CIIC - Publicações em Atas de Conferências com Peer Review
URI permanente para esta coleção:
Navegar
Entradas recentes
- A Customizable Web Platform to Manage Standards Compliance of Information Security and Cybersecurity AuditingPublication . Antunes, Mário; Maximiano, Marisa; Gomes, RicardoInformation security and cybersecurity are key subjects in modern enterprises' management, being ISO-27001:2013, NIST Cybersecurity Framework and ISO-27009 some of the most implemented international frameworks and standards. Their main goal is to globally reduce the risk, by leveraging enterprises' competitiveness in global markets and enhancing business processes and collaborators' cyber awareness. Auditing processes examine and assess a list of predefined controls. For each control, a set of corrective measures could be proposed, to increase its compliance with the standard being used. These processes are time-consuming, involve on-site intervention by specialized consulting teams on the intervened enterprises, and a set of status reports of all the interventions should be elaborated and delivered. The existing auditing information systems are not developed to meet Small and Medium-sized Enterprises (SME) requirements, as they are mostly proprietary and expensive, ground usually on off-the-shelf applications, and are not generic to be used by several standards with different checklists and auditing methodologies. In this paper, a generic and web-integrated cybersecurity auditing information system is described. Its architecture, design, and data model enable it to be used in a wide set of auditing processes, by loading a predefined controls checklist assessment and their corresponding mitigation tasks list. It was designed to meet both SMEs and large enterprises' requirements, and stores auditing and intervention-related data in a relational database. The information system was tested on an ISO-27001:2013 information security auditing project, which has integrated fifty SMEs. The results obtained during the project are promising and reveal the appropriateness of using this information system in further similar auditing processes.
- Exploring SQL injection vulnerabilities using artificial bee colonyPublication . Baptista, Kevin; Bernardino, Anabela; Bernardino, EugéniaOver the last couple of decades, there has been an enormous growth in technologies and services available on the internet. This growth must take security into account, although due to the increase in complexity of systems this is not an easy task. Nowadays, hardly any organization may say with certainty that their system is secure. The Open Web Application Security listed “Injection” as the most security risk for web applications in 2020. There are many automated tools to assist professionals in the field, in order to identify this vulnerability. However, keeping these tools up to date has proven to be a challenge. Therefore, there has been some interest in applying Artificial Intelligence (AI) in this field. In this paper, we propose an approach to detect SQL injection vulnerabilities in the source code, using Artificial Bee Colony (ABC).
- Forensic Analysis of Tampered Digital PhotosPublication . Ferreira, Sara; Antunes, Mário; Correia, Manuel E.Deepfake in multimedia content is being increasingly used in a plethora of cybercrimes, namely those related to digital kidnap, and ransomware. Criminal investigation has been challenged in detecting manipulated multimedia material, by applying machine learning techniques to distinguish between fake and genuine photos and videos. This paper aims to present a Support Vector Machines (SVM) based method to detect tampered photos. The method was implemented in Python and integrated as a new module in the widely used digital forensics application Autopsy. The method processes a set of features resulting from the application of a Discrete Fourier Transform (DFT) in each photo. The experiments were made in a new and large dataset of classified photos containing both legitimate and manipulated photos, and composed of objects and faces. The results obtained were promising and reveal the appropriateness of using this method embedded in Autopsy, to help in criminal investigation activities and digital forensics.
- PrefacePublication . Rodrigues, Nuno; Mendes, DanielPresents the introductory welcome message from the conference proceedings. May include the conference officers' congratulations to all involved with the conference event and publication of the proceedings record.
- Defining Semantic Meta-hashtags for Twitter ClassificationPublication . Costa, Joana; Silva, Catarina; Antunes, Mário; Ribeiro, BernardeteGiven the wide spread of social networks, research efforts to retrieve information using tagging from social networks communications have increased. In particular, in Twitter social network, hashtags are widely used to define a shared context for events or topics. While this is a common practice often the hashtags freely introduced by the user become easily biased. In this paper, we propose to deal with this bias defining semantic meta-hashtags by clustering similar messages to improve the classification. First, we use the user-defined hashtags as the Twitter message class labels. Then, we apply the meta-hashtag approach to boost the performance of the message classification. The meta-hashtag approach is tested in a Twitter-based dataset constructed by requesting public tweets to the Twitter API. The experimental results yielded by comparing a baseline model based on user-defined hashtags with the clustered meta-hashtag approach show that the overall classification is improved. It is concluded that by incorporating semantics in the meta-hashtag model can have impact in different applications, e.g. recommendation systems, event detection or crowdsourcing.
