Development and validation of a porcine artificial colonic mucus model reflecting the properties of native colonic mucus in pigs

Colonic mucus plays a key role in colonic drug absorption. Mucus permeation assays could therefore provide useful insights and support rational formulation development in the early stages of drug development. However, the collection of native colonic mucus from animal sources is labor-intensive, does not yield amounts that allow for routine experimentation, and raises ethical concerns. In the present study, we developed an in vitro porcine artificial colonic mucus model based on the characterization of native colonic mucus. The structural properties of the artificial colonic mucus were validated against the native secretion for their ability to capture key diffusion patterns of macromolecules in native mucus. Moreover, the artificial colonic mucus could be stored under common laboratory conditions, without compromising its barrier properties. In conclusion, the porcine artificial colonic mucus model can be considered a biorelevant way to study the diffusion behavior of drug candidates in colonic mucus. It is a cost-efficient screening tool easily incorporated into the early stages of drug development and it contributes to the implementation of the 3Rs (refinement, reduction, and replacement of animals) in the drug development process

User relationship classification of facebook messenger mobile data using WEKA

© Springer Nature Switzerland AG 2018. Mobile devices are a wealth of information about its user and their digital and physical activities (e.g. online browsing and physical location). Therefore, in any crime investigation artifacts obtained from a mobile device can be extremely crucial. However, the variety of mobile platforms, applications (apps) and the significant size of data compound existing challenges in forensic investigations. In this paper, we explore the potential of machine learning in mobile forensics, and specifically in the context of Facebook messenger artifact acquisition and analysis. Using Quick and Choo (2017)’s Digital Forensic Intelligence Analysis Cycle (DFIAC) as the guiding framework, we demonstrate how one can acquire Facebook messenger app artifacts from an Android device and an iOS device (the latter is, using existing forensic tools. Based on the acquired evidence, we create 199 data-instances to train WEKA classifiers (i.e. ZeroR, J48 and Random tree) with the aim of classifying the device owner’s contacts and determine their mutual relationship strength

ForEmSys: An integration of live forensic acquisition methods in next generation PPDR systems

Tese no âmbito do Programa de Doutoramento em Ciências e Tecnologias da Informação, apresentada ao Departamento de Engenharia Informática da Faculdade de Ciências e Tecnologia da Universidade de Coimbra.Os dispositivos móveis substituíram os computadores pessoais e portáteis em muitos aspectos da rotina diária das pessoas. Na practica, eles transformaramse em impressões digitais que carregam uma quantidade crítica de informações pessoais, que variam desde conteúdo multimedia e registos de comunicação, a geolocalização e dados de transações eletrônicas. No entanto, o uso de dispositivos móveis não se limita às interacções pessoais de um indivíduo. Os dispositivos móveis podem constituir partes de redes de comunicação corporativas ou dedicadas. As redes corporativas e da emergência como os sistemas de Proteção Pública e Mitigação de Desastres (PPDR), exigem o estabelecimento de um ambiente altamente seguro, para proteger vários bens críticos. Além disso, organizações como a Polícia Judiciária acedem dados de dispositivos móveis de terceiras entidades como provas para investigações criminais. A aquisição e análise forense móvel têm um papel crucial tanto na proteção de um ambiente PPDR contra ataques intencionais ou uso indevido dos utilizadores, como na condução de uma investigação criminal robusta. Esta tese estuda o papel da aquisição e análise forense para sistemas PPDR, introduzindo uma metodologia para perfs digitais automatizados e identifcação de padrões suspeitos a partir de dados e metadados de dispositivos móveis. Três técnicas de computação inteligente, nomeadamente Fuzzy Systems, Redes Neuronais (RNs) e Adaptive Neuro-Fuzzy Inference System (ANFIS) são usadas para construir perfs criminais e identifcar padrões suspeitos em dados e metadados provenientes de chamadas e SMS para três cenários de casos de uso diferentes. Mais especifcamente, os Sistemas Fuzzy servíram como prova de conceito para detectar a deserção de agentes PPDR realizada por SMS. Um cenário mais complexo envolveu o uso de RNs e ANFIS, que foram empregados como meio de identifcação de padrões suspeitos de chamadas e SMS para casos de cyberbullying e de tráfico de droga. Os resultados que foram produzidos durante todas as fases experimentais foram bastante satisfatórios e foram comparados para defnir a técnica mais apropriada para a identifcação de padrões suspeitos.Mobile devices have substituted desktop and portable computers in many aspects of people’s everyday routine. Practically, they have become digital fngerprints that carry a critical amount of personal information, varying from multimedia and communication logs to geolocation and electronic transaction data. Moreover, the usage of mobile devices is not limited to an individual’s personal interactions. The aforementioned devices may also constitute parts of corporate or dedicated communication networks. Enterprise and frst-responder communication networks, such as Public Protection and Disaster Relief (PPDR) systems require the establishment of a highly secured environment, in order to protect various critical assets. Moreover, services such as law enforcement may need to access third-party mobile device data as evidence for criminal investigations. Mobile forensic acquisition and analysis play a crucial role towards both the protection of a PPDR environment against intentional attacks or potential user misuse and the conduction of a robust criminal investigation. The current thesis studies the role of forensic analysis in use cases related to law enforcement investigations by introducing a methodology for automated digital profling and suspicious pattern identifcation from mobile device data and metadata. Three intelligent computation techniques, namely Fuzzy Systems, Neural Networks (NNs) and the Adaptive Neuro-Fuzzy Inference System (ANFIS) are used for constructing criminal profles and identifying suspicious patterns in calls and SMS evidence data and metadata for three different use case scenarios. More specifcally, Fuzzy Systems served as proof-of-concept for detecting PPDR ofcers’ defection performed by SMS. A more complex scenario for call and SMS suspicious pattern identifcation of cyberbullying and low-level drug dealing cases was documented with the use of NNs and ANFIS

