreeva , and Vanya Banabakova Abstract The paper outlines communication problems between IT companies and organizations from the sectors of logistics and that of court administration in Bulgaria connected with digitalization of activity. The research aims to identify the main problems and forms of communication between IT services client organizations and IT companies, expectations of various participants in the process and suggest directions for more effective clarification of the assignor’s requirements toward the contractors of IT services A specific aim of the research is to check whether there are significant differences in the problems organizations from the public sector and those from the business one experience in communicating with servicing IT companies. Structurally, the report consists of three parts—the first one clarifies the conceptual framework for relationship management between assignor organizations and IT companies, emphasizing on well-established good practices of IT Service Management. The second part presents the results of an empirical research and the research methods are explained, including desk research, in-depth interviews, focus-group interviews, and questionnaire survey. The third part summarizes results, differences, and shared difficulties in digitalization for logistic businesses and court administration. Paths are suggested for improving communication between assignors and IT service providers with an accent on the stakeholders to attract at the initial stage of the process, expanding IT managers’ competences and the roles they perform. Conclusions are made about the higher education sector in Bulgaria and IT managers training.

D. Serafimova (B) · A. Andreeva University of Economics, Varna, Bulgaria e-mail: [email protected] V. Banabakova National Military University V. Levski, V. Tarnovo, Bulgaria © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_29

347

348

D. Serafimova et al.

29.1 Introduction Introducing contemporary information technologies to digitalize their operations, organizations can obtain them by outsourcing to specialized IT companies or assigning the respective tasks to employees of the company’s own IT departments. In this process business companies or public organizations have to be able to clearly explain to IT specialists what information technologies are needed according to organizations’ strategies and the peculiarities of the processes occurring within the organization (manufacturing, commercial, logistic, administrative). In the process of this communication there arise specific relationships between the participants mentioned. In order for processes to run and be managed effectively, certain knowledge and skills are necessary in the field of Business and Management studies, respectively sciences connected with public sector activities, as well as in the sphere of informatics. In practice, however, business organization representatives (and those of the public sector, respectively) lack sufficient knowledge of the IT sphere, and similarly IT companies are not competent enough in the respective business or administrative processes their clients perform. Figuratively, they ‘do not speak the same language’, therefore misunderstandings are frequent, and they reflect on the end result—a mismatch between the IT services clients expected and those they received. The specific communication between experts narrowly specialized in different spheres forms an intermediate scientific field, which has been little researched so far. At the same time its importance is growing due to the digitalization of all spheres of public life, greatly enhanced by the COVID-19 pandemic. The practice of teaching students in such a narrow profile, giving them the opportunity to acquire specific knowledge and competencies in the described intermediate scientific field—both in the field of “Business and Management studies” and in the IT field—is not widespread in higher education institutions in Bulgaria. Owing to the character of communication between managers, experts and performers of totally different fields there often occur problems, misunderstandings, wrong expectations between assignors of IT services (business companies or public sector organizations) and IT service providers. The present report presents the results of a study conducted on the participants of the said process, which attempts to answer the following questions: What are the main problems and forms of communication between participants, which are the main reasons for communication problems, what are the various participants’ expectations and what opportunities are there to improve the processes of assigning IT services. As an object of research in the present study organizations of two spheres of activity have been chosen—one from the business field and one from the public sector. The first field is that of logistic activity because in the conditions of COVID19 pandemic logistic companies not only survived the crisis in Bulgaria, but they had to expand, hire more staff and modify their strategies (including those related to IT) in order to meet growing demand. The second sphere researched belongs to the public sector and comprises court administration in Bulgaria. The reason this field was chosen are the protests of judges and lawyers that have been going on for

29 Digitalization of Business and Public Organizations …

349

over 4 months (September 2020–January 2021) against attempts to introduce a new unified information system of Bulgarian courts [10]. It was developed for two years and was introduced as a pilot project in 17 courts in July 2020, and in many others later, but was discontinued, because of creating chaos in magistrate work [9]. One of the aims of the study is also to check whether there are significant differences in the problems organizations of these two very different sectors—business and public—experience in the communication with the IT companies that service them, or do they encounter rather identical problems? This paper presents the results of the initial stage of a national scientific research project dedicated to problems of digitalization and the changing requirements concerning digital competences at the labor market and the higher education in Bulgaria. The project is carried out by a research team of 12 scientists from 3 Bulgarian universities and comprises researching the attitudes and viewpoints of as wide as possible circle of stakeholders in digital transformation processes, including assignor organization and IT companies that provide IT services.

29.2 Conceptual Framework for the Management of Relationships Between Assignor Organizations and IT Companies The interaction between assignor organizations and IT service providers can be described as the following [3]: (1) Organizations (assignors, clients) define their needs and requirements; (2) The IT companies servicing them (IT providers) perform business analysis and define the IT needs to meet clients requirements, taking into account the actual possibilities and IT trends; (3) Defined IT needs are broken down into separate assignments which are usually carried out in project form; (4) IT projects execution (their management may be performed by means of Waterfall/Sequential methodology, as well as the Agile methodologies; (5) After IT project has been completed and accepted, its result is an IT service implemented to serve the particular organization; (6) Turbulent business environment calls for the continuous update and improvement of the provided service, through which the cycle of IT service provision and support is closed. A sound theoretical foundation for effective management of the above-described relationships between assignor organizations and IT service providers is the application of the concept of IT Service Management, (ITSM) [7, 11]. A key role in this process is played by the performance of business analysis, by means of which the assignor organization’s requirements about information technologies are made very clear so that the organization’s goals are achieved [20, 21]. Generally, the content of business analysis can be presented as a description of the core business processes or activities performed in a particular company/ public organization, which IT specialists must understand in order to correctly design, offer and implement the necessary IT services [1, 19]. The main result of business analysis

350

D. Serafimova et al.

is building ‘a business process map’ [8, 16] or ‘business architecture’ [13]. The aim is to present the business model to the client organization as described through the main work processes the organization performs—these are the processes of transforming input resources into an end product/service. Besides, at this stage what is meant is not only a description of these work processes, but it is also to clarify how the said processes pertain to the functional areas of business (which suggests that individual processes are performed in different functional business departments). Business analysis should also trace and indicate which of the described work processes are key to creating customer value. In a theoretical aspect the main elements of business analysis can be interpreted by the established statements of several concepts within the general theory of management. In this line of thought in researching and describing the main work processes in the business analysis, different IT specialists state their preference for one of the following two concepts and stick to its corresponding terminology. The first one is based on the concept of Work process-based management, whereby a process approach is applied [22]. In it the business organization is defined as a system of processes, where for each process there can be defined “entrances”, “transformation functions” and “exits”, so that their internal and external interactions can be described and analyzed. It can also describe how particular processes belong to various functional areas of business—marketing, production, finance and accounting, human resources. The second concept used in business analysis is based on the theory of Operations management, adapted to the needs of organizations in the service sphere, and in particular, to companies, offering IT services. By means of this concept a description is made of the transformational processes made up of operations through which business organizations transform input resources to products and services, using also the concepts of supply chain and value chain in view of tracing key activities adding customer value. In the end, we believe that using both concepts predominantly presents the same logic of describing work and activities performed in a given company, but through use of different terminology—processes or operations. One concept speaks of functions of transformation, while the other features transformational processes. But in both cases they are meant to trace the transformation of input resources to producing the outputs as a product/service for the client, which in itself is the core of business analysis [1]. To summarize the benefits of applying ITSM, the main idea is building such relationships between assignor organizations and the IT companies which service them that clients can be provided not with an information system per se, but with a coordinated functionality assisting their work. In this aspect one of the aims of ITSM is building business relationships between the servicing IT organization and its clients, which are fixed in the Service Level Agreement [2, 23]. Research shows that big IT companies in Bulgaria follow formalized procedures for systemic management of IT services realized by means of IT projects and those procedures are based on methods that have been well-established worldwide [4]. The most frequently used methods and good practices for IT service management by IT companies in Bulgaria include: ITIL (The Information Technology Infrastructure

29 Digitalization of Business and Public Organizations …

351

Library) [18, 23], ISO/IEC 20,000 Service Management Standard, CoBIT (Control Objectives for Information and related Technology), CMMI (Capability Maturity Model Integration). When providing services to business and public organizations, IT companies in Bulgaria also observe various company ITSM frameworks, developed using ITIL as standard (e.g., HP ITSM Reference Model of Hewlett-Packard, IBM IT Process Model, Microsoft Operations Framework). Regardless of the use of the said established good practices developed by leading IT companies worldwide, during the process of communication between IT firms in Bulgaria and their clients as assignors, certain communication problems and difficulties arise, and it is these problems that are an object of our research.

29.3 Materials, Arguments, and Methodology 29.3.1 Brief Description of the Methodology The research team uses the desk research method to clarify the main conceptual elements of the research, as well as collecting secondary data. As a result, some basic problems of communication between assignor organizations and IT service provider companies were outlined. Next, a set of in-depth interviews were carried out with managers and experts from both type of organizations—the logistic business and the Judiciary public organizations. The obtained data about existing communication problems between assignor organizations and IT service provider companies were included into in-depth analyses during the problem defining stage and seeking solutions by means of focus-group interviews with experts of both sectors—logistics and Judiciary. On the basis of the information collected through the described techniques, a questionnaire was designed and carried out among representatives of the two sectors—managers, experts, and employees from logistic companies and Judiciary. They were performed in the period 15 January–15 February 2021 by sending questionnaires via email to the respondents. In total, 156 filled-out questionnaires were returned during the data collection period by representatives of the two sectors studied. Logistic companies took part in the research represent around 20% of the logistic sector, based on their yearly revenue (NSI, 2019). The remaining participants come from three courts in Eastern Bulgaria (out of the total of 17 for the country), where the unified information system for the courts was pilot implemented.

352

D. Serafimova et al.

29.3.2 Review Results Digitalization of logistic firms and specific communication problems with the IT companies. Digitalization in the logistic business occurs in various directions. Introducing technological innovations, logistic companies aim to improve customer satisfaction and achieve a higher level of service [17]. One of the contemporary pathways of logistic digitalization is the possibility for the development of the flexible logistics [5]. Variable automated processes lead to increasing the flexibility and elasticity of logistic infrastructure in order to respond with profitable solutions to market changes. The “One-size-fits-all” option is no longer applicable. The aim is to provide personalized solution to demands about cost control, warehouse management, overcoming geographical limitations, distribution channels, and choice of priorities. Over the last 3–4 years comments have been growing about the possibilities of applying blockchain and artificial intelligence in the logistic industry [24]. The reliability and transparency provided by block chain enable data storage, while at the same time minimizes the probability of making mistakes. Respondents confirm that they highly appreciate the potential benefits of applying them, as for example the fact that if a client’s personal data have been digitally stored in a blockchain, they cannot be masked during delivery. It is possible to track every blockchain—as the compatibility of every vehicle’s registration number against the identification code of the delivery. According to expert forecasts by the end of 2021 about 25% of international logistic companies will have introduced artificial intelligence and delivery processing by means of blockchain [17]. Another advantage the respondents comment upon is related to the possibilities of more accurately predicting demand and data analysis, by which logistic firms can predict requests and thus more precisely plan their operations. In this connection IT companies are expected to develop algorithms of data volumes, techniques for data visualization and smart ways of analysis, so as to improve process effectivity and logistic service quality by decreasing delivery time. The need for digitalization is also connected with the possibility of building sustainable logistic chains in view of decreasing carbon emissions [6], which motivates logistic companies to seek opportunities for “intelligent” transport and introducing “smarter” processes [14]. Modern logistics cannot function without applying digitalization based on information technologies because they are among the major sources of raising productivity and competitiveness. The benefits of applying digitalization and respectively information technologies in logistics are undeniable and are demonstrated in: substantial reduction of logistic costs, guaranteed request execution, transportation of necessary goods within agreed terms; and ensuring high quality of logistic services. The above benefits are stated as the main motive for the logistic companies included in our research and thus companies seek specialized IT firms which are able to supply the necessary information technologies to implement the desired digital transformations. Digitalization and digitalization-based information management systems used in logistics can be adapted to the needs of individual logistic firms. The procedure of implementation, settings and training staff, however, is mostly carried out by

29 Digitalization of Business and Public Organizations …

353

IT companies and if it is inadequately performed, does not lead to positive results. Experts involved in the research claim that the following are among the basic reasons for failure: the procedure is long and costly and the communication between the logistic firm and the IT company is often poor. The most preferred manner through which the researched logistic companies assign orders to IT firms about digitalization of their activities is by summoning a special team including the company manager and specialists from various departments (67% of survey participants). One of the difficulties that all participants in the study faced is the need for the soon provided IT service to be modified and improved. 67% of respondents pointed out that this is a common phenomenon and occurs nearly always. While the remaining 33% share that they have had such an experience at least once in their practice. The second most significant problem which has been experienced by all logistic companies (44% often and the remaining 66% at least once) is associated with the fact that although upon commissioning the assignment logistic companies explained in detail what services are expected from the IT firms, they ended up with a resulting service that did not fully meet their initial requirements. An interesting fact to appear in the survey is that only 33% of the logistics experts interviewed say they encountered difficulties in their communication with IT specialists because of the specific computer terminology the latter use. 33% point out that they really experienced such difficulties and the remaining 33% declare they did not have any difficulties of the kind. Of all logistic companies researched, not a single one points a problem stemming from the need to devote more time to communication with IT firms to better explain their requirements. The logistic companies’ experts involved in the research list the following reasons for communication difficulties with the IT service providers, ordered by degree of significance. The most substantial reason seems to be the fact that, because of lack of sufficient economic and management knowledge, IT specialists find it difficult to discover new ways of applying information technologies which are consistent with the specifics of the logistic business companies they serve, and therefore, IT companies sometimes offer solutions they developed for other type of companies before. The next significant reason is associated with the fact that IT managers, in most cases, are highly qualified predominantly in the field of technologies and direct their efforts in solving purely technical problems, rather than getting to understand the business needs of assignor companies and thus help them become more competitive. The third important reason for communication difficulties is the fact that IT specialists usually aim at solving operational tasks, instead of trying to gain deeper understanding of the strategic goals of the assignor business company. The next two reasons for problematic communication with IT firms, mentioned by approximately half the logistic companies are revealed in the fact that assignor companies do not have a clear idea of the way the IT firm works and can possibly have unrealistic expectations. Another reason for communication difficulties stems from the circumstance that logistic companies lack sufficient competence to assess real risks in IT project implementation, which prevents them from objectively and in advance assess the risk of introducing such type of innovations.

354

D. Serafimova et al.

Digitalization of Judiciary activity and specific communication problems with IT companies. The second researched area in the present study belongs to the public sector and covers court administration in Bulgaria. The contemporary reform in the field of electronization of Bulgarian courts started by building a unified e-Justice portal. A substantial component in it is the requirement for a unified information system of Bulgarian courts (UISC). Developing the system took two years of one of the largest IT company in Bulgaria which specializes in servicing public sector and has been a major partner of government institutions for key IT projects for over 15 years. The IT company is among the leaders in the Bulgarian IT sector and has a staff of over 300 highly qualified programmers, communication specialists, system administrators and service engineers [15]. The information system developed by this large and highly reputable IT company, with a rich experience in working with public organizations, was pilot implemented in 17 courts in July 2020 and in many other later on. Eventually, in September 2020 the Supreme Judicial Council temporarily canceled the system’s use, as court administration specialists complained that the system creates chaos in the work of magistrates. For nearly three months the IT company did remedial work on the system in order to improve things. Subsequently the Supreme Judicial Council’s plenum approved a plan for the system to be gradually introduced at a regional level, which in turn again caused an outcry by certain regional courts [9]. At the end of February a decision was made to postpone total implementation in Bulgarian Judiciary until 1 March 2021. Our research found out two diametrically opposed views about the reasons for this situation and the lack of understanding between the parties affected in the process. One view illustrates the standpoint of the representatives of Judiciary, and the other one is that of the IT company which developed the unified information system. According to judges and lawyers, instead of facilitating their work, the new information system rather burdens it, making it difficult, slower and more complicated. Thus, for example, in their opinion, it takes hours for the new system to issue a subpoena, a judge needs 70 clicks to perform a simple operation on an average court case, it is often necessary for a magistrate to work in real time mode and enter passwords and codes all the time. Judges spend much more time entering data about the cases in the system, instead of delivering justice while their workload increases manifold, in terms of complications and time consumption alike. A declaration has been filed against the use of the information system, signed by 148 judges of Sofia Regional Court and endorsed by magistrates across the country, as well as 75 letters from various courts throughout Bulgaria [10]. In the interviews carried out with focus groups of Bulgarian Judiciary experts other specific problems were outlined, resulting from the pilot introduction of the information system. Among its major deficiencies experts list: delayed access to electronic court cases; in most courts the widely used format of digitalization of paper documents is *.tiff, which makes it impossible to review and peruse the e-court case via a mobile device (smartphone or tablet); a large number of court rulings are not visible to the parties who have electronic access to court cases; electronic court cases documentation is incomplete, which requires lawyers to visit the court records

29 Digitalization of Business and Public Organizations …

355

office to find out how the case is advancing; the unified information system does not provide a facility for automatically filing a request for e-access to a particular court case through the portal, which would have greatly facilitated lawyers’ work and save time and costs to the court, as well as to the parties to the case; such functionality is also missing for termination of access to an e-case. Representatives of the IT company have quite another view on the problematic situation which occurred. They claim that since the start of the project they have redone over 400 amendments and adjustments and have had to unify 153 different practices in individual Bulgarian courts, as they have come across numerous and varying practices. IT specialists have received letters containing conflicting, contradictory or overlapping demands from representatives of the Judiciary which recommended different approaches to the same task. According to the IT specialists if representatives of the Judiciary gave them a detailed list of precise description of what needs to be corrected and improved, they would be able to successfully and on time complete the information system [10]. To resolve the existing problematic situation at the end of 2020 it was decided to set up a team of judges, court administration employees and members of the Supreme Judicial Council of Bulgaria who should draw up a unified list of precise and detailed descriptions of all the necessary amendments to the information system so that it can better serve their requirements and fully answer their expectations [9]. Over two thirds of the Judiciary specialists covered by our research confirm that this should have been done at a much earlier stage of the information system’s development and would have prevented many of the existing problems. This statement confirms our working hypothesis that one of the most important reasons for the existence of problems in the communication between IT companies and public sector organizations during digitalization of activities are the mistakes made at the business analysis stage, as explained above. Apart from the described problems stemming from the communication among various specialists of the Judiciary and the IT sector, there are problems of a different character. Thus for example the situation has been taken advantage of by various stakeholders in a political context. Accusations have been made of unregulated spending, corruption doubts and other [10]. Ethical questions have also been raised— there are certain misgivings that by means of the said information system control might be exercised upon judges’ work [12]. These aspects of the problem are also interesting to be researched, but they are beyond the purposes of the present study, that is why they are not discussed and studied in greater details here. It should be noticed that in the public space no attention is paid to the existence of the objective difficulties in communication between these specialized areas— the public sector and IT. These hurdles are of organizational and methodological character and suggesting decisions in this aspect would help find a solution to the discussed questions and improve the process of communication between representatives of the Judiciary and their servicing IT companies. When analyzing the answers of our respondents, it should be noted the great degree of unanimity about the best variant according to the Judiciary representatives which should have been used in building the information systems for the courts. 72% of the

