DEV Community: Swapan

Explained: Gesturejacking and Clickjacking

Swapan — Thu, 04 Apr 2024 15:50:57 +0000

Gesturejacking vs Clickjacking :

In these attacks, hacker trick users into doing unintended actions. Here's a breakdown of the three:

Gesturejacking: Exploits keystrokes in hidden windows.
Clickjacking: Uses invisible overlays on legitimate websites.

Clickjacking Explained:

Clickjacking is also referred as a UI redress attack or user interface (UI) overlay attack, is a malicious technique in which an attacker leads a user into interacting with a concealed element on a web page. This deception is achieved by superimposing a concealed element over another element or by positioning it in a manner that escapes the user's notice. As a result, users may perform actions they did not intend to do, such as granting unauthorized permissions/initiating unintended actions/ disclosing sensitive information.

Gesturejacking (Cross-Window Forgery) Explained:

Gesturejacking exploits a vulnerability in browsers where keystrokes in one window affect another, which is usually hidden in a window.
Here's an example of a gesture jacking attack in HTML:

<!DOCTYPE html>
<html>
<head>
<title>Safe Website (Appears Safe)</title>
</head>
<body>
<p>Press and hold Enter to continue!</p>
<iframe src="attackersite.com#exploit" style="display: none;"></iframe>
</body>
</html>

Prevention Tips:

Update your browser regularly : Regularly updating your web browser is key safeguard against evolving security threats like gesture jacking, clickjacking, and clockjacking.
Be cautious of unusual website behavior: Verify the website you intend to visit, remain vigilant for any unusual or suspicious behavior exhibited on the websites. Take note of unexpected prompts, urgent requests, or unfamiliar actions, and verify the legitimacy of the website before proceeding further.
Consider anti-clickjacking extensions : Installing (reputable) browser extensions specifically designed to detect and prevent clickjacking attacks. These extensions add an extra layer of security.
Implement User Input Sanitization (HTML5): In HTML5, leverage features such as input type attributes, pattern validation, and client-side scripting (e.g., JavaScript) to sanitize and validate user input directly in the browser. Use input types like "email," "tel," and "number" along with regular expressions (Regex) to ensure that user inputs conform to expected formats and prevent malicious input.

Mitigating Gesture Jacking in HTML/JavaScript:

While directly controlling gesture jacking through HTML/JavaScript is challenging, you can take steps to minimize its impact:

Disabling Key Capture in iframes: In case you have control over the server-side code or the embedding of iframes in your web pages, consider adding headers to iframes to disallow capturing keystrokes. For example, in PHP:

header("Content-Security-Policy: frame-ancestors 'none'");

This header prevents the iframe from capturing keystrokes, reducing the risk of gesture jacking.

In HTML

<iframe src="example.com" sandbox="allow-scripts"></iframe>

Using the sandbox attribute with the value allow-scripts can restrict key events in iframes:

Use Content Security Policy (CSP): Adding a Content Security Policy can further enhance security by specifying which resources (such as scripts, stylesheets, and fonts) are allowed to be loaded / executed on your web page. One can configure CSP directives to block inline scripts and restrict the use of eval() functions, which can help mitigate the execution of malicious scripts that may be involved in gesture jacking attempts.

<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline';">

Conclusion and References:

By staying updated, being cautious online, and practicing proper input validation along with sanitizating your code, one can significantly reduce the risk of falling victim to gesture jacking and clickjacking.

Please feel free to add/Suggest.

References:

Gesture Jacking Explained: PortSwigger
Clickjacking Defense Strategies: OWASP Cheat Sheet

Comprehensive Cybersecurity Bootcamp: Securing the Digital World

Swapan — Sat, 16 Mar 2024 19:01:28 +0000

Looking to get started in cybersecurity? below is suggested curriculum with free resources.

