Generating Alerts using Context-aware Security and

Regular Papers-Proceedings of IMTIC’15

Generating Alerts using Context-aware Security and Brahms Model for Customer Service Improvement Abid Ghaffar1,2, Mohamed Ridza Wahiddin1, Asadullah Shaikh3,4, and Akhlaq Ahmad1,5 1

Department of Computer Science, Kulliyyah of Information and Communication Technology, International Islamic University Malaysia, P.O Box 10, 50728 Kuala Lumpur, Malaysia. [email protected], [email protected] 2 Department of Computer Science, Foundation Year Program, Umm Al-Qura University, Makkah, Saudi Arabia. 3 Faculty of Computer Science and Information Technology, Institute of Business and Technology Karachi, Pakistan. [email protected] 4 Department of Computer Science and Information Systems, Najran University, Najran, Saudi Arabia. [email protected] 5College of Engineering and Islamic Architecture, Umm Al-Qura University, Makkah, Saudi Arabia. [email protected]

Abstract Every organisation set some objectives to achieve success which is closely related with the quality assurance. Human behavior brought many challenges in variety of situations in an organisation which is sometimes untraceable phenomena. The real challenge is to control the collective human behavior at customer service department in an organisation which may pose a serious threat to the top management in terms of its defined objectives. Human behavioral activities can be monitored using Brahms Model Technique along with the Warning Alert Generation System which would maximize the efficiency and improve the system performance at customer service level. In this paper, we propose context aware security measure which would complement the system performance in terms of human error detection and rectification. Generating timely alerts using context aware security measure along with Brahms Model would improve the system performance. Keywords: Brahms Model, Human Behavior, Warning Alerts, Context Aware Security, Cognitive Science, Organisational performance.

Introduction Human behavior is a key issue while dealing with organisational collective performance and improvement [3], [24]. Every institution has some goals and objectives, but some organisations do not come up with progress and success. Tools and equipment might be replaced but employee replacement is not so much easy, it takes long time to set up an organisation and coordination among its employees [3]. It has been revealed that the most important asset and strength of an organisation is its employees, and good organisation takes care of it [3]. Customer service improvement in any organisation is a primary concern and related with the quality assurance. Unfortunately, problems in customer service department are not addressed properly and organisational performance continued to suffer [1], [2], [3], [12]. The need of an hour is to control the human behavior factor and monitor the job activities of employees in the customer service department. Once we are able to capture the human behavior in an organisation, we shall be able to rectify the human error timely and effectively. Brahms Modeling and Sumulation tool provides us an opportunity to capture the human behavioural activities in an organisation [5], [6], [17]. The captured human behaviour using Brahms Model could be used as an input into the Context Aware Secuirty Model which would filter the information as an output. Context Aware Security Model is depended on a rule-based system which serves as an engine. Alert could be easily generated to the concerned person in the customer service department, once information is verified through Context Aware Security measure. Human behavioural activities in the customer service department could be improved and monitored by the application of Context Aware Security measure using Brahms Model and Warning Alert Generation System. The remainder of the paper focuses on Context Aware Security measure along with Warning Alert Generation System and Brahms Model which would rectify human behavioural errors in the customer service department in an organisation. Section II focuses on the development of the strategy proposed for generating alerts. Section III follows up with the related material which was used for the solution of the problem. Sections IV, V and VI carry details about Brahms Model, Context Aware Security Model and Warning Alert Generation System accordingly. Section VII explains the contribution part, while section VIII draws conclusions and future work.

47

ISBN: 978-969-8680-32-9

Regular Papers-Proceedings of IMTIC’15 Research Methodology Our research methodology started from bibliographic research approach and then qualitative and design research is used for the proposed solution. Online survey carrying twenty two questions has been conducted from different professionals working at different levels in different international organisations [2]. The questions were asked about their daily job activities and it has been concluded that human behaviour errors exists in different organisations while performing different job activities and as a result, organisational objectives are compromised [2]. There is no timely alert system exists which could rescue the system and minimize the human errors. Therefore, we propose Context Aware Security measure along with Brahms Model and Warning Alert Generation System for the solution of existing problem. It would rescue the system from the failure state to the success state. Brahms Modelling and Simulation tool is considered as the suitable tool for capturing human behavioural activities at the work practice system [2]. We chose Brahms tool for monitoring job activities of an employee in the customer service department [2]. It would help us to monitor and detect the human error in the system. Ethnography study was performed to capture the data during job activities of different employees in an organisation [18], [19]. Two departments of International Islamic University, Malaysia were considered as case studies, one is International Student Division (ISD) and the other is Graduate School of Management (GSM). Data is captured in the form of personal obervations, pictures and video footages during working schedule of the department [18], [19]. Data sets would be used for the modeling and simulation of job activities of different employees in the system. Quantitative research methodology would ensure the following factors while moving towards the solution of a problem: • Finding different tools for monitoring human behavioural activities in the work practice system • Choosing the suitable tool among different available tools for capturing human activities • Analysing formalism for the selected tool Design research is also known as improvement research which would help us to solve different problems at different levels [15], [16]. It is divided into the following steps: • Knowledge flows • Process steps (Awareness of problem, Suggestion, Development, Evaluation and Conclusion) • Output Context Aware Security Model receives an input from the Brahms Model and information is verified from the rule-based system as shown in Fig. 1. Appropriate alert may be generated for the rectification of human error in the system which may cause survival of the system.

Related Work Abid Ghaffar et al. Feb. 4, 2015 compared different multi-agent tools with the Brahms Modelling and Simulation tool and proved that Brahms is the suitable tool for capturing human behavioural activities in the work practice system [2]. Abid Ghaffar et al. Jan. 2015 presented an idea about the framework to generate warning alerts using Brahms Modeling and Simulation Tool. The paper focuses on monitoring human activities and generating alerts in case of human error in the work practice system [1].

48

ISBN: 978-969-8680-32-9

Regular Papers-Proceedings of IMTIC’15

Fig. 1. Framework for generating alerts using Context Aware Secuirty Measure and Brahms Model.

Abid Ghaffar et al. May 2013 proposed a framework which used Brahms Model and Simulation Technique for monitoring human activities in an organisation. Alerts are generated at the time of human error in the work practice system [23]. Martin Chapman 2013 presented an idea to improve the decision making process of available automated software tools to protect the networks or other secuirty systems using the concept of context aware security measure [21]. Mohamad Fauzan Noordin 2013, presented his ideas about the relationship between Information Communication Technology (ICT) and Islam. He focused on heartware among the peopleware which is the most important element in the components of information technology. Heartware determines the direction of the peopleware [24]. Andy Pasztor and Drew Hinshaw 2013, revealed that human error was the main cause of Nigeria Air plane crash and pilot was made responsible for the major cause of accident [13]. Stephen T. Robbins et al. 2012 discussed about different aspects of organisational behaviour which involves interpersonal skills, management and behavioural science. These factors play a vital role to achieve organisational objectives [3]. Geong Sen Poh et al. 2012, proposed a security framework called Human Behaviour Security Framework. It would simulate the human activities acrosss an organisation which involves security related issues like information leakage to protect the information flow [11]. Jim Blythe and L. Jean Camp 2012, presented an idea about an effective communication and warning alerts using mental model approach of users. This would improve the user behaviour in the network security environment [10]. Saad Almutairi et al. 2012 discussed about the application of context aware security systems based on the previous history of users. Time and location keeps on changing which needs different approach like context aware system for providing security to the systems [20]. Lorrie Faith Cranor 2011, proposed a framework called human in the loop framework (HILF). She presented an idea about the decision making process of users is based on their background education, psychology, emotions, knowledge and motivational factors [8]. Jim Blythe USC et al. 2011 discussed about risk factors involved with users for possible cyber threats during improper messaging and communication. Cyber threats are common and users do not understand alerts and messages properly. Users may be protected from possible cyber threats, if proper communication is peformed with users through alerts [9].