Understanding the gastrointestinal mucus and its impact on drug absorption

The gastrointestinal mucus is a hydrogel lining the luminal side of the gastrointestinal epithelium. Mucus is vital for gut homeostasis because it protects the epithelium from the noxious external environment. However, from a drug delivery perspective, drugs have to permeate through the mucus to reach the epithelium; therefore, mucus might pose a barrier to drug absorption. Most of the information about mucus derives from fundamental studies performed on rodents. However, information from larger preclinical animal species is highly warranted for improving study designs and guiding better interpretation of data from preclinical assessments. Furthermore, improved understanding of the nature of the gastrointestinal mucus would enable the development of in vitro mucus models with increased biorelevance. These could then be implemented in drug absorption assays to improve the (bio)predictability. Well-informed in vitro mucus models would enable quick and less variable screening of drug candidates in the early drug development stages. Finally, these models would contribute to reduction, refinement, and replacement (the 3Rs) of animal usage in the drug development process.  This thesis aims to improve our understanding of the nature of gastrointestinal mucus and its impact on drug absorption. For this purpose, mucus from the complete gastrointestinal tract of pigs and dogs was characterized and the diffusion of physicochemically diverse FITC-dextrans through colonic mucus was studied, both ex vivo and in vitro. The characterization of the gastrointestinal mucus focused on properties relevant for drug absorption and revealed the physiological characteristics, composition, and structural profiles from the various gastrointestinal regions. The findings pointed towards substantial differences between small intestinal and colonic mucus in both species and served as the basis for developing artificial colonic mucus models for drug permeation assessments. Porcine and canine artificial mucus models were developed and validated against the respective native secretions in terms of structural properties and demonstrated their potential to capture the key diffusion patterns of FITC-dextrans observed in native colonic mucus. Overall, this work provided insights into key properties of mucus from large preclinical species and validated tools for the assessment of the impact of mucus on drug absorption

Revisiting the detection of Lateral Movement Attacks through Sysmon

This work attempts to answer in a clear way the following key questions regarding the optimal initialization of the Sysmon tool for the identification of Lateral Movement in the MS Windows ecosystem. First, from an expert’s standpoint and with reference to the relevant literature, what are the criteria for determining the possibly optimal initialization features of the Sysmon event monitoring tool, which are also applicable as custom rules within the config.xml configuration file? Second, based on the identified features, how can a functional configuration file, able to identify as many LM variants as possible, be generated? To answer these questions, we relied on the MITRE ATT and CK knowledge base of adversary tactics and techniques and focused on the execution of the nine commonest LM methods. The conducted experiments, performed on a properly configured testbed, suggested a great number of interrelated networking features that were implemented as custom rules in the Sysmon's config.xml file. Moreover, by capitalizing on the rich corpus of the 870K Sysmon logs collected, we created and evaluated, in terms of TP and FP rates, an extensible Python .evtx file analyzer, dubbed PeX, which can be used towards automatizing the parsing and scrutiny of such voluminous files. Both the .evtx logs dataset and the developed PeX tool are provided publicly for further propelling future research in this interesting and rapidly evolving field.JRC.E.3 - Cyber and Digital Citizens' Securit

Revisiting the Detection of Lateral Movement through Sysmon

This work attempts to answer in a clear way the following key questions regarding the optimal initialization of the Sysmon tool for the identification of Lateral Movement in the MS Windows ecosystem. First, from an expert’s standpoint and with reference to the relevant literature, what are the criteria for determining the possibly optimal initialization features of the Sysmon event monitoring tool, which are also applicable as custom rules within the config.xml configuration file? Second, based on the identified features, how can a functional configuration file, able to identify as many LM variants as possible, be generated? To answer these questions, we relied on the MITRE ATT and CK knowledge base of adversary tactics and techniques and focused on the execution of the nine commonest LM methods. The conducted experiments, performed on a properly configured testbed, suggested a great number of interrelated networking features that were implemented as custom rules in the Sysmon’s config.xml file. Moreover, by capitalizing on the rich corpus of the 870K Sysmon logs collected, we created and evaluated, in terms of TP and FP rates, an extensible Python .evtx file analyzer, dubbed PeX, which can be used towards automatizing the parsing and scrutiny of such voluminous files. Both the .evtx logs dataset and the developed PeX tool are provided publicly for further propelling future research in this interesting and rapidly evolving field

A Survey on Mobile Malware Detection Techniques

Modern mobile devices are equipped with a variety of tools and services, and handle increasing amounts of sensitive information. In the same trend, the number of vulnerabilities exploiting mobile devices are also augmented on a daily basis and, undoubtedly, popular mobile platforms, such as Android and iOS, represent an alluring target for malware writers. While researchers strive to find alternative detection approaches to fight against mobile malware, recent reports exhibit an alarming increase in mobile malware exploiting victims to create revenues, climbing towards a billion-dollar industry. Current approaches to mobile malware analysis and detection cannot always keep up with future malware sophistication [2] [4]. The aim of this work is to provide a structured and comprehensive overview of the latest research on mobile malware detection techniques and pinpoint their benefits and limitations.JRC.E.3-Cyber and Digital Citizens' Securit