356

D. Serafimova et al.

interviewees believe that such a system should be developed through the combined use of the services of specialists from the Judiciary’s internal IT department, and the services of an external IT company. At the same time, a large part of research participants makes it clear that some of the ensuing problems could have been avoided, if, during the clarification of the requirements concerning the information system more specialists and employees of the Judiciary had been consulted, including magistrates, lawyers, record keepers, secretaries, statisticians, archive workers. In this connection 74% of interviewees declare that they haven’t heard of colleagues of theirs taking part in the process of clarification of the requirements toward the information system before the job of creating it was assigned to the IT company. It is only logical that respondents’ answers about the reasons for the termination of the information system for the courts are as follows, arranged by degree of importance: the system has been discontinued (1) because it does not live up to the expectations of the Judiciary; (2) because it creates chaos in magistrates work instead of facilitating them; (3) the system has been terminated because magistrates have not been adequately trained to work with it. An exceptionally low share of interviewees (12%) think that the experimental system was stopped because, in their opinion, its upkeep was too expensive. Over half of the Judiciary representatives participating in the study (65%) declare they believe in the IT company’s claims that for two years they have made over 400 corrections of the unified information system. 57% of Judiciary representatives accept as true the statement of the IT company about the letters containing overlapping, or totally contradictory instructions and recommendations on the part of the court representatives. However, the court experts interviewed are not willing to accept the IT company’s claims that it had to unify 153 different practices used by various Bulgarian courts. According to them it is not possible for so many different ways of doing judicial work, as it is by default normatively regulated. The specialists of the Judiciary who took part in the study identify the following reasons, arranged by order of importance, for the appearance of communication problems and glitches between them and the IT company: (1) the project of creating a unified information system should have been headed by a specialist who is knowledgeable in law and court administration, as well as the information technologies sphere; (2) IT companies specialists concentrate on resolving operative issues and troubleshooting technical faults of the system, instead of trying to grasp the essence of the processes running in the Judiciary; (3) The narrow specialization of expert work in different spheres—public sector and IT—results in objective difficulties of organizational and methodological character which generate the problems with the described information system; (4) Representatives of the Judiciary and IT companies “do not speak the same language”, which makes it difficult for them to understand one another, and hence the poor end result—mismatch between expected and received IT services; (5) Judiciary representatives lack sufficient IT knowledge and find it difficult to describe correctly their requirements toward the unified information system.

29 Digitalization of Business and Public Organizations …

357

29.4 Conclusions To summarize the results of our research into the reasons for communication problems between business and public organizations and the IT companies, differences as well as common difficulties were outlined. In an attempt to visualize the comparison, we developed a system for ranging the most important factors for effective communication between business/ public organizations and IT companies and presented them in Fig. 29.1. To reduce misunderstandings in the communication between assignor organizations and the IT companies as IT service providers, we believe that action should be taken in the following directions. In the first place, involvement of the widest possible number of specialists from the client organization in the process of describing the requirements for the IT company. This will raise quality in the first stages of the interaction between IT companies and their clients and most importantly in the process of business analysis. Secondly, reconsideration of the necessary competences of IT managers or project managers, by means of which they perform business analysis to identify client needs. They need to have more business and soft skills, unlike the common practice in Bulgaria, where these managers are most often IT specialists with the typical narrow profiles of technical knowledge and skills in the field. IT service management calls for specialists who are knowledgeable in two fields at the same time—technological, emphasizing on information technologies and managerial, focused on the organization of relationships between the participants in the

Judiciary/Logistics representatives lack sufficient IT knowledge and find it difficult to describe correctly their requirements towards the unified information system

When clarifying the requirements for the IT company not enough specialists from different departments have been included 80% 60%

40% 20%

IT specialists concentrate on resolving technical issues instead of strategic problems of their clients

0%

Representatives of the Judiciary/Logistics and IT companies “do not speak the same language”, which results in a mismatch between expected and received IT services

IT specialists don’t have sufficient economic/administrativ e and management knowledge

The narrow specialization of expert work in different spheres – public sector/logistic business and IT – results in objective difficulties of organizational and methodological…

Logistic companies

Judiciary representatives

Fig. 29.1 Reasons for communication difficulties with the IT service providers

358

D. Serafimova et al.

process. This suggests a match between the “hard” IT skills and the “soft” business skills such as communicativeness, active listening and conflict management, all necessary for better management of the horizontal relationships within the company and between business partners. At present Bulgarian higher education market does not offer enough programs aimed at IT management education that includes multidisciplinary training, specialized technical knowledge, as well as managerial competences. In the nearest future we expect a growing interest in such courses and programs, both from students and from the business and public sector. Renowned world universities offer such courses or majors, and they are usually meant for specialists of IT background or business experience which hold managerial positions in IT companies. These programs combine knowledge in both areas, are usually in the master’s degree courses, and are realized in close cooperation with business. They are taught in both technical and economically oriented universities. We believe that the results of the present research could be used for the development and improvement of such programs and academic courses in Bulgaria. Thirdly, in order for the success of the joint work on business and public organizations digitalization, it is necessary for the managers and employees of the assignor company, as well as those of the IT firms to achieve a common understanding of the actions expected from them throughout the whole cycle of planning, building, using and managing the provided information technologies. This will lead to better meeting the needs of all stakeholders involved—IT service users and providers. In the fourth place, determined actions and efforts are needed to develop and implement a complex of organizational measures and documents, by which joint and individual efforts of all participants are regulated and project implementation is supported in the long run. In this connection effective IT service management requires clear definition of key roles and competences in ITSM. Naturally, the technical—managerial competence ratio for each role depends on the particular IT firm maturity concerning the application of internationally recognized and approved ITSM methods. When IT organizations use the so called qualification system, describing the roles, their corresponding competences and level of qualification, this allows to clearly formulate the requirements toward the staff of the servicing IT company, to evaluate the effectiveness of their work, to build a system of their motivation and plan personnel development. This, in turn, will lead to improving the quality of the provided IT service, and within the context of our research, will improve communication between business and public sector organizations and the servicing IT companies in the process of digitalization of activity.

References 1. A guide to the business analysis body of knowledge (BABOK® Guide) version 3.0. International Institute of Business Analysis, Toronto, Ontario, Canada (2015) 2. Addy R (2007) Effective IT service management: to ITIL and beyond. Springer

29 Digitalization of Business and Public Organizations …

359

3. Barbov Z (2015) Requirements documentation: need, place in business analysis process and practical realization. In: Conference proceedings managing and organizing in contexts of change. University of Warsaw, Poland 4. Barbov Z (2020) System of criteria for evaluation of the practices for application of IT services management in Bulgaria. Economics and computer science, vol. 1, pp. 29–40. Varna, Bulgaria 5. Behmanesh El, Pannek J (2018) Ranking parameters of a memetic algorithm for a flexible integrated logistics network. In: International conference on dynamics in logistics, LDIC, Bremen, Germany, pp 76–85 6. Carter C, Easton P (2011) Sustainable supply chain management: evolution and future direction. Int J Phys Distrib Logist Manag 41(1):46–62. Emerald Group Publishing Ltd. 7. Clyde Bank Media (2016) ITSM: QuickStart guide—the simplified beginner’s guide to IT service management 8. Cooper R., Kaplan, R.: The Design of Cost Management Systems: text & cases. Prentice-Hall, Inc., New Jersey (1999). 9. Drumeva I. The courts are starting work with the 25th revised version of the unified system. https://www.dnevnik.bg. Accessed 17 Dec 2020. Drumeva I. The judicial council postponed the use of problematic court system for next year. https://www.dnevnik.bg. Accessed 22 Jan 2021 10. Drumeva I. To end chaos, Judicial Council stops the unified system for courts. https://www. dnevnik.bg. Accessed 22 Jan 2021. Drumeva I. Judges and lawyers gathered to protest against the new information system for courts. https://www.dnevnik.bg. Accessed 22 Jan 2021 11. Edwards W (2017) IT service management for newbies: expert guidance for beginners. William Edwards MBCS 12. Fotev J. Lawyers are protesting against the extraordinary court vacation. http://www.btv.nov inite.bg. Accessed 25 Jan 2021 13. Gomane G. Enterprise architecture and ITSM: how they complement each other. http://www. community.mega.com. Accessed 25 Jan 2021 14. Grant D, Trautrims A (2017) Chee Yew Wong: sustainable logistics and supply chain management—principles and practices for sustainable operations and management, 2nd edn. CPI Group (UK), Croydon 15. https://www.is-bg.net/en/about. Accessed 25 Feb 2021 16. Kaplan, R. S., D. P. Norton, The Balanced Scorecard: translating strategy into action. Harvard Business School Press, Boston (1996). 17. Nahata K. Trends to revolutionize logistics in 2018. Global supply chain. https://bers.bg/2018/ 04/19/. Accessed 28 Aug 2020 18. Orand B (2010) Foundations of IT service management: ITIL(r) v3 foundations. CreateSpace Independent Publishing Platform 19. Podeswa, H.: The business analyst’s handbook. Course Technology, Boston, MA (2009) 20. Sansbury C et al (2016) IT service management: support for your ITSM foundation exam, 3rd edn. BCS, The Chartered Institute for IT 21. Smith K (2017) The practical guide to world-class IT service management. The Anima Group 22. Techno Logica EAD (2012) Methodology for improving work processes for providing administrative services. Contract No CM-132/2012 with the administration of the Council of Ministers of the Republic of Bulgaria 23. Vicente M, Gama N, Silva M (2013) The value of ITIL in enterprise architecture. In: 17th IEEE international enterprise distributed object computing conference, Vancouver, BC, Canada, pp 147–152. https://doi.org/10.1109/EDOC.2013.24 24. Yaga D, Meel P, Roby N, Scarfone K (2018) Blockchain technology overview. U.S. Department of Commerce, Wilbur L. Ross, Jr., Secretary

Chapter 30

An Assisted Instruction System Designed for Online Teaching and Learning Gabriel Zamfir

Abstract In 2020 education had to stop its engine and let the e-education for teaching and learning, without a certified standard educational system. This is an argument to promote the idea that e-education includes education. The keyword was “online”, and the environment was the technological infrastructure available at the moment of the decision. So, e-education it is used like an extension of the education. This image reflects an aggregate approach, but a functional solution should integrate education in the e-education. Assisted design is the keyword in order to clarify the context. A standard E-Classroom should be the new classroom in education and then online teaching and learning should be an option. This paper describes an assisted instruction approach developed as a teaching and learning system in a standard E-Classroom, improved for a T-Class (teaching and learning in the same time, but in different places). The T-Class is the previous version of the E-Class, but the diversity of the user’s cognitive infrastructure tends to react as a priority, relating to the conceptual infrastructure or the technological one.

30.1 Introduction Education recorded the greatest resource for teaching and learning process integrating the printed-on paper coursebook, available for each student. The best version of this tool it was possible using a professional word processor, applying its functionalities regarding Tables of Contents, Tables of Figures (for qualitative or quantitative information), Terms in Index (a system of terms of the object language), or Terms in Glossary (a system of terms of the metalanguage, created as a new category, designed in Table of Authorities). All these techniques used for a printed-on paper coursebook, create the possibility of a quick access of the reader for a syntactic, semantic, or a pragmatic reason about the whole document. E-society highlighted the educational resources of the environment structured in three categories which G. Zamfir (B) The Bucharest University of Economic Studies, Bucharest, Romania e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_30

361

362

G. Zamfir

are already available for a standard user’s comprehension. The first one, the electronic resources represent the traditional resources, projected in the new context; scanning the content as an image of a printed-on paper coursebook, we get a readonly electronic resource; printing the document of a word processor in a portable document format we get an electronic resource containing active words as hyperlinks, for example, and corresponding functionalities. The second category of the e-society resources, the digital resources, they are, for example, the digital services or functionalities, unavailable in the first category; the third one, the virtual resources, reflects an augmented reality, which could include visual or tactile resources. This approach dedicated for understanding the concept e-society explains how the three forms of the traditional education: formal, non-formal, and informal education, all of them advance in a global permanent rising environment. This is the context by default which it defines an online learning activity. Analyzing learning, as a basic activity of the human development, it is useful here to underline the three paradigms of learning in e-society, as they describe the concept in [1]: a lexical paradigm, a terminological paradigm, and a conceptual paradigm, three levels of knowledge of the same process. The explanation of such a phenomenon is because of the character of human reasoning which it was different during various stages of the development of a human individual cognitive system. As soon as English is the native language of the Information Technology domain, it is useful to highlight current approaches, for example [2], which it focuses on vocabulary in English for university purposes by reflecting on recent research and how its impact and connection to learning and teaching. In this [2] reference, the main areas of research are knowledge of vocabulary, the amount of vocabulary learners needs for studying at university, frequency and vocabulary, English for General Academic Purposes and English for Specific Academic Purposes in connection with word lists, and testing, academic multiword units, and, word parts in academic vocabulary. A similar approach is proposed in this paper, which is based on a concepts map of a specific discipline developed on informatics, when we work for cognitive development of the learner, which it tends to complete as a cognitive autonomous system, founded on his own historical activities.

30.2 Conceptual Framework Analyzing scientific researchers as learners (as a recursive process) and studying Information Technology, as a scientific research subject (as an iterative practical implementation) knowledge framework become a conceptual one. As it is presented in [3], the main features of an e-education system are the global functionalities and the diversity of the users. The technological infrastructure presumes different levels of the information systems (home-based, institutional, metropolitan, national, regional, and global) while the conceptual infrastructure assumes study programs based on curriculum, subjects, syllabuses, and concepts map. The main feature of

30 An Assisted Instruction System Designed …

363

an online learning T-Class system is the assisted design module which, in a faceto-face learning in a standard E-Classroom system, could be solved by the present of the teacher. We have to define here the dysfunctionalities of an informational system as being all the situations omitted in the design stage of the system. We do not include here the situations generated by new versions of the software updated by the users (solving old problems, including new hardware or developing new functionalities), which are possible to happened during the period of the online teaching and learning activities. We integrate this assisted design component as an application of the meta-language on the desktop developed as a fieldwork paradigm, while the scientific research subject explains the recursive theoretical restructuring. As it is mentioned in [3], the desktop as a fieldwork paradigm represents the key resource of the methodological approach based on Information Technology as a native scientific research environment and this explanatory metaphor presumes a three-fold metainstruction activity for a generic user, in a just in time teaching and learning system, in E-Education. The student-user interacts with adequate content, as a fact of systematically refined activities of the teacher-user, in a specific technological infrastructure, acting (knowing, understanding, and applying) in a cognitive infrastructure developed as an extension of his cognitive system. The scientific researcher-user discovers new methods and techniques, available as knowledge and applications. Therefore, the methodological approach based on concepts map in e-education shows the functional updates in Fig. 30.1, where assisted instruction is developed as an application of the assisted design of the informatics educational process. Such kind of approach focuses on the user’s cognitive infrastructure, defined as the environment of the cognitive development of the student, consisting of content Fig. 30.1 Methodological approach based on information technology as a native research environment

364

G. Zamfir

and functionalities, in order to develop a cognitive system, motivating the primary competencies of the individual. In order to understand the cognitive infrastructure of the user in Pre-university education, Textbooks Ministry of Education [4] highlights that in the state or private educational units are used textbooks and other teaching aids approved by the Ministry of Education. School textbooks are developed and evaluated based on school programs developed by the Institute of Education Sciences and approved by the Ministry of Education. Textbooks are a resource and not a teaching norm. To consult the digital textbooks approved by the Ministry of Education, any user could visit the website http://www.manuale.edu.ro/. All the digital textbooks, developed as online web services, include options for printed-on paper version. It is significant to understand that the digital resource is deprecated to a traditional resource, according to the classification of the e-society resources proposed in this paper; the competencies of the learner are also affected in this case.

30.3 Theoretical Framework E-society represents, by default, a just in time teaching and learning system. Defining e-society as an educational laboratory, we include the teaching component in the system and presume the evaluation and self-evaluation, as two feedback activities of the e-education process. In a just in time activities system, the principles become processes, and the functionalities of the processes are designed based on the principles. E-education process start to develop as soon as the technological infrastructure permitted the most important feature: individualized educational activities using personal computers. Individualized activity allowed the student-own-pace concept, representing personalized learning. From this point is necessary to develop the adequate information granularity of the electronic, digital, or virtual content in order to support cognitive interactivity. Diversity of the forms of knowing integrates interdisciplinary approaches, while the diversity as forms of knowledge mixes transdisciplinary approaches. Developing computer literacy as a meta-discipline consists the basis of the final e-education process: self-control of learning through self-assessment. Based on the building blocks of the scientific research activities (ontology, epistemology, methodology, and methods) and on the interrelationships between the building blocks of the assisted instruction in e-education, presented in [5], in [3] it was developed a theoretical framework, dedicated as a base for initiating an operational assisted instruction system in e-education, which it was updated and it is presented in Fig. 30.2. Assisted instruction applications and assisted individual studies are completed by assisted design subjects, which reflects the cybernetic components of an information systems feedback. Understanding e-society as an educational laboratory, the UNESCO Institute for Information Technologies in Education launched a new series of publications “Digital Transformation of Education”. As is mentioned in [6], Ministries of Education, local authorities, municipalities. and other organizations tasked with oversight and

30 An Assisted Instruction System Designed …

365

Fig. 30.2 Theoretical framework based on assisted instruction in e-education

management of groups of schools or colleges are reliant upon accurate, up-to-date information. Traditionally these organizations have placed a premium upon data collection to guide decision-making, but in the main this data has been historic and is often out of date by the time it has been collated. Planning for the future armed only with information from the past is both imprudent and unnecessary. In Romania, the education system is based on Law on Education [7] consists of 365 articles structured in titles, chapters, and sections; there were operated 116 updates during the first ten years of existence of the Law, and 21 updates were operated in 2020. Each higher education institution elaborates rules and guidelines for didactic activity and methodologies for evaluation the teachers; the quality of the education activities is by default, depending on the options of the applicants in the admission process and the prior knowledge of these applicants. In 2020, the teaching and learning activities were changed, transforming the traditional classroom in a T-Class.