49

ISBN: 978-969-8680-32-9

Regular Papers-Proceedings of IMTIC’15

Cristian Bravo-Lillo et al. 2011, discussed about security warning dialogues which people do not understand properly and consequently, lead the user to wrong decisions. If these warning dialogues are designed properly then people might be secured from possible loss or threats [4]. L. Jean Camp 2009, presented an idea about Privacy and Security issues which is based on certain policies. Lack of risk communication is involved in Security and Policy matters specially in case of medical, environmental and life’s style [7]. Maarten Sierhuis et al. 2007, discussed about modelling and simulating work practice system at an individual level where people, objects, timings, activities, geography, knowledge and communication is involved. Brahms language environment provides an opportunity which can simulate work practice system which is developed at NASA Ames Research Center [6]. Scott Shappell and Doug Wiegmann 2004, discussed about the causes of civil and military accidents. They examined 16000 US civil and military accidents and found that human errors had major role in these accidents [14]. Maarten Sierhuis et al. 2002, presented an idea about modeling and simulation of work practice system using Brahms. People perform different tasks using machine and objects at different timings and locations. They communicate with each other and use knowledge to achieve set targets. Victoria lunar mission work system was considered for the application of Brahms [5]. Maarten Sierhuis 2001, explained about collaborative work practices in an organisation. He proposed a framework which is based on human centered approach where people collaborate each other using different tools in an organisation to peform the assigned tasks [17]. Chris Johnson 1999, suggested that organisations are failed mostly due to human failure. He proposed that there is connectivity between human failure and organisational failure [12]. Kevin C. Gross et al. 1998 presented an idea about generating mail messages based on rule-based system. Actions are define based on certain conditions and appropriate rule is fired [22]. Brigitte Jordan 1996, discussed about ethnography study to understand about work practice system in an organisation. She also focused on data collection through team of ethnographers in order to analyse complete information about work flow[19]. Brigitte Jordan 1994, suggested different methods to perform Ethnography Study in an organisation to collect data. The methods involved Interviews, Observations, Questionnaire and Video Recordings. Data could be collected from different perspectives, for example, emic data and etic data [18]. Existing research is focused on the monitoring of human behaviour activities in the work place environment and generating alerts without verification and counter check. It does not give us a solution to detect the human errors and generating alerts using the concept of Context Aware Security measure. Context Aware Security would be coupled with the Brahms Model and Warning Alert Generation System in order to detect and rectify human error in the work practice system.

Brahms Model (BM) Human error detection has always been a real challenge in any organisation and as a result, organisation fails to deliver [3]. Job activities in the customer service department could be monitored and captured directly using Brahms Modeling and Simulation technique [5], [6], [17]. Brahms provides an opportunity to define the humanmachine interaction system at certain time and location. It gives us details like, how human is interacting with his colleagues, dealing with machines, communicating using different tools like computers or papers to perform different activities at certain time and location. On the basis of different aspects and dimensions in an anogranisation, Brahms Model (BM) is further sub-divided into further seven models known as Agent Model, Object Model, Timing Model, Activity Model, Communication Model, Knowledge Model and Geography Model [5], [6]. All these different models complement each other and capture activities of an individual at certain interval of time and location in an institution. Ethnography study would be used to capture and monitor the data used by Brahms Model [18], [19]. Data collection in the form of images, videos, real-time observation of different activites would be captured in order to be used as input in the Brahms Model. Complete picture of a customer service department can be viewed using Agent-Viewer tool in the Brahms Modeling and Simulation process [6].

Context Aware Security Measure Context Aware Security has played a signifact role in the field of Artificial Intelligence [20], [21]. Every employee in the customer service department has significant role and responsibilities to achieve desired targets.

