Percorrer por autor "Correia, Manuel E."
A mostrar 1 - 6 de 6
Resultados por página
Opções de ordenação
- An Artificial Immune System for Temporal Anomaly Detection Using Cell Activation Thresholds and Clonal Size Regulation with HomeostasisPublication . Antunes, Mário; Correia, Manuel E.This paper presents an Artificial Immune System (AIS) based on Grossman's Tunable Activation Threshold (TAT) for anomaly detection. We describe the immunological metaphor and the algorithm adopted for T-cells, emphasizing two important features: the temporal dynamic adjustment of T-cells clonal size and its associated homeostasis mechanism. We present some promising results obtained with artificially generated data sets, aiming to test the appropriateness of using TAT in dynamic changing environments, to distinguish new unseen patterns as part of what should be detected as normal or as anomalous.
- A Dataset of Photos and Videos for Digital Forensics Analysis Using Machine Learning ProcessingPublication . Ferreira, Sara; Antunes, Mário; Correia, Manuel E.Deepfake and manipulated digital photos and videos are being increasingly used in a myriad of cybercrimes. Ransomware, the dissemination of fake news, and digital kidnapping-related crimes are the most recurrent, in which tampered multimedia content has been the primordial disseminating vehicle. Digital forensic analysis tools are being widely used by criminal investigations to automate the identification of digital evidence in seized electronic equipment. The number of files to be processed and the complexity of the crimes under analysis have highlighted the need to employ efficient digital forensics techniques grounded on state-of-the-art technologies. Machine Learning (ML) researchers have been challenged to apply techniques and methods to improve the automatic detection of manipulated multimedia content. However, the implementation of such methods have not yet been massively incorporated into digital forensic tools, mostly due to the lack of realistic and well-structured datasets of photos and videos. The diversity and richness of the datasets are crucial to benchmark the ML models and to evaluate their appropriateness to be applied in real-world digital forensics applications. An example is the development of third-party modules for the widely used Autopsy digital forensic application. This paper presents a dataset obtained by extracting a set of simple features from genuine and manipulated photos and videos, which are part of state-of-the-art existing datasets. The resulting dataset is balanced, and each entry comprises a label and a vector of numeric values corresponding to the features extracted through a Discrete Fourier Transform (DFT). The dataset is available in a GitHub repository, and the total amount of photos and video frames is 40, 588 and 12, 400, respectively. The dataset was validated and benchmarked with deep learning Convolutional Neural Networks (CNN) and Support Vector Machines (SVM) methods; however, a plethora of other existing ones can be applied. Generically, the results show a better F1-score for CNN when comparing with SVM, both for photos and videos processing. CNN achieved an F1-score of 0.9968 and 0.8415 for photos and videos, respectively. Regarding SVM, the results obtained with 5-fold cross-validation are 0.9953 and 0.7955, respectively, for photos and videos processing. A set of methods written in Python is available for the researchers, namely to preprocess and extract the features from the original photos and videos files and to build the training and testing sets. Additional methods are also available to convert the original PKL files into CSV and TXT, which gives more flexibility for the ML researchers to use the dataset on existing ML frameworks and tools.