Comprehensive Cybersecurity Bootcamp

Module 1: Introduction to Cybersecurity

Overview of cybersecurity concepts, threats, and attacks
Introduction to cybersecurity roles and responsibilities
Basic cybersecurity principles and best practices

Free Resources:

Module 2: Network Security

Understanding network vulnerabilities and attacks
Introduction to firewalls, IDS/IPS, and network segmentation
Secure network design principles

Free Resources:

Module 3: Cyber Threat Intelligence

Overview of threat intelligence and analysis
Threat hunting techniques and tools
Incident response and mitigation strategies

Free Resources:

Module 4: Cryptography

Basics of encryption and decryption
Cryptographic algorithms and protocols
Secure communication and data protection

Free Resources:

Module 5: Secure Software Development

Secure coding practices and principles
Application security testing (SAST, DAST, IAST)
Secure DevOps and continuous security integration

Free Resources:

Module 6: Cloud Security

Introduction to cloud computing and security challenges
Cloud security architecture and best practices
Securing cloud services (IaaS, PaaS, SaaS)

Free Resources:

Module 7: Risk Management and Compliance

Risk assessment methodologies (NIST, ISO, etc.)
Compliance frameworks and standards (HIPAA, GDPR, etc.)
Incident response planning and business continuity

Free Resources:

Module 8: Ethical Hacking and Penetration Testing

Introduction to ethical hacking concepts
Penetration testing methodologies (white box, black box, gray box)
Vulnerability assessment and management

Free Resources:

This curriculum covers a comprehensive range of cybersecurity topics, from basic principles to advanced concepts like ethical hacking and risk management. It covers something for everyone.

Add your favorate site or training link

Powershell basics for Cybersecurity

Swapan — Wed, 06 Dec 2023 19:49:06 +0000

PowerShell is a scripting and automation framework that is widely used in cybersecurity for tasks such as log analysis, vulnerability scanning and incident response. PowerShell is primarily associated with Windows,but it's also becoming increasingly cross-platform with Linux and MacOS.

In this PowerShell basics, I'll highlight aspects relevant to cybersecurity along with sample code.

1. PowerShell Basics:

a. Variables:

# Variable assignment
$name = "John"
Write-Host "Hello, $name!"

b. Arrays:

# Array creation and iteration
$fruits = @("Apple", "Banana", "Orange")
foreach ($fruit in $fruits) {
    Write-Host $fruit
}

c. Functions:

# Function definition and usage
function Greet {
    param (
        [string]$name
    )
    Write-Host "Hello, $name!"
}

Greet -name "Alice"

d. Conditionals:

# If-else statement
$number = 10
if ($number -gt 5) {
    Write-Host "The number is greater than 5."
} else {
    Write-Host "The number is 5 or less."
}

2. PowerShell for Cross-Platform:

a. Installing PowerShell on Linux:

For Debian-based systems (e.g., Ubuntu):

  sudo apt-get update
  sudo apt-get install -y powershell

For Red Hat-based systems (e.g., CentOS):

  sudo yum install -y powershell

b. Running PowerShell on Linux:

Open a terminal and type pwsh to start PowerShell.

3. PowerShell in Cybersecurity:

a. Log Analysis:

# Example: Analyzing Windows Security Event Logs
$securityEvents = Get-WinEvent -LogName Security -MaxEvents 10
foreach ($event in $securityEvents) {
    Write-Host "Event ID: $($event.Id) | Message: $($event.Message)"
}

b. Vulnerability Scanning:

# Example: Checking for open ports using Test-NetConnection
$computers = @("192.168.1.100", "192.168.1.101")
foreach ($computer in $computers) {
    $result = Test-NetConnection -ComputerName $computer -Port 80
    Write-Host "$computer | Port 80 open: $($result.TcpTestSucceeded)"
}

c. Incident Response:

# Example: Collecting system information after an incident
$systemInfo = Get-WmiObject Win32_ComputerSystem
$processes = Get-Process

Write-Host "System Information:"
Write-Host "Computer Name: $($systemInfo.Name)"
Write-Host "Total Processes: $($processes.Count)"

Sample Output:


PS C:\Users\ABC> Write-Host "Computer Name: $($systemInfo.Name)"
Computer Name: SWXXXXOY
PS C:\Users\ABC> Write-Host "Total Processes: $($processes.Count)"
Total Processes: 276
PS C:\Users\ABC>

These are simple examples, and in real-world scenarios, PowerShell scripts can be much more complex and tailored to specific cybersecurity tasks.

Free Microsoft training

Note: No affiliations here...

Cybersecurity frameworks

Swapan — Mon, 23 Oct 2023 20:01:24 +0000

What is CyberSecurity framework?

A cybersecurity frameworks describes guidelines, and standards/plan designed for cybersecurity and it's associated risk management. The frameworks intent is to reduce an organization's exposure to exploits and vulnerabilities that cyber-criminals may use.