50

ISBN: 978-969-8680-32-9

Regular Papers-Proceedings of IMTIC’15 All the activities of an employee could be monitored in the work practice system using Brahms Modeling and Simulation Technique [5], [6]. The context of each employee job-profile could easily be recorded for future references and decision making process. Any unusual activity against any employee job-profile would be checked before taking some decisions. Context Aware Security measure would help us to filter the information about each employee in case of miscalculation or wrong observation. This is equivalent to counter check the situation before we take some decision against an individual who’s credibility can not be questioned easily. In other words, Context Aware Security measure may protect the interests of employees and the employer both at the same time. Human behaviour error detection with an application of Context Aware Security feature may fine tune our observation and monitoring the activities of an employee in the right direction. It would ensure that alerts are generated to the concerned person in the customer service department based on his user profile and background history. Consequently, alerts would be generated precisely using Brahms Model and Context Aware Security in order to detect and rectify the human error in the system as shown in Fig. 2. We can design the mathematical model for the context aware security by considering different parameters in which the related task is performed by an employee in an organisation [20], [21]. The customer service department has different number of employees and tasks in compliance with the objectives of an organisation. We represent “ m ” as number of employees and “ n ” as number of different tasks assigned to different employees. In general, the symbol "τ p " represents a task assigned to an employee; where i

= i 1,= 2,3, , n; p 1, 2,3, , m . The symbol “ τ 4 ” respresents 3rd task for a 4th employee. A set of primitive contexts would be required which could define an appropriate alert for an employee. The symbols C, C 1 , C 2 , C 3 , C 4 , C 5 , C 6 , and C 7 represents different contexts based on certain job environment. 3

C1 = “Priority”, represents three values of range, “High”, “Medium”, and “Low”. C2 = “Time Allocation”, which represents time interval. We consider ∆t = t2 − t1 , where t1 and t2

represent

the start and finish time.

C3 =

“Job Acknowledgement”, represents two values either, “Yes” or “No”. This context represents either an

employee knows about the job allocation to him or information is still unknown. In case of “Yes”, the employee would be communicated with ∆t

= t2 − t1 , which shows time duration, and in case of “No”, a gentle reminder

would be sent to an employee. In case of any further delay, the manager would analyze the situation and may assign the task to an alternative employee.

C4 =

“Employee Leave at time t2 and t1 ”, which represents two values “Yes” or “No”. In case of “Yes”, the time could be adjusted within ∆t . If an employee on an emergency leave or there is an unavoidable situation, then the same task has to be reported to an official in order to be assigned to some other employee.

C5 =

“Employee Presence at workplace”, which carries two values, either “Yes” or “No”. It could be

confirmed by the employee attendance database either an employee was present in the office or remained absent. If “No”, then manager would analyze the context accordingly and may adjust the time within ∆t .

C6 =

“Instrument Working Conidtion”, it carries two values, either “True” or “False”. This primitive context

will explain the physical condition of instruments like computer, fax machine and other objects required to perform the task. If there is any problem, the alternative resource would be used.

C7 =

“Communication”, which represents the medium of communication for example, Email, Fax, Telephone,

Verbal Communication and Paper Communication. The above set of primitive context would be defined collectively as given below:

C = C1 , C2 ,C3 , C4 , C5 , C6 ,C7 For example;if we have a set of primitive context as,

C = High, 48Hrs, No This means that an employee needs a gentle reminder to acknowledge the acceptance of task with receipt.

51

ISBN: 978-969-8680-32-9

Regular Papers-Proceedings of IMTIC’15

= If C

High, 48Hrs, Yes, +12 Hrs

This means an employee was on leave and there is a need to adjust 12 hours for the time allocated to the task.

C = High, 48Hrs, Yes,0, Yes,Working The relevant context would be alarming, if the task has not been accomplished on time and an alert may be generated based on the premitive context. The rule based system which may be applied in the following form [22]; If condition 1 , Condition 2 , …..Condition n Then Action 1 , Action 2 ….Action n

Fig 2. The exclusive communication among three models.

