Database forensic investigation process models: a review

Database Forensic Investigation (DBFI) involves the identification, collection, preservation, reconstruction, analysis, and reporting of database incidents. However, it is a heterogeneous, complex, and ambiguous field due to the variety and multidimensional nature of database systems. A small number of DBFI process models have been proposed to solve specific database scenarios using different investigation processes, concepts, activities, and tasks as surveyed in this paper. Specifically, we reviewed 40 proposed DBFI process models for RDBMS in the literature to offer up- to-date and comprehensive background knowledge on existing DBFI process model research, their associated challenges, issues for newcomers, and potential solutions for addressing such issues. This paper highlights three common limitations of the DBFI domain, which are: 1) redundant and irrelevant investigation processes; 2) redundant and irrelevant investigation concepts and terminologies; and 3) a lack of unified models to manage, share, and reuse DBFI knowledge. Also, this paper suggests three solutions for the discovered limitations, which are: 1) propose generic DBFI process/model for the DBFI field; 2) develop a semantic metamodeling language to structure, manage, organize, share, and reuse DBFI knowledge; and 3) develop a repository to store and retrieve DBFI field knowledge

Advanced persistent threat detection: a survey

Advanced Persistent Threat is a very sophisticated targeted attack aimed at organizations. Several approaches have been proposed to detect APT. This paper defines an APT as an attack that has certain objectives to be achieved, and are performed by well-funded organizations, and is long term campaign. In this paper we have identified APT as a threat that follows a kill chain process. Intrusion detection and intrusion detection methods are summarized in this paper. Detection of an APT is a challenge. In this paper various detection methods used by researchers and the challenges in detecting APT is highlighted

Application of knowledge-oriented convolutional neural network for causal relation extraction in South China Sea conflict issues

Online news articles are an important source of information for decisions makers to understand the causal relation of events that happened. However, understanding the causality of an event or between events by traditional machine learning-based techniques from natural language text is a challenging task due to the complexity of the language to be comprehended by the machines. In this study, the Knowledge-oriented convolutional neural network (K-CNN) technique is used to extract the causal relation from online news articles related to the South China Sea (SCS) dispute. The proposed K-CNN model contains a Knowledge-oriented channel that can capture the causal phrases of causal relationships. A Data-oriented channel that captures the position information was added to the K-CNN model in this phase. The online news articles were collected from the national news agency and then the sentences which contain relation such as causal, message-topic, and product-producer were extracted. Then, the extracted sentences were annotated and converted into lower form and base form followed by transformed into the vector by looking up the word embedding table. A word filter that contains causal keywords was generated and a K-CNN model was developed, trained, and tested using the collected data. Finally, different architectures of the K-CNN model were compared to find out the most suitable architecture for this study. From the study, it was found out that the most suitable architecture was the K-CNN model with a Knowledge-oriented channel and a Data-oriented channel with average pooling. This shows that the linguistic clues and the position features can improve the performance in extracting the causal relation from the SCS online news articles

Mobile based augmented reality for flexible human height estimation using touch and motion gesture interaction

Human height measurement can be achieved by using contact or non-contact techniques. Contact technique is the traditional measuring method which required human resources to perform the measurement. In contrast, for non-contact technique, several kinds of research for measurement have been conducted, mostly with image-processing methods and only a few with the Augmented Reality (AR) approach. The current measuring approaches mostly required external hardware such as laser pointer or artificial fiducial such as 2D markers. In this paper, the world tracking technique and Visual Inertial Odometry is the method used to estimate the human height. The main aim of this paper is to accurately estimate the human height using augmented reality (non-contacted measurements). The methodology used the Apple ARKit plugin, which is the software development tools to build an augmented reality application for IOS device. An algorithm was designed by using Golden Ratio rules to estimate human height from the lower part of human knee; The estimation result is displayed using AR technology to allow the justification of the accuracy of the result. The application is tested with four different measuring methods. The normal full-height measurement result had a 1.13cm (0.73%) bias and a 1.34cm (0.88%) Root Mean Square Error (RMSE); the self-full height measurement had a result of 0.89cm (0.58%) bias and a 1.27cm (0.83%) RMSE; the normal height estimation from the lower part of knee measurement had a result of 0.12cm (0.06%) bias and a 1.34cm (0.89%) RMSE; the self-height estimation from the lower part of knee measurement had a result of 0.15cm (0.09%) bias and a 1.04cm (0.66%) RMSE. The results show that the mobile phone with VIO can be a potential tool for obtaining accurate measurements of human height

Hybrid and multifaceted context-aware misbehavior detection model for vehicular ad hoc network