NIST's Cybersecurity Framework is widely recognized, but there are other cybersecurity frameworks and standards that organizations may tailor and use. Below is a comparison of some of these frameworks, along with their common vs differentiating factors.

Common Factors: Most of the frameworks share a common area of focus which includes risk management, protection of digital assets, data security and aligning cybersecurity with organizational goals. Framework provides a structured approach for enhancing cybersecurity, and can be tailored to an organization's needs and risk apetite.

Differentiating Factors: The differences between the frameworks lie in the specific industry focus, level of prescriptiveness, and methodologies used. Some, like the NIST Framework and ISO/IEC 27001, are widely applicable across industries, while others, like HITRUST and CIS Controls, are more industry-specific. COBIT focuses on governance, while FAIR provides a unique quantitative risk analysis approach.

Framework / Standard	URL	Common Factors	Differentiating Factors	Example
NIST Cybersecurity Framework	NIST Cybersecurity Framework	- Risk-based approach - Core functions (Identify, Protect, Detect, Respond, Recover) - Tiered maturity model	- Highly adaptable for various industries - Broadly recognized and used globally	A manufacturing company uses NIST's framework to identify critical assets and vulnerabilities and develop a response plan for a potential cyberattack.
CIS Controls (Center for Internet Security)	CIS Controls	- Prioritized cybersecurity best practices - Focus on reducing the attack surface - Mapped to other frameworks (e.g., NIST, ISO 27001)	- More prescriptive in terms of specific controls - Targets specific security improvements	A financial institution may implement CIS Controls to reduce its attack impact by applying specific controls e.g. network segmentation and privilege management(role based access).
ISO/IEC 27001 (Information Security Management System)	ISO/IEC 27001	- Comprehensive information security management system - Risk management-based approach - Internationally recognized	- Highly structured and process-oriented	A global IT services company seeks ISO 27001 certification to establish a comprehensive information security management system and to meet international security standards to gain projects/recogniation.
COBIT (Control Objectives for Information and Related Technologies)	COBIT	- Governance framework for IT and cybersecurity - Aligns IT and business goals - Process improvement model	- Strong focus on governance and control objectives - Tailored specially for IT management and governance	A large corporation may use COBIT to ensure IT and business alignment by establishing governance practices and a maturity model for IT processes.
HITRUST Common Security Framework (CSF)	HITRUST CSF	- Healthcare-specific framework - Aligns with HIPAA and other healthcare regulations - Comprehensive controls for PHI protection	- Specifically designed for the healthcare industry - Requires HITRUST certification	A hospital may adopt HITRUST CSF to comply with HIPAA's security requirements and safeguard electronic health records (EHRs) effectively.
CIS RAM (Center for Internet Security Risk Assessment Method)	CIS RAM	- Risk assessment methodology - Aligns with CIS Controls - Provides guidelines for identifying and mitigating security risks	- Focused on risk assessment and mitigation - Works well in conjunction with other frameworks	A financial institution may use CIS RAM to perform a risk assessment on its digital banking platform and then applies CIS Controls to mitigate identified risks.
FAIR (Factor Analysis of Information Risk)	FAIR Institute	- Quantitative risk analysis methodology - Focus on understanding and managing information risk - Business-focused risk assessment	- Unique for its quantitative risk analysis approach - Tailored for organizations looking for deep risk analysis	A cybersecurity consulting firm may use FAIR to conduct a quantitative risk analysis for a financial client to assess the potential financial impact of a data breach accurately.
OWASP (Open Web Application Security Project)	OWASP	- Focus on web application security - Provides a Top Ten list of critical web application security risks - Offers tools and resources for developers and security professionals	- Specialized in web application security - Primarily for developers and security professionals in the context of web application development	A software development company may follow OWASP guidelines to identify and mitigate common web application security risks, such as SQL injection and cross-site scripting (XSS), during application development.

Please feel free to add ...

