Information Technology has become a key component of many sectors in today's world, and healthcare is a prime example. However the increase in IT, particularly among healthcare businesses which are now identified as a major target area, has increased sensitivity to cyber threats. There is a variety of vital data stored in such facilities, including private and possibly financial information about patients. An analysis of the risks and threats to these institutions is presented in this paper. The study is based on the results of a survey involving several healthcare professionals from various healthcare establishments in Portugal. It aims to draw attention to the current state of healthcare cybersecurity and evaluate its possible risks, as well as how best to mitigate them. This in depth analysis, aiming at contributing significantly to the conversation on the cybersecurity of healthcare and eventually improving patient data security and integrity against increasing cyber threats, would be a major step forward.
{"title":"Cyber Threats to Healthcare Technology Services","authors":"Rodrigo Sousa","doi":"10.56394/aris2.v4i1.38","DOIUrl":"https://doi.org/10.56394/aris2.v4i1.38","url":null,"abstract":"Information Technology has become a key component of many sectors in today's world, and healthcare is a prime example. However the increase in IT, particularly among healthcare businesses which are now identified as a major target area, has increased sensitivity to cyber threats. There is a variety of vital data stored in such facilities, including private and possibly financial information about patients. An analysis of the risks and threats to these institutions is presented in this paper. The study is based on the results of a survey involving several healthcare professionals from various healthcare establishments in Portugal. It aims to draw attention to the current state of healthcare cybersecurity and evaluate its possible risks, as well as how best to mitigate them. This in depth analysis, aiming at contributing significantly to the conversation on the cybersecurity of healthcare and eventually improving patient data security and integrity against increasing cyber threats, would be a major step forward.","PeriodicalId":438607,"journal":{"name":"ARIS2 - Advanced Research on Information Systems Security","volume":"24 s1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140699901","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Technology changed the world over the past decades, reinventing the way we work, communicate, and live. In the healthcare sector, it has contributed to driving innovations in the diagnosis process, treatment, data management, and information access. However, this transformation has been accompanied by an increasing dependence on digital systems and connectivity. Nowadays, concepts such as artificial intelligence and cybersecurity are widely recognized, but organizations just became aware of the benefits and risks involved. In fact, the nature of their relationship it is still under discussion. �The central objective of this study is to explore the dynamics of this relationship in healthcare, taken as a sector undergoing constant technological evolution. We propose a dual approach, encompassing both strategic and operational perspectives, which can support the management of this complex interaction, balancing security and innovation.
{"title":"Exploring the dynamics between artificial intelligence and cybersecurity in Healthcare","authors":"António Tavares, Pedro Sousa, Rita Proença","doi":"10.56394/aris2.v4i1.44","DOIUrl":"https://doi.org/10.56394/aris2.v4i1.44","url":null,"abstract":"Technology changed the world over the past decades, reinventing the way we work, communicate, and live. In the healthcare sector, it has contributed to driving innovations in the diagnosis process, treatment, data management, and information access. However, this transformation has been accompanied by an increasing dependence on digital systems and connectivity. Nowadays, concepts such as artificial intelligence and cybersecurity are widely recognized, but organizations just became aware of the benefits and risks involved. In fact, the nature of their relationship it is still under discussion. \u0000The central objective of this study is to explore the dynamics of this relationship in healthcare, taken as a sector undergoing constant technological evolution. We propose a dual approach, encompassing both strategic and operational perspectives, which can support the management of this complex interaction, balancing security and innovation.","PeriodicalId":438607,"journal":{"name":"ARIS2 - Advanced Research on Information Systems Security","volume":"45 44","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140701923","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The Multilevel Database Decomposition Framework is a cybersecurity strategy to enhance system robustness and minimize the impact of data breaches with a focus on healthcare systems. With respect to more conventional normalization methods, the framework prioritizes robustness against cyber threats over mere data redundancy reduction. The key strategy of the framework is the decomposition of a database into smaller databases to restrict user access and mitigate the impact of successful intrusions by satisfying the least privilege principle in a more complete way. For this purpose, each database the decomposition produces is uniquely associated with a set of users and the decomposition ensures that each user can access all and only the data his/her operations need. This limits the potential impact of threat agents impersonating users to the information a compromised user can access. �To prevent the propagation of an intrusion across the databases it produces, the framework can apply alternative allocation strategies by distributing the databases to distinct virtual or physical entities according to the security requirement of the original application. This flexibility in allocation management ultimately reinforces defenses against evolving cyber threats and it is the main advantage of the deposition. �As a counterpart of better robustness, some tables will be replicated across the databases the decomposition returns and updates of these tables should be properly replicated to prevent inconsistencies among copies of the same table in distinct databases. The paper includes a performance analysis to evaluate the overheads associated with the alternative allocations. This offers insights into the framework implementation and adaptability to distinct security needs and to evaluate the framework effectiveness for healthcare data systems.
{"title":"Database Decomposition to satisfy the Least Privilege Principle in Healthcare","authors":"Vincenzo Sammartino, Fabrizio Baiardi","doi":"10.56394/aris2.v4i1.43","DOIUrl":"https://doi.org/10.56394/aris2.v4i1.43","url":null,"abstract":"The Multilevel Database Decomposition Framework is a cybersecurity strategy to enhance system robustness and minimize the impact of data breaches with a focus on healthcare systems. With respect to more conventional normalization methods, the framework prioritizes robustness against cyber threats over mere data redundancy reduction. The key strategy of the framework is the decomposition of a database into smaller databases to restrict user access and mitigate the impact of successful intrusions by satisfying the least privilege principle in a more complete way. For this purpose, each database the decomposition produces is uniquely associated with a set of users and the decomposition ensures that each user can access all and only the data his/her operations need. This limits the potential impact of threat agents impersonating users to the information a compromised user can access. \u0000To prevent the propagation of an intrusion across the databases it produces, the framework can apply alternative allocation strategies by distributing the databases to distinct virtual or physical entities according to the security requirement of the original application. This flexibility in allocation management ultimately reinforces defenses against evolving cyber threats and it is the main advantage of the deposition. \u0000As a counterpart of better robustness, some tables will be replicated across the databases the decomposition returns and updates of these tables should be properly replicated to prevent inconsistencies among copies of the same table in distinct databases. The paper includes a performance analysis to evaluate the overheads associated with the alternative allocations. This offers insights into the framework implementation and adaptability to distinct security needs and to evaluate the framework effectiveness for healthcare data systems.","PeriodicalId":438607,"journal":{"name":"ARIS2 - Advanced Research on Information Systems Security","volume":"77 5","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140702744","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Background: With the emergence of eHealth and mHealth, the use of mental health apps has increased significantly as an accessible and convenient approach as an adjunct to promoting well-being and mental health. There are several apps available that can assist with mental health monitoring and management, each with specific features to meet different needs. The intersection of mental health and cyber technology presents a number of critical legal and ethical issues. As mental health monitoring apps and devices become more integrated into clinical practice, cybersecurity takes on paramount importance. Objective: To address the ethical and legal aspects of health cybersecurity related to applications in mental health monitoring and management. Methods: We carried out a thematic synthesis of the best scientific evidence. Results: These tools have the potential to significantly improve access to and quality of care for users with mental health conditions, but they also raise substantial concerns about privacy and informed consent. Cybersecurity in mental health is not only a matter of technology, but also of human rights. The protection of sensitive mental health information is critical, and legal and ethical measures to safeguard this information must be implemented in a robust and transparent manner. Conclusion: the use of information technologies and mobile devices is now part of the clinical reality and its future perspectives. It is important to mention that while these apps can be helpful for self-care and mental well-being management, they are not a substitute for the advice and support of a qualified mental health professional (psychologist or psychiatrist). As we move into the digital age, it is imperative that mental health monitoring and management apps are developed and used responsibly, ensuring the safety, dignity, and well-being of users.