30.4 Analytical Framework Standard E-Classroom, developed as an educational laboratory, consists of standard personal computers installed with standard licensed software and permits individualized didactics activities; the most important feature of the E-Classroom is the face-to-face teaching and learning activities. The T-Class assumes for each student different personal computers with different operating systems and different Office Suites versions, for example. Including the necessity of specific freeware or shareware software, in order to solve detailed activities, we have to find compatible programs for each operating system. In this situation, the first activity in the T-Class consists of registering each student with the operating system’s version (genuine and updated or not) and Office Suite’s version (licensed or not). Assuming T-Class as an information system, specific services are included: intranet-personalized services, intranet customizable services, web customizable services, and web personalized services. According to the admission process, which it was an exclusive online type in 2020,

366

G. Zamfir

in our institution, the applicants had to use a personal email address in order to begin the registration procedure. The applicants admitted, after matriculation, received an institutional email address. So, the students had to administrate two email profiles and two types of personalized services, from the very beginning. Assisted instruction developed as a meta-discipline assumes applications, studies, and design. Each of these contents are individualized for the student’s software environment and personalized, in order to improve the learning process. As it is shown in Fig. 30.2, assisted instruction methods are assisted instruction applications, assisted individual studies, and assisted design subjects. Assisted instructions applications, created as an iterative practical implementation, are suitable for presenting basis concepts. Assisted individual studies, initiated as an open environment, are recommended for aggregate concepts. Assisted design subjects, developed as a recursive process, are responsible for threshold concepts and troublesome knowledge situations. In a T-Class system, teacher assisted learning is a technology mediated activity, where the student asks for an individual clarification about a concept or situation, based on the structured content received; the teacher clarifies the request and tracks the event as a feedback for the T-Class system. Therefore, the standard functionalities for an assisted instruction system in TClass, as one of the four teaching–learning standard systems in e-education, reflects the new context of an online version, in the image presented in Fig. 30.3. The first principle of learning concerns students’ prior knowledge. Prerequisite knowledge can be distinguished from prior knowledge. Prerequisite knowledge may be characterized as the knowledge required for a meaningful interpretation of the learning environment [8]. The same author mentions that the basic idea of the expertise reversal effect is that learners with low prior knowledge rely on additional information in instructional material to be able to understand the contents. For more knowledgeable learners, however, this additional information is redundant and unnecessarily burdens their working memory. In addition, an online learner has to apply basic computer literacy skills. In this case, the learning environment includes, by default, possible information gap activities. An information gap activity is an activity where learners are missing the information they need to complete a task and need to talk to each other to find it [9]. When the students do not read carefully the instructions (as the first primary competence of a learner), it is possible to send to the teacher unchanged answers received from other colleagues. This situation reflects an atypical cognitive development of the learner, based on the idea that learning it is a group activity in the traditional classroom. Students do not come into a teaching–learning activity as blank slates, but rather with knowledge gained in other formal, non-formal or informal education activities. Students’ prior knowledge can help or hinder learning [10]. In the same book, the authors mention however, students may not make connections to relevant prior knowledge spontaneously. If they do not draw on relevant prior knowledge—in other words, if that knowledge is inactive—it may not facilitate the integration of new knowledge. Moreover, if students’ prior knowledge is insufficient for a task or learning situation, it may fail to support new knowledge, whereas if it is inappropriate for the context or inaccurate, it

30 An Assisted Instruction System Designed …

367

Fig. 30.3 Standard functionalities for an assisted instruction system in T-Class

may actively distort or impede new learning. In a standard E-Classroom with a face to face teacher assisted learning activities, these situations are just in time adjustable, but in an online teaching–learning activity, such complications are not possible to be identified; it is necessary just in case content for each state already described, or to create new content just in time for new situations. At the same time [11], highlights that while summative student evaluations are commonly used, these may not be the most effective for online course evaluation and quality improvement. Formative evaluation is one method of providing course evaluation and feedback to the instructor during the course while course improvements can be made to benefit the students currently in the course as well as future students. This method of evaluation not only provides for an effective course evaluation but also continuous improvement in the course.

368

G. Zamfir

30.5 Conclusions Some online classes are asynchronous, which means that there are no required video conference meetings; others are synchronous, which means that the student must engage with the instructor at a scheduled time. In an online teaching and learning system the course and the seminar become a laboratory activity, as the e-society it is. E-education has to be prepared in a traditional classroom, which it is transformed in an E-Classroom, including face to face teacher–student interaction, and then, when necessary, the E-Classroom should become a T-Class, maintaining a similar technological infrastructure. Such an approach develops, by default, the computer literacy for all the participants and all of them could understand the new environment, could be present and active users, and could evaluate the e-education process. Education has to be integrated in e-education before switching to e-education exclusively solutions as soon as education could not be reflected as a projection of its similar traditional activities in e-society. This is an explication why the optimal number of the students in a T-Class is an important restriction which has to be studied, while there are researches for traditional education, for example [12], which it describes a model for determining the number of pupils in the class of one teacher in primary school education in context of a specific country, where legislation defines the minimal and maximal number of pupils in the class. The authors mention that the model which they created is based on economic principles, which are usually different from “politically acceptable solutions”. Developing E-Classroom in education and certifying an institutional e-education system will transform online teaching and learning from an experimentation for a T-Class in a standard initial version for an E-Class.

References 1. Zamfir G (2013) Learning paradigms in e-Society. Inf Econ J. ISSN 1453-1305. EISSN 18428088. https://doi.org/10.12948/issn14531305/17.3.2013.09 2. Coxhead A (2021) Vocabulary in english in tertiary contexts: connecting research and learning. LEARN J Lang Educ Acquis Res Netw 14(1):1–14. ISSN: 2630-0672 (Print). ISSN: 2672-9431 (Online). https://so04.tci-thaijo.org/index.php/LEARN/index 3. Zamfir G (2019) Just in time teaching and learning system in the standard e-classroom. Inf Econ J 23(3):49–60. ISSN 1453-1305. EISSN 1842-8088. https://doi.org/10.12948/issn14531 305/23.3.2019.05. 4. Textbooks Ministry of Education. https://www.edu.ro/manuale-scolare. Accessed 15 Mar 2021 5. Zamfir G (2015) Learning support for standard e-classroom. Inf Econ J 19(3):46–58. ISSN 1453-1305. EISSN 1842-8088. https://doi.org/10.12948/issn14531305/19.3.2015.04 6. Duggan S (2020) UNESCO IITE. AI in education: change at the speed of learning. In: Knyazeva S (ed) UNESCO IITE policy brief 7. The Official Journal of Romania, Part I, No. 18 of 10 January 2011—The Law No. 1 of 5 January 2011—Law on education 8. Kühl T (2021) Prerequisite knowledge and time of testing in learning with animations and static pictures: evidence for the expertise reversal effect, Learn Instr 73(1). Elsevier. ISSN 0959-4752. https://doi.org/10.1016/j.learninstruc.2021.101457

30 An Assisted Instruction System Designed …

369

9. TeachingEnglish | British Council | BBC https://www.teachingenglish.org.uk/article/informati on-gap 10. Ambrose SA, Bridges MW, Dipietro M, Lovett MC, Norman MK (2010) How learning works, 7 research-based principles for smart teaching. ISBN 978-0-470-48410-4 (cloth) Wiley, San Francisco 11. Peterson JL (2016) Formative evaluations in online classes. J Educ Online JEO 13(1):1–24. ISSN 1547-500X. https://files.eric.ed.gov/fulltext/EJ1087683.pdf. Accessed 15 Mar 2016 12. Dubovec J, Falat L, Makysova J (2016) Optimal number of students in the class. Glob J Bus Econ Manag 6(2):243–249. ISSN: 2301-2579

Chapter 31

Building Resilience Through Digital Transformation Iulia Daniela Postolea and Constan¸ta-Nicoleta Bodea

Abstract In a world where change is the only constant, building abilities like resilience, flexibility, and agility becomes imperative to keep or increase competitiveness and stay connected with the actual trends. The paper reviews the literature on building resilience through digital transformation and proposes a framework for assuring this characteristic in organizations. Several technologies and solutions related to this framework are discussed and compared. The authors conclude that only by defining and implementing a digital transformation strategy in the organization, the proposed framework may be efficiently implemented and operated.

31.1 Resilience in Business: Relevance and Metrics Resilience is a concept that has gained increasing attention in the last two decades, in different domains, including business [1–5]. It represents the capacity of an economy, a community, or an individual to cope with economic losses caused by an extraordinary adverse shock, such as a natural disaster, a terrorist attack, or a large-scale economic crisis. The concept of resilience includes technological, institutional, and behavioral components, and implies an active response to mitigate the consequences of the shock. Masten et al. [6] defined resilience as the process of, capacity for, or outcome of successful adaptation despite challenging or threatening circumstances, while Bonnano [7] identifies that adult adversities are more likely to be isolated, but potentially highly disruptive; moreover, “steeling effects” mentioned by Rutter [8] in relation to the life course, brings to attention that effective negation of risk I. D. Postolea Economic Informatics Doctoral School, Bucharest University of Economic Studies, Bucharest, Romania e-mail: [email protected] C.-N. Bodea (B) Department of Informatics and Economic Cybernetics, Bucharest University of Economic Studies, Bucharest, Romania e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_31

371

372

I. D. Postolea and C.-N. Bodea

exposure earlier in life facilitates a resilient response later. A resilient enterprise as described by Gallopin [9] would be an enterprise that has the adaptative capacity and ability to cope with, adapt to, and recover after a disruption, closely connected to the level of vulnerability, the flexibility to reorganize in a changing environment, and the effectiveness of the recovery time and expense wise. An “adult” enterprise could relate to a developed, mature entity that has all the attributes described until now. An additional perspective on stages of disruption in the context of resilience is given by Steffi and Rice [10] as follows: 1. Preparation, 2. Disruptive event, 3. First response, 4. Initial impact, 5. Time of full impact, 6. Preparation of recovery, 7. Recovery, and 8. Long-term impact. The most common attributes identified in the literature that could describe resilience are vulnerability, adaptative capacity, and recovery ability. Vulnerability is generally accepted as being the “easiness” with which an enterprise can be moved from a relative equilibrium state to a disorderly circumstance and its reduction leads to decreasing likelihood of a disruption impact thereby increasing the ability to bounce back and to be resilient [10]. Adaptive capacity is the ability of the enterprise to alter its strategy, operations, management systems, governance structure, and decision support capabilities to withstand disruptions [11] simply translated in taking decisions appropriately and in the time required by both in the daily activities and in crisis and disruptions [12]. Recovery ability is the enterprises’ potential to cope with a new environment and recover after disruption by taking the additional step from adapting to the disruption toward returning to its initial equilibrium state. When assessing the level of resilience proved by an enterprise, Erol et al. [13] describes the following types of metrics by analyzing 3 variables—recovery time, level of recovery, and level of vulnerability to potential disruptions: – Recovery time—the necessary timeframe for a company to overcome disruption and return to its normal, original state; – Level of recovery—which can be easily assessed by achieving a minimum percentage or by combining it with the recovery time that can define the level of disruption; – Level of vulnerability—identification of the disruptions that are likely to disturb an enterprise’s activity as compared to others; an enterprise may be more resilient to one kind of disruption if compared with another one. Another metric that could be considered in assessing the level of resilience of an enterprise is how big was the impact on certain KPIs if compared with the average of the market—for example, if the market of electronic equipment has reported a contraction of 15%, then a company that had an impact of only 10% could be considered as being resilient. When combining the stages at which a company may be placed in time related to the different states of disruptions and different measuring metrics that can be assigned to each of them, the following Fig. 31.1 would serve as an overview. When an enterprise is in a relative equilibrium state, the metric that could relate the most with its circumstance is the level of vulnerability; when a disruption affects

31 Building Resilience Through Digital Transformation

373

Fig. 31.1 State of disruption and metrics

the enterprise, it enters into an “Altered state” which fits into phases 3, 4, and 5 described by Steffi and Rice [10]. In this new stage, the company takes immediate actions to cope with the disruption addressing issues like workforce, customers, technology, business partners, as well as near-term cash management challenges that have a short-term nature. In the long-term, the enterprise moves to a “Re-bouncing state” which fits phases 6, 7, and 8 [10], and its metrics relate to the ability to recover. Once the enterprise is recovered, it re-enters to the equilibrium state most probably with a lower level of vulnerability than evaluated before.

31.2 Resilience Triggers and Leverages. Digital Transformation Even though resilience is an attribute that is mainly addressed at the strategic level of the enterprise, the tactical and operational levels are also important as they form the base of decision-making processes. In the era of artificial intelligence, machine learning, RPA, and big data, for each of the levels presented above, specific methods and initiatives can be depicted in order to increase the overall level of resilience on an enterprise level by enhancing abilities like flexibility and agility. Digital transformation (DT) is considered to be the process of using digital technologies to create and/or modify business processes, culture, client experiences, how to generate information based on existing data, and how the decisions are being taken in terms of time and cost. When looking at the attributes that strongly contribute to resilience—see flexibility and agility—an organization that grounds its internal structure on digital systems has the ability to respond and adapt faster due to accessibility of the information that leads to informed and quick decisions.

374

I. D. Postolea and C.-N. Bodea

Ciampi et al. [14] presents a system through which Big Data Analytics (BDA) is a pillar on which resilience can be built based on the following hypothesis: Integrating artificial intelligence capabilities into management information systems is fundamental in transforming traditional management information systems into BDA capable information systems; -BDA capable information systems may influence the organizational pursuit of flexibility and agility; -Strategic flexibility and agility deriving from BDA capable information systems may foster organizational resilience; -BDA capable information systems, due to their artificial intelligence capabilities, may increase organizational resilience. Another relatively new concept as a derivate from BDA introduced in 2017 by Sallam et al. [15] is “Augmented Analytics as being the future of Data and Analytics”. This paper strongly emphasizes the importance of data volumes and their complexity, which easily leads to the trap that maybe the identification of every possible pattern, and determining the most relevant and actionable findings is either impossible or impractical, which leaves business people and analysts increasingly prone to confirmation bias, leading to missing key information, draw incorrect or incomplete conclusions. Augmented Analytics is also the basis for conversational analytics which already started with chatbots and may probably continue with addressing requests to Amazon Alexa to generate quires or explore data—e.g.,: “Alexa, prepare a sales report for the last 3 months!”. In the report conducted by Forrester for SAP in April 2020 [16], key findings have been identified related to Augmented Analytics, which are as follows: -companies did not yet realize the benefits brought by improved analytics; -business users are still relying on a great deal on IT or data pros to author content when using analytics in their decision-making process; -decision makers expect that Augmented Analytics will fill the gaps of knowledge on inexperienced users; -and the last one and the most relevant is that 70% of the companies that leverage augmented analytics reported that they have experienced revenue growth of 10% or more on average over the past three years. Being resilient, flexible, and highly adaptative in an ever-changing environment is power and this ability may be enhanced through data, information, and knowledge. As an option to achieve this, Augmented Analytics, as provided by SAP, enables the decision makers to act in a strategic and visionary way and to adapt their behaviour when a disruption disturbs the business environment. “If you only have a plan, you’re planning to be wrong.”—Edward Roske, CEO interRel Consulting. At the tactical level, scenario planning (or “what-if” scenario) is proposed as an instrument at hand which can provide options in decision-making processes based on the environment. The following actions are presented as part of the scenario planning [17]—Oracle, etc.: 1.

De-risk decisions with Monte Carlo simulation Monte Carlo simulation, a statistical modeling technique, has proven its effectiveness in conducting a risk assessment by overcoming a human natural bias of being optimistic or pessimistic and increasing the quality level of the

31 Building Resilience Through Digital Transformation

2.

3.

4.

375

decision-making. In financial planning, running as many simulations as needed leads to understanding the probability of the outcomes when certain premises are considered. Communicate plan internally and externally with narrative reporting Any kind of resulting figures from the simulations briefly explaining the premises do not have any meaning if not placed into a context or do not answer to questions starting with WHY—e.g., Why do we have deviations as compared to budget figures? Why should we proceed with a certain decision instead of the opposite?. Optimize your cash flow with cash management Cash being the central, most important KPI it is important to have the right forecasting tools in order to anticipate the flow of cash and make decisions that ensure liquidity and maximal use of cash resources. Uncover new opportunities with profitability and cost management

In order to react and reshape the future, a strong understanding of where the biggest costs concentrate and which part of the enterprise generates the highest profit margins is needed. Zero-based-budgeting is a technique through which enterprises build the figures every year, by analyzing individual expenses and one-time effects rather than just extrapolating the figures reported one year before, enabling the possibility to boost competitiveness and improve expense ratio. To support scenario planning, an important tool at a tactical level is an Enterprise Performance Management (EPM) solution with AI or other technologies directly built-in which allows to examine multiple data sources, forecast the most likely outcomes, and issue reliable recommendations. Such a tool has also an operational component as the shift in forecasting timeframes is changing during an economic crisis. Moreover, the results from a study conducted by Oracle underline the benefits that an EPM solution brings from modern collaboration tools, technologies like AI, IoT, and predictive planning which result in increased agility, faster business planning as well as increased accuracy in analysis. Along with the digital transformation trends presented until now, Gartner includes in the top 10 strategic technology trends for 2020 [18], another technique that builds up resilience and flexibility—Hyperautomation. The new concept basically adds on top to the traditional RPA AI techniques like machine learning which support the replication of pieces where human is involved in a task. In order to pursue flexibility, agility, and resilience on all its levels (strategic, tactical, and operational), enterprises have extensively explored tools and techniques as presented in this paper, that became a crucial part of the organization’s structure and set the digital framework of an organization.