Harnessing Automation for Cybersecurity in 7 Steps

Swapan — Thu, 12 Oct 2023 13:10:00 +0000

Listen to Audio`

Note: Link opens in a different window

Automation is a friend and a workhorse for cybersecurity, specifically with the process of identifying and responding to already known security vulnerability/threats/exploit .
Below is a breakdown of the steps to achieve it:

Determine Your Detection Objectives:
- Identify the specific security threats and/or malicious activities we aim to identify, encompassing malware, unauthorized access attempts, and insider threats. Think about not letting anyone with out proper badge entering your office.
Choose and Deploy Specialized Threat Detection Tools:
- Select and install security software and solutions that align with your organization's need. This encompasses systems such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection System/Intrusion Prevention System), and advanced threat detection platforms.
Collect and Merge Data:
- Gather data from diverse sources, including system logs, network traffic, and endpoint information. Then, seamlessly integrate this data into your threat detection tools. Think about tools like LogRhythm, Splunk.
Formulate Detection Rules and Signatures:
- Craft unique detection rules, signatures, and use cases derived from known attack patterns and indicators of compromise (IoC). Check out sources like - MITRE ATT&CK, Snort.
Leverage Machine Learning and AI:
- Apply machine learning and artificial intelligence to pinpoint anomalies and novel threats. These technologies excel at identifying deviations from typical system behavior. Check out sources like - Darktrace, CyberAI.
Automate Alerting and Notifications:
- Configure automated alerting and notification mechanisms to promptly inform security team and/or incident response personnel when unusual activity is detected. Note: Have an Business Continuity/Disaster Recovery and Incident Response Plan Ready
Automate Incident Analysis and Prioritization:
- Streamline the initial analysis and prioritization of identified threats. Classify incidents based on their severity and potential impact.
Implement Response Automation:
- Embed automated response measures for common threats. For instance, one can automate the isolation of compromised systems or the blocking of malicious IP addresses or use network segementaion. .
Sustain Ongoing Monitoring and Enhancement:
- Continously monitor the "automated threat detection system" and ensure it remains current by adding new detection rules, AI models, and response protocols as required. Regularly scrutinize and address false positives and false negatives to refine accuracy.

By following above steps, organizations may enhance their cybersecurity defenses, but important part is to keep the software and infrastructure updated to the latest patch and keep updating the defection rules/

Cybersecurity Resources for beginners

Swapan — Wed, 11 Oct 2023 19:26:51 +0000

Looking for cybersecurity resources to get started ?

Below are some of the sources providing quality information on security.

Please add your fav...

Cybersecurity Blogs and News Websites:
- Websites like Dark Reading, Krebs on Security, and The Hacker News regularly publish articles and news on cybersecurity trends, including automation.
Cybersecurity Organizations:
- Check out resources from reputable organizations like The National Institute of Standards and Technology (NIST), The Center for Internet Security (CIS), and The Cybersecurity and Infrastructure Security Agency (CISA) for cybersecurity guidelines and best practices, some of which may relate to automation.
Cybersecurity Forums and Communities:
- Platforms like Reddit's /r/cybersecurity and Cyber Security Forum often feature discussions and resources related to automation in cybersecurity.
Cybersecurity Research Papers and Journals:
- Look into academic journals and research papers through platforms like Google Scholar to find in-depth studies on various aspects of cybersecurity automation.
Online Courses and Tutorials:
- Websites like Coursera, edX, and Cybrary offer courses on cybersecurity, including automation topics.
YouTube Channels:
- There are many YouTube channels dedicated to cybersecurity, such as Hak5 and The Cyber Mentor, which offer video tutorials and discussions on automation in cybersecurity.
Conferences and Webinars:
- Many cybersecurity conferences and webinars cover automation topics. Keep an eye on events like Black Hat, DEFCON, and RSA Conference for relevant sessions and presentations.

Remember to verify the credibility of the sources you explore and keep up-to-date with the latest trends and developments in cybersecurity automation to ensure the security of your systems and data.
Happy Sharing :)

Demystifying Explainable Artificial Intelligence (XAI)

Swapan — Tue, 10 Oct 2023 22:07:56 +0000

Artificial Intelligence (AI) and machine learning are influencing our day to day decisions, there's a growing need for transparency and trust. The term "Explainable Artificial Intelligence" or XAI has been coined by DARPA (the Defence Advanced Research Project Agency) as a research initiative to unravel one of the critical shortcomings of AI.

XAI is not just a buzzword; it's a set of processes and methods that allow human users to comprehend and trust the results and output created by machine learning algorithms. In this post, we'll delve into the world of XAI and why it's relevant in today's AI landscape.

The Challenge of the AI Black Box

Imagine people making a critical decision based on a suggestion generated by an AI system. It could be a medical diagnosis, a financial investment, or could even be a legal judgment. The AI system provides "the answer", but it does so as if it were pulling results from a black box. You see the output, but you have no insight into how the AI arrived at that conclusion. It's a challenge known as the "AI black box."