{"title":"Ethical and legal aspects of cybersecurity in health","authors":"Ana Galvão, C. Vaz, Marco Pinheiro, Clarisse Pais","doi":"10.56394/aris2.v4i1.45","DOIUrl":"https://doi.org/10.56394/aris2.v4i1.45","url":null,"abstract":"Background: With the emergence of eHealth and mHealth, the use of mental health apps has increased significantly as an accessible and convenient approach as an adjunct to promoting well-being and mental health. There are several apps available that can assist with mental health monitoring and management, each with specific features to meet different needs. The intersection of mental health and cyber technology presents a number of critical legal and ethical issues. As mental health monitoring apps and devices become more integrated into clinical practice, cybersecurity takes on paramount importance. Objective: To address the ethical and legal aspects of health cybersecurity related to applications in mental health monitoring and management. Methods: We carried out a thematic synthesis of the best scientific evidence. Results: These tools have the potential to significantly improve access to and quality of care for users with mental health conditions, but they also raise substantial concerns about privacy and informed consent. Cybersecurity in mental health is not only a matter of technology, but also of human rights. The protection of sensitive mental health information is critical, and legal and ethical measures to safeguard this information must be implemented in a robust and transparent manner. Conclusion: the use of information technologies and mobile devices is now part of the clinical reality and its future perspectives. It is important to mention that while these apps can be helpful for self-care and mental well-being management, they are not a substitute for the advice and support of a qualified mental health professional (psychologist or psychiatrist). As we move into the digital age, it is imperative that mental health monitoring and management apps are developed and used responsibly, ensuring the safety, dignity, and well-being of users.","PeriodicalId":438607,"journal":{"name":"ARIS2 - Advanced Research on Information Systems Security","volume":"278 11","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140704153","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ricardo Ribeiro, N. Mateus-Coelho, Henrique Mamede
Social Engineering (SE) is a significant problem for enterprises. Cybercriminals continue developing new and sophisticated methods to trick individuals into disclosing confidential information or granting unauthorized access to infrastructure systems. These attacks remain a significant threat to enterprise systems despite significant investments in technical architecture and security measures. User awareness training and other behavioral interventions are critical for improving SE resilience. However, their effectiveness still needs to be determined, as personality traits may turn some individuals more susceptible to SE attacks. This paper aims to provide a comprehensive assessment of the state of knowledge in this field, identifying best practices for improving SE resilience in organizations and supporting the development of new research studies to address this issue. Its goal is to help enterprises of any size develop a framework to reduce the risk of successful SE attacks and create a culture of security awareness.
社会工程(SE)是企业面临的一个重大问题。网络犯罪分子不断开发新的复杂方法,诱使个人泄露机密信息或未经授权访问基础设施系统。尽管在技术架构和安全措施方面进行了大量投资,但这些攻击仍对企业系统构成重大威胁。用户意识培训和其他行为干预对于提高企业系统的复原力至关重要。然而,它们的有效性仍有待确定,因为个性特征可能会使某些人更容易受到 SE 攻击。 本文旨在对这一领域的知识现状进行全面评估,确定提高企业 SE 复原力的最佳做法,并支持针对这一问题开展新的研究。其目标是帮助任何规模的企业制定一个框架,以降低成功遭受 SE 攻击的风险,并创建一种安全意识文化。
{"title":"Improving Social Engineering Resilience In Enterprises","authors":"Ricardo Ribeiro, N. Mateus-Coelho, Henrique Mamede","doi":"10.56394/aris2.v3i1.30","DOIUrl":"https://doi.org/10.56394/aris2.v3i1.30","url":null,"abstract":"Social Engineering (SE) is a significant problem for enterprises. Cybercriminals continue developing new and sophisticated methods to trick individuals into disclosing confidential information or granting unauthorized access to infrastructure systems. These attacks remain a significant threat to enterprise systems despite significant investments in technical architecture and security measures. User awareness training and other behavioral interventions are critical for improving SE resilience. However, their effectiveness still needs to be determined, as personality traits may turn some individuals more susceptible to SE attacks. This paper aims to provide a comprehensive assessment of the state of knowledge in this field, identifying best practices for improving SE resilience in organizations and supporting the development of new research studies to address this issue. Its goal is to help enterprises of any size develop a framework to reduce the risk of successful SE attacks and create a culture of security awareness.","PeriodicalId":438607,"journal":{"name":"ARIS2 - Advanced Research on Information Systems Security","volume":"45 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139348141","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This article presents the ETP-HSC and a corresponding enterprise transformation framework, where the focus is on the application of Enterprise Architecture (EA) to support Security (EA4S) and it is the central topic. The EA4S is a Polymathic-holistic approach, which adopts a clear EA as the main ETP constraint for the implementation of a secured Information and Communications System’s (ICS). EA and all other ICS related architecture disciplines, are inspired from the term Architecture that comes from civil engineering, and in this domain, secured building objects are achieved by implementing robust building and urbanistic architectures, like the famous case of Hausmann’s Architecture and Urbanistic plan for the (re)Architecture of Paris in France, in which its primary objective was to assert Paris’ security. Therefore, the author considers that EAS’ first step is to build an enterprise security concept. But for enterprises that have been archaically built and do not have the needed resources to implement a Haussmannian security concept, therefore an iterative ETP-HSC implementation process can transform the enterprise’s security. ETP-HSC’s feasibility and integrity can be supported by an integrated Applied Holistic Mathematical Model (AHMM) for EAS (AHMM4EAS), and the author’s various research works on the applications of holistic security concepts, ETPs, Artificial Intelligence (AI), Cloud Services (CS), and AHMM. The ETP-SRC is based on a multi-disciplinary proprietary-mixed research method.
