Sistema de recomendação para alívio de stress

Stress is considered to be a normal part of our lives, especially when taken into account that people are constantly trying to push their limits and the limits of others around them. Whether at home or at their jobs, the idea that to be successful one must work harder is deeply rooted within society because such behavior has shown positive results in the past. Stressful events can work as a reactor for people to feel the necessary motivation to move on with their tasks. However, if uncontrolled, may lead to health-related consequences, such as cardiovascular diseases, sleep deprivation, and anxiety. Therefore, it is important to not only recognize that stress has serious negative impacts in the lives of people but also to find mechanisms to cope with it. This document presents a solution in the form of a web application capable of providing stresseasing and health improving recommendations that adapt to the users of the application by considering their ratings from past recommendation, as well as their profiles. Through an engaging and interactive graphical user interface, users can receive personalized recommendations via system notifications. These notifications are composed of a demonstrative card and a description, as well as a collection of documents with insightful information regarding the recommendations being provided. This web application is supported by three major components, designed to operate both synchronously and asynchronously in a microservices-oriented architecture, promoting the flexibility and scalability of the solution. Furthermore, for the solution to provide recommendations, it was necessary to implement a filtering technique. Among the most common ones, the content-based filtering is the most advantageous, meaning that a content-based recommender system was developed as part of the solution. Lastly, it was concluded that the web application satisfactorily meets the established requirements. However, due to lack of user-generated data, the randomly generated data used to demonstrate how a proper evaluation would be conducted cannot be subject for interpretation.O stress é considerado parte integrante nas nossas vidas, especialmente quando consideramos que as pessoas estão constantemente a tentar superar os seus limites, muitas vezes delegando essas mesmas expectativas àqueles que as rodeiam. Tanto em casa, com os seus parceiros e familiares, como no seu local de trabalho, a ideia de que para se obter sucesso tem de se trabalhar mais está enraizada na sociedade, sendo que comportamentos semelhantes no passado comprovaram resultados positivos nesse sentido. Os eventos de stress podem funcionar como um sentimento de motivação para que as pessoas consigam desempenhar as suas funções diariamente. Contudo, caso não sejam controlados, poderão trazer consequências graves relacionadas com a saúde, tais como doenças cardiovasculares, privação do sono, e problemas de ansiedade. Assim, é importante não apenas reconhecer que o stress tem diversos impactos sérios na vida das pessoas, mas também encontrar formas de o gerir apropriadamente. Este documento apresenta uma solução na forma de uma aplicação web capaz de fornecer recomendações para redução do stress e melhoria de saúde, que se adaptam aos utilizadores da aplicação considerando as suas avaliações a recomendações no passado. Através de uma interface gráfica envolvente e interativa, os utilizadores podem receber recomendações personalizadas por meio de notificações do sistema. Essas notificações são compostas por um cartão demonstrativo e uma descrição, assim como de um conjunto de documentos com informações detalhadas acerca das recomendações fornecidas. Esta aplicação é composta por três componentes principais, desenhados para interagirem entre si tanto de forma síncrona como assíncrona numa arquitetura orientada a microserviços, promovendo a flexibilidade e escalabilidade da solução. Para além disso, para que a solução seja capaz de fornecer recomendações, foi preciso implementar uma técnica de filtragem. Entre as mais comuns, a filtragem baseada em conteúdo demonstrou ser a mais vantajosa, significando que foi desenvolvido um sistema de recomendação baseado em conteúdo como parte da solução. Finalmente, concluiu-se que a aplicação web vai satisfatoriamente de encontro aos requisitos estabelecidos. Contudo, devido à falta de dados gerados pelos utilizadores da aplicação, os dados gerados aleatoriamente para demonstrar de que forma uma avaliação adequada seria realizada, não estão sujeitos a interpretação

Prototype Digital Forensics Repository

The explosive growth in technology has led to a new league of a crime involving identity theft, stealing trade secrets, malicious virus attacks, hacking of DVD players, etc. The law enforcement community which has been trained to deal with traditional form of crime, is now being trained in a new realm of Digital Forensics. Forensics investigators have realized that often the most valuable resource available to them is experience and knowledge of fellow investigators. But there is seldom an explicit mechanism for disseminating this knowledge. Hence the same problems and mistakes continue to resurface and the same solutions are re-invented. In this Thesis we design and create a knowledge base, a Digital Forensics Repository, to support the sharing of experiences about the Forensics Investigation Process. It offers capabilities such as submission of lessons, online search and retrieval which will provide a means of querying into an ever increasing knowledge base

Prototype Digital Forensics Repository

The explosive growth in technology has led to a new league of a crime involving identity theft, stealing trade secrets, malicious virus attacks, hacking of DVD players, etc. The law enforcement community which has been trained to deal with traditional form of crime, is now being trained in a new realm of Digital Forensics. Forensics investigators have realized that often the most valuable resource available to them is experience and knowledge of fellow investigators. But there is seldom an explicit mechanism for disseminating this knowledge. Hence the same problems and mistakes continue to resurface and the same solutions are re-invented. In this Thesis we design and create a knowledge base, a Digital Forensics Repository, to support the sharing of experiences about the Forensics Investigation Process. It offers capabilities such as submission of lessons, online search and retrieval which will provide a means of querying into an ever increasing knowledge base

Privacy in Mobile Agent Systems: Untraceability

Agent based Internet environments are an interesting alternative to existing approaches of building software systems. The enabling feature of agents is that they allow software development based on the abstraction (a "metaphor") of elements of the real world. In other words, they allow building software systems, which work as human societies, in which members share products and services, cooperate or compete with each other. Organisational, behavioural and functional models etc applied into the systems can be copied from the real world. The growing interest in agent technologies in the European Union was expressed through the foundation of the Coordination Action for Agent-Based Computing, funded under the European Commission's Sixth Framework Programme (FP6). The action, called AgentLink III is run by the Information Society Technologies (IST) programme. The long-term goal of AgentLink is to put Europe at the leading edge of international competitiveness in this increasingly important area. According to AgentLink "Roadmap for Agent Based Computing"; agent-based systems are perceived as "one of the most vibrant and important areas of research and development to have emerged in information technology in recent years, underpinning many aspects of broader information society technologies"; However, with the emergence of the new paradigm, came also new challenges. One of them is that agent environments, especially those which allow for mobility of agents, are much more difficult to protect from intruders than conventional systems. Agent environments still lack sufficient and effective solutions to assure their security. The problem which till now has not been addressed sufficiently in agent-based systems is privacy, and particularly the anonymity of agent users. Although anonymity was studied extensively for traditional message-based communication for which during the past twenty five years various techniques have been proposed, for agent systems this problem has never been directly addressed. The research presented in this report aimed at filling this gap. This report summarises results of studies aiming at the identification of threats to privacy in agent-based systems and the methods of their protection.JRC.G.6-Sensors, radar technologies and cybersecurit

Web-based Secure Application Control

The world wide web today serves as a distributed application platform. Its origins, however, go back to a simple delivery network for static hypertexts. The legacy from these days can still be observed in the communication protocol used by increasingly sophisticated clients and applications. This thesis identifies the actual security requirements of modern web applications and shows that HTTP does not fit them: user and application authentication, message integrity and confidentiality, control-flow integrity, and application-to-application authorization. We explore the other protocols in the web stack and work out why they can not fill the gap. Our analysis shows that the underlying problem is the connectionless property of HTTP. However, history shows that a fresh start with web communication is far from realistic. As a consequence, we come up with approaches that contribute to meet the identified requirements. We first present impersonation attack vectors that begin before the actual user authentication, i.e. when secure web interaction and authentication seem to be unnecessary. Session fixation attacks exploit a responsibility mismatch between the web developer and the used web application framework. We describe and compare three countermeasures on different implementation levels: on the source code level, on the framework level, and on the network level as a reverse proxy. Then, we explain how the authentication credentials that are transmitted for the user login, i.e. the password, and for session tracking, i.e. the session cookie, can be complemented by browser-stored and user-based secrets respectively. This way, an attacker can not hijack user accounts only by phishing the user's password because an additional browser-based secret is required for login. Also, the class of well-known session hijacking attacks is mitigated because a secret only known by the user must be provided in order to perform critical actions. In the next step, we explore alternative approaches to static authentication credentials. Our approach implements a trusted UI and a mutually authenticated session using signatures as a means to authenticate requests. This way, it establishes a trusted path between the user and the web application without exchanging reusable authentication credentials. As a downside, this approach requires support on the client side and on the server side in order to provide maximum protection. Another approach avoids client-side support but can not implement a trusted UI and is thus susceptible to phishing and clickjacking attacks. Our approaches described so far increase the security level of all web communication at all time. This is why we investigate adaptive security policies that fit the actual risk instead of permanently restricting all kinds of communication including non-critical requests. We develop a smart browser extension that detects when the user is authenticated on a website meaning that she can be impersonated because all requests carry her identity proof. Uncritical communication, however, is released from restrictions to enable all intended web features. Finally, we focus on attacks targeting a web application's control-flow integrity. We explain them thoroughly, check whether current web application frameworks provide means for protection, and implement two approaches to protect web applications: The first approach is an extension for a web application framework and provides protection based on its configuration by checking all requests for policy conformity. The second approach generates its own policies ad hoc based on the observed web traffic and assuming that regular users only click on links and buttons and fill forms but do not craft requests to protected resources.Das heutige World Wide Web ist eine verteilte Plattform für Anwendungen aller Art: von einfachen Webseiten über Online Banking, E-Mail, multimediale Unterhaltung bis hin zu intelligenten vernetzten Häusern und Städten. Seine Ursprünge liegen allerdings in einem einfachen Netzwerk zur Übermittlung statischer Inhalte auf der Basis von Hypertexten. Diese Ursprünge lassen sich noch immer im verwendeten Kommunikationsprotokoll HTTP identifizieren. In dieser Arbeit untersuchen wir die Sicherheitsanforderungen moderner Web-Anwendungen und zeigen, dass HTTP diese Anforderungen nicht erfüllen kann. Zu diesen Anforderungen gehören die Authentifikation von Benutzern und Anwendungen, die Integrität und Vertraulichkeit von Nachrichten, Kontrollflussintegrität und die gegenseitige Autorisierung von Anwendungen. Wir untersuchen die Web-Protokolle auf den unteren Netzwerk-Schichten und zeigen, dass auch sie nicht die Sicherheitsanforderungen erfüllen können. Unsere Analyse zeigt, dass das grundlegende Problem in der Verbindungslosigkeit von HTTP zu finden ist. Allerdings hat die Geschichte gezeigt, dass ein Neustart mit einem verbesserten Protokoll keine Option für ein gewachsenes System wie das World Wide Web ist. Aus diesem Grund beschäftigt sich diese Arbeit mit unseren Beiträgen zu sicherer Web-Kommunikation auf der Basis des existierenden verbindungslosen HTTP. Wir beginnen mit der Beschreibung von Session Fixation-Angriffen, die bereits vor der eigentlichen Anmeldung des Benutzers an der Web-Anwendung beginnen und im Erfolgsfall die temporäre Übernahme des Benutzerkontos erlauben. Wir präsentieren drei Gegenmaßnahmen, die je nach Eingriffsmöglichkeiten in die Web-Anwendung umgesetzt werden können. Als nächstes gehen wir auf das Problem ein, dass Zugangsdaten im WWW sowohl zwischen den Teilnehmern zu Authentifikationszwecken kommuniziert werden als auch für jeden, der Kenntnis dieser Daten erlangt, wiederverwendbar sind. Unsere Ansätze binden das Benutzerpasswort an ein im Browser gespeichertes Authentifikationsmerkmal und das sog. Session-Cookie an ein Geheimnis, das nur dem Benutzer und der Web-Anwendung bekannt ist. Auf diese Weise kann ein Angreifer weder ein gestohlenes Passwort noch ein Session-Cookie allein zum Zugriff auf das Benutzerkonto verwenden. Darauffolgend beschreiben wir ein Authentifikationsprotokoll, das vollständig auf die Übermittlung geheimer Zugangsdaten verzichtet. Unser Ansatz implementiert eine vertrauenswürdige Benutzeroberfläche und wirkt so gegen die Manipulation derselben in herkömmlichen Browsern. Während die bisherigen Ansätze die Sicherheit jeglicher Web-Kommunikation erhöhen, widmen wir uns der Frage, inwiefern ein intelligenter Browser den Benutzer - wenn nötig - vor Angriffen bewahren kann und - wenn möglich - eine ungehinderte Kommunikation ermöglichen kann. Damit trägt unser Ansatz zur Akzeptanz von Sicherheitslösungen bei, die ansonsten regelmäßig als lästige Einschränkungen empfunden werden. Schließlich legen wir den Fokus auf die Kontrollflussintegrität von Web-Anwendungen. Bösartige Benutzer können den Zustand von Anwendungen durch speziell präparierte Folgen von Anfragen in ihrem Sinne manipulieren. Unsere Ansätze filtern Benutzeranfragen, die von der Anwendung nicht erwartet wurden, und lassen nur solche Anfragen passieren, die von der Anwendung ordnungsgemäß verarbeitet werden können

Digital Image Access & Retrieval

The 33th Annual Clinic on Library Applications of Data Processing, held at the University of Illinois at Urbana-Champaign in March of 1996, addressed the theme of "Digital Image Access & Retrieval." The papers from this conference cover a wide range of topics concerning digital imaging technology for visual resource collections. Papers covered three general areas: (1) systems, planning, and implementation; (2) automatic and semi-automatic indexing; and (3) preservation with the bulk of the conference focusing on indexing and retrieval.published or submitted for publicatio

CLASSIFYING AND RESPONDING TO NETWORK INTRUSIONS

Intrusion detection systems (IDS) have been widely adopted within the IT community, as passive monitoring tools that report security related problems to system administrators. However, the increasing number and evolving complexity of attacks, along with the growth and complexity of networking infrastructures, has led to overwhelming numbers of IDS alerts, which allow significantly smaller timeframe for a human to respond. The need for automated response is therefore very much evident. However, the adoption of such approaches has been constrained by practical limitations and administrators' consequent mistrust of systems' abilities to issue appropriate responses. The thesis presents a thorough analysis of the problem of intrusions, and identifies false alarms as the main obstacle to the adoption of automated response. A critical examination of existing automated response systems is provided, along with a discussion of why a new solution is needed. The thesis determines that, while the detection capabilities remain imperfect, the problem of false alarms cannot be eliminated. Automated response technology must take this into account, and instead focus upon avoiding the disruption of legitimate users and services in such scenarios. The overall aim of the research has therefore been to enhance the automated response process, by considering the context of an attack, and investigate and evaluate a means of making intelligent response decisions. The realisation of this objective has included the formulation of a response-oriented taxonomy of intrusions, which is used as a basis to systematically study intrusions and understand the threats detected by an IDS. From this foundation, a novel Flexible Automated and Intelligent Responder (FAIR) architecture has been designed, as the basis from which flexible and escalating levels of response are offered, according to the context of an attack. The thesis describes the design and operation of the architecture, focusing upon the contextual factors influencing the response process, and the way they are measured and assessed to formulate response decisions. The architecture is underpinned by the use of response policies which provide a means to reflect the changing needs and characteristics of organisations. The main concepts of the new architecture were validated via a proof-of-concept prototype system. A series of test scenarios were used to demonstrate how the context of an attack can influence the response decisions, and how the response policies can be customised and used to enable intelligent decisions. This helped to prove that the concept of flexible automated response is indeed viable, and that the research has provided a suitable contribution to knowledge in this important domain

Computer Science's Digest Volume 3

This series of textbooks was created for the students of the Systems Engineering Program at the University of Nariño. They have been intentionally written in English to promote reading in a foreign language. The textbooks are a collection of reflections and workshops on specific situations in the field of computer science, based on the authors’ experiences. The main purpose of these textbooks is essentially academic. The way in which the reflections and workshops were constructed follows a didactic structure, to facilitate teaching and learning, making use of English as a second language. This book covers Professional Issues in Computing and Programming the Interne

Computer Science's Digest Volume 2

This series of textbooks was created for the students of the Systems Engineering Program at the University of Nariño. They have been intentionally written in English to promote reading in a foreign language. The textbooks are a collection of reflections and workshops on specific situations in the field of computer science, based on the authors’ experiences. The main purpose of these textbooks is essentially academic. The way in which the reflections and workshops were constructed follows a didactic structure, to facilitate teaching and learning, making use of English as a second language. This book covers Internet and Multimedia Technology, System Analysis and Design, and Software Engineerin