376

I. D. Postolea and C.-N. Bodea

31.3 Proposed Framework for Addressing Resilience Through Digital Transformation When addressing resilience on each of the company’s levels as defined before, customized proposals have been made in the following section, addressing the information that has been presented until now including the state of disruptions and the metrics illustrated in Fig. 31.1 in which a company may be at a certain point in time. The proposed framework below aims to determine clear means to leverage and trigger resilience in an organization with suggested technologies, for different strategical levels considering timeframe, different disruption states, as well as metrics that serve for a practical assessment (Table 31.1). The strategic level of resilience is to be addressed in a period of equilibrium which allows in-depth analysis and resulting trends in order to shape the future of a company for the long term—5 years or more. The metrics proposed to be used for this layer is a vulnerability level which could reveal the highs and lows in a matter of resilience. The proposed means to use is based on Big Data Analytics and the technology—SAP Augmented Analytics. Augmented Analytics from SAP is a cloud-based solution that gathers data either from the cloud applications (Concour, SalesForce, GoogleDrive or SAP cloud for customer) and cloud data sources (SAP Cloud Platform, SAP Data Warehouse Cloud, SAP S/4HANA Cloud) or from local network resources (.csv,.txt,.xlsx files, SAP HANA, SAP ERP, etc.). The application allows 2 types of connections that reflect the accessibility of the information:—live data connections which do not replicate data in SAP Analytics Cloud, uses data models for analysis and updates the data visualizations and stories with new data in real time; and—import data connections which replicate data in SAP Analytics Cloud, create new data models through SAP Analytics Cloud Modeler and updates the new data and stories only when refreshed. Table 31.1 The framework for addressing the resilience through DT Type of resilience

Strategic

Tactical

Operational

Means for achievement

BDA analytics:—identifying relevant information and findings for objective, unbiased decisions

Scenario planning:—Monte Carlo simulation, narrative reporting, optimize cash flow, uncover new opportunities

Shifting from time-consuming, low added value activities to automated processes

Technology

SAP Augmented Analytics

EPM Oracle

Robotic Process Automation Hyperautomation

Resilience state

Equilibrium

Re-bouncing

Altered

Metrics

Vulnerability

Recovery ability

Adaptive capacity

Timeframe

Long term

Medium term

Short term

31 Building Resilience Through Digital Transformation

377

A tactical approach is suggested to be applied in a semi-stable period named “Rebouncing” which is actually the intermediate state after a disruption has taken place and has adapted to daily operational requirements. The proposal for this step is to create multiple scenarios with different premises in order to be able to react fast on the business environment and increase resilience, to have a context for the resulting scenarios—narrative reporting, to tackle all possible ways to optimize cash flow and to uncover new opportunities by reconsidering costs and budgets. The technology identified to serve this purpose was the Enterprise Performance Management (EPM) solution from Oracle which is a multi-tier application environment that mainly uses thin-client architecture for end-user access, requiring only a supported browser on the client machine. For this solution, a middle-tier application server is required, the network traffic between it and the client wouldn’t normally exceed the normal web traffic. The operational resilience should intervene immediately after a disruption has affected the normal, stable environment and is reflected on the basic areas that may raise concerns on a short term—how to increase productivity, how to bring additional or the same value when dealing with constraints, etc.—the handiest solutions coming from processes that require manual work and that could be replaced by robots. For this addressed level of resilience, the proposed method is RPA provided by UiPath with additional features of AI when considering the next level—Hyperautomation. The technology from UIPath offers a GUI Dashboard for pre-defined activities considered for the automation, types of recorders to record actions on multiple platforms like Basic, Desktop, Web, Image and Native Citrix, Logging and Exception Handling, integrated OCR technologies to perform screen scraping and reusable components that can be published together as libraries. Table 31.2 presents the results of the analysis of three approaches using the technologies presented above and integrating key features and constraints. The comparison of the approaches was made based on the required inputs (resources and costs) and expected results (benefits) (Table 31.2). The key features addressed by the technologies fit the framework proposal from Table 31.2 as each of them refers to the defined levels of the company—operational, tactic, and strategic. All 3 technologies analyzed in the context of building resilience have proven to be medium to high expensive solutions, depending on the level of customization, the number of acquired user licenses, maintenance and training costs, further development of the initial implemented solution as well as necessary infrastructure. The Augmented Analytics solution offered by SAP has its limitations when coming to the integration of MS Office applications or the visualization options, because it addresses the needs of the large companies and it has the cloud and several local servers, as the main deployment possibilities. Still, its contribution to building resilience cannot be contested as it empowers the employees with data, enhances collaborative planning, transforms data into business value, and streamlines analytics for quick decisions.

378

I. D. Postolea and C.-N. Bodea

Table 31.2 Comparison of three relevant approaches Type of resilience

Means for achievement Technology

Resilience state

Metrics

Strategical

BDA SAP Augmented analytics:—identifying Analysis relevant information and findings for objective, unbiased decisions

Equilibrium

Vulnerability Long term

Tactical

Scenario planning:—Monte Carlo simulation, narrative reporting, optimize cash flow, uncover new opportunities

Re-bouncing Recovery ability

EPM Oracle

Operational Shifting from Robotic Process Altered time-consuming, low Automation added value activities Hyperautomation to automated processes

Adaptive capacity

Timeframe

Long term

Short term

The Enterprise Performance Management solution from Oracle developed for small, medium, and large companies is ranked as medium to high from a cost perspective, and includes conversational analytics to explain graphs and trends as well as what-if scenario planning based on an analysis engine called Oracle Essbase. Robotic Process Automation solution from UI Path is a suitable proposal for addressing recurrent, repetitive tasks which integrates AI and ML proving to be a powerful tool in increasing productivity by saving time from non-value-added activities, taking standalone decisions for defined cases, as well as increasing data accuracy. In conclusion, resilience as a process, but also as an objective is a matter that has to be continuously addressed and improved, detached from the situation of the environment (disrupted, normal and stable, altered), the strategic level (operational, tactical or strategic) or the timeframe (short, medium or long term), with focus on benefits and potential as well as costs and constraints.

31.4 Implementing the Proposed Framework. Strategies for Digital Transformation By investing in digital technologies, a boost of the company’s products and services quality, increased productivity, as well as increased value and improved efficiency in the business models are expected. Enhancing the R&D function in the area of digital transformation is creating a sustainable increase in revenues—research of PWC in

31 Building Resilience Through Digital Transformation

379

2020 is revealing that 56% of the organizations already have a digital transformation strategy that includes AI adoption. IT governance plays a central role when dealing with digital transformation providing several frameworks to follow (ITIL—Information Technology Infrastructure Library, COBIT—Control Objectives for Information and Related Technology, ASL—Application Services Library, CMMI—The Capability Maturity Model, Six Sigma—Six Standard Deviations, etc.), each of them underlying different aspects, acting in a complementarily way but still addressing the same things: organizational structure, decision process, and communication. Considering the organization’s targets in achieving digital transformation, the IT governance framework has to be adapted continuously to meet the requirements that traditional governance practices can no longer do, by meeting changing market demands. For example, ISACA has updated the Cobit framework in 2019 with the latest requirement of the market creating a blueprint to be adopted by each company in accordance with their needs and targets. Moreover, an organization has to change its vision on how IT governance should contribute to its activity—switching from a vision of governance equals a set of restrictions to governance—to a digital enabler. In conclusion, as identified by Davenport T. and Redman T. [19], there are 4 key areas when addressing digital transformation on a strategic level:—technology: technical debt of existing systems and legacy technologies are difficult to change and only by handling the ability to work hand in hand with the business, these challenges will be surpassed; -data: its quality, breadth, and depth is crucial for creating valuable conclusions and effective decisions;—process: handling knowledge silos within an organization, an end-to-end mindset, rethinking ways to meet customer needs are the focus areas when radical process engineering is considered, together with the integration of an adapted agile IT governance framework;—organization change capacity: leadership, teamwork, courage, emotional intelligence are the main elements of change management in the context of digital transformation.

31.5 Conclusions Resilience is a concept that has gained increasing attention in diverse fields of research involves several concepts, aspects, and means to be defined, measured, and further developed. In the first part, the scope is to clarify and measure resilience by identifying different metrics as a result of the literature review—vulnerability, adaptive capacity, and recovery ability. The second chapter aims to bring to attention how important digital transformation is and how it can contribute to resilience in an environment that continuously challenges the enterprises to re-invent themselves—sometimes disrupted by trends, sometimes by crisis. The third section includes proposals on how to address digital transformation at a strategic level in order to create resilience by identifying tools and technologies that respond to each disruption state, related timeframe, and metrics presented as an overview in Fig. 2. The fourth section captures premises on which the

380

I. D. Postolea and C.-N. Bodea

digital transformation strategies should be based upon—from IT governance frameworks to requirements identified as coming from the market, as well as key areas, when addressing digital transformation at a strategic level. Directions for the future PhD research include assessing resilience levels of an organization before a certain disruption takes place, considering a set of specific measures defined to address the metrics with a lower reported level, defining a customized framework for implementation, and re-evaluating the considered indicators to rate the efficiency of the defined actions. Further study may aim to expand the identification of other correlations between various aspects of resilience and how these can be solved with digital transformation techniques, AI and ML, with an emphasis on financial KPIs predictions (e.g., cash flow).

References 1. The Oxford Dictionary of English, revised edition 2005. www.oxfordreference.com. Last accessed 13 Feb 2021 2. The Collins English Dictionary, 10th edn 2010, www.collinsenglishlanguage.com. Last accessed 13 Feb 2021 3. A Dictionary of Environment and Conservation 2021. www.oxfordreference.com. Last accessed 13 Feb 2021 4. The Oxford Dictionary of Law Enforcement 2015. www.oxfordreference.com. Last accessed 13 Feb 2021 5. The Oxford Dictionary of Economics 2017. www.oxfordreference.com. Last accessed 13 Feb 2021 6. Masten AS, Best KM, Garmezy N (1990) Resilience and development: contributions from the study of children who overcome adversity. Dev Psychopathol 2:425–444 7. Bonanno GA (2005) Clarifying and extending the construct of adult resilience. Am Psychol 60:265–267 8. Rutter M (1999) Resilience concepts and findings: Implications for family therapy. J Family Therapy 21:119–144 9. Gallopin G (2006) Linkages between vulnerability, resilience, and adaptive capacity. Glob Environ Change 16:293–303 10. Sheffi Y, Rice JB (2005) A supply chain view of the resilient enterprise. MIT Sloan Manage Rev 47–1:41–48 11. Starr R, Newfrock J, Delurey M (2004) Enterprise resilience: managing risk in the networked economy. Strategy+Business 30:1–10 12. McManus ST (2007) Organizational resilience in New Zeland. Dssertation research of the Civil Engineer Department of the Cantenbury University, New Zeland 13. Erol O, Henry M, Sauser B, Mansouri M (2010) Perspective on measuring enterprise resilience. Systems conference paper—annual IEEE 14. Ciampi F, Marzi G, Rialti R (2018) Artificial intelligence, big data, strategic flexibility, agility, and organizational resilience: a conceptual framework based on existing literature. International Conference Internet and Applied Computing 15. Sallam R, Howson C, Idoine C (2017) Augmented analytics is the future of data and analytics. www.gartner.com. Last accessed 17 Feb 2021 16. Forrester opportunity snapshot: a custom study commissioned by SAP (2020) Enabling datadriven decisions through augmented analytics. www.sap.com. Last accessed 19 Feb 2021 17. Charting a path to growth with scenario planning—a study by Oracle (2020), www.oracle.com. Last accessed 18 Feb 2021

31 Building Resilience Through Digital Transformation

381

18. Gartner Identifies the Top 10 Strategic Technology Trends for 2020 (2019). www.gartner.com. Last accessed 19 Feb 2021 19. Davenport T, Redman T (2020) Digital transformation comes down to talent in 4 key areas, www.hbr.org. Last accessed 27 Feb 2021

Chapter 32

Visual Tool for Stimulating Employee Intelligent Attitude Smaranda Derscanu , Vasile Paul Bresfelean , Liana Stanca , Monica Ciaca , and Alexandru Vancea

Abstract In the new economic landscape, companies wish to become agile and instantly react to occurring opportunities, and moreover wish to offer their clients excellent experiences, take advantage of the new technologies, and cutting costs. Thus, they need employees who show intelligent attitudes toward work. This paper is designed based on a literature review regarding interdisciplinary theories gravitating around the concept of innovating task management processes—activity management in the digital era. In this context, the authors have developed a visual tool to manage tasks within a project/job, allowing the development of studies focused on the stimulation and identification of employees showing an intelligent attitude toward work, essential for the company’s development, for the increase of digital business and for maintaining market competitive advantage.

32.1 Introduction In the last decade, the way of thinking and making business have dramatically changed worldwide, aiming to develop an intelligent attitude of the twenty-first century employee. In this respect, companies are looking to identify operating models S. Derscanu · V. P. Bresfelean (B) · L. Stanca · M. Ciaca · A. Vancea Babes-Bolyai University, Cluj-Napoca, Romania e-mail: [email protected] L. Stanca e-mail: [email protected] M. Ciaca e-mail: [email protected] A. Vancea e-mail: [email protected] V. P. Bresfelean George Emil Palade University of Medicine, Pharmacy, Science, and Technology, Targu Mures, Romania © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_32

383

384

S. Derscanu et al.

that would exploit what is recently achievable for competitive differentiation [1] through innovation in their visualization, in order to facilitate an environment that induces an intelligent attitude of employees toward work. In the research literature, the word “intelligence” has many definitions and approaches, among these we consider the applicable one in business: “intelligence is a very general mental feature that implies among others the ability of reasoning, planning, solving problems, abstract thinking, understanding complex ideas” [2]. In the theory of learning, intelligence together with the aforementioned abilities are the necessary mix for diminishing the learning time, facilitating the access to learning by experience [3] (a process meant to develop new knowledge based on such exploring). According to [3], classic learning based on parsing the literature develops academic abilities to the detriment of testing intelligent abilities, this not being fit anymore with the requirements of the twenty-first century’s labor market. These requirements are anchored in the experimental learning theories. Experimental learning represents a continuous process in which the experience is generated by our continuous commitment to the world [4]. According to [4], learning and experience cannot be separated. Our experiences model and remodel the ideas as much as a four-stage process happens: actual experience, reflexive observation, abstract conceptualization, active experimentation [4]. Therefore, experimental learning facilitates a profound reflection capability for understanding the real world, “finding” what to do and how to act in different contexts which occur frequently in the field of work. According to [5], one person’s success does not come from his/her intelligence (this being a given fixed amount) but from his/her attitude, this being defined as an established way of thinking at the way of solving problems, of accepting novelty, of efficiently organizing the time for reaching results, etc., usually, one that reflects in the behavior of an individual. The success in the life of an individual depends on his/her way and ability of controlling emotions and on being able to adequately manage relevant information [6]. A person can create trust, devotion, responsibility, efficiency, and innovation among individuals, groups, and organizations after handling well his/her emotions [7]. Some authors [8] consider it to be a reflection of the extent to which an individual likes or dislikes something, depicting the desire to do something, and others [9] believe it mirrors also the belief of an individual in something. Attitude can also be a trend of acting constructively or discouragingly toward a certain object, situation, institution, concept or person [10], thus impacting in a specific manner on the comportment, determination, consciousness [7]. For that reason, an intelligent attitude is a mix between the ability to reason, planning, solving problems, abstract thinking, and growth mentality (understanding complex ideas together with an open attitude toward the new, having the conviction that they are capable to solve any problem with creativity) [11]. This mix of positive attitude toward innovation through work and intelligence facilitated the progress toward digital innovation. Nowadays large organizations support the idea that the key to digital transformation’s success consists of the ability of an organization to change not only the technological stack, but mostly the attitude and mentality of its employees and leaders, thus identifying employees with intelligent attitudes [12]. Consequently, according to [12], digital innovation can

32 Visual Tool for Stimulating Employee Intelligent Attitude

385

be successfully accomplished in the case where employees acquire an intelligent attitude. An intelligent attitude (according to [11], intelligence is important, but attitude is everything) generates innovation in visualizing business processes, more precisely of the work management processes that continue to be essential for the company’s development, for the increase of digital business and for maintaining the market competitive advantage. In addition, the work management innovation process continues to remain iterative, uncertain, interactive, path dependent, and specific to the context where the tasks are thought out [13, 14]. Employees incline to structure their professional life in specific tasks and activities, defined as “a set of actions (either mental or physical) made by people” in order to reach specific goals [15, 16]. An activity performed to accomplish a task can be considered the logical work unit incorporating “all the instruments, people and resources necessary to do the job in an intelligent manner” [14]. As pointed out by various researchers, the exponential increase of digital technologies has produced significant improvement in many processes of work design, implementation, and development in the digital era, also playing a significant role in the field reorganization, facilitating innovation that depends on the presence of intelligent attitude toward work task management [17–20]. The collocation of intelligent attitude toward work derives from the study of [21] and brings together intelligence, empathy, reasoning about emotions and feelings, in order to increase fast thinking and develop the problem-solving abilities of the members. The concept of digital innovation can be interpreted [22] as practices, processes, and principles that lie behind the efficient arrangement of intelligent attitude toward work, sustaining digital innovation [23] in work task management using digital tools with strong visualization features, facilitating the “visual creation (and coherent change) of the work processes to obtain models/prototypes/templates for managing tasks by using digital technologies” in order to determine the optimization of the work [24] task management process. Hence, “digital technologies can support the knowledge management processes, and their use can have both structural and behavioral implications” that facilitate the emergence of intelligent attitude toward work [25]. In this context, the paper intends to provide a prototype tool whose role is to stimulate intelligent attitudes toward work. The research scenario starts from the premise that persons who identify the real purpose of the tool are those who are capable of developing an intelligent attitude toward work. More precisely, we are looking for those who realize that the tool can be used for automating work by generating templates for work tasks management in order to facilitate the creation of contexts in favor of innovation. Hence, the research intends to be an attempt to structure a transdisciplinary field. In the study, based on the existing research, we identify the current major tendencies and offer an overall picture of the current research themes and flows in the area of work management processes digitalization based on a visualization tool that facilitates the identification of employees’ intelligent attitudes. We contribute to the large research field of management processes digitalization by work visualization tools, providing a theoretical background for further research by identifying possible gaps related to how intelligent attitudes of the twenty-first century employee can be stimulated. This paper can help researchers identify the

386

S. Derscanu et al.

similarities and differences in the research fields of work management processes digitalization in order to identify intelligent attitudes toward work, seen by European documents as compulsory. In developing issues, expertise and adaptive expertise have a major role, describing the “researchers’ ability to understand and combine results and procedures from various fields” [26]. Based on that, our outcome can be considered as an opening step in the direction of this ability, presenting a holistic line to the study of digitalization, visualization in work management, in order to cultivate an employee intelligent attitude. The paper is structured in three sections: literature review, a research scenario facilitating both the presentation of the tool, and the presentation of the results of a statistical study performed on users with various sets of skills, knowledge, and expertise, which helped in obtaining knowledge to validate our research and, respectively, created a context to simulate the use of our tool in order to develop new visions on the mechanisms generating the intelligent attitude toward work, according to European documents.