- Health Literacy of the Polytechnic of Leiria StudentsPublication . Ascenso, Rita Margarida Teixeira; Dias, Sara Simões; Luis, Luis; Gonçalves, DulceHealth Literacy (HL) has several definitions and numerous HL assessment tools. Several systematic reviews on HL identified tools for HL assessment. Health Literacy Survey with 47 questions (HLS-EU-Q47) for Europe was adapted for 16 questions (HLS-EU-Q16), and for only 6 questions (HLS-EU-Q6). These are already in Portuguese and have been used to assess HL since 2017. The studies involved the Portuguese population, and recently, in 2021, the HL evaluation in university students identified limitations in HL. The HLS-EU-Q16_Pt used showed adequate internal consistency (Cronbach's alpha = 0.778, [0.737, 0.816]). Among 251 students from the Polytechnic of Leiria there was a statistically significant association of HL scores with the health area, and more evident when students had a previous degree in health.
- Keeping track of UWP application changes for digital forensic purposesPublication . Andrade, Luis Miguel; Domingues, Patricio; Frade, MiguelDigital forensics aims to collect and interpret artifacts that can help in the understanding of the action performed by a given individual or organization. The forensic artifacts are highly dependent on the inner working of the operating system (OS) and applications. This is the case for applications of the Universal Windows Platform (UWP), with digital forensic practitioners often depending on the data kept in the private database(s) of the application. However, some of these applications evolve rapidly, with new versions bringing changes that sometimes involve their inner databases and thus might impact digital forensic artifacts. In this paper, we present UWPscanner, an open source system that we have developed. The UWPscanner system allows to track the changes of internal databases used by UWP applications, aiming to ease the task of not only digital practitioners, but also of digital forensic tool developers. The paper is complemented with the case-study of tracking Microsoft Skype (SkypeApp) and Your Phone evolution with UWPscanner.
- Perfect Periodic Sequences with Low PAPRPublication . Ferreira, M.; Gasparovic, M.; Manjunath, G.; Priem-Mendes, S.; Pereira, J. S.Different coding sequences have huge effects on the performance of Code Division Multiple Access and Orthogonal Frequency Division Multiple Access communication systems. We propose new perfect sequences, derived from an Inverse Discrete Fourier Transform of Golay codes, and present both a mathematical and hardware-based direct/inverse generator for these new sequences. Our analysis reveals that these new sequences, named Orthogonal Perfect DFT Golay (OPDG) codes, have better autocorrelation and cross-correlation properties than the Golay codes. High Peak-to-Average Power Ratio (PAPR) is identified as one of the main practical problems involving Orthogonal Frequency Division Multiple Access power transmission. To minimize this problem, we introduce a bipolar decomposition of our new perfect sequences that permit the lowest PAPR (equal to 1) for each of the new bipolar codes. Additionally, this paper shows that the new bipolar codes derived from OPDG sequences outperform orthogonal Gold codes regarding error transmission probabilities.
- 3D PARTICLE SYSTEMS FOR AUDIO APPLICATIONSPublication . Fonseca, NunoAlthough particle systems are well know for their use in computer graphics, their application in sound is very rare or almost non-existent. This paper presents a conceptual model for the use of particle systems in audio applications, using a full rendering system with virtual microphones: several virtual particles are spread over a virtual 3D space, where each particle reproduces one of the available audio streams (or a modified version), and the overall sound is captured by virtual microphones. Such system can be used on several audio-related areas like sound design, 3D mixing, reverb/impulse response design, granular synthesis, audio up-mixing, and impulse response up-mixing.
- Soluções SIEM open source: um estudo comparativoPublication . Vazão, Ana; Santos, Leonel; Piedade, Maria Beatriz; Rabadão, CarlosOs ataques informáticos estão a aumentar de complexidade e de número de ocorrências, tornando primordial implementar ferramentas como o Security Information and Event Management (SIEM) para mitigar os riscos, uma vez que as Organizações dependem cada vez mais dos sistemas informáticos para o desenvolvimento das suas atividades. O presente trabalho compara várias soluções SIEM open source, recorrendo à pesquisa bibliográfica e à implementação de vários cenários de testes, com o objetivo de criar um protótipo e de efetuar a avaliação do mesmo em contexto de produção. A solução escolhida vai ter de ter em consideração as exigências legais do Regulamento Geral de Proteção de Dados, como é o caso da anonimização e da pseudoanonimização dos dados sensíveis, o tempo de retenção dos logs e a sua encriptação.