- Exposing Manipulated Photos and Videos in Digital Forensics AnalysisPublication . Ferreira, Sara; Antunes, Mário; Correia, Manuel E.Tampered multimedia content is being increasingly used in a broad range of cybercrime activities. The spread of fake news, misinformation, digital kidnapping, and ransomware-related crimes are amongst the most recurrent crimes in which manipulated digital photos and videos are the perpetrating and disseminating medium. Criminal investigation has been challenged in applying machine learning techniques to automatically distinguish between fake and genuine seized photos and videos. Despite the pertinent need for manual validation, easy-to-use platforms for digital forensics are essential to automate and facilitate the detection of tampered content and to help criminal investigators with their work. This paper presents a machine learning Support Vector Machines (SVM) based method to distinguish between genuine and fake multimedia files, namely digital photos and videos, which may indicate the presence of deepfake content. The method was implemented in Python and integrated as new modules in the widely used digital forensics application Autopsy. The implemented approach extracts a set of simple features resulting from the application of a Discrete Fourier Transform (DFT) to digital photos and video frames. The model was evaluated with a large dataset of classified multimedia files containing both legitimate and fake photos and frames extracted from videos. Regarding deepfake detection in videos, the Celeb-DFv1 dataset was used, featuring 590 original videos collected from YouTube, and covering different subjects. The results obtained with the 5-fold cross-validation outperformed those SVM-based methods documented in the literature, by achieving an average F1-score of 99.53%, 79.55%, and 89.10%, respectively for photos, videos, and a mixture of both types of content. A benchmark with state-of-the-art methods was also done, by comparing the proposed SVM method with deep learning approaches, namely Convolutional Neural Networks (CNN). Despite CNN having outperformed the proposed DFT-SVM compound method, the competitiveness of the results attained by DFT-SVM and the substantially reduced processing time make it appropriate to be implemented and embedded into Autopsy modules, by predicting the level of fakeness calculated for each analyzed multimedia file.
- Profiling IT Security and Interoperability in Brazilian Health Organisations From a Business PerspectivePublication . Rijo, Rui; Martinho, Ricardo; Oliveira, Adicinéia Aparecida; Alves, Domingos; Reis, Zilma Silveira Nogueira; Santos-Pereira, Cátia; Correia, Manuel E.; Antunes, Luís Filipe; Cruz-Correia, Ricardo JoãoThe proliferation of electronic health (e-Health) initiatives in Brazil over the last 2 decades has resulted in a considerable fragmentation within health information technology (IT), with a strong political interference. The problem regarding this issue became twofold: 1) there are considerable flaws regarding interoperability and security involving patient data; and 2) it is difficult even for an experienced company to enter the Brazilian health IT market. In this article, the authors aim to assess the current state of IT interoperability and security in hospitals in Brazil and evaluate the best business strategy for an IT company to enter this difficult but very promising health IT market. A face-to-face questionnaire was conducted among 11 hospital units to assess their current status regarding IT interoperability and security aspects. Global Brazilian socio-economic data was also collected, and helped to not only identify areas of investment regarding health IT security and interoperability, but also to derive a business strategy, composed out of recommendations listed in the paper.
- Temporal Anomaly Detection: An Artificial Immune Approach Based on T-Cell Activation, Clonal Size Regulation and HomeostasisPublication . Antunes, Mário J.; Correia, Manuel E.This paper presents an artificial immune system (AIS) based on Grossman's tunable activation threshold (TAT) for temporal anomaly detection. We describe the generic AIS framework and the TAT model adopted for simulating T Cells behaviour, emphasizing two novel important features: the temporal dynamic adjustment of T Cells clonal size and its associated homeostasis mechanism. We also present some promising results obtained with artificially generated data sets, aiming to test the appropriateness of using TAT in dynamic changing environments, to distinguish new unseen patterns as part of what should be detected as normal or as anomalous. We conclude by discussing results obtained thus far with artificially generated data sets.
- Tunable Immune Detectors for Behaviour-Based Network Intrusion DetectionPublication . Antunes, Mário; Correia, Manuel E.Computer networks are highly dynamic environments in which the meaning of normal and anomalous behaviours can drift considerably throughout time. Behaviour-based Network Intrusion Detection System (NIDS) have thus to cope with the temporal normality drift intrinsic on computer networks, by tuning adaptively its level of response, in order to be able to distinguish harmful from harmless network traffic flows. In this paper we put forward the intrinsic Tunable Activation Threshold (TAT) theory ability to adaptively tolerate normal drifting network traffic flows. This is embodied on the TAT-NIDS, a TAT-based Artificial Immune System (AIS) we have developed for network intrusion detection. We describe the generic AIS framework we have developed to assemble TAT-NIDS and present the results obtained thus far on processing real network traffic data sets. We also compare the performance obtained by TAT-NIDS with the well known and widely deployed signature-based snort network intrusion detection system.