The Use of Decision Trees to Defend Against Specific Cyberattacks; How Understanding Legislation In California Can Clarify Data Privacy Responsibilities

Crawley, Jordan, School of Engineering and Applied Science, University of Virginia
Elbaum, Sebastian, EN-Comp Science Dept, University of Virginia
Francisco, Pedro Augusto, EN-Engineering and Society, University of Virginia

As the Internet continues to become intwined with our everyday lives, society has begun to see the rise of new sociotechnical concerns that were previously nonexistent. One such important concern is the rise cybercriminals and cyberattacks, which have become a big concern for both individual users of the Internet and large companies in recent years, as they often threaten to steal important information through hacking, data breaches, etc. Recently, it is all the more important and necessary to maintain thorough practices within cybersecurity field. As such, my Capstone Research addresses one such branch of these cybersecurity practices, specifically addressing the use of decision tree algorithms and its potential applications in modern cybersecurity with a focus on intrusion detection and response.

However, it is also important to consider both the human and social dimensions of this technology. After all, any attack or data breach, whether successful or unsuccessful, must still be perpetrated by a person or group of people. It’s also worth considering who should be held at fault in such events, whether it be these perpetrators, the companies or organizations that are collecting this data, or the individual users of the Internet, especially where user personal data is concerned. One state in the US though, California, has invested more time and energy into regulating this answer, and is the only state in the US which implements clear and detailed legal documentation addressing the areas of data privacy and related legal responsibilities. Through the both examination of these active legal documents in California, namely the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), as well as examination of relevant articles and social commentary on the implementation of this legislation, my STS research paper will attempt to make an analysis of how effective California’s legislation is and how it might inform the development of future data privacy legislation across the United States.

When considered in concert, my capstone and STS research papers should inspire ideas that will help to create a more secure cybersecurity future that is also less legally ambiguous for all users of the Internet in the event of data breaches and other successful attacks.

BS (Bachelor of Science)
Data Privacy, Cybersecurity

School of Engineering and Applied Science
Bachelor of Science in Computer Science
Technical Advisor: Sebastian Elbaum
STS Advisor: Pedro Francisco
Technical Team Members: Jordan Crawley

Issued Date: