Unidade de Investigação - CIIC - Computer Science and Communication Research Centre
URI permanente desta comunidade:
Navegar
Percorrer Unidade de Investigação - CIIC - Computer Science and Communication Research Centre por Domínios Científicos e Tecnológicos (FOS) "Ciências Naturais::Ciências da Computação e da Informação"
A mostrar 1 - 10 de 53
Resultados por página
Opções de ordenação
- 802.21-MPA-IMS ArchitecturePublication . Rodrigues, Carlos Miguel de Jesus; Rabadão, Carlos; Pereira, AntónioMobility has become a keyword nowadays with the evolution of mobile devices market and proliferation of realtime services. IP Multimedia Subsystem (IMS) is a single, standardized service framework that supports voice, video, data and messaging services, but does not provide seamless mobility for packet based sessions. This paper purposes an IMS architecture with IEEE 802.21 and media-independent pre-authentication (MPA) integrated. IEEE 802.21 can enable this seamless mobility in IMS and, additionally, MPA provides a secure handover optimization scheme, reducing, as a consequence, handover latency. The main goal of this architecture is to provide seamless and secure handovers between different access technologies in an IMS-based environment.
- Abordagem baseada em Algoritmos Genéticos para deteção de vulnerabilidades de SQL Injection em Aplicações Web PHPPublication . Baptista, Kevin; Bernardino, Anabela Moreira; Bernardino, Eugénia MoreiraHoje em dia, existe uma maior preocupação com a segurança no desenvolvimento de aplicações web. No entanto, ainda existem muitos ataques a este tipo de aplicações, perpetuados por hackers que se aproveitam das vulnerabilidades destas aplicações. Estas vulnerabilidades podem estar associadas a inúmeros fatores, desde configurações incorretas, falhas nas políticas de segurança, sistemas ou componentes desatualizados ou problemas diretamente associados ao código desenvolvido. Os ataques a aplicações web tem como resultado perda de informação privilegiada. Para mitigar este problema, existem varias ferramentas automatizadas que permitem auxiliar profissionais da área a identificar estas vulnerabilidades. No entanto, manter estas ferramentas atualizadas com a evolução tecnológica tem-se demonstrado um desafio. Neste artigo, propomos uma abordagem para detetar vulnerabilidades de SQL Injection no código-fonte de varias aplicações web PHP, usando Algoritmos Genéticos (AG). Os resultados obtidos mostram a eficiência do AG em relação a outras ferramentas existentes.
- Automatic Transcription of Polyphonic Piano Music Using Genetic Algorithms, Adaptive Spectral Envelope Modeling, and Dynamic Noise Level EstimationPublication . Reis, Gustavo; Fernandez de Vega, Francisco; Ferreira, AníbalThis paper presents a new method for multiple fundamental frequency (F0) estimation on piano recordings. We propose a framework based on a genetic algorithm in order to analyze the overlapping overtones and search for the most likely F0 combination. The search process is aided by adaptive spectral envelope modeling and dynamic noise level estimation: while the noise is dynamically estimated, the spectral envelope of previously recorded piano samples (internal database) is adapted in order to best match the piano played on the input signals and aid the search process for the most likely combination of F0s. For comparison, several state-of-the-art algorithms were run across various musical pieces played by different pianos and then compared using three different metrics. The proposed algorithm ranked first place on Hybrid Decay/Sustain Score metric, which has better correlation with the human hearing perception and ranked second place on both onset-only and onset–offset metrics. A previous genetic algorithm approach is also included in the comparison to show how the proposed system brings significant improvements on both quality of the results and computing time.
- Blind Guide: An Ultrasound Sensor-based Body Area Network for Guiding Blind PeoplePublication . Pereira, António; Nunes, Nelson; Vieira, Daniel; Costa, Nuno; Fernandes, Hugo; Barroso, JoãoWireless Sensor Networks, in particular Wireless Body Area Networks, is a technology suggested by the research community as allowing elderly people, or people with some kind of disability, to live in a safer, responsive and comfortable environment while at their homes. One of the most active threats to the autonomous life of blind people is the quantity and variety of obstacles they face while moving, whether they are obstacles in the footpath or obstacles coming out from the walls of buildings. Hence, it is necessary to develop a solution that helps or assists blind people while moving either in indoor or outdoor scenarios, simultaneously allowing the use of the use of white cane or the Seeing Eye dog. In this article, the authors propose the use of an ultra-sound based body area network for obstacle detection and warning as a complementary and effective solution for aiding blind people when moving from place to place. According to the cost estimates of the solution and to the negligible setup time, this could be a real effective complementary solution for blind people.
