Abstract
The accelerating digitalization of the public and private sectors has made information technologies (IT) indispensable in modern life. As services shift to digital platforms and technologies expand across industries, the complexity of legal, regulatory, and technical requirement documentation is growing rapidly. This increase presents significant challenges in managing, gathering, and analyzing documents, as their dispersion across various repositories and formats hinders accessibility and efficient processing. This paper presents the development of an automated repository designed to streamline the collection, classification, and analysis of cybersecurity-related documents. By harnessing the capabilities of natural language processing (NLP) models-specifically Generative Pre-Trained Transformer (GPT) technologies-the system automates text ingestion, extraction, and summarization, providing users with visual tools and organized insights into large volumes of data. The repository facilitates the efficient management of evolving cybersecurity documentation, addressing issues of accessibility, complexity, and time constraints. This paper explores the potential applications of NLP in cybersecurity documentation management and highlights the advantages of integrating automated repositories equipped with visualization and search tools. By focusing on legal documents and technical guidelines from Portugal and the European Union (EU), this applied research seeks to enhance cybersecurity governance, streamline document retrieval, and deliver actionable insights to professionals. Ultimately, the goal is to develop a scalable, adaptable platform capable of extending beyond cybersecurity to serve other industries that rely on the effective management of complex documentation.

Abstract
The data exchange between different sectors of society has led to the development of electronic documents supported by different reading formats, namely portable PDF format. These documents have characteristics similar to those used in programming languages, allowing the incorporation of potentially malicious code, which makes them a vector for cyberattacks. Thus, detecting anomalies in digital documents, such as PDF files, has become crucial in several domains, such as finance, digital forensic analysis and law enforcement. Currently, detection methods are mostly based on machine learning and are characterised by being complex, slow and mainly inefficient in detecting zero-day attacks. This paper aims to propose a Benford Law (BL) based model to uncover manipulated PDF documents by analysing potential anomalies in the first digit extracted from the PDF document's characteristics. The proposed model was evaluated using the CIC Evasive PDFMAL-2022 dataset, consisting of 1191 documents (278 benign and 918 malicious). To classify the PDF documents, based on BL, into malicious or benign documents, three statistical models were used in conjunction with the mean absolute deviation: the parametric Pearson and the non-parametric Spearman and Cramer-Von Mises models. The results show a maximum F1 score of 87.63% in detecting malicious documents using Pearson's model, demonstrating the suitability and effectiveness of applying Benford's Law in detecting anomalies in digital documents to maintain the accuracy and integrity of information and promoting trust in systems and institutions.

Abstract
Memorising passwords poses a significant challenge for individuals, leading to the increasing adoption of password managers, particularly browser password managers. Despite their benefits to users’ daily routines, the use of these tools introduces new vulnerabilities to web and network security. This paper aims to investigate these vulnerabilities and analyse the security mechanisms of browser-based password managers integrated into Google Chrome, Microsoft Edge, Opera GX, Mozilla Firefox, and Brave. Through malware development and deployment, Dvorak is capable of extracting essential files from the browser’s password manager for subsequent decryption. To assess Dvorak functionalities we conducted a controlled security analysis across all aforementioned browsers. Our findings reveal that the designed malware successfully retrieves all stored passwords from the tested browsers when no master password is used. However, the results differ depending on whether a master password is used. A comparison between browsers is made, based on the results of the malware. The paper ends with recommendations for potential strategies to mitigate these security concerns. © 2024 by SCITEPRESS – Science and Technology Publications, Lda.

Abstract
The increasing proliferation of cyber-attacks threatening the security of computer networks has driven the development of more effective methods for identifying malicious network flows. The inclusion of statistical laws, such as Benford's Law, and distance functions, applied to the first digits of network flow metadata, such as IP addresses or packet sizes, facilitates the detection of abnormal patterns in the digits. These techniques also allow for quantifying discrepancies between expected and suspicious flows, significantly enhancing the accuracy and speed of threat detection. This paper introduces a novel method for identifying and analyzing anomalies within computer networks. It integrates Benford's Law into the analysis process and incorporates a range of distance functions, namely the Mean Absolute Deviation (MAD), the Kolmogorov-Smirnov test (KS), and the Kullback-Leibler divergence (KL), which serve as dispersion measures for quantifying the extent of anomalies detected in network flows. Benford's Law is recognized for its effectiveness in identifying anomalous patterns, especially in detecting irregularities in the first digit of the data. In addition, Bayes' Theorem was implemented in conjunction with the distance functions to enhance the detection of malicious traffic flows. Bayes' Theorem provides a probabilistic perspective on whether a traffic flow is malicious or benign. This approach is characterized by its flexibility in incorporating new evidence, allowing the model to adapt to emerging malicious behavior patterns as they arise. Meanwhile, the distance functions offer a quantitative assessment, measuring specific differences between traffic flows, such as frequency, packet size, time between packets, and other relevant metadata. Integrating these techniques has increased the model's sensitivity in detecting malicious flows, reducing the number of false positives and negatives, and enhancing the resolution and effectiveness of traffic analysis. Furthermore, these techniques expedite decisions regarding the nature of traffic flows based on a solid statistical foundation and provide a better understanding of the characteristics that define these flows, contributing to the comprehension of attack vectors and aiding in preventing future intrusions. The effectiveness and applicability of this joint method have been demonstrated through experiments with the CICIDS2017 public dataset, which was explicitly designed to simulate real scenarios and provide valuable information to security professionals when analyzing computer networks. The proposed methodology opens up new perspectives in investigating and detecting anomalies and intrusions in computer networks, which are often attributed to cyber-attacks. This development culminates in creating a promising model that stands out for its effectiveness and speed, accurately identifying possible intrusions with an F1 of nearly 80%, a recall of 99.42%, and an accuracy of 65.84%.

Abstract
Tampered digital multimedia content has been increasingly used in a wide set of cyberattacks, chal-lenging criminal investigations and law enforcement authorities. The motivations are immense and range from the attempt to manipulate public opinion by disseminating fake news to digital kidnapping and ransomware, to mention a few cybercrimes that use this medium as a means of propagation.Digital forensics has recently incorporated a set of computational learning-based tools to automatically detect manipulations in digital multimedia content. Despite the promising results attained by machine learning and deep learning methods, these techniques require demanding computational resources and make digital forensic analysis and investigation expensive. Applied statistics techniques have also been applied to automatically detect anomalies and manipulations in digital multimedia content by statisti-cally analysing the patterns and features. These techniques are computationally faster and have been applied isolated or as a member of a classifier committee to boost the overall artefact classification.This paper describes a statistical model based on Benford's Law and the results obtained with a dataset of 18000 photos, being 9000 authentic and the remaining manipulated.Benford's Law dates from the 18th century and has been successfully adopted in digital forensics, namely in fraud detection. In the present investigation, Benford's law was applied to a set of features (colours, textures) extracted from digital images. After extracting the first digits, the frequency with which they occurred in the set of values obtained from that extraction was calculated. This process allowed focusing the investigation on the behaviour with which the frequency of each digit occurred in comparison with the frequency expected by Benford's law.The method proposed in this paper for applying Benford's Law uses Pearson's and Spearman's corre-lations and Cramer-Von Mises (CVM) fitting model, applied to the first digit of a number consisting of several digits, obtained by extracting digital photos features through Fast Fourier Transform (FFT) method.The overall results obtained, although not exceeding those attained by machine learning approaches, namely Support Vector Machines (SVM) and Convolutional Neural Networks (CNN), are promising, reaching an average F1-score of 90.47% when using Pearson correlation. With non-parametric approaches, namely Spearman correlation and CVM fitting model, an F1-Score of 56.55% and 76.61% were obtained respec-tively. Furthermore, the Pearson's model showed the highest homogeneity compared to the Spearman's and CVM models in detecting manipulated images, 8526, and authentic ones, 7662, due to the strong correlation between the frequencies of each digit and the frequency expected by Benford's law.The results were obtained with different feature sets length, ranging from 3000 features to the totality of the features available in the digital image. However, the investigation focused on extracting 1000 features since it was concluded that increasing the features did not imply an improvement in the results.The results obtained with the model based on Benford's Law compete with those obtained from the models based on CNN and SVM, generating confidence regarding its application as decision support in a criminal investigation for the identification of manipulated images.& COPY; 2023 Elsevier Ltd. All rights reserved.