本文介绍了 ETP-HSC 和相应的企业转型框架,其重点是应用企业架构(EA)来支持安全(EA4S),这也是核心主题。EA4S 是一种多数学逻辑方法,采用明确的 EA 作为实施安全信息和通信系统 (ICS) 的主要 ETP 约束条件。EA 和所有其他与 ICS 相关的建筑学科,都受到来自土木工程的建筑学一词的启发,在这一领域,安全的建筑对象是通过实施稳健的建筑和城市建筑来实现的,如著名的豪斯曼(Hausmann)的法国巴黎(重建)建筑和城市规划,其主要目标是维护巴黎的安全。因此,作者认为 EAS 的第一步是建立企业安全概念。但是,对于那些已经过时的企业来说,并不具备实施奥斯曼安全概念所需的资源,因此,迭代式的 ETP-HSC 实施过程可以改变企业的安全状况。ETP-HSC的可行性和完整性可以通过一个用于EAS的综合应用整体数学模型(AHMM)(AHMM4EAS)以及作者在整体安全概念、ETP、人工智能(AI)、云服务(CS)和AHMM应用方面的各种研究工作来支持。ETP-SRC 基于多学科专有混合研究方法。
{"title":"Enterprise Transformation Projects","authors":"A. Trad","doi":"10.56394/aris2.v3i1.31","DOIUrl":"https://doi.org/10.56394/aris2.v3i1.31","url":null,"abstract":"This article presents the ETP-HSC and a corresponding enterprise transformation framework, where the focus is on the application of Enterprise Architecture (EA) to support Security (EA4S) and it is the central topic. The EA4S is a Polymathic-holistic approach, which adopts a clear EA as the main ETP constraint for the implementation of a secured Information and Communications System’s (ICS). EA and all other ICS related architecture disciplines, are inspired from the term Architecture that comes from civil engineering, and in this domain, secured building objects are achieved by implementing robust building and urbanistic architectures, like the famous case of Hausmann’s Architecture and Urbanistic plan for the (re)Architecture of Paris in France, in which its primary objective was to assert Paris’ security. Therefore, the author considers that EAS’ first step is to build an enterprise security concept. But for enterprises that have been archaically built and do not have the needed resources to implement a Haussmannian security concept, therefore an iterative ETP-HSC implementation process can transform the enterprise’s security. ETP-HSC’s feasibility and integrity can be supported by an integrated Applied Holistic Mathematical Model (AHMM) for EAS (AHMM4EAS), and the author’s various research works on the applications of holistic security concepts, ETPs, Artificial Intelligence (AI), Cloud Services (CS), and AHMM. The ETP-SRC is based on a multi-disciplinary proprietary-mixed research method.","PeriodicalId":438607,"journal":{"name":"ARIS2 - Advanced Research on Information Systems Security","volume":"5 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139347981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the increasing digitization of the world, web development has become an essential part of businesses and organizations worldwide. However, with the rapid development of technology, cyber threats and attacks have become a major concern for web developers. This article looks at some of the most common cybersecurity threats that web developers should be aware of, and the importance of taking preventative measures to secure web applications. By understanding these cyber threats and taking proactive steps to protect against them, web developers can ensure the security of their users data and maintain the integrity of their web applications.
{"title":"Cybersecurity Threats for a Web Development","authors":"João Cunha","doi":"10.56394/aris2.v2i2.27","DOIUrl":"https://doi.org/10.56394/aris2.v2i2.27","url":null,"abstract":"With the increasing digitization of the world, web development has become an essential part of businesses and organizations worldwide. However, with the rapid development of technology, cyber threats and attacks have become a major concern for web developers. This article looks at some of the most common cybersecurity threats that web developers should be aware of, and the importance of taking preventative measures to secure web applications. By understanding these cyber threats and taking proactive steps to protect against them, web developers can ensure the security of their users data and maintain the integrity of their web applications.","PeriodicalId":438607,"journal":{"name":"ARIS2 - Advanced Research on Information Systems Security","volume":"228 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130636352","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The Web 3.0 ecosystem is growing exponentially, which also adds to the cybersecurity concerns it imposes. There is a continuous shift in the Internet architecture, from a read/write model to a newer model known as Web 3.0. Global companies are exploring web 3.0 opportunities in their business processes. Along with opportunities, Web 3.0 poses several cybersecurity risks to organizations that need to detect and mitigate efficiently. Data breaches, computer attacks, and social engineering defined the cybersecurity risk landscape of Web 2.0. This work aims to identify solutions to the problem between the evolution of web 3.0 and companies to evolve their infrastructures promptly to ensure the privacy and security of their data.