- A Customizable Web Platform to Manage Standards Compliance of Information Security and Cybersecurity AuditingPublication . Antunes, Mário; Maximiano, Marisa; Gomes, RicardoInformation security and cybersecurity are key subjects in modern enterprises' management, being ISO-27001:2013, NIST Cybersecurity Framework and ISO-27009 some of the most implemented international frameworks and standards. Their main goal is to globally reduce the risk, by leveraging enterprises' competitiveness in global markets and enhancing business processes and collaborators' cyber awareness. Auditing processes examine and assess a list of predefined controls. For each control, a set of corrective measures could be proposed, to increase its compliance with the standard being used. These processes are time-consuming, involve on-site intervention by specialized consulting teams on the intervened enterprises, and a set of status reports of all the interventions should be elaborated and delivered. The existing auditing information systems are not developed to meet Small and Medium-sized Enterprises (SME) requirements, as they are mostly proprietary and expensive, ground usually on off-the-shelf applications, and are not generic to be used by several standards with different checklists and auditing methodologies. In this paper, a generic and web-integrated cybersecurity auditing information system is described. Its architecture, design, and data model enable it to be used in a wide set of auditing processes, by loading a predefined controls checklist assessment and their corresponding mitigation tasks list. It was designed to meet both SMEs and large enterprises' requirements, and stores auditing and intervention-related data in a relational database. The information system was tested on an ISO-27001:2013 information security auditing project, which has integrated fifty SMEs. The results obtained during the project are promising and reveal the appropriateness of using this information system in further similar auditing processes.
- A Dataset of Photos and Videos for Digital Forensics Analysis Using Machine Learning ProcessingPublication . Ferreira, Sara; Antunes, Mário; Correia, Manuel E.Deepfake and manipulated digital photos and videos are being increasingly used in a myriad of cybercrimes. Ransomware, the dissemination of fake news, and digital kidnapping-related crimes are the most recurrent, in which tampered multimedia content has been the primordial disseminating vehicle. Digital forensic analysis tools are being widely used by criminal investigations to automate the identification of digital evidence in seized electronic equipment. The number of files to be processed and the complexity of the crimes under analysis have highlighted the need to employ efficient digital forensics techniques grounded on state-of-the-art technologies. Machine Learning (ML) researchers have been challenged to apply techniques and methods to improve the automatic detection of manipulated multimedia content. However, the implementation of such methods have not yet been massively incorporated into digital forensic tools, mostly due to the lack of realistic and well-structured datasets of photos and videos. The diversity and richness of the datasets are crucial to benchmark the ML models and to evaluate their appropriateness to be applied in real-world digital forensics applications. An example is the development of third-party modules for the widely used Autopsy digital forensic application. This paper presents a dataset obtained by extracting a set of simple features from genuine and manipulated photos and videos, which are part of state-of-the-art existing datasets. The resulting dataset is balanced, and each entry comprises a label and a vector of numeric values corresponding to the features extracted through a Discrete Fourier Transform (DFT). The dataset is available in a GitHub repository, and the total amount of photos and video frames is 40, 588 and 12, 400, respectively. The dataset was validated and benchmarked with deep learning Convolutional Neural Networks (CNN) and Support Vector Machines (SVM) methods; however, a plethora of other existing ones can be applied. Generically, the results show a better F1-score for CNN when comparing with SVM, both for photos and videos processing. CNN achieved an F1-score of 0.9968 and 0.8415 for photos and videos, respectively. Regarding SVM, the results obtained with 5-fold cross-validation are 0.9953 and 0.7955, respectively, for photos and videos processing. A set of methods written in Python is available for the researchers, namely to preprocess and extract the features from the original photos and videos files and to build the training and testing sets. Additional methods are also available to convert the original PKL files into CSV and TXT, which gives more flexibility for the ML researchers to use the dataset on existing ML frameworks and tools.
- Os Desafios Web no Processo Formativo - O Caso de Estudo da humansoftPublication . Sousa, Mayelson de; Gonçalves, AlexandrinoA constante evolução das tecnologias web tem originado o aparecimento de plataformas que facilitam a gestão das tarefas dos utilizadores nos dias de hoje. No sentido de maximizar a satisfação do cliente e disporem de soluções de acordo com os padrões de atuais do mercado, as empresas devem adaptar os seus produtos, com particular enfoque nas soluções web-based, com vista a potenciar a usabilidade e a fluidez do seu uso. Neste sentido, este artigo apresenta um caso de estudo real, de desenvolvimento web na empresa humansoft, onde foram desenvolvidos diversos módulos relativos aos dois principais produtos da empresa, o humantrain, que é um sistema de gestão do processo formativo, e o humanportal, que é uma aplicação web que permite a interoperabilidade entre o humantrain e a web. Ambas as aplicações permitem às entidades formadoras e/ou empresas rentabilizarem a gestão dos seus recursos tanto ao nível pedagógico como financeiros.
- Discrete Compound Tests and Dorfman’s Methodology in the Presence of MisclassificationPublication . Santos, Rui; Martins, João Paulo; Felgueiras, MiguelCompound tests can be used to save resources for classification or estimation purposes in clinical trials and quality control. Nevertheless, the methodologies that are usually applied are restricted to qualitative group tests. Moreover, when quantitative compound tests are applied the problem is to ascertain whether the amount of some substance of any individual in the group is greater or lower than a prefixed threshold. An overview of the applications of the discrete compound tests highlights the advantages (to save resources) and disadvantages (higher probability of misclassification), and suggests criteria to assess the suitability of applying Dorfman’s methodology.
- Distributed Architecture for Unmanned Vehicle ServicesPublication . Ramos, João; Ribeiro, Roberto; Safadinho, David; Barroso, João; Rabadão, Carlos; Pereira, AntónioThe demand for online services is increasing. Services that would require a long time to understand, use and master are becoming as transparent as possible to the users, that tend to focus only on the final goals. Combined with the advantages of the unmanned vehicles (UV), from the unmanned factor to the reduced size and costs, we found an opportunity to bring to users a wide variety of services supported by UV, through the Internet of Unmanned Vehicles (IoUV). Current solutions were analyzed and we discussed scalability and genericity as the principal concerns. Then, we proposed a solution that combines several services and UVs, available from anywhere at any time, from a cloud platform. The solution considers a cloud distributed architecture, composed by users, services, vehicles and a platform, interconnected through the Internet. Each vehicle provides to the platform an abstract and generic interface for the essential commands. Therefore, this modular design makes easier the creation of new services and the reuse of the different vehicles. To confirm the feasibility of the solution we implemented a prototype considering a cloud-hosted platform and the integration of custom-built small-sized cars, a custom-built quadcopter, and a commercial Vertical Take-Off and Landing (VTOL) aircraft. To validate the prototype and the vehicles’ remote control, we created several services accessible via a web browser and controlled through a computer keyboard. We tested the solution in a local network, remote networks and mobile networks (i.e., 3G and Long-Term Evolution (LTE)) and proved the benefits of decentralizing the communications into multiple point-to-point links for the remote control. Consequently, the solution can provide scalable UV-based services, with low technical effort, for anyone at anytime and anywhere.
- An easy-to-use tool to inject DoS and spoofing networking attacksPublication . Almeida, Rafaela; Pacheco, Vasco; Antunes, Mário; Frazão, LuísComputer network attacks are vast and negatively impact the infrastructure and its applicational services. From a cyber offensive and defensive perspective, there are a plethora of tools to craft and inject customized malicious packets in the network and exploit operating systems and application vulnerabilities. Those tools are however hard to operate by practitioners with less knowledge on networking fundamentals and students in the early stage of their studies. This paper proposes an easy-to-use application tool that can produce customized Denial of Service (DoS) and spoofing attacks. It was developed in Python and takes advantage of scapy library to process and inject network packets. A set of experiments was made, and the results obtained show the efficiency and accuracy of the attacks, by impairing the proper functioning of the victim's machines.