Search

Automatized scalable healthcare support solutions allow real-time 24/7 health monitoring of patients, prioritizing medical treatment according to health conditions, reducing medical appointments in clinics and hospitals, and enabling easy exchange of information among healthcare professionals. With recent health safety guidelines due to the COVID-19 pandemic, protecting the elderly has become imperative. However, state-of-the-art health wearable device platforms present limitations in hardware, parameter estimation algorithms, and software architecture. This paper proposes a complete framework for health systems composed of multi-sensor wearable health devices (MWHD), high-resolution parameter estimation, and real-time monitoring applications. The framework is appropriate for real-time monitoring of elderly patients' health without physical contact with healthcare professionals, maintaining safety standards. The hardware includes sensors for monitoring steps, pulse oximetry, heart rate (HR), and temperature using low-power wireless communication. In terms of parameter estimation, the embedded circuit uses high-resolution signal processing algorithms that result in an improved measure of the HR. The proposed high-resolution signal processing-based approach outperforms state-of-the-art HR estimation measurements using the photoplethysmography (PPG) sensor.

Phishing is a type of fraud attempt in which the attacker, usually by e-mail, pretends to be a trusted person or entity in order to obtain sensitive information from a target. Most recent phishing detection researches have focused on obtaining highly distinctive features from the metadata and text of these e-mails. The obtained attributes are then used to feed classification algorithms in order to determine whether they are phishing or legitimate messages. In this paper, it is proposed an approach based on machine learning to detect phishing e-mail attacks. The methods that compose this approach are performed through a feature engineering process based on natural language processing, lemmatization, topics modeling, improved learning techniques for resampling and cross-validation, and hyperparameters configuration. The first proposed method uses all the features obtained from the Document-Term Matrix (DTM) in the classification algorithms. The second one uses Latent Dirichlet Allocation (LDA) as a operation to deal with the problems of the “curse of dimensionality”, the sparsity, and the text context portion included in the obtained representation. The proposed approach reached marks with an F1-measure of 99.95% success rate using the XGBoost algorithm. It outperforms state-of-the-art phishing detection researches for an accredited data set, in applications based only on the body of the e-mails, without using other e-mail features such as its header, IP information or number of links in the text.

The possibility of cyber-attacks against critical infrastructure, and in particular nuclear power plants, has prompted several efforts by academia. Many of these works aim to capture the vulnerabilities of the industrial control systems used in these plants through computer simulations and hardware in the loop configurations. However, general results in this area are limited by the cost and diversity of existing commercial equipment and protocols, as well as by the inherent complexity of the nuclear plants. In this context, this work introduces a testbed for the study of cyber-attacks against a realistic simulation of a nuclear power plant. Our approach consists in surveying issues regarding realistic simulations of nuclear power plants and to design and experimentally validate a software testbed for the controlled analysis of cyberattacks against the simulated nuclear plant. The proposal integrates a simulated Modbus/TCP network environment containing basic industrial control elements implemented with open-source software components. We validate the proposed testbed architecture by performing and analyzing a representative cyberattack in the developed environment, thus showing the principles for the analysis of other possible cybernetic attacks.

A jurisprudence search system is a solution that makes available to its users a set of decisions made by public bodies on the recurring understanding as a way of understanding the law. In the similarity of legal decisions, jurisprudence seeks subsidies that provide stability, uniformity, and some predictability in the analysis of a case decided. This paper presents a proposed solution architecture for the jurisprudence search system of the Brazilian Administrative Council for Economic Defense (CADE), with a view to building and expanding the knowledge generated regarding the economic defense of competition to support the agency’s final procedural business activities. We conducted a literature review and a survey to investigate the characteristics and functionalities of the jurisprudence search systems used by Brazilian public administration agencies. Our findings revealed that the prevailing technologies of Brazilian agencies in developing jurisdictional search systems are Java programming language and Apache Solr as the main indexing engine. Around 87% of the jurisprudence search systems use machine learning classification. On the other hand, the systems do not use too many artificial intelligence and morphological construction techniques. No agency participating in the survey claimed to use ontology to treat structured and unstructured data from different sources and formats.

Information and Communication Technology (ICT) Governance is increasingly necessary and present in organizations aiming to improve the maturity of their ICT processes. This paper presents an analysis of the ICT Governance processes of a Brazilian Federal Public Administration agency. To assess the maturity of the ICT Governance processes, we surveyed and diagnosed the processes performed by the agency and organized a series of meetings/discussions to assist in the improvement and modeling of the processes related to the ICT Contract Planning process. As a result, we proposed improvements and identified the maturity level of the existing ICT processes, also assessing the awareness of employees of the General Coordination of Information Technology regarding these processes. Our findings reveal that the agency still needs to implement the following processes: (1) ICT People Management; (2) Business Process Modeling (Automated/to Automate); (3) Change Management; (4) Execution Monitoring of the ICT Projects and Services Portfolio; and (5) ICT Service Continuity Management. We also identified several artifacts that need to be implemented by the agency in different processes and collected survey participants’ suggestions about new processes to improve the maturity in ICT Governance.

This paper proposes a new forensic analysis methodology that combines processes, techniques, and tools for physical and logical data acquisition from mobile devices. The proposed methodology allows an overview of the use of the In-System Programming (ISP) technique with the usage of Combination Firmware, aligned with specific collection and analysis processes. The carried out experiments show that the proposed methodology is convenient and practical and provides new possibilities for data acquisition on devices that run the Android Operating System with advanced protection mechanisms. The methodology is also feasible in devices compatible with the usage of Joint Test Action Group (JTAG) techniques and which use Embedded Multimedia Card (eMMC) or Embedded Multi-Chip Package (eMCP) as main memory. The techniques included in the methodology are effective on encrypted devices, in which the JTAG and Chip-Off techniques prove to be ineffective, especially on those that have an unauthorized access protection mechanism enabled, such as lock screen password, blocked bootloader, and Factory Reset Protection (FRP) active. Studies also demonstrate that data preservation and integrity are maintained, which is critical to a digital forensic process.