The AI black box conundrum presents several problems:

Lack of Trust: Users are hesitant to trust AI systems when they don't understand their decision-making processes. This lack of trust can hinder AI adoption.
Bias and Fairness: AI algorithms can unintentionally perpetuate biases present in the training data. Without transparency, it's challenging to identify and mitigate these biases.
Compliance and Regulation: In highly regulated industries, such as finance and healthcare, there's a need to demonstrate compliance with laws and regulations. An AI black box makes this task daunting.

Contrasting AI with XAI

What sets "conventional" AI apart from explainable AI?

Explainable AI employs precise techniques and approaches to guarantee that every decision taken during the machine learning process can be tracked and clarified. In contrast, AI often produces outcomes through machine learning algorithms using historic data, books etc, yet the creators of AI systems may not possess a comprehensive understanding of how the algorithm arrived at that outcome. This creates challenges in verifying accuracy and results in a deficiency of oversight, responsibility, and the ability to conduct audits.

The Role of XAI

This is where Explainable AI, or XAI, comes into play. XAI is a framework designed to make AI models more interpretable, transparent, and ultimately trustworthy. It aims to answer questions like:

Why did the AI make this decision?
What factors or data influenced the outcome?
How confident is the AI in its decision?

XAI techniques use a variety of methods to provide these answers, making AI more transparent and accountable. Here are a few common XAI techniques:

Feature Importance:

XAI methods can reveal which features (variables) had the most significant influence on the AI's decision. This helps users understand the factors that led to a particular output.

Local Explanations:

For specific predictions or decisions, XAI provides localized explanations, highlighting the key factors contributing to that particular result.

Sensitivity Analysis:

Sensitivity analysis assesses how changes in input data impact the AI's output. It demonstrates how robust the model is to variations in data.

Rule-Based Models:

Some XAI approaches use rule-based models to create human-understandable decision rules. These models are inherently transparent.

Real-World Applications of XAI

XAI is not just a theoretical concept; it's already finding applications in various domains:

Healthcare: XAI is used to explain medical diagnoses, providing doctors with insights into the factors contributing to a patient's condition.
Finance: In the world of finance, XAI helps explain risk assessment models, making them more transparent and compliant with regulations.
Legal: XAI aids in legal decisions by providing explanations for judgments, enabling lawyers and judges to understand and validate AI-generated legal recommendations.
Autonomous Vehicles: For self-driving cars, XAI can explain why the vehicle made a specific decision, enhancing safety and trust.

The Road Ahead

Explainable Artificial Intelligence is not just a "good to have feature"; it's a necessity. As AI becomes more integrated into our lives, we need to ensure they are understandable, accountable, and most importantly trustworthy. XAI is the key to unlocking this potential, making AI more than just a black box of answers. It's about making AI a tool that empowers us with knowledge, transparency, and control. With XAI, we have the opportunity to harness the full potential of AI while keeping it aligned with our human values and expectations.

Reference: https://www.ibm.com/topics/explainable-ai

AI Hallucination: Exploring the Frontiers of Creativity and Concern in Healthcare and Beyond.

Swapan — Thu, 05 Oct 2023 21:58:12 +0000

Introduction

Artificial Intelligence (AI) has made inroads in various domains, revolutionizing the way we interact and use technology. One intriguing facet of AI is its ability to generate content that stretches the boundaries of creativity, a phenomenon often referred to as "AI hallucination." In this article, we delve into the concept of AI hallucination, exploring its applications and implications in healthcare and other domains.

Definition : AI Hallucination
An AI hallucination is when a generative AI model generates inaccurate information as if it were correct.

AI Hallucination: A Brief Overview

AI hallucination is the ability of AI systems to produce content that is imaginative, creative, and sometimes indistinguishable from any human-generated content. It involves AI generating text, images, audio, and videos that appear real and authentic but are entirely fabricated.

AI Hallucination in Healthcare

In healthcare, AI hallucination has shown immense promise and posed ethical challenges. Here are some key areas where it has made an impact:

Medical Imaging: AI-powered systems can generate enhanced medical images, highlighting anomalies or areas of interest. For instance, AI algorithms can create detailed and colorful renditions of MRI scans, which could aid in diagnosis and treatment.
Drug Discovery: AI models can generate new molecules with potential therapeutic properties. By simulating chemical structures and their interactions, AI could accelerate drug discovery by suggesting novel compounds for further study.
Patient Data Generation: AI can generate synthetic patient data for research and testing purposes. While this aids in maintaining privacy, it raises concerns about the authenticity of data and its implications for research validity.