Warning Alert Generation System Reputable organisations spend lot of budget into the training and improvement programes of their valuable employees and try to retain their skilled force. They understand the real strength and value of their well trained staff. Every employee in the customer service department has specific role and job responsibilities, but it has been observed in some cases, employees do not comply with their job responsibilities very well and consequently, organisational performance continue to suffer and objectives are compromised [12], [13], [14]. Timely alerts to the employees of an organisation could play a vital role in terms of rectification of human error in the system [9], [23]. Designing and preparing messages or alerts understandable by users or employees would carry its own importance and help them to take corrective measures while performing their job activities [4], [7], [8], [10], [11]. Wrong message communication would carry only wrong decision making [4], [9]. Sometimes employees do not understand their role and make mistakes [3]. Key mistakes always bring failure into the system and institutional objectives are compromised [3]. Warning Alert Generation System using Brahms Model and Context Aware Security would generate the alerts in case of human error in the system [1], [23]. We can focus on the problematic areas and may liberate the system from the failure state to the success state by using Warning Alert Generation System along with Brahm Model and Context Aware Security. Warning Aert Generation System comprised of different alerts based on different human errors in the customer service department and becomes activated once human error occurred in the system [1], [23]. It is coupled with Brahms Modeling and Simulation tool and Context Aware Security Measure, an alert is generated once human error is triggered in the system which may emancipate the system from the cause of serious failure.

52

ISBN: 978-969-8680-32-9

Regular Papers-Proceedings of IMTIC’15 Our Contribution The main objective for the proposed framework is to ensure that alerts are generated properly and filtered in case of human error in the work practice system. Every employee in an organisation is equally important in terms of his responsibilities and duties [3]. In this paper, we propose context aware security measure which would keep a counter check before alerts are generated to the concerned person in the work practice system. Context Aware Security would keep an employee user-profile based on his daily activities in the system and verified before alerts are generated to the concerned people. Rule based system serves as an engine for the Context Aware Security and plays a significant role in decision making. Alerts would be suspended automatically, if there is any contradiction in the information. On the other hand, alerts would be generated after confirmation through the Context Aware Security using Brahms Model. Fig. 1. Shows the framework comprised of different components including Brahms Model, Context Aware Security Measure and Warning Alert Generation System. Brahms Model captures the human behavioural activities in the work practice system and connected with the Context Aware Security Model which is based on Rule Based System. Warning Alert Generation Ssystem takes the input from the Context Aware Security Model and generates the alerts using cellular network to the work practice system in the form of feedback loop.

Conclusion and Future Work Monitoring and controlling human behavioural activities at the work place is indeed a challenging task and organisational strength and objectives depends upon these factors. Detection and rectification of human error in the system is a great question mark. In this paper, we propose Context Aware Security measure coupled with Brahms Model and Warning Alert Generation System to deal with the human error detection and rectification in the customer service department. Context Aware Security depends on rule-based system which rectifies the decision making process in terms of sending alerts to empoyees in an institution. Context Aware Security receives input from Brahms Model, filters the information using rule-based system and sending alerts to the employees in the customer service department with the help of warning alert generation system. Once employees receives timely alerts based on human error in the system, strength and performance of an organisation may be improved. There are two factors which may need to be improved in terms of future work, one is ethnography study and other is to update rule-based system over the period of time. Context Aware Security measure receives an input from Brahms Model and sends ouput to the Warning Alert Generation System at the time of human error in the system. Therefore, output of our Context Aware Security system greatly depends upon the Brahms Model which is based on ethnography study. Once, ethnography study and rule-based system are improved, our proposed model would be more effective to deal with the human error detection and rectification in the system.

Acknowledgements The current research is partially funded by the Malaysian Ministry of Education ERGS 11-010-0010 and partly supported by Umm Al-Qura University, Makkah, Kingdom of Saudi Arabia. We are thankful to Dr. Mohamad Fauzan Noordin and Dr. Asadullah Shah for their useful comments.

References 1. Abid, G.,Mohamed, R.W., Mohamad Fauzan, B.N.,Asadullah, S. :A Framework to Improve Customer Service Using Brahms Model, Int. J. of Engineering Innovation and Research-IJEIR, (Jan. 31, 2015) 2. Abid, G.,Mohamed, R.W., Mohamad Fauzan, B.N., Asadullah, S. : Evaluation of Tools and Techniques for the Generation of Warning Alerts: A Survey Paper, Accepted paper in International Journal on Information Technology (IREIT, Feb. 4, 2015) 3. Robbins, S. P., Judge, T. A.:Organizational Behavior 15th Edition. prentice Hall. (2012) 4. Cristian, B., Lorrie, F.C., Julie, S.D., Saranga, K.: Bridging the Gap in Computer Security Warnings - A Mental Model Approach, IEEE (March-April 2011) 5. Maarten, S., William, J. C. : Modeling and Simulating Work Practice: A Method for Work Systems Design, IEEE (2002)

53

ISBN: 978-969-8680-32-9

Regular Papers-Proceedings of IMTIC’15 6. Maarten, S., William, J.C., Ron, V.H.: Brahms: A multiagent modelling environment for simulating work processes and practices, Int. J. of Simulation and Process Modelling, Vol. X, No. Y (2007) 7. L., JEAN, C.: Mental Models of Privacy and Security, IEEE Tech & Society Magazine (FALL 2009) 8. Lorrie, F.C., Carnegie Mellon University: A Framework for Reasoning About The Human in the Loop (2008) 9. Jim, B., Jean, C., Vaibhav G. : Targeted Risk Communication for computer security, IUI’11, February 13–16, 2011, California, USA (2011). 10. Jim, B., L. Jean, C. : Implementing Mental Models, IEEE Computer Society (2012). 11. Geong, S.P., Nik, N.A., Muhammad, R.Z., Mohamed, R.W.: Reasoning of Collaborative Human Behaviour in SecurityCriticial Work Practices: A Framework, Atlantis Press (2012). 12. Chris, J. : Visualizing the Relationship between Human Error and Organizational Failure, Department of Computing Science, University of Glasgow, Glasgow (1999). 13. Andy, P., Drew, H. : Human Error Seen in Nigeria Air Crash, The Wall Street Journal (February 11, 2013). 14. Scott, S., Doug, W. : HFACS analysis of military and civilian aviation accidents: A North American comparison, Proceedings of the Annual Meeting of the International Society of Air Safety Investigators (2004). 15. Sandeep, P.: Design research in the technology of information systems: Truth or dare., http://iris.nyit.edu/~kkhoo/Spring2008/Topics/DS/000DesignSc_TechISResearch-2002.pdf (2002) 16. Alan, R.H.r, Salvatore, T.M, Jinsoo, P., Sudha, R.: Design science in information systems research., http://em.wtu.edu.cn/mis/jxkz/sjkx.pdf (2004) 17. Maarten, S.: Modeling and simulating work practice : BRAHMS: a multiagent modeling and simulation language for work system analysis and design, Source Type: Book, Pages: 318, ISBN No. ISBN 90-6464-849-2, Faculty of Social and Behavioural Sciences, The institutional repository of the University of Amsterdam (2001). 18. Brigitte, J.: Ethnographic Workplace Studies and Computer Supported Cooperative Work (June 1994) 19. Brigitte J. : Transforming Ethnography-Reinventing Research (1996) 20. Almutairi, S., Aldabbas, H., Abu-Samaha, A.: Review on the security related issues in context aware system. International Journal of Wireless & Mobile Networks (IJWMN), 4(3), 195-204 (2012) 21. Chapman, M.: Intelligent, Automated Decision-Making in Cyber Defence (2013) 22. Gross, Kevin, C.D., Charles, J., L., Eugene, H.: Event-driven rule-based messaging system, Patent No. 5283856, Publication number US5802253 A (Sep 1, 1998) 23. Ghaffar, A., Wahiddin, M. R., Shaikh, A.: Computer Assisted Alerts Using Mental Model Approach for Customer Service Improvement. Journal of Software Engineering and Applications, 6, 21 (May 2013) 24. Noordin, M.F. : ICT and Islam, IIUM Press (2013)

54

ISBN: 978-969-8680-32-9