Web 3.0生态系统正在呈指数级增长,这也增加了它所带来的网络安全问题。在Internet架构中,从读/写模型到称为Web 3.0的新模型不断发生变化。全球公司都在其业务流程中探索web 3.0的机会。除了机会之外,Web 3.0还为需要有效检测和缓解的组织带来了一些网络安全风险。数据泄露、计算机攻击和社会工程定义了Web 2.0的网络安全风险图景。这项工作旨在为web 3.0的发展和公司迅速发展其基础设施以确保其数据的隐私和安全之间的问题找到解决方案。
{"title":"Web 3.0 and Cybersecurity – Short Paper","authors":"Sónia Silva","doi":"10.56394/aris2.v2i2.21","DOIUrl":"https://doi.org/10.56394/aris2.v2i2.21","url":null,"abstract":"The Web 3.0 ecosystem is growing exponentially, which also adds to the cybersecurity concerns it imposes. There is a continuous shift in the Internet architecture, from a read/write model to a newer model known as Web 3.0. Global companies are exploring web 3.0 opportunities in their business processes. Along with opportunities, Web 3.0 poses several cybersecurity risks to organizations that need to detect and mitigate efficiently. Data breaches, computer attacks, and social engineering defined the cybersecurity risk landscape of Web 2.0. This work aims to identify solutions to the problem between the evolution of web 3.0 and companies to evolve their infrastructures promptly to ensure the privacy and security of their data.","PeriodicalId":438607,"journal":{"name":"ARIS2 - Advanced Research on Information Systems Security","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130803681","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The growing use of mobile devices has caused many developers to focus more on design and user experience, but with this neglected security issues, whether due to lack of knowledge in this field or lack of delivery time, thus exposing thousands of users to information leaks among other malicious actions. In this sense, this work aims to expose the main vulnerabilities that impact the security of a mobile application, going through analyzes in mobile applications, with the intention of alerting developers about the flaws that are usually present in the applications due to bad coding practices and to reflect on how to make your apps more secure.
{"title":"Case study to identify vulnerabilities in applications developed for the Android","authors":"Tatiani De Andrade","doi":"10.56394/aris2.v2i2.22","DOIUrl":"https://doi.org/10.56394/aris2.v2i2.22","url":null,"abstract":"The growing use of mobile devices has caused many developers to focus more on design and user experience, but with this neglected security issues, whether due to lack of knowledge in this field or lack of delivery time, thus exposing thousands of users to information leaks among other malicious actions. In this sense, this work aims to expose the main vulnerabilities that impact the security of a mobile application, going through analyzes in mobile applications, with the intention of alerting developers about the flaws that are usually present in the applications due to bad coding practices and to reflect on how to make your apps more secure.","PeriodicalId":438607,"journal":{"name":"ARIS2 - Advanced Research on Information Systems Security","volume":"88 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132131685","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Nowadays everyone has one or even more than one smartphone or tablet. The existing applications with the most diverse purposes allow us to perform a series of tasks such as using home banking or checking the email, using only our smartphone/tablet. Android OS being one of the most used in this type of equipment becomes an appealing target for viruses, malware and others. At a time when technology is evolving faster and faster, both in terms of hardware and software, Artificial Intelligence has more and more weight in technological evolution, being used in the most diverse purposes. This review aims to demonstrate how Machine Learning can assist in identifying vulnerabilities in Android OS.
{"title":"Can machine learning be used to detect malware?","authors":"A. Lima","doi":"10.56394/aris2.v2i2.19","DOIUrl":"https://doi.org/10.56394/aris2.v2i2.19","url":null,"abstract":"Nowadays everyone has one or even more than one smartphone or tablet. The existing applications with the most diverse purposes allow us to perform a series of tasks such as using home banking or checking the email, using only our smartphone/tablet. Android OS being one of the most used in this type of equipment becomes an appealing target for viruses, malware and others. At a time when technology is evolving faster and faster, both in terms of hardware and software, Artificial Intelligence has more and more weight in technological evolution, being used in the most diverse purposes. This review aims to demonstrate how Machine Learning can assist in identifying vulnerabilities in Android OS.","PeriodicalId":438607,"journal":{"name":"ARIS2 - Advanced Research on Information Systems Security","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121276680","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: