SLA as a mechanism to manage risks related to chatbot services

Gondaliya, Krishna; Butakov, Sergey; Zavarsky, Pavol

doi:10.1109/bigdatasecurity-hpsc-ids49724.2020.00050

Cited by 12 publications

(14 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are security and privacy risks associated with chatbots [15]. In financial chatbots, Bhuiyan et al proposed a chatbot leveraging a private blockchain platform to conduct secure and confidential financial transactions [9].…”

Section: Related Workmentioning

confidence: 99%

An Empirical Assessment of Security and Privacy Risks of Web based-Chatbots

Waheed¹,

Ikram²,

Hashmi³

et al. 2022

Preprint

View full text Add to dashboard Cite

Web-based chatbots provide website owners with the benefits of increased sales, immediate response to their customers, and insight into customer behaviour. While Web-based chatbots are getting popular, they have not received much scrutiny from security researchers. The benefits to owners come at the cost of users' privacy and security. Vulnerabilities, such as tracking cookies and third-party domains, can be hidden in the chatbot's iFrame script. This paper presents a large-scale analysis of five Web-based chatbots among the top 1-million Alexa websites. Through our crawler tool, we identify the presence of chatbots in these 1-million websites. We discover that 13,515 out of the top 1million Alexa websites (1.59%) use one of the five analysed chatbots. Our analysis reveals that the top 300k Alexa ranking websites are dominated by Intercom chatbots that embed the least number of third-party domains. LiveChat chatbots dominate the remaining websites and embed the highest samples of third-party domains. We also find that 850 (6.29%) of the chatbots use insecure protocols to transfer users' chats in plain text. Furthermore, some chatbots heavily rely on cookies for tracking and advertisement purposes. More than two-thirds (68.92%) of the identified cookies in chatbot iFrames are used for ads and tracking users. Our results show that, despite the promises for privacy, security, and anonymity given by the majority of the websites, millions of users may unknowingly be subject to poor security guarantees by chatbot service providers.

show abstract

Section: Related Workmentioning

confidence: 99%

An Empirical Assessment of Security and Privacy Risks of Web based-Chatbots

Waheed¹,

Ikram²,

Hashmi³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Several authors have expressed the need to secure chatbots, especially in critical domains such as banking [12] or health [16]. In the same line, [7] even proposes chatbot providers to attach an SLA to their chatbots, including security aspects. Indeed, as pointed out in [4,5,8,19], chatbots are concerned by (and should be tested against) a number of security concerns.…”

Section: Related Workmentioning

confidence: 99%

“…Several works [7,12,16] emphasize the importance of considering security, and especially access-control as highlighted in the above scenarios, in the CUI definition though no concrete solution is proposed.…”

Section: Introductionmentioning

confidence: 99%

Towards Access Control Models for Conversational User Interfaces

Planas

Martínez

Brambilla

et al. 2022

Enterprise, Business-Process and Information Systems Modeling

View full text Add to dashboard Cite

Conversational User Interfaces (CUIs), such as chatbots, are becoming a common component of many software systems and they are evolving in many directions (including advanced features, often powered by AI-based components). However, less attention has been paid to their security aspects, such as access-control, which may pose a clear risk. In this paper, we apply Model-Driven techniques to define more secure CUIs. In particular, we propose a framework to integrate an Access-Control protocol into the CUI specification and implementation through a set of policy rules described using a Domain-Specific Language (DSL) integrated with the core CUI language.

show abstract

“…Ye and Li already proposed several ways to prevent the response generated attack, such as: creating an algorithm to detect the malicious trigger, separate the response learning and training model server with layer abstraction [56]. Furthermore, Gondalia et al proposed using Service Level Agreements (SLA) mechanism to mitigate the risk of chatbot services [57]. Another strategy to avoid SQL injection within user answer/ feedback in conversation with a chatbot is using SQL-IF and Naïve Bayes [58].…”

Section: Security and Privacy Issuementioning

confidence: 99%

Gamification on Chatbot-Based Learning Media: a Review and Challenges

Hidayatulloh

Pambudi

Surjono

et al. 2021

ELINVO

View full text Add to dashboard Cite

The mobile learning sector has exploded, implying that the e-Learning trend is shifting to mobile platforms. As a result, chatbots have become increasingly popular alternatives for online learning and examinations on mobile platforms. However, it did not provide enough motivation for the student. On the other hand, gamification in a typical e-Learning platform is a widely used technique for increasing students' learning motivation. Therefore, combining gamification with chatbot-based learning and examinations possibly offer benefits, including increase student learning motivation. This study explored the possibilities and future challenges of the development of gamification within chatbot-based learning media. We discussed four aspects: architecture's reliability, security and privacy issue, user’s acceptance and motivation, and gamification feature challenges.

show abstract

SLA as a mechanism to manage risks related to chatbot services

Cited by 12 publications

References 7 publications

An Empirical Assessment of Security and Privacy Risks of Web based-Chatbots

An Empirical Assessment of Security and Privacy Risks of Web based-Chatbots

Towards Access Control Models for Conversational User Interfaces

Gamification on Chatbot-Based Learning Media: a Review and Challenges

Contact Info

Product

Resources

About