32.2 Literature Review In the literature related to Human Computing Interaction [27–29], approaches are oriented toward studies whose purpose is to identify a strategy for correct task prioritization, based on various tools [30–32]. More precisely, a large number of studies in the literature focus only on one resource serving mainly to time management needs. In our vision, in line with [33, 34], we support the need for results generated by studies related to resource analysis with visual representation, facilitating visual analytics in task management, in order to optimize task performance, task management, and task planning by the employees showing intelligent attitudes toward work, facilitating business digitalization. The Europe 2020 strategy [35] and the partnership for the skills of the twenty-first century, therefore, require future employees to be educated in the field of digital skills under the influence of social and economic changes in order to cultivate their intelligent attitude toward work. In [36–38], it is stated that there is a necessity to review the set of courses, so that economists can obtain knowledge and abilities needed to carry out data analysis and IT expertise, to steer the organizational policy by generating a link among business, actions and IT roles, to stimulate their intelligent attitude toward work. Hence, for an employee showing intelligent attitude, we must identify and formalize the knowledge that an “economist (a person who can exchange [39] and disseminate knowledge [40] inspiring innovating behaviors—new products and services)” must deal with, according to their profession in the era of Big Data [41]. Stimulation of “intelligent attitude toward work is based on skills, attitudes and personalities” capable to accept and adapt, learn to use instant analysis tools [42] in work management based on concepts and methods like data analysis, agile decision-making, process mining, critical visual data analysis that stimulate the intellect in order to critically and visually design tasks, facilitating innovation in the workplace.

32 Visual Tool for Stimulating Employee Intelligent Attitude

387

Task management tools must support the visualization of the whole task, but must also allow different perspectives for different types of planning, adapted to the workforce. According to [43], visual task modeling tools in a twenty-first century workplace are performed on these levels: definite visualization of the data representation space, data interaction, visual model identification, and decision-making. In [44] it is underlined that generally, there is less emphasis on researching visualization and implicitly, on visualization interaction. However, “interaction” in the task visualization process, according to [45], is the catalyst for the user’s dialog with the data, and, in the end, comprehension of the data, although this feature is difficult to evaluate. Interaction is an impalpable notion, challenging when needed to design, measure, and evaluate it, underlying the decision-making process that relies on visualization tools adapted to the field they are used in [45]. In this context, we believe that it can be measured if the stimulation of an intelligent attitude toward work is facilitated by the way an employee interacts with a visual task management tool. More precisely, it is a research scenario by which we gain knowledge. Knowledge is considered in [46] as a combination of “contextual information, expertise and value leading to innovation and clear experience”. In [47], it is stated that data analysis and reporting represent the main objectives of an IT system and, in accordance with the existing needs of employees showing intelligent attitudes toward work, require a curriculum that should reveal to students the analytical and visual tools in all fields, in order to increase the responsibility of economic decision, regardless of the field they are coming from. Thus, in the authors’ view, the educational process from the economic area must enlarge its limits, in order to include Big Data concepts and methods [36], visual analyses, and visual task management tools [40] in order to deliver employees with intelligent attitudes toward work [21].

32.3 Research Scenario For the purpose of our research, we designed and implemented a tool named TaskLink. The tool was developed to be used by individuals who need a way to manage their projects or daily tasks they have to accomplish, and it was intended to simplify them. In our vision, this is possible by implementing new ways to visualize tasks, so that they can be associated under a tree structure, similar to tree algorithms, to assist users and their desire to facilitate project management based on steps and stages, and to stimulate their intelligent attitude toward work. TaskLink is a web application, developed based on HTML5, CSS3 JavaScript, and SQLite. At the same time, we utilized Flask [48] microframework, with the aim to develop a facility which has the role to keep the core of our application as small as possible, while offering the modeling possibility by preference, according to the theory of [21] facilitating the development of the users’ intelligent attitude toward work. The second role of the tool was to allow mapping of how a task is thought out within an activity management process. Hence, the tool helps employees depict and express concepts, comprehend connections among various concepts used in presentations, extend their

388

S. Derscanu et al.

critical thinking, brainstorming, and perchance their decision-making practice and task management. In [14, 47], mental mapping fuels areas of the symbolic, metaphysical, and constructive area of the human mind, because it is widely acknowledged that there are mental depictions, static or flowing images whose role is to allow employees to think faster and perform their tasks with high accuracy, thus to stimulate intelligent attitudes toward work. In this context, the following hypothesis was born: The visual task management tool stimulates the intelligent attitude toward work needed for the twenty-first century employee [35]. In this respect, we performed an experiment on 60 students enrolled in the Economic informatics department, who have part time jobs in IT companies. The students were divided into two groups: a group of 40 students received a visual tool to manage their tasks for the accomplishment of the proposed project, while for the group of the remaining 20 students the visual tool was not provided, but they were requested to resolve the same project. At the end of the experiment, which lasted for 5 weeks, the projects were handed in, and graded by the professor with marks ranging between 1 and 10 according to the following criteria: the degree of task comprehension; the degree of accuracy of the project’s structuring process; the proper functioning of the project; the degree of the project’s achievement. The experiment continued with the examination stage during which a statement was formulated based on the project and they were requested to structure it graphically in 5 min. Therefore, the research was conducted using the survey method [49] of the students included in the sample using a questionnaire to verify the proposed hypothesis. The survey was operated voluntarily and respondents’ answers were not used as individual responses but only as part of the statistical sample. In this context, in order to draw a conclusion whether the tool stimulates the intelligent attitude, we research whether the tool stimulates the workers’ higher comprehension of the work task, offers higher accuracy of the project structure and functioning to the workers, raises the degree of project achievement and develops fast critical thinking for the ones who used the tool. This study attempts to increase the knowledge on the relationship between intelligence and attitudes with the help of a task visualization tool, in line with [33, 34], in order to identify the context of optimizing task performance, task management, and task planning, facilitating business digitalization so as to encourage innovation.

32.4 Statistical Analysis Data analysis was performed in SPSS, while data collection and pre-processing in Excel. The scenario of the statistical analysis is the following: descriptive analysis, the analysis consists of nonparametric Npar test (chi-square test), Mann–Whitney test, based on Shapiro–Wilks normality test [49] in order to realize the comparisons required by the study. In the third stage of the experiment, the group that used the task planning tool in the project creation process was subject to a survey. The survey had 5 Likert scale

32 Visual Tool for Stimulating Employee Intelligent Attitude

389

questions (attainment was evaluated on a 5-point scale starting from 1 = very poorly, 3 = average, and 5 = very well), created to measure the participants’ attitude toward the use of the task management tool, namely, the tool that according to the professor’s point of view, based on [21], has an auxiliary role of developing fast thinking in the problem-solving step. The results (Table 32.1) of the Mann–Whitney U test allow us to conclude that it is necessary to use a task management tool in a project development process, because the group that used such a tool had a better comprehension of the task and thus structured it better, both conceptually and functionally, which results from the grades obtained by the two groups. In the second stage of the experiment, the professor presented a tree-form task generated by the visual tool and requested the participants to identify the theme/topic of the project based on its scheme. The result was that in the group that worked with the visual modeling tool, 99% of the participants correctly recognized the task, while in the other group, only 35% succeeded in identifying the task correctly. Thus, the visual task management tool stimulates fast thinking, developing problem-solving skills of the project members. The TwoStep technique [50] was utilized in order to establish the number of clusters from the collection of data attained. We obtained the following results, with a different attitude/opinion among participants, related to: Q1. The task planning tool determines a better comprehension of the task (Mean = 4.53, std.dev = 0.507, Chi-square = 0.724, p-value = 0.724). All participants consider that the task planning tool determines better comprehension of the task. Q2. Tree visualization determined better communication among the team members (Mean = 4.50, std.dev = 0.558, Chi-square = 13.567, p-value = 0.001). Participants consider that the task planning tool determines moderate communication (46.7%), while the others consider the communication was very good. Q3. The decision-making process based on the tool is low (Mean = 2.97, std.dev = 0.897, Chi-square = 17.375, p-value = 0.002). More precisely, 37% consider that the tool does not affect the decision-making process, while the others believe that there is a moderate or good influence. Q4. The facility to make a graphical representation of the task requires reduced working time (Mean = 3.59, std.dev = 0.875, Chi-square = 11.250, p-value = 0.01). More precisely, 17% consider that the graphical representation of a task does not reduce working time, while the other 83% consider that the graphical representation of the tasks reduces the time required to achieve the work, moderately, or very much. Q5. Introducing a visual tool to divide the tasks into sub-tasks reduces the amount of working time, increases the decision-making speed, and improves team collaboration (Mean = 4.56, std.dev = 0.564, Chi-square = 15.438, p-value = 0.000). More precisely, 3.1% of the respondents are reluctant, 59% consider that due to the visual tool the working time was very much reduced, and much reduced in case of the other remaining participants, it also increases the decision-making speed and improves team collaboration. Q6. A task management tool plays a role in developing fast thinking (Mean = 4.13, std.dev = 0.793, Chi-square = 14.5, p-value = 0.002), more precisely 19% of the respondents are reluctant, 46.9% consider that the effect is moderate or good,

Q5

Q4

Q3

5.2

Tool absent

6.4

8.13

Tool present

Tool absent

6.4

8.87

Tool absent

Tool present

8.87

6.4

Tool absent

Tool present

8.87

Tool present

6.4

Tool absent

Q2

8.87

Tool present

Q1

Mean

Groups

Items

1.704

1.306

1.759

0.973

1.759

0.973

1.759

0.973

1.759

0.973

Std. deviation

0.381

0.238

0.393

0.178

0.393

0.178

0.393

0.178

0.393

0.178

Std. error

4.4

7.65

5.58

8.5

5.58

8.5

5.58

8.5

5.58

8.5

Lower bound

6

8.62

7.22

9.23

7.22

9.23

7.22

9.23

7.22

9.23

Upper bound

95% Confidence interval for mean

Table 32.1 Results of the descriptive analysis and the Mann–Whitney U test

3

6

4

7

4

7

4

7

4

7

Min

10

10

10

10

10

10

10

10

10

10

Max

U = 59.000; p-value = 0.000

U = 114.500; p-value = 0.000

U = 117.500; p-value = 0.000

U = 91.500; p-value = 0.000

U = 79.000; p-value = 0.000

Mann–Whitney U

390 S. Derscanu et al.

32 Visual Tool for Stimulating Employee Intelligent Attitude

391

while the others consider that the effect is very high in developing fast thinking, and thus an intelligent attitude toward work. The identification of persons showing intelligent attitude toward work required to continue the statistical analysis with cluster analysis by using the TwoStep [50] method to establish the number of clusters, and the result was 2 clusters. In this context, we identified the existence of 2 cluster groups—groups of participants— respondents who have the same opinion on the impact of the task management tool. We continued the cluster analysis using the K-means clustering method [50], and based on the scores, we obtained 2 clusters—2 groups of respondents that allow the assessment of the precise answer clusters. The collected inertia values obtained suggestively surpassed the numbers of the intra-cluster inertia. The outcome from the variance analyses—the F test referring to the p threshold designates the subsequent variables as being the chief principles for distributing the respondents’ attitude into clusters. The sets of representative attributes for the resulting clusters (clusters of well-defined homogeneous objects) are: Q3 The decision-making process based on the tool is reduced (F = 4.284, p-value = 0.04); Q4 The facility to make a graphical representation of the task requires reduced working time (F = 30.1202, p-value = 0.0007); Q5 Introducing a visual tool to divide tasks into sub-tasks reduces the working time, increases the decision-making speed, and improves team collaboration (F = 4.856, p-value = 0.042). A task management tool has a role in developing fast thinking (F = 12.384, p-value = 0.001). Figure 32.1 illustrates that there are two clusters of respondents. Cluster 1 represents those who consider that the visual task management tool has a good or very good influence both on the teamwork, and on the development of the visual critical fast thinking for dividing the tasks, namely, those persons who develop an intelligent attitude toward work, in a working environment offering them adequate technological support. Cluster 2 participants are moderate or reluctant regarding the effect of the visual task management tool on teamwork and on the development of fast thinking. Therefore, we can conclude that the result of the study validates the hypothesis, namely: the visual task management tool stimulates fast thinking, developing the problem-solving skills of the project members, meaning that it allows identification of employees showing intelligent attitude toward work.

32.5 Conclusion Specialized literature presents opinions and challenges to achieve valuable results and to facilitate economists’ literacy in the sphere of data business digitalization, which consists of identifying the means to cultivate an intelligent attitude toward work in employees, more precisely computational, statistical, and questioning thinking, in addition to the required business abilities, human resource skills, and knowledge of the intelligent organizational context typic. In this context, the authors of this article have elaborated research clearly showing that the solution is to introduce visual task management tools. The first cluster identified in the paper includes those people who

392

S. Derscanu et al. Plot of Means for Each Cluster

6,0 5,5 5,0 4,5 4,0 3,5 3,0 2,5 2,0 1,5 1,0

3

6

9

12

15

18

21

24

27

30

Cluster 1 Cluster 2

Cases

Fig. 32.1 Types of answers

do everything in their power to succeed in developing their intelligent attitude toward work. The results of our study can be described as follows: 1. The tool built based on the idea from [51] and developed in accordance with [52] can be used successfully to solve designing problems relevant for supporting project tasks adapted to the twenty-first century. Our tool, compared to the idea of [51], allows the entire task planning activity to gravitate around the visual communication methods, since visualization appears as an obvious strategy to handle risks of informational overloading (the main problem in activity management). 2. Through its task management visual facilities, the tool allows both to stimulate intelligent attitude toward work, and to perform studies focused on identifying persons who can develop intelligent attitudes toward work. Following this study, we obtained an encouraging result which, by partly abandoning the traditional and embracing the novelty in the task management process, generates a positive reaction from some of the subjects included in the study. A long-term objective would be the identification of employee profiles that can manifest intelligent attitudes toward work. This would contribute to building a model based on the game theory, which could facilitate optimizing the learning development and would bring highly qualified, social but also personal results to all the parties involved.

32 Visual Tool for Stimulating Employee Intelligent Attitude

393

References 1. Berman SJ (2012) Digital transformation: opportunities to create new business models. Strateg Leadersh 40. https://doi.org/10.1108/10878571211209314. 2. Gottfredson LS (1997) Mainstream science on intelligence: an editorial with 52 signatories, history, and bibliography. Intelligence 24. https://doi.org/10.1016/s0160-2896(97)90011-8. 3. Boud D, Cohen R, Walker D (1993) Using experience for learning. Society for Research into Higher Education and the Open University Press), Buckingham 4. Kolb DA (2014) Experiential learning: experience as the source of learning and development. FT press 5. Dweck CS, Leggett EL (1988) A social-cognitive approach to motivation and personality. Psychol Rev 95. https://doi.org/10.1037/0033-295X.95.2.256 6. Tyng CM, Amin HU, Saad MNM, Malik AS (2017). The influences of emotion on learning and memory. https://doi.org/10.3389/fpsyg.2017.01454 7. Tatar A, Ogun MN (2019) Impact of job satisfaction on organizational commitment. Lambert Academic Publishing 8. Yusuf M (2011) Envisioning critical pedagogy in the chemistry classroom to deconstruct hegemonic cultures. Unpublished masters dissertation. Curtin University 9. Ahad R, Mustafa MZ, Mohamad S, Abdullah NHS, Nordin MN (2021) Work attitude, organizational commitment and emotional intelligence of Malaysian vocational college teachers. J Tech Educ Train 13. https://doi.org/10.30880/jtet.2021.13.01.002 10. Gomendio M (2017) For Economic Co-operation O, Staff D. (OECD): empowering and enabling teachers to improve equity and outcomes for all. OECD Publishing Paris 11. Dweck CS (2006) Mindset: The new psychology of success. Random House Digital Inc., New York 12. Bracken M, Greenway A (2018) How to achieve and sustain government digital transformation. Inter-American Development Bank 13. Franklin M, Searle N, Stoyanova D, Townley B (2013) Innovation in the application of digital tools for managing uncertainty: the case of UK independent film. Creat Innov Manag 22. https:// doi.org/10.1111/caim.12029 14. Hüsig S, Kohn S (2009) Computer aided innovation-State of the art from a new product development perspective. Comput Ind 60. https://doi.org/10.1016/j.compind.2009.05.011 15. Moran TP (2003) Activity: analysis, design, and management. In: Proceedings of the symposium on the foundations of interaction design 16. Moran TP (2005) Unified activity management: Explicitly representing activity in work-support systems. In: Proc Eur Conf Comput Coop Work (ECSCW 2005), Work Act From Theor to a Comput Constr 17. Holmström J, Partanen J (2014) Digital manufacturing-driven transformations of service supply chains for complex products. Supply Chain Manag 19. https://doi.org/10.1108/SCM-10-20130387 18. Hylving L (2015) Competing values in the era of digitalization. In: Proceedings of the annual Hawaii international conference on system sciences. https://doi.org/10.1109/HICSS.2015.499 19. Levine SS. Prietula MJ (2014) Open collaboration for innovation: principles and performance. Organ Sci 25. https://doi.org/10.1287/orsc.2013.0872 20. Yoo Y, Boland RJ, Lyytinen K, Majchrzak A (2012) Organizing for innovation in the digitized world. Organ Sci 23. https://doi.org/10.1287/orsc.1120.0771 21. Mayer JD, Salovey P, Caruso DR (2004) Emotional intelligence: theory, findings, and implications. https://doi.org/10.1207/s15327965pli1503_02 22. Huizingh EKRE (2011) Open innovation: state of the art and future perspectives. Technovation 31. https://doi.org/10.1016/j.technovation.2010.10.002. 23. Nambisan S, Lyytinen K, Majchrzak A, Song M (2017) Digital innovation management: reinventing innovation management research in a digital world. MIS Q Manag Inf Syst 41. https:// doi.org/10.25300/MISQ/2017/411.03

394

S. Derscanu et al.

24. Brem A, Viardot E (2016) Revolution of innovation management: the digital breakthrough, vol 1. https://doi.org/10.1057/978-1-137-57475-6 25. Gressgård LJ (2011) Virtual team collaboration and innovation in organizations. Team Perform Manag 17. https://doi.org/10.1108/13527591111114738 26. Hausberg JP, Liere-Netheler K, Packmohr S, Pakura S, Vogelsang K (2019) Research streams on digital transformation from a holistic business perspective: a systematic literature review and citation network analysis. J Bus Econ 89. https://doi.org/10.1007/s11573-019-00956-z 27. Malone TW (1983) How do people organize their desks?: implications for the design of office information systems. ACM Trans Inf Syst 1. https://doi.org/10.1145/357423.357430 28. Miller GA, Galanter E, Pribram KH (1960) Plans and the structure of behaviour. Henry Holt, New York 29. Paled L (1999) Social, individual & technological issues for groupware calendar systems. In: Conference on human factors in computing systems—proceedings. https://doi.org/10.1145/ 302979.302982 30. Scaife M, Rogers Y (1996) External cognition: How do graphical representations work? Int J Hum Comput Stud 45. https://doi.org/10.1006/ijhc.1996.0048 31. Allen D (2001) Getting things done: the art of stress-free productivity. Viking, New York 32. Barreau D, Nardi B (1995) Finding and reminding file organization from the desktop. In: Proceedings of CHI’95,vol 27 33. Hutchins E (1995) Cognition in the wild. MIT Press, Cambridge 34. Payne SJ (1993) Understanding calendar use. Human–Comput Interact 8. https://doi.org/10. 1207/s15327051hci0802_1 35. World Bank (2011) Europe 2020: the employment, skills and innovation agenda. World Bank 36. Johanson M, Belenki S, Jalminger J, Fant M, Gjertz M (2015) Big automotive data: Leveraging large volumes of data for knowledge-driven product development. In: Proceedings—2014 IEEE international conference on big data, IEEE Big Data. https://doi.org/10.1109/BigData.2014.700 4298 37. Plotnick L, Hiltz SR, Privman R (2016) Ingroup dynamics and perceived effectiveness of partially distributed teams. IEEE Trans Prof Commun 59. https://doi.org/10.1109/TPC.2016. 2583258 38. Privman R, Hiltz SR, Wang Y (2013) In-group (Us) versus out-group (Them) dynamics and effectiveness in partially distributed teams. IEEE Trans Prof Commun 56. https://doi.org/10. 1109/TPC.2012.2237253 39. Duffy J (2000) Something funny is happening on the way to knowledge management. Inf Manag J 34 40. Bellotti V, Ducheneaut N, Howard M, Smith T (2003) Taking email to task: the design and evaluation of a task management centered email tool. In: Conference on human factors in computing systems—proceedings 41. Yin S, Kaynak O (2015). Big data for modern industry: challenges and trends. https://doi.org/ 10.1109/JPROC.2015.2388958 42. Coyne EM, Coyne JG, Walker KB (2018) Big data information governance by accountants. Int J Account Inf Manag 26. https://doi.org/10.1108/IJAIM-01-2017-0006 43. Greller W, Drachsler H (2012) Translating learning into numbers: a generic framework for learning analytics. Educ Technol Soc 15 44. Vrejoiu M, Zamfir MC, Florian V (2017) Vizualizarea Datelor Masive si Visual Analytics. Abord˘ari Si ¸ Tendin¸te. Rev. Român˘a Informatic˘a s¸i Autom 12:1–12 45. Elmqvist N, Moere AV, Jetter HC, Cernea D, Reiterer H, Jankun-Kelly TJ (2011) Fluid interaction for information visualization. Inf Vis 10. https://doi.org/10.1177/147387161141 3180 46. Dilla W, Janvrin DJ, Raschke R (2010) Interactive data visualization: new directions for accounting information systems research. J Inf Syst 24. https://doi.org/10.2308/jis.2010.24.2.1 47. Gressgård LJ, Amundsen O, Aasen TM, Hansen K (2014) Use of information and communication technology to support employee-driven innovation in organizations: a knowledge management perspective. J Knowl Manag 18. https://doi.org/10.1108/JKM-01-2014-0013

32 Visual Tool for Stimulating Employee Intelligent Attitude

395

48. Milosevic DZ, Iewwongcharoen B (2004) Management tools and techniques: the contingency use and their impacts on project success. In: Proceedings of the 3rd PMI research conference, London, England 49. Drugan T, Achimas A, Tigan S (2005) Biostatistica. Editura SRIMA, Cluj-Napoca 50. Chayangkoon N, Srivihok A (2016) Two step clustering model for K-means algorithm. In: ACM international conference proceeding series. https://doi.org/10.1145/3033288.3033347 51. Bellotti V, Dalal B, Good N, Flynn P, Bobrow DG, Ducheneaut N (2004) What a to-do: studies of task management towards the design of a personal task list manager. In: Proceedings of the SIGCHI conference on human factors in computing systems. Association for Computing Machinery, New York, NY, USA, pp 735–742. https://doi.org/10.1145/985692.985785 52. Eppler MJ, Bresciani S (2013) Visualization in management: From communication to collaboration. A response to Zhang. J Vis Lang Comput 24. https://doi.org/10.1016/j.jvlc.2012. 11.003

Chapter 33

Management Information Systems in Knowledge Society Marian Stoica , Elena Mircea, Bogdan Ghilic-Micu , and Marinela Mircea

Abstract The technical and practical dimensions of the management field are deeply related to information and decision, two main components of any managerial process. The decision, as a managerial tool, is the very reason for the existence of information. Same as the real system, in which the managerial processes take place, both components are the result of the activity of two relatively distinct systems—the information system and the decisional system. Due to strong dependencies and mutual correlations, they constitute the information-decision dual as an image/reflection of the real economic system for the manager. In the current context of technology development, this dual is increasingly built through information technology and communication specific tools, in a knowledge-based social development. Although management as a science has emerged relatively independent of the concerns in the information and decision domains, there is an obvious functional interconnection between the two fields. The aim of this paper is to present a progressive analysis of developments related to information systems in the last sixty years. Thus, in the first part, we will analyze from different perspectives the four generations of information systems development. In the last part, we will present a typological synthesis of information systems and the specific architectural concepts in the ecosystem of the knowledge society. The most important aspects regarding security, control, and audit of information systems, will also be examined. In the end of the paper, we will highlight the characteristics of the relationship between the knowledge society and the age of agile development for information systems.

M. Stoica (B) · E. Mircea · B. Ghilic-Micu · M. Mircea Bucharest University of Economic Studies, Romana Place 6, Bucharest, Romania e-mail: [email protected] B. Ghilic-Micu e-mail: [email protected] M. Mircea e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_33

397

398

M. Stoica et al.

33.1 Introduction Information systems are a set of interdependent components that help collect, store, and process data for extracting essential information. In the range of management theories, the place of information systems is assigned to the quantitative domain, along with operations research and operations management. Companies use the computing power of these systems to organize operations, customer and vendor interaction, but also to manage specific business processes (accounting, financial analysis, human resources, sales or supply management, marketing, etc.). The origin of information systems is the need to automate business processes and the desire to eliminate repetitive actions in order to increase performance, defining the entire business. The actual market diversity offers new perspectives for business development and being able to add specific configurations brings adaptability to market requirements in an increasingly competitive environment. This paper aims to present a progressive analysis of information systems development in the sixty years of the beginning of systematic concerns related to them. In the first part, the four generations of information systems development will be analyzed from functional, technical, and research perspectives. Further discussions will be focused on presenting a typological synthesis of information systems and also the main specific architectural concepts in the knowledge society ecosystem. The most important aspects of security, control, and audit of information systems will be taken into consideration. In conclusion, the characteristics of the relationship between the knowledge society and agile development for information systems will be highlighted, together with future research directions. Business principles and practices are integrated with specific information technology and communication (ICT) concepts to create a powerful system that is capable of constant adaptation to environmental challenges. Different fields such as computer science, engineering or mathematics support shaping the technical aspects of information technologies. The multiple disciplines which describe information systems involve technical development for telecommunication and information processing. On the other hand, fields such as psychology, sociology or political science define the behavior of information systems. The research results in those social fields and information systems shed new light on the practical use of technology, individuals, and organizations who govern technology. The overall focus was quickly oriented toward adapting technology to achieve the proposed objectives, as well as obtaining advantages from using information systems technology [1]. Both aspects—technical and behavioral—are equally important for the managerial user. Even though information systems are dependent on technology processing power, they are designed, implemented, and operated by people that work in multiple domains. Thus, for the managerial user, the performance of an information system will have to be measured not only by its technical efficiency, but also by effectiveness in achieving the decision maker needs. The development of new complex technologies, abstract behaviors, concepts, and specific information technology applications, generates pressure on the human factor,

33 Management Information Systems in Knowledge Society

399

Fig. 33.1 Cognitive domains in managerial performance

who is the decision maker. The current technic and social context require a useful conceptual framework, which outlines the required knowledge of a decision maker for optimal usage of information systems. Such a framework can emphasize the need of focusing efforts in at least five directions/areas: development of fundamental concepts, usage and exploitation of information and communication technologies, launch of specific applications by fields of activity, economic development, and intelligent management (Fig. 33.1). Implementing and operating information systems can be as difficult and costly as beneficial for an organization and its business development. Native concepts of management science must be adapted and transposed in the field of information systems—resource management, planning, implementation or control.

33.2 Evolution From a technical perspective, the predecessor of information systems is considered the tabulating machine of Herman Hollerith, developed in 1890 and used in data processing for the 11th US Census [2]. This was a major step toward automation, being an inspiration for future information systems. One of the first computers to use such information processing systems was UNIVAC I, installed in 1951 at the US Census Bureau and used for administrative purposes. In 1954, the first information system was used for commercial purposes, produced by General Electric, one of the

400

M. Stoica et al.

largest American corporations, specialized in the production of electronic equipment, aircraft engines, and financial services [3]. Today, due to the global health crisis, many states legislated telework, including Romania (even if this happened only in 2018, when Law 81 was adopted by the Romanian Parliament) [4]. Of all forms of telework, the one that influenced the development of information systems is e-commerce, through digital communication (email, social networks), intangible products distribution (software, digital books, music, movies downloaded directly from the internet), and business transactions (buying/selling on the web). Around 1960, a new work domain appeared, known as management information systems, which evolved during the years [5]. Different fields such as management, research, finance, and accounting are united in management information systems, so ICT has met a unique applicability inside organizations. The spectacular growth in over 60 years of existence, led to creating new fields for the market and in the world of scientific research. In today’s ICT-driven society, which is significantly based on the production and use of knowledge, the usefulness of the information and the intensive exploitation of information systems have long been a status quo. There are often confusions, both of expressing/exemplifying and understanding the relationship between computer systems and information systems. Thus, there are two meanings regarding this report. The first of them does not differentiate between the two approaches under an etymological explanation of the terms—“informatics” from the English form “information system”, respectively, “informational” from the French form “système informationnel”. The second meaning (the one agreed by the authors) makes the difference between the computer system and the information system in the sense that the first of them is an element of the last (in other words there is an inclusive relationship between the two entities Fig. 33.2). However, in information systems history, we can identify four generations. At the same time, we can predict the technology trends that may constitute the premises for a near-future fifth generation of information systems (Table 33.1) [5]. This future generation will be built entirely on ICT advanced concepts and tools such as cloud

Fig. 33.2 Information system framework

33 Management Information Systems in Knowledge Society

401

Table 33.1 Information systems evolution Generation and Period

Specific characteristics Infrastructure

Related research areas/implications

First generation (1960–1970)

Functions based on the specific needs of management, reports being made for the financial departments

HW: IBM 360 (third-generation mainframe computer) SW: Assembler, Fortran, COBOL, Dbase LAN Ethernet

Decision support systems Human–computer interaction Emphasize the importance of developing these systems First specific frameworks appeared

The second generation (1970–1980)

Enterprise functions extension, through user initiatives to increase the scope of IS

Midrange Systems (like IBM System/3) Microcomputers First microcomputers and personal computers (PC)

New frameworks Impact, benefits, and success of information systems ICT sector and its evolution

The third generation (1980–2000)

Each department has its own information systems, generating inconsistency (a new position appears in the organization structure CIO—Chief Information Officer)

The beginning of Internet era (1982–TCP/IP protocol) Internetworking

Evaluation of ICT performance Processes built for ICT Outsourcing services

The fourth generation (2000–present)

Still a strong connection with management, but the systems become distributed, and any employee of the company can access multiple platforms

Internet Web Smart equipment Social networks

E-commerce Globalization Work from home Business Intelligence

The fifth generation-future (2025–2035)

Multi-platform analysis for decision support systems

Cloud Computing Fog Computing IoE

Individual and society culture—new way of working in the future context

computing, internet of things, third-generation democracy, and modern paradigms of management science.

402

M. Stoica et al.

33.3 Typology Both the literature and practical examples offer criteria for classifying systems. In addition, from a scientific approach, the types of information systems can be highlighted according to the roles they play in the operational, managerial, and strategic success of an organization. The main components of the information system, at the level of a business/organization, are hardware, software, telecommunications, databases and data warehouses, human resources, and business-specific principles and practices. The first three components form ICT which integrates with the organization’s business, processes, and operations, describing the information systems. From a management perspective, information systems can be divided into three levels—operational, tactical, and strategic—in a pyramidal presentation. Thus, at the base are the reporting information systems for transaction processing (TPS— Transaction Processing Systems), followed by decision support systems (DSS) and information systems for executive management (Executive Information Systems)— Fig. 33.3. The operational level is the one that registers, stores, and processes data and information, being the basis of the information system. Operational information systems generate a wide range of information, but they do not highlight which information products are suitable for managers. For this reason, further processing is

Fig. 33.3 Management information systems

33 Management Information Systems in Knowledge Society

403

required through the other levels of information systems. The role of an organization’s operational information systems is to add efficiency in process transactions, control industry processes, support communications and productivity functions, and update databases and repositories. In large companies, these systems are integrated with specific software products, such as ERP—Enterprise Resource Planning, SCM—Supply Chain Management or CRM—Customer Relationship Management. Depending on business needs, can be chosen between different transactional information systems that support e-commerce, online education or the creation of online communities (data are stored in databases or data warehouses and are accessed by complex information systems). At the tactical level, the main scope is to understand and manipulate abstract data, represented by behaviors, interpersonal relationships, paradigms, and management theories. This avoids addressing direct processes such as the production or delivery of tangible products. Knowledge work is a phrase that defines this type of activity and highlights the knowledge of specialists in various fields [2]. Basically, we are dealing with what the knowledge society embodies in the practices of information systems: utilization of the individual skills of employees. At this level, we find decision support systems, which have been developed to process large volumes of data (Big Data) in the Business Intelligence paradigm. The literature differentiates between data-oriented and model-oriented DSSs. Along with these two categories, we also find communication-oriented DSSs and group DSSs (for geographically separate decision groups), as well as web-based DSSs. Strategic level systems are used by the organization’s managers for the data/information processing, delivered by the information systems for processing transactions and information from the external environment. Executive management information systems summarize key information in an easy-to-read form, often using graphics. This provides assistance for top management, the responsible level for monitoring the general activity of the company and establishing future strategies. From a strategic point of view, the results are compared with those of competitors and the existing trend in the market.

33.4 Architectural Concepts It is widely accepted that information systems appeared as a response to the need for automatization and standardization of the business processes. Starting from the need to store data, the evolution of technology has allowed the transition from databases to data warehouses, so that later the Internet allows access to information from anywhere without the need for pre-installed applications. Cloud Computing (CC) is the term that defines a distributed set of services that allows access, store, and process information without the user knowing the physical location of that set, which makes it possible to use services. Since its inception, CC has completely changed the way ICT services are delivered. This had a significant

404

M. Stoica et al.

impact on the way information systems are managed, starting with the database and platform, but especially the end user interface. The evolution of information systems is clearly determined by the evolution of technology, and CC dictates trends in the ICT market. The Internet is not only an engine for information distribution, but it is also the one that provides access to resources distributed in different parts of the planet. The National Institute of Standards and Technology classifies CC according to the implementation model and the service model. Thus, according to the implementation model, there is a public cloud, private cloud, hybrid cloud, respectively, community cloud. Depending on the service model, CC offers Software as a Service, Platform as a Service, respectively, Infrastructure as a Service [6]. The literature presents a new terminology, “information system as a service” [7]. From the definition of the term, it can be seen that the main parts of an integrated system include infrastructure, platform, and software technologies. Analyzing the market’s actual trend to outsource various services, it can be concluded that most of the time a company manages only the interface part of the software products used, having consultants and external programmers that develop the other components of the system (servers, databases, firewall rules, etc.).

33.5 Security, Control, and Audit Information systems integration in business operations and management has a positive impact on the company. Internet evolution offers openness and accessibility on a large scale, but considerably increases the degree of risk and vulnerability. For this reason, in recent years, the focus has been on data and information protection, in a world where more and more threats are discovered. Information systems security represents the basis of the integrity and control of a company’s information, resources, and activities. Analyzing developed countries, appears their dependence on technology. Most government institutions use multiple infrastructure networks to provide utilities (electricity, water, gas). Medical systems have in their structure complex systems that help to control and diagnose patients, and air traffic is controlled exclusively with the help of technology. Probably the greatest awareness of the danger for citizens appears when discussing the electronic transfer of money (EFT—Electronic Fund Transfer) in e-banking activities, action based exclusively on electronic signals. Information systems are vulnerable to certain threats, and strict security measures such as regular audits and specialized hazard identification systems are needed for increased security. To create and implement secure information systems, it is recommended to go through three steps: identifying threats, establishing control levels, conducting the operational and technical audit (Fig. 33.4). At the top of computer science illegalities is computer abuse, an action that involves the use of personal or governmental information for unethical purposes, espionage or even decisive facts for an online war. Globally recognized, the various

33 Management Information Systems in Knowledge Society

405

Fig. 33.4 Safety measures for information systems

types of malicious attacks that exist can endanger personal or national security: phishing, viruses or Trojan horses. The ICT world has a different dynamic from other domains, so new user requirements are defined, people want to be able to access systems at any time and from anywhere in the world. Telework has become a normal practice preferred by many employees, instead of traditional offices. The vulnerability of the domain has led to the development of special measures to increase security and control: unique credentials for each user and changing the password at regular intervals; complex, long passwords, which contain lowercase, uppercase letters, numbers, but also special characters; physical authentication using token or yubikey hardware devices, which generate unique codes, generally used with a PIN (Personal Identification Number); using biometric data such as fingerprinting, facial recognition or retinal reading to unlock devices; firewall rules placed between the organization’s intranet and the Internet; data encryption, using private and public keys (see RSA cryptosystem). The standard that governs and describes information systems security is ISO/IEC 27,001 (ISMS—Information Security Management System). The role of the information systems audit is to detect and prevent any form of abuse that might appear over the company’s resources. The audit is performed by people who are not directly involved in the business activities, but who know all the complexity and possible vulnerabilities of the system, having the ability to translate them into business processes. The main objectives of the audit process include verifying the ability of information systems to protect the company’s assets, maintaining data integrity, supporting the company’s objectives, and achieving them according to the standards imposed by accredited units. In general, a financial audit verifies the cash flow and accounting documents, while the design of information systems provides transparency to any financial transaction carried out within the company. The operational audit focuses its attention on

406

M. Stoica et al.

standard processes and procedures, ensuring efficiency to business operations. The technical audit verifies if the system is correctly and completely configured, but also implemented according to the ICT standards. This includes efficiency and security protocols, development processes, and ICT governance or oversight. ISO/IEC 27,007: 2020 dictates the audit standards of information systems [8]. There are two types of auditors, internal and external. The internal audit is done by people inside the company, who are independent of the audited activity. This type of audit focuses on risk assessment, control of the business environment, and internal processes. Reporting is done directly to the top level of management, in an objective way, presenting the real state of the company. The external audit is totally independent of the managerial structure of the company and although it pursues the same purpose, the carry-over is done at the governmental level, the standards being regulated by law. The external audit is done by another company, the market being dominated by The Big Four (PricewaterhouseCoopers, KPMG, Ernst & Young, and Deloitte Touche Tohmatsu).

33.6 Knowledge Society and Agile Development Age for Information Systems During its operation, any organization must adapt to new conditions that arise in its internal and external environment, an adaptation that, in most cases, requires an organizational or functional change, an improvement or a reconstruction. This can be summed up in an increasingly common feature of the twenty-first century organization: agility. An agile organization has a high capacity to adapt to flexible market conditions, being able to speculate on unsuspected market opportunities at a given time. Agility broadly requires agile enterprise architectures, agile procedures and tools, as well as agile human resources. The agility of information systems is given by their ability to detect a change in a timely manner, to analyze, select, and implement the solution, to keep the system competitive and connected to market developments. The integration of multiple functionalities makes the information system architecture extremely complex and resource-consuming. Adopting a certain framework does not exclude the others, the goal of companies being to reach a maximum level of maturity, along with being compliant with standard practices and minimizing risk. Expanding technology offers new perspectives of work. Innovative production factors, consisting of information and organizational culture, have long been ignored at the micro and/or macro-economic level. Through telework development and its adoption on a larger scale (both horizontally and vertically in the production chain), new paradigms appear in the management plan. Some of these modern paradigms of organization management are expressed in terms of 4Data: Big Data, Social Data, Mobile Data, and Linked Data [9].

33 Management Information Systems in Knowledge Society

407

The novelty of 2005–2006 called Cloud Computing comes to complicate once again the enterprise architectures (at least in the direction of the technical component), personnel and investment policies. As part of the same category with direct impact on the organization, the digital economy includes concepts such as the Semantic Web or democracy 3.0, the Internet of Things (IoT), the more mature concepts of home automation (domotique) and workplaces and buildings automation (immotique), etc. In its very rapid development, cloud computing does not directly affect only the technical aspects found in a business, but is also a prerequisite for changing the individual way of working. In other words, cloud computing sheds new light on remote work, on telework. The main frameworks (interpreted as standards in some contexts) that govern the agility of information systems are COBIT (Control Objectives for Information and Related Technologies) created by ISACA for the governance of ICT, and ITIL (Information Technology Infrastructure Library) [1]. COBIT offers support to managers to reduce the gap between ICT and business, ensuring control, quality, and reliability of information systems. According to [10], the methodology is based on five components: the framework, process description, control of the objectives, the management rules, and the maturity of the models. ITIL is another framework that defines ICT governance, a set of good practices for service management, focusing on aligning technology with business needs. Although implemented at the same level, COBIT and ITIL are not excluding each other. The first framework describes what needs to be done, and the second focuses on how to align ICT—business (Fig. 33.5), being organized on five services: strategy, design, transition, operations, and constant improvement.

Fig. 33.5 Standards for ICT governance

408

M. Stoica et al.

In order to implement and use ITIL principles and practices, strong knowledge is needed and special terminology has to be known. Organizations often decide to have dedicated teams.

33.7 Conclusions It was demonstrated that information systems are a key resource for a company and even if multiple products can be found on the market (offer of information systems), the actual configuration defines the success of the implementation. The company’s success is often determined by the information system, and its agility is defined by the agility of the information system, together with its ability to adapt in real time to new challenges in the field of ICT. History is marked by strong industrialization, followed by economic and social changes. Technology can transform an industrial society into an information-based one. Knowledge society and economic development is closely linked to technological innovation. The business environment has developed rapidly with the advent of ICT. The Internet has also opened up new opportunities, but it has created many threats for companies that have failed to adapt to new technologies. Information systems have a relatively recent history, with a spectacular evolution considering the impact they now have within organizations. If in the past, the focus was on creating a powerful ICT system, now managers have understood the importance of data flows and interpersonal relationships, how information is processed and collaboration between departments. The transition to transactional information systems, followed by the Internet age and later cloud computing, brought with them challenges and threats. The need for standardization arose rapidly and new specific methodologies were developed. As we have seen, agility refers to the organization’s ability to adapt and change in a turbulent environment. Agile appears as a response of technology to the everchanging world, and adaptive power determines the success of a business. Although it comes with clear rules, procedures, and processes, the agile solution does not work if the company does not believe in permanent communication and collaboration between employees. An agile information system is based on intense collaboration between people, the departments they belong to, and decision makers. Agile means openness to novelty and acceptance of change to stay competitive, and the line between failure and success is defined by the power to adapt the business to the requirements of a constantly changing market.

References 1. Stoica M, Bodea CN, Ghilic-Micu B, Mircea M (2012) Managementul sistemelor informat, ionale. In: ASE 2012, pp 12–20, 190–206, Bucharest Romania. ISBN 978–606–505– 574–2

33 Management Information Systems in Knowledge Society

409

2. Zwass V (2011) Information system, In: Encyclopaedia Britannica, 27 December 2011. [Online], Available: https://www.britannica.com/topic/information-system 3. Hemmendinger D, Pottenger WM, Swaine MR, Freiberger PA (2006) Computer. In Encyclopaedia Britannica, 10 May 2006. [Online], Available: https://www.britannica.com/techno logy/computer/Early-business-machines#ref723607 4. Romanian Parliament (2018) Law no. 81/2018 on the regulation of telework activity, text published in the Official Monitor, Part I no. 296 of April 2, 2018, in force since April 5, 2018. Available: https://lege5.ro/gratuit/gi3tknrrgm2a/legea-nr-81-2018-privind-reglement area-activitatii-de-telemunca 5. Hirschheim R, Klein HK (2012) A glorious and not-so-short history of the information systems field. J Assoc Inform Syst 13(4):188–235 6. Mell P, Grance T (2021) The NIST definition of cloud computing. [Online]. Available: https:// www.nist.gov/system/files/documents/itl/cloud/cloud-def-v15.pdf 7. Hilman M (2012) Information system as a service: issues and challenges. J Inform Syst 8(2):71– 77 8. International Organization of Standardization (2021) ISO/IEC 27007:2020—information security, cybersecurity and privacy protection—Guidelines for information security management systems auditing. Available: https://www.iso.org/standard/77802.html 9. Ghilic-Micu B, Stoica M, Uscatu C (2015) Challenges of 4D(ata) model for electronic government. Inform Economic˘a J 19(2):5 10. Simplilearn (2020) 22 March 2020. [Online], Available: https://www.simplilearn.com/whatis-cobit-significance-and-framework-rar309-article

Chapter 34

Analyzing Business Performances with a Multicriteria Decision Method Catalin Marcu, Luminita Duta , and Marinela Daniela Manea

Abstract Business performance is a reference concept in the economic theory, as well as a permanent and major concern in practice. There are old tools in evaluating companies’ performances, but they are no longer sufficient in modern management. The purpose of this work is to present how a multicriteria decision support system can help companies to assess their economic performances, and therefore, to make the best decisions in their future development directions.

34.1 Introduction 34.1.1 The Concept of Performance Performance has four general approaches [1]: the economic one, according to which performance means achieving financial and economic objectives, the social approach, i.e., achieving the above objectives plus the social ones, the systemic approach in which performance represents the level at which an organization, as a social system, has the necessary resources to achieve its objectives and the political approach, when performance means meeting expectations of different groups. The work in this paper refers to the economic approach of the performance. Thus, the performance can be defined as a state of a company characterized by efficiency, efficacity, and competitiveness on the market [2]. In a way, performance is synonymous with being efficient (having maximum effect with minimum effort) and effective (being able to meet the aspirations of all social partners). The key for the company is to focus its efforts to achieve efficiency and effectiveness. C. Marcu · L. Duta (B) · M. D. Manea Valahia University of Targoviste, 18, Sinaia Alley, 130083 Targoviste, Romania e-mail: [email protected] M. D. Manea e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_34

411

412

C. Marcu et al.

Performance = efficiency + effectiveness

(34.1)

International accounting standards do not necessarily provide a clear definition of performance. The balance sheet provides information on the financial level and the profit and loss account provides information about performance. The performance analysis is run to anticipate the ability of the company to generate the cash flow [3]. On the other hand, performance is perceived differently by the company’s partners according to individual interests: stakeholders are concerned about the return of the investment, employees are concerned about the stability of the company, creditors are concerned about solvency, and suppliers are interested in the sustainability of the business and markets. Performance evaluation is a necessary condition for ensuring the progress of an organization, but it is not enough. Performance indicators estimation could be done by running of complex decision analysis used to predict the future development of the company. To accomplish this analysis, it is essential to use dedicated decision software systems that provide various tools to assess the profitability and the development directions of the company. This paper is organized as follows. The second paragraph reviews definitions of some important business performance indicators. Then, an interesting open-source Decision Support System (DSS) is presented in short, with its tools and facilities for decision analysis. In the last paragraph, a case study is presented using real indicators from four companies.

34.2 Performance Indicators The turnover (TO) is a result indicator that represents, in the general sense, the value of the company business. Turnover is an accounting concept that calculates how quickly a business conducts its operations. It is calculated as the total income (I) obtained from the sale of goods, execution of tasks or services [3]. TO =



I

(34.2)

According to European regulations, the net turnover includes the revenues from the sale of products, goods, and services after the deduction of VAT. Gross Operating Profit (GOP) is a profitability indicator defined as “the amount a company receives from selling goods or services in a particular period before costs directly related to producing them are subtracted”.1 The size of this indicator is not dependent on the investment policy, depreciation method (does not consider depreciations or provisions) or financial policy (does not consider either income or financial charges) but is directly influenced by the company’s wage policy. Financial speaking, this indicator is of particular interest 1

Cambridge Dictionary.

34 Analyzing Business Performances with a Multicriteria …

413

because it operates with cash flow [4]. GOP = Gross Operating Revenue − Gross Operating Expenses GOP = Gross Profit − Operating Expenses − Depreciation − Amortization

(34.3)

(34.4)

The Net Income (NI) expresses the difference between total income and expenses. Net Income = Total Revenue − Total Expenses

(34.5)

Return of Revenue (ROR) is a measure of profitability that compares the Net Income of a company to its revenue. The difference between net income and revenue is the expenses. An increase in ROR means that the company is generating higher net income with less expenses. The Operating Net Income (ONI) looks at a company’s profits from operations alone, without considering the income and expenses that are not related to the core activities of the business. This includes income tax, interest expense, interest income, and gains or losses from sales of fixed assets [4]. Operating Net Income = Net Income + Interest Expense + Taxes

(34.6)

ONI = GOP − Operating Expenses − Depreciation − Amortization

(34.7)

The operating profit is the business revenue, minus its day-to-day running costs, which is sometimes called operating expenses. Operating Profit Margin (OPM) is focused on the core costs of the business because interest and tax costs are less relevant to everyday operations. Operating Profit Margin = (Net profit + Interest + Tax)/Revenue × 100 (34.8) Gross Profit Margin (GPM) or Commercial margin is a concept used to assess a company’s financial health by calculating the amount of money leftover from product sales after subtracting the cost of goods sold. Sometimes referred to as the gross margin ratio, gross profit margin is frequently expressed as a percentage of sales. Because companies express net profit margin as a percentage, it is possible to compare the profitability of two or more businesses regardless of their size [5]. Net Profit Margin (NPM) is the percentage of profit generated from revenue after accounting for all expenses, costs, and cash flow items.

414

C. Marcu et al.

34.3 Visual Promethee DSS Visual Promethee® (VP) is a Multicriteria Decision Software developed by VP Solutions under the guidance of Bertrand Mareschal, professor at the School of Economics and Management from Brussels. It allows running analysis on unit performance indicators as well as identification of the best possible decision from several possible decisions or items according to multiple often conflicting criteria.2 Many companies and organizations are using it in different fields, from human resources management to quality assessment, from investments opportunity analysis to evaluation of projects, for individual decision-making or group decision-making. Visual Promethee is a software that implements Promethee and Gaia multicriteria techniques. PROMETHEE stands for Preference Ranking Organization Method for the Enrichment of Evaluations. GAIA stands from Graphical Analysis for Interactive Aid. The main application window contains a menu bar, two toolbars, and spreadsheets called scenarios. The spreadsheets contain evaluation criteria, metadata, and the actions to take. Scenarios are ways to evaluate the same actions under different criteria in different moments of time. Actions, criteria, and scenarios names are buttons that can be clicked to open the corresponding dialog windows to display and edit specific data [6].

34.4 Case Study 34.4.1 Input Data In this paper, the VP software is used to analyze performances of four economic operators, named O1, O2, O3, O4 (from four different Romanian counties: Brasov, Dambovita, Arges, and Valcea), over four years (2016–2019), according to criteria chosen by the decision maker. The data is real [7], and the objective of the simulation is to compare the performance indicators in view of elaborating the future strategies of development. The main indicators used in this study are: the total revenue (TR), the turnover (TO), total expenses (TE), gross operating profit (GOP), operating net income (ONI), gross profit margin (GPM), return of revenue (ROR), operating profit margin (OPM), net profit margin (NPM). The decision maker must assess the performances of these four companies and make the investment plan for the coming years (Tables 34.1, 34.2, 34.3, and 34.4).

2

http://www.promethee-gaia.net/assets/vpgetstarted.pdf.

34 Analyzing Business Performances with a Multicriteria …

415

Table 34.1 Performance indicators for the first year (in Ro currency) Operator

TR

TO

TE

GOP

ONI

OPM

O1

6,773,319

6,696,389

6,504,305

384,217

269,014

3.97

4.02

O2

9,427,847

8,552,892

9,454,839

−5192

−26,992

−0.6

−0.6

−0.29

−0.32

O3

16,372,102

15,114,160

16,435,259

−21,180

−63,157

−0.14

−0.13

−0.39

−0.42

O4

15,600,500

14,118,500

15,473,000

145,000

127,500

1.03

0.93

0.82

0.90

ONI

OPM

ROR

NPM

GPM

5.74

ROR 5.67

NPM

GPM

Table 34.2 Performance indicators for the second year Operator

TR

TO

TE

GOP

O1

4,218,167

4,218,167

4,114,060

142,403

104,107

3.38

3.38

2.47

2.47

O2

9,555,104

9,068,815

9,513,804

59,359

41,300

0.65

0.62

0.43

0.46

O3

15,785,399

14,127,456

15,735,040

94,969

50,359

0.67

0.60

0.32

0.36

O4

16,487,600

14,705,550

16,414,300

87,000

73,300

0.59

0.53

0.44

0.50

Table 34.3 Performance indicators for the third year Operator

TR

TO

TE

GOP

ONI

OPM

ROR

NPM

GPM

O1

4,686,492

4,686,492

4,523,176

195,774

163,316

4.18

4.18

3.48

3.48

O2

10,154,810

9,561,920

10,102,401

65,461

52,409

0.68

0.64

0.52

0.55

O3

17,102,103

16,478,412

16,770,531

394,728

331,572

2.40

2.31

1.94

2.01

O4

15,901,100

14,956,100

15,747,100

180,000

154,000

1.20

1.13

0.97

1.03

NPM

GPM

Table 34.4 Performance indicators for the fourth year Operator

TR

TO

TE

GOP

ONI

OPM

ROR

O1

465,758

4,173,647

4,201,129

479,226

449,629

11.48

10.30

9.67

10.77

O2

10,168,932

9,717,800

10,454,731

−248,727

285,799

2.56

−2.45

−2.81

−2.94

O3

16,398,120

15,685,225

16,142,930

270,531

255,190

1.72

1.65

1.56

1.63

O4

16,282,700

14,580,700

15,928,700

410,600

354,000

2.82

2.52

2.17

2.43

34.4.2 Definition of Scenarios The PROMETHEE method begins with an evaluation of alternatives with respect to criteria. Criteria are replaced with the nine performance indicators from the previous paragraph. Each criterion must be categorized as a maximum criterion or a minimum one, the decider introducing criteria accordingly in the table. Different scenarios can be defined for each of the four years (Fig. 34.1). Actions, criteria, and scenarios are actually buttons that one can click to open the corresponding dialog boxes in order to display and edit specific data [8]. In the first phase, the analysis is running for one of the years. This is for understanding the simulation over only one scenario. After that, simulation is performed for all operators and over the fourth year.

416

C. Marcu et al.

Fig. 34.1 Main window of visual promethee

34.4.3 Promethee Ranking There are two PROMETHEE rankings that are computed: The PROMETHEE I: Partial Ranking is based on the computation of two preference flows: the positive flow and the negative flow (+ and− ). It allows comparison between actions when both preference flows give conflicting rankings. The PROMETHEE II: Achieves a fully hierarchical structure of decision alternatives based on the net flow calculation, i.e., the difference between the positive and negative flow.

 = + − −

(34.9)

The positive flow assesses how the current alternative is advantageous compared to the others showing its strength. The negative flow expresses how the current alternative is disadvantageous compared to the others showing the weakness of it. The formula of these flows is given in [8]. The net flow, as well as the positive and the negative flows, are calculated according to the nine criteria for each company. In the end, companies are ranked by these values (Fig. 34.2). Using these graphs, partial and complete ranking, respectively, companies are ordered according to the flow. The highest-positioned company is the one with optimal results. It is interesting that if we look in the table of values on which the charts are generated, the company from Arges (O3) has the highest total income, the highest

34 Analyzing Business Performances with a Multicriteria …

417

Fig. 34.2 Promethee 1 and 2 ranking

turnover, but has higher expenses than revenues, so it deserves the last place in the ranking. The most beautiful and relevant graphic of all is the scenario competition [9]. When the window with this scenario appears, the diagram shows the flow path of each society over the four years (Fig. 34.3). One could notice that the development of the company from Dambovita (O2) has dropped throughout this four-year period and the one from Arges (O3) has evolved. The decision maker will set the course of the activity for the next period to increase the performance of the O2 company. Starting from a multi-dimensional representation of the decision-making problem with several dimensions equal to criteria number, the Gaia method uses the mathematical method Fig. 34.3 The scenario comparison

418

C. Marcu et al.

Fig. 34.4 GAIA diagram

called “analysis of the main components” to reduce the number of dimensions while minimizing the errors. The criterion is each represented by an axis starting from the center of the plan. The orientation of these axes shows how close the criteria are between them. The length of the criteria axes is also important: the longer the axis, the greater the impact of that criterion on the final decision. In Fig. 34.4, one could see how companies are projected on the criterion according to the values held under that criterion. One can see that, although the company from Dambovita had higher revenue than Brasov (O1), the results of the financial year are smaller. The best results were obtained by the company from Valcea (O4) county. If we combine scenarios for the four years, Gaia diagrams provide the evolution in terms of efficiency of the four companies. Other diagrams provided by VP can be used forward in decision-making, like the Rainbow diagram or the Walking Weights diagram [10]. In the last one, criteria can be weighted by some coefficients according to the decision maker preferences. These diagrams show what indicators must be changed so that the profitability of the company increase. Therefore, an image of performances evolution is provided, without using the complicated calculus from the financial theory.

34.5 Conclusions Measuring the performance of a company is a key concern for the economic analysts and managers. Performance indicators and their fluctuation over time can indicate how well the financial strategies are working, and whether they need to be changed [11]. This paper presents a multicriteria decision analysis to evaluate the profitability of a company and to predict its evolution in time. The method is useful when the decision to take is difficult to compare or quantify. Decision analysis is run using

34 Analyzing Business Performances with a Multicriteria …

419

Visual Promethee.® Graphical results suggest where to intervene to increase the company’s business efficiency.

References 1. Morin EM, Savoie A, Beaudin G (1994) L’efficacite de l’organisation – Théories, représentations et mesures. Montreal Gaetan Morin Editeur 2. Niculescu M, Lavalette G (1999) Growing strategies. Economic˘a, Bucuresti 3. Dumbrava M (2010) Analiza performantei firmei. Metode si modele, Ed. Economica 4. CECCAR. https://www.ceccarbusinessmagazine.ro/analiza-contului-de-profit-si-pierderea5190/. Last accessed 15 March 2021 5. https://www.investopedia.com/terms. Last accessed 20 March 2021 6. VP Solutions (2015) Getting started with visual promethee. Technical Guide. 7. Manea MD (2013) The development of the cooperative sector within the European and Romanian area. Netw Intell Stud 1(01) 8. Promethee Methods (2013) Visual PROMETHEE 1.4—Manual 9. Marcu C (2019) Visual promethee multicriteria decision support system in business. Dizertation 10. Duta L (2018) Sisteme de asistare a deciziilor in organizarea intreprinderii. Master course, online 11. Tabara N, Vasiliu A (2013) Relevance of indicators in measuring company performance. Econ J 1(83)

Chapter 35

Measuring Real Time Occupational Stress in Organizations via a Digitalized Risk Management App Magali Dubosson, Emmanuel Fragnière, Arnaud Fournier, Samuele Meier, and Sacha Varone Abstract Various studies (e.g., European Agency for Safety and Health at Work, 2007) have shown the highly detrimental effects of toxic environments on human health and organizational performance. For organizations, the implication about stress is that it leads to harmful behaviors that prevent managers and their teams from achieving goals. In the literature, many questionnaires based on a variety of metrics have been developed and tested to measure and assess the quality of work life (i.e., stress, organizational justice, etc.). The goal of our original research was to identify the most meaningful items and combine them into a unique score and an effective decision-making module. In this new paper, we report on the development of a new app that we developed and used for the first time to regularly take a kind of temperature of job stress in two companies. A long process of trial and error was necessary to be able to collect very confidential information from employees, both anonymously and longitudinally, to measure human risk in the workplace objectively and globally. As a next step, our goal is for the organization to be able to provide a preventive risk response in case of identification of deterioration of occupational stress.

35.1 Context In literature, many questionnaires based on a myriad of measures were designed and tested in order to measure and assess occupational perceived stress. The objective of our research is to identify the most meaningful items and combine them into a score. For companies, what really matters is the stress that leads to detrimental behaviors preventing the managers and their teams to achieve the objectives. After almost two years of research, our human risk module allows us to collect and analyze data directly M. Dubosson · E. Fragnière (B) · S. Meier · S. Varone University of Applied Sciences Western Switzerland (HES-SO), Delémont, Switzerland e-mail: [email protected] A. Fournier Oxial, Cham, Switzerland © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9_35

421

422

M. Dubosson et al.

from employees to calculate a unique score measuring the level of occupational stress. This paper corresponds thus to the follow-up of thefirst research presented at IE2019 that outlined the premises [1].

35.1.1 Research Problematic Data collection is fully integrated into the GRC (i.e., Governance, Risk and Compliance) to leverage already implemented risk management approaches. This aspect is very innovative, as no GRC software to date includes a dedicated human risk management module. Our tool requires data collection through non-invasive methods and selfassessment of an employee’s condition over time. The vast majority of studies were conducted at one point in time. We found no longitudinal studies. Long-term management of people-related risks requires that employees provide meaningful and truthful data on an ongoing basis. An appropriate incentive system must be in place to ensure employee cooperation. In marketing, studies have been conducted to measure the impact of various financial and non-financial measures on the level of response rates [2–4]. Therefore, we need to conduct research in this particular context, where financial incentives may not be an option, where participation may be mandatory, where frequency may vary, and where the information to be provided is sensitive. We intend to test several measures to obtain the highest possible response rate and the most honest responses possible over a long period of time. The goal is to detect early signs that herald potential negative stress in order to prevent it rather than cure it. In fact, our approach will take place in a primary prevention context. Our project will improve the level of information through a meaningful occupational stress indicator. Our goal is to develop a human risk platform accessible through a SaaS. Our solution relies on data collection and processing to measure human-related risks, analyze data and provide a unique score. The main challenges in research are what data is collected and how the data collection is done.

35.1.2 A Short Occupational Stress Questionnaire Based on Scientific Literature Using reference questionnaires from the scientific literature and supplemented by others (e.g., [5–8]), we identified and retained 195 relevant items. These items were then synthesized using a Delphi procedure with eight experts. The result consists of sixteen categories grouping these items: (1) work organization, (2) decision-making or initiative, (3) variety of tasks, (4) material resources, (5) workload, (6) match of tasks and skills, (7) meaning of work, (8) recognition, (9) fair treatment, (10) job security, (11) separation of personal and professional life, (12)

35 Measuring Real Time Occupational Stress …

423

team atmosphere, (13) support from hierarchy, (14) external relations, (15) attention to employee’s well-being by hierarchy, (16) cooperation with team members. We combined these categories into a new short questionnaire to ask employees about their job satisfaction, which included these sixteen items.

35.1.3 Questionnaire Construction The questionnaire used in this research consists of 32 questions and examines working conditions, organizational factors, and workplace relationship factors. We measured employees’ general attitudes toward their work in the form of two general questions about overall satisfaction with their work and pride in their work. The core of the questionnaire measured satisfaction with the sixteen items listed above (i.e., “How satisfied are you with your job now? How satisfied are you with the workload in your job right now?”). Each question was measured with a statement on a 5-point Likert scale ranging from “strongly disagree” to “strongly agree.” We surveyed 1129 individuals and, based on statistical analyses, identified four relevant dimensions that summarize the experience at work. The first factor associates item related to the relationship between the organization at all levels and the employee and is composed of recognition, fair treatment, support from the hierarchy, and the hierarchy’s interest in employee well-being. The second factor relates aspects of self to work and is composed of the variety of tasks, the appropriateness between the assigned tasks and the person’s abilities, and the meaning of the work. The third factor relates to work-specific constraints and includes workload and the separation between personal and work life. Finally, the fourth factor relates to relationship aspects with colleagues and includes the variables of team atmosphere and cooperation between team members.

35.1.4 Operating Modes Insights on How to Collect Data at Work In addition to quantitative research, we have studied how to propose this questionnaire to users. We have the results of more than 100 qualitative interviews on the following topics: – Personal experiences with human risks – Concrete measures are taken by the company to manage human risks – Your attitude toward a human risk management approach (conditions, time, frequency, incentives, support, issues) – Identified key barriers to improving human risk management.

424

M. Dubosson et al.

Obviously, our focus was to discover the most important elements to ensure employee motivation and participation in a human risk management approach. The results show us that all participants were open to participating in this type of approach, but there are two very important barriers. First, the importance of anonymity and second, the fear of consequences. Therefore, the main challenge in developing our tool is to provide the user with a concrete image of confidentiality and anonymity while allowing for the collection of sufficiently accurate and actionable information. Second, no monetary incentive has been mentioned. The most important thing for users is that their opinions are taken into account and that management is able to implement actions based on the information provided by users.

35.2 Development Steps and Issues Data requiring questions and interactions with employees of the company have to be provided by workers. Some questions might be sensitive when asking about personal perceptions and feelings. Moreover, having to ask for information on a regular basis may lead to individual and organizational fatigue. In order to ensure a high response rate, incentives have to be identified in order to outweigh count-incentives (reluctance to provide personal information, lack of trust, no perceived interest, etc.). Appropriate incentives have to be defined in order to maintain a high level of truthful responses. These are all challenges we had to address to move from concept to practice. Ultimately, the objective of this research is to identify early signs of stress in order to prevent it. We assume that stress might be detected by co-workers even before the person suffering from stress disorders is aware of it.

35.2.1 Narrative Timeline from Concept to Realization We present here the timeline realized by our team as well as all the difficulties encountered up to the possibility to collect concretely and appropriately occupational stress information in 2 Swiss companies. After having created the logic of a short questionnaire based on questionnaires from the scientific literature (see [1]), we conducted a series of qualitative surveys with companies that were willing to experiment with us. These qualitative surveys allowed us to contextualize our approach in terms of optimal operating mode. We discovered through numerous semi-structured interviews that language and illiteracy problems were going to be a real issue. Indeed, in the industrial sector, we were obliged to use emojis, extreme simplifications of phrasing, or even an accompaniment by a neutral person to be sure that every employee could answer correctly. Then we had to design the application. A whole series of other questions also arose, such as whether to use an app directly on the employee’s smartphone, a company

35 Measuring Real Time Occupational Stress …

425

PC, or paper questionnaires… The question of frequency was also important in our semi-structured interviews. Should data collection be conducted every week, month or 6 months? Finally, most of the work was in the development of the application, which had to take into account the specificities of each company, browser used, camera, mac or pc, user code or QR code, data storage and security, etc. Perhaps, the biggest challenge is related to this stage of development and concerns the anonymity and confidentiality of the data. We quickly realized when finalizing the first pilot that guaranteeing anonymity and having a history of the respondent (even if in the end, everything is aggregated into a single company score, as it is required by the theory) posed a lot of difficulties when setting up the system. We were able to find solutions on a case by case basis, but in the long run, new research must be undertaken (we are conducting initial investigations into Blockchain techniques). But the most challenging part was certainly the use of our system in size 1/1. Often small details that we didn’t suspect were important, which almost brought the project to a halt. For example, in a social work company where the QR code could not be used due to outdated hardware, the codes used were “0”, “O”, “I”, “l”, which created a near panic in the company because employees confused these characters, and therefore, could not enter the system and complained that the system was not up to date. We have had many of these problems in the last few months. The only recipe is to do pre-tests, to communicate a lot with the company. In the current stage of this research, we are analyzing the data through behavioral statistics and we will finish the project by creating a dashboard so that the company can mitigate in an anticipated way the risks of a possible deterioration of its global occupational stress score.

35.3 Actual Human Risk Module Implementation It took us several months of testing before we arrived at a protocol that completely reassured the employees of the organizations we worked with. The first contact instructions given to each employee are as follows: 1. 2.

You draw a QR code that allows you to access the platform Then 4 options are possible: a. b. c. d.

You have a camera on your computer or use an Android smartphone; You use the printed alphanumeric identifier; You use an Apple smartphone; You download your QR Code.

You only need a few minutes to complete the questionnaire. It consists of 11 questions drawn randomly from a sample of hundreds of questions ultimately measuring the same occupational stress phenomena. We show here two

426

M. Dubosson et al.

subsequent questionnaires of 11 questions that were actually used in one of the 2 enterprises that are currently employing our approach: Questionnaire 1. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11.

My supervisor is concerned about the well-being of his or her subordinates; I find my work interesting; There is good cooperation between the members of my team; I am asked to do an excessive amount of work; I am proud of the job I have; My supervisor’s explanations of procedures are clear; The deadlines imposed on me are difficult to meet; I get along well with my colleagues; I would recommend “Enterprise XXX” as an employer to my friends/family; I would like to change employers; I am actively looking for a job.

Questionnaire 2. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11.

Overall, my co-workers are pleasant; In my job, I have too many repetitive activities; My supervisor treats me fairly; If I have difficulties, I can ask my colleagues for help; My job requires too much concentration for too long; I find meaning in my work; My supervisor is always there to give me advice; I can easily reconcile my professional and private life; I would recommend “Enterprise XXX” as an employer to my friends/family; I would like to change employers; I am actively looking for a job.

Let’s take a closer look at the actual interface proposed in the case of option 1. Option 1: You have a camera on your computer or use an Android smartphone. – Go to https://hrr.oxial.net (address sent by email); – You arrive on the following screen and you select the option “Connect with a QR Code”. Then Fig. 35.1 shows the interface to be connected to the questionnaire using a QR code and Fig. 35.2.

35.4 Conclusion and Further Research In this paper, we have shown how, starting from a concept of collecting company data to calculate a global occupational stress score, we have managed to implement it in real organizational contexts. The difficulties were numerous and showed us the necessity to pre-test and test everything before implementing. In terms of future research, these difficulties allowed us to identify an important research question related to the anonymity to be

35 Measuring Real Time Occupational Stress …

Fig. 35.1 A scan of the first UX interfaces related to option 1

427

428

M. Dubosson et al.

Fig. 35.2 The scan of the actual interface implemented after many trials

kept at the same time to have a trace in time of all the answers given by the same respondent. This last point is a real research issue that is not only present in our case, but also for electronic voting and also for the medical follow-up of patients.

References 1. Dubosson M, Fragniere E, Junod N, Meier S, Varone S, Fournier A (2019) Integration of a human risk module into a risk management software. Inform Econ 23(3):5–15 2. Muñoz-Leiva F, Sánchez-Fernández J, Montoro-Ríos F, Ibáñez-Zapata J (2010) A: improving the response rate and quality in Web-based surveys through the personalization and frequency of reminder mailings. Qual Quant 44(5):1037–1052 3. Rolstad S, Adler J, Rydén A (2011) Response burden and questionnaire length: is shorter better? A review and meta-analysis. Value Health 14(8):1101–1108

35 Measuring Real Time Occupational Stress …

429

4. Singer E, Ye C (2013) The use and effects of incentives in surveys. Ann Am Acad Polit Soc Sci 645(1):112–141 5. Morgeson FP, Humphrey SE (2006) The Work Design Questionnaire (WDQ): developing and validating a comprehensive measure for assessing job design and the nature of work. J Appl Psychol 91(6):13–21 6. Cohen S, Kamarck T, Mermelstein R (1983) A global measure of perceived stress. J Health Soc Behav 385–396 7. Diener ED, Emmons RA, Larsen RJ, Griffin S (1985) The satisfaction with life scale. J Pers Assess 49(1):71–75 8. Schaufeli WB, Bakker AB, Salanova M (2006) The measurement of work engagement with a short questionnaire: a cross-national study. Educ Psychol Measur 66(4):701–716

Author Index

A Alecu, Felician, 111 Andreeva, Andriyana, 347

Dragomir, Denis-Alexandru, 133 Dubosson, Magali, 421 Duta, Luminita, 411

B Bâra, Adela, 87 Banabakova, Vanya, 347 Barbu, Dragos, 43 Belciu, Anda, 97 Bodea, Constan¸ta-Nicoleta, 371 Bogdanova, Margarita, 333 Bogoslov, Ioana Andreea, 187 Bologa, Ana-Ramona, 259 Bologa, R˘azvan, 175 Bresfelean, Vasile Paul, 383 Buzdugan, Aurelian, 225

F Filip, Florin Gheorghe, 123 Flori, Maria, 149 Fournier, Arnaud, 421 Fragnière, Emmanuel, 421

C Câlea, Sorin, 3 Capatana, Gheorghe, 225 Chirit, a˘ , Nora, 197 Ciaca, Monica, 383 Ciobanu, Rares, -Constantin, 55 Ciurea, Cristian, 123 Constantin, Laura-Stefania, 163 Corbea, Alexandra, 97 Cristescu, Marian Pompiliu, 149

D Derscanu, Smaranda, 383 Diaconi¸ta, Vlad, 87 Doinea, Mihai, 65

G Gajewski, Marek, 307 Georgescu, Mircea Radu, 187 Georgescu, Tiberiu-Marian, 175 Ghilic-Micu, Bogdan, 397 Grigorescu, Dana Luiza, 163

H Hryniewicz, Olgierd, 307

I Ionut, -Alexandru, Cîmpeanu, 323

J Jastrze˛bska, Agnieszka, 307 Jecan, Sergiu, 3

K Kehayova-Stoycheva, Maria, 237

© The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 C. Ciurea et al. (eds.), Education, Research and Business Technologies, Smart Innovation, Systems and Technologies 276, https://doi.org/10.1007/978-981-16-8866-9

431

432 Kozakiewicz, Mariusz, 307

L Lazaroiu, Gheorghe, 43 Lut, as, , Mihaela, 3

M Manea, Marinela Daniela, 411 Marcu, Catalin, 411 Maria-Carmen, Les, an, 295 Mazilu, Marius Cristian, 285 Meier, Samuele, 421 Mertoiu, George-Bogdan, 271 Mes, nit, a˘ , Gabriela, 271 Mihail-V˘aduva, Dinu, 15 Mircea, Elena, 397 Mircea, Marinela, 397 Mot, Petru Simon, 111 Muntean, Mihaela, 75

N Nerisanu, Raluca Andreea, 149 Nica, Ionut, , 197 Nicula, Stefan, 31 Nil˘a, Constantin, 213

O Ogrezeanu, Andreea-Elena, 249 Ojog, Silviu, 111 Opara, Karol, 307 Oprea, Niculae, 87 Oprea, Simona Vasilica, 87 Owsi´nski, Jan W., 307

P Pantelimon, Florin-Valeriu, 175 Parashkevova-Velikova, Evelina, 333 Patriciu, Victor, 213

Author Index Pocatilu, Lorena, 123 Pocatilu, Paul, 111 Popa, Marius, 65 Popescu, Mihaela, 197 Posedaru, Bogdan-S, tefan, 175 Postolea, Iulia Daniela, 371 Preda, Marius, 213

R Radulescu, Constanta Zoie, 43 Radulescu, Delia Mihaela, 43 Rusu, Lucia, 3

S Serafimova, Desislava, 347 Serbezova, Boryana, 237 Simonca, Iuliana, 97 Sipica, Alexandru, 43 Stanca, Liana, 383 Stoica, Eduard Alexandru, 187 Stoica, Marian, 397

T Tanasescu, Laura-Gabriela, 259 Toma, Cristian, 65

V Vancea, Alexandru, 383 Varone, Sacha, 421 Vasilev, Julian, 237

Z Zadro˙zny, Sławomir, 307 Zaharia, Alexis-Valentin, 55 Zamfir, Gabriel, 361 Zamfiroiu, Alin, 123 Zota, R˘azvan-Daniel, 31 Zwierzchowski, Tomasz, 307