Vehicular Ad Hoc Networks (VANETs) have emerged mainly to improve road safety and traffic efficiency and provide user comfort. The performance of such networks’ applications relies on the availability of accurate and recent mobility-information shared among vehicles. This means that misbehaving vehicles that share false mobility information can lead to catastrophic losses of life and property. However, the current solutions proposed to detect misbehaving vehicles are not able to cope with the dynamic vehicular context and the diverse cyber-threats, leading to a decrease in detection accuracy and an increase in false alarms. This paper addresses these issues by proposing a Hybrid and Multifaceted Context-aware Misbehavior Detection model (HCA-MDS), which consists of four phases: data-collection, context-representation, context-reference construction, and misbehavior detection. Data-centric and behavioral-detection-based features are derived to represent the vehicular context. An online and timely updated context-reference model is built using unsupervised nonparametric statistical methods, namely Kalman and Hampel filters, through analyzing the temporal and spatial correlation of the consistency between mobility information to adapt to the highly dynamic vehicular context. Vehicles’ behaviors are evaluated locally and autonomously according to the consistency, plausibility, and reliability of their mobility information. The results from extensive simulations show that HCA-MDS outperforms existing solutions in increasing the detection rate by 38% and decreasing the false positive rate by 7%. These results demonstrate the effectiveness and robustness of the proposed HCA-MDS model to strengthen the security of VANET applications and protocols

An adaptive behavioral-based incremental batch learning malware variants detection model using concept drift detection and sequential deep learning

Malware variants are the major emerging threats that face cybersecurity due to the potential damage to computer systems. Many solutions have been proposed for detecting malware variants. However, accurate detection is challenging due to the constantly evolving nature of the malware variants that cause concept drift. Existing malware detection solutions assume that the mapping learned from historical malware features will be valid for new and future malware. The relationship between input features and the class label has been considered stationary, which doesn't hold for the ever-evolving nature of malware variants. Malware features change dynamically due to code obfuscations, mutations, and the modification made by malware authors to change the features' distribution and thus evade the detection rendering the detection model obsolete and ineffective. This study presents an Adaptive behavioral-based Incremental Batch Learning Malware Variants Detection model using concept drift detection and sequential deep learning (AIBL-MVD) to accommodate the new malware variants. Malware behaviors were extracted using dynamic analysis by running the malware files in a sandbox environment and collecting their Application Programming Interface (API) traces. According to the malware first-time appearance, the malware samples were sorted to capture the malware variants' change characteristics. The base classifier was then trained based on a subset of historical malware samples using a sequential deep learning model. The new malware samples were mixed with a subset of old data and gradually introduced to the learning model in an adaptive batch size incremental learning manner to address the catastrophic forgetting dilemma of incremental learning. The statistical process control technique has been used to detect the concept drift as an indication for incrementally updating the model as well as reducing the frequency of model updates. Results from extensive experiments show that the proposed model is superior in terms of detection rate and efficiency compared with the static model, periodic retraining approaches, and the fixed batch size incremental learning approach. The model maintains an average of 99.41% detection accuracy of new and variants malware with a low updating frequency of 1.35 times per month

Krüppel-like Factor 4 Regulates Intestinal Epithelial Cell Morphology and Polarity

Krüppel-like factor 4 (KLF4) is a zinc finger transcription factor that plays a vital role in regulating cell lineage differentiation during development and maintaining epithelial homeostasis in the intestine. In normal intestine, KLF4 is predominantly expressed in the differentiated epithelial cells. It has been identified as a tumor suppressor in colorectal cancer. KLF4 knockout mice demonstrated a decrease in number of goblet cells in the colon, and conditional ablation of KLF4 from the intestinal epithelium led to altered epithelial homeostasis. However, the role of KLF4 in differentiated intestinal cells and colon cancer cells, as well as the mechanism by which it regulates homeostasis and represses tumorigenesis in the intestine is not well understood. In our study, KLF4 was partially depleted in the differentiated intestinal epithelial cells by a tamoxifen-inducible Cre recombinase. We found a significant increase in the number of goblet cells in the KLF4-deleted small intestine, suggesting that KLF4 is not only required for goblet cell differentiation, but also required for maintaining goblet cell numbers through its function in inhibiting cell proliferation. The number and position of Paneth cells also changed. This is consistent with the KLF4 knockout study using villin-Cre [1]. Through immunohistochemistry (IHC) staining and statistical analysis, we found that a stem cell and/or tuft cell marker, DCAMKL1, and a proliferation marker, Ki67, are affected by KLF4 depletion, while an enteroendocrine cell marker, neurotensin (NT), was not affected. In addition, we found KLF4 depletion altered the morphology and polarity of the intestinal epithelial cells. Using a three-dimensional (3D) intestinal epithelial cyst formation assay, we found that KLF4 is essential for cell polarity and crypt-cyst formation in human colon cancer cells. These findings suggest that, as a tumor suppressor in colorectal cancer, KLF4 affects intestinal epithelial cell morphology by regulating proliferation, differentiation and polarity of the cells

HLA diversity in Saudi population : high frequency of homozygous HLA alleles and haplotypes

Human leukocyte antigens (HLA) diversity has a tremendous impact on shaping the transplantation practices, transfusion-associated graft versus host disease prevention strategies, and host–pathogen interactions. Here, we conducted a retrospective study of HLA class I and class II homozygosity at allelic and haplotype levels in unrelated individuals genotyped from 2012 to 2016 in a tertiary hospital in the capital of Saudi Arabia. Among 5,000 individuals, 2,773 individuals meet inclusion criteria and were retrospectively analyzed for HLA-A, -B, -C–DRB1, and -DQB1 homozygosity at allelic and haplotype levels. HLA molecular typing was performed using a commercial reverse sequencespecific oligonucleotide (rSSO) kit. We were able to identify 15 HLA-A, 20 HLA-B, 11 HLA-C, 13 HLA-DRB1, and five HLA-DQB1 homozygous alleles demonstrating a very low genetic diversity in the Saudi population. The highest homozygosity in HLA class I was found in locus C followed by A and B (20.3% > 16.1% > 15.5%; p < 0.001) where the most homozygote alleles were A*02 (9.2%), B*51 and B*50 (5.7% and 3.7%), and C*07, C*06, and C*15 (7.2%, 5.48%, and 3.3%) and in HLA class II, the highest homozygosity was found in locus DQB1 compared to DRB1 (31.71% > 19.2%; p < 0.001), with the most common homozygote alleles being DRB1*07 and DRB1*04 (5.33% and 4.2%) and DQB1*02, DQB1*06, and DQB1*03 (13.55%, 7.92%, and 7.64%). The frequency of finding an individual with one homozygote allele was (24.6%), two homozygote alleles (13.5%), three homozygote alleles (4.7%), four homozygote alleles (3.4%), and five alleles were (4.8%). The most frequent homozygote haplotypes are A*23~C*06~B*50~DRB1*07~DQB1*02 and A*02~C*06~B*50~DRB1*07~DQB1*02. This study shows low diversity of both class I and II alleles and haplotypes in the Saudi population, which would have a significant impact on shaping the transplantation practices, transfusion-associated graft versus host disease prevention strategies, and host–pathogen interactions.KFMChttps://www.frontiersin.org/journals/geneticsdm2022Medical Microbiolog

Phishing websites detection by using optimized stacking ensemble model

Phishing attacks are security attacks that do not affect only individuals’ or organizations’ websites but may affect Internet of Things (IoT) devices and networks. IoT environment is an exposed environment for such attacks. Attackers may use thingbots software for the dispersal of hidden junk emails that are not noticed by users. Machine and deep learning and other methods were used to design detection methods for these attacks. However, there is still a need to enhance detection accuracy. Optimization of an ensemble classification method for phishing website (PW) detection is proposed in this study. A Genetic Algorithm (GA) was used for the proposed method optimization by tuning several ensemble Machine Learning (ML) methods parameters, including Random Forest (RF), AdaBoost (AB), XGBoost (XGB), Bagging (BA), GradientBoost (GB), and LightGBM (LGBM). These were accomplished by ranking the optimized classifiers to pick out the best classifiers as a base for the proposed method. A PW dataset that is made up of 4898 PWs and 6157 legitimate websites (LWs) was used for this study's experiments. As a result, detection accuracy was enhanced and reached 97.16 percent

Medication errors in the Middle East countries: a systematic review of the literature

Background: Medication errors are a significant global concern and can cause serious medical consequences for patients. Little is known about medication errors in Middle Eastern countries. The objectives of this systematic review were to review studies of the incidence and types of medication errors in Middle Eastern countries and to identify the main contributory factors involved. Methods: A systematic review of the literature related to medication errors in Middle Eastern countries was conducted in October 2011 using the following databases: Embase, Medline, Pubmed, the British Nursing Index and the Cumulative Index to Nursing & Allied Health Literature. The search strategy included all ages and languages. Inclusion criteria were that the studies assessed or discussed the incidence of medication errors and contributory factors to medication errors during the medication treatment process in adults or in children. Results: Forty-five studies from 10 of the 15 Middle Eastern countries met the inclusion criteria. Nine (20%) studies focused on medication errors in paediatric patients. Twenty-one focused on prescribing errors, 11 measured administration errors, 12 were interventional studies and one assessed transcribing errors. Dispensing and documentation errors were inadequately evaluated. Error rates varied from 7.1% to 90.5% for prescribing and from 9.4% to 80% for administration. The most common types of prescribing errors reported were incorrect dose (with an incidence rate from 0.15% to 34.8% of prescriptions), wrong frequency and wrong strength. Computerised physician rder entry and clinical pharmacist input were the main interventions evaluated. Poor knowledge of medicines was identified as a contributory factor for errors by both doctors (prescribers) and nurses (when administering drugs). Most studies did not assess the clinical severity of the medication errors. Conclusion: Studies related to medication errors in the Middle Eastern countries were relatively few in number and of poor quality. Educational programmes on drug therapy for doctors and nurses are urgently needed