AI Hallucination Beyond Healthcare

AI hallucination isn't limited to healthcare; it spans across various domains:

Art and Design: AI-generated artwork, music compositions, and even poetry have gained recognition. Examples include the AI-generated "Portrait of Edmond de Belamy" and music composed by AI systems like OpenAI's MuseNet.
Content Creation: AI-generated articles, stories, and social media posts are becoming increasingly prevalent. These can be used for automating content generation in marketing and journalism.
Entertainment: Deepfake technology, a form of AI hallucination, has been used to create realistic-looking videos that place actors into scenes they were never part of, thus reshaping the entertainment industry.

The flip side

Dangers of Personal AI Provider
Unlike a human, doctor, who spends decades of formal studies to practice medicine, AI Provider, scans through the records of previously generated medical journals, articles, and books, understands patterns, and calls out remedies. If the remedies are taken as if without proper consultation with the provider the results could be devastating.

Ethical Concerns

While AI hallucination offers exciting possibilities, it raises ethical concerns. Deepfakes can be used for misinformation or identity theft. In healthcare, synthetic data must be carefully regulated to prevent biases and ensure patient privacy.

Conclusion

AI hallucination is a fascinating facet of AI, showcasing the machine's ability to mimic human creativity. In healthcare, it has the potential to revolutionize diagnostics and drug discovery. However, ethical considerations must guide its development and use. Beyond healthcare, AI hallucination is altering the landscape of art, entertainment, and content creation, underscoring both its potential and the need for responsible practices.

As AI continues to evolve, understanding the implications of AI hallucination across diverse domains becomes increasingly important, balancing innovation with ethical responsibility.

Writing a JIRA User Story with example

Swapan — Tue, 06 Jun 2023 18:11:05 +0000

We will use this problem statement:
Write business and technical tasks for a web portal and mobie application for "Living Will" for the state of Georgia, USA with using blockchain and we follow JIRA pattern of writing a story.

We will use Gherkin to write user story, in general we write only business purpose story, but it's good to write or add enabler (Technical task) to meet business needs.

Assumption
Portal and app exists

Business User Story

Title: Create Living Will Document
Description: As a user in the state of Georgia, I want to create a Living Will document through the web portal or mobile application, so that I can legally specify my preferences in the event that I am unable to communicate my wishes.
Acceptance Criteria:

Given I am a registered user in Georgia
When I access the web portal or mobile application
Then I should be able to initiate the creation of a Living Will document
And I should be guided through a series of questions to specify my preferences
And I should be able to save and submit the completed Living Will document

Technical Task:

Title: Implement Blockchain Integration for Living Will Documents
Description: As a developer, I need to integrate blockchain technology into the web portal and mobile application for the Living Will service in Georgia, so that the documents can be securely stored, tamper-proof, and accessible by authorized parties.
Acceptance Criteria:

Given a Living Will document is created by a user
When the document is submitted
Then the document data should be encrypted and stored on the blockchain
And the blockchain transaction ID should be associated with the document for verification
And the document should only be accessible to authorized parties with proper authentication and authorization

Non-Functional Requirements:

Security: The web portal and mobile application should employ secure authentication and data encryption mechanisms to protect user information and Living Will documents.
Performance: The system should be able to handle a large number of concurrent users without significant degradation in response time or system availability.
Scalability: The architecture should be designed to handle future growth and increased user load by scaling horizontally or vertically as needed.
Reliability: The system should have high availability and minimal downtime to ensure that users can access and manage their Living Will documents at any time.
Compliance: The solution should adhere to the relevant state laws and regulations for Living Will documents in Georgia, including data privacy and consent requirements.
Usability: The web portal and mobile application should have an intuitive user interface, providing clear instructions and guidance to users throughout the process of creating and managing Living Will documents.
Accessibility: The system should be accessible to users with disabilities, conforming to accessibility guidelines and standards.
Maintainability: The codebase should be modular, well-documented, and maintainable to facilitate future enhancements, bug fixes, and system updates.

Please feel free to reach out or comment.

Machine learning -Gradient Boosting Algorithms / Ensemble learning

Swapan — Tue, 05 Jul 2022 17:40:43 +0000

This post cover's Machine learning algorithms with examples.

Topics covered :

1. What is Boosting ?

2. What is a Boosting Algorithms ?

3. Examples of Boosting Algorithm

For end to end implementation refer to : HealthCare Predicting Length of stay with boosting algorithms

Git Hub to pull the code : Github/swapanroy

1. What is Boosting ?

Boosting ("to Boost", in english meaning help or encourage to increase or improve.) is a method used in machine learning to improve machine models' predictive accuracy and performance.

2. What is a Boosting Algorithms ?

Ensemble learning or boosting has become one of the most promising approaches in machine learning domain. The ensemble method is based on the principle of generating multiple predictions and average voting among individual classifiers.

Two implementation of Boosting Algorithm

AdaBoost

AdaBoost or Adaptive Boosting is the Boosting ensemble model,a statistical classification meta-algorithm refers to a particular method of training a boosted classifier. The method automatically adjusts its parameters to the data based on the actual performance in the current iteration.

CATBoost

CATBoost - Provides a gradient boosting framework which among other features attempts to solve for Categorical features using a permutation driven alternative compared to the classical algorithm. Catboost calculates the residual of each data point and uses the model trained with other data. In this way, each data point gets different residual data. These data are evaluated as targets, and the training times of the general model are as many as the number of iterations. Since many models will be implemented by definition, this computational complexity seems very expensive and takes too much time.

Python implemenation will use Sklearn and Catboost library

Data Source: Kaggle- HealthCare data to predict length of stay

Key Libraries

Libraries needed for data Analysis

import pandas as pd import numpy as np

Libraries needed for models and visualization

import matplotlib.pyplot as plt import seaborn as sns

Libraries needed for pre-processing

from sklearn.preprocessing import LabelEncoder from sklearn.preprocessing import StandardScaler

Libraries needed for models

from sklearn.ensemble import AdaBoostClassifier from catboost import CatBoostClassifier, Pool from catboost.utils import get_confusion_matrix

Libraries needed for validation

from sklearn.metrics import confusion_matrix, classification_report, make_scorer, accuracy_score from sklearn.model_selection import cross_val_score, train_test_split`

Read data and pre-process data for models

`df_train=pd.read_csv('../input/av-healthcare-analytics-ii/healthcare/train_data.csv',sep=',')

'plt.figure(figsize=(20,5))
x = sns.countplot(df_train['Stay'], order = df_train['Stay'].value_counts().index)
for i in x.containers:
x.bar_label(i,)'

Merging Train and Test on multi dimention to pre-process data.

df_merge = [df_train, df_test] df_merge[0]

Binning

age_value = {'0-10': 0, '11-20': 1, '21-30': 2, '31-40': 3, '41-50': 4, '51-60': 5, '61-70': 6, '71-80': 7, '81-90': 8, '91-100': 9} stay_value = {'0-10': 0, '11-20': 1, '21-30': 2, '31-40': 3, '41-50': 4, '51-60': 5, '61-70': 6, '71-80': 7, '81-90': 8, '91-100': 9, 'More than 100 Days': 10}

Replacing Age and Stay with Int values

df_merge[0]['Age'] = df_merge[0]['Age'].replace(age_value.keys(), age_value.values()) df_merge[0]['Stay'] = df_merge[0]['Stay'].replace(stay_value.keys(), stay_value.values()) df_merge[1]['Age'] = df_merge[1]['Age'].replace(age_value.keys(), age_value.values())

Applying Adaboost classifier

An AdaBoost classifier is a meta-estimator that begins by fitting a classifier on the original dataset and then fits additional copies of the classifier on the same dataset but where the weights of error classified instances are adjusted.

ada_classifier = AdaBoostClassifier(n_estimators=5)
ada_classifier.fit(X_train, y_train)
pred_ada = ada_classifier.predict(X_test)

# Cross-validation
scores = cross_val_score(ada_classifier,X_test,y_test, cv=12)
print('Accuracy score',round(scores.mean() * 100,2))
print('Confusion Matrix\n',confusion_matrix(y_test, pred_ada))

Accuracy score 33.8

Applying CatBoost - Gradient Algorithm

Gradient boosting algorithm works by building simpler (weak) prediction models sequentially where each model tries to predict the error left over by the previous model. It find uses in search, recommendation systems, personal assistant, self-driving cars, weather prediction.

Important Parameters of CatBoost Model

iterations - It accepts integer specifying the number of trees to train. The default is 1000.
learning_rate - It specifies the learning rate during the training process. The default is 0.03.
l2_leaf_reg - It accepts float specifying coefficient of L2 regularization of a loss function. The default value is 3.
loss_function - It accepts string specifying metric used during training. The gradient boosting algorithm will try to minimize/maximize loss function output depending on the situation.
eval_metric - It accepts string specifying metric to evaluate on evaluation set given during training. It has the same options as that of loss_function.

model = CatBoostClassifier(iterations=1000,
                           learning_rate=0.3,
                           depth=10,
                           l2_leaf_reg = 3,
                           random_strength =2,
                           loss_function='MultiClass',
                           eval_metric='MultiClass')

fitting model and predicting accuracy

model.fit(X_train,
          y_train,
          eval_set=eval_dataset,
          verbose=True)

print(model.get_best_score())
cm = get_confusion_matrix(model, eval_dataset)
print(cm)
predict_accuracy_on_test_set = (cm[0,0] + cm[1,1])/(cm[0,0] + cm[1,1]+cm[1,0] + cm[0,1])
ax = sns.heatmap(cm, linewidth=1)
plt.show()
print("catboost Acc : ", predict_accuracy_on_test_set)

Accuracy : 0.40188104509483735

References:
https://scikit-learn.org/stable/modules/generated/sklearn.ensemble.AdaBoostClassifier.html

https://github.com/catboost/catboost

Photo by Jen Theodore on Unsplash

Installing Hyperledger Fabric on windows and Deploy /Start chain code

Swapan — Wed, 15 Jun 2022 21:35:41 +0000

Windows Installation

Below are the instructions to intall and run chain code on a windows machine.
For this installation, you should be prepared for some obstacles as installation on windows is not simple.

Pre-reqs

• Docker (https://docs.docker.com/desktop/windows/install/)
• cURL (https://curl.se/download.html)
• Go (https://go.dev/dl/)
• Node.js (https://nodejs.org/en/download/)
• Git (https://git-scm.com)

Download, if needed and check on each pre-requisite item

Validatation for pre-reqs

Run command prompt in admin mode (cmd) check all installations

cURL Version

docker version

git version

go version

Node version

npm version

Let's proceed to install other items

WSL (https://docs.microsoft.com/en-us/windows/wsl/install)
Use this command to install Windows Subsystem for Linux (WSL) - wsl –install
To update : WSL2 Linux kernel update package for x64 machines (https://wslstorestorage.blob.core.windows.net/wslblob/wsl_update_x64.msi)

Use this command to validate installation wsl -l -v
Check Windows Feature if it has been installed, do check the Virtual Machine Platform, if not done set.

WSL and Virtual Machine Platform

Once done, log in Microsoft app store and download Ubantu and Windows Terminal
Run Windows Terminal under Admin mode
Below screen shows, how it looks after installation.
Note: Open Windows Terminal in Admin mode

Once Ubantu starts, it will ask for username and password.
Ubantu is picky with user names.. just like Unix, it needs to start with lower case (https://www.oreilly.com/library/view/practical-unix-and/0596003234/ch04s01.html)

Docker desktop app start

Run docker under admin mode and under setting-> resources see that Ubantu is selected (First time users, will have to create docker hub ID)
Make sure

WSL 2 is checked
Ubantu is being referenced

Enable Ubantu on docker container

Installing Hyperledger Fabric and Binaries

• Clone the hyperledger/fabric-samples repository.
I’m installing Hyperledger fabric version 2.2.0
curl -sSL http://bit.ly/2ysbOFE | bash -s -- <fabric_version> <fabric-ca_version> <thirdparty_version>
curl -sSL http://bit.ly/2ysbOFE | bash -s -- 2.2.0 1.4.9 0.4.22

Read this doc before you move ahead (https://hyperledger-fabric.readthedocs.io/en/release-1.4/developapps/scenario.html)

Read this doc to aid in testing (https://hyperledger-fabric.readthedocs.io/en/release-2.2/test_network.html)
cd fabric-samples/test-network

Step by step testing and running chain code

Probe the folder ls

Start the network with script file ./network.sh up
Note: run ./network.sh down to take anything running down on docker.
check existing processes running by using : docker ps -a

Create mychannel ./network.sh up createChannel

Deploying the chain code ./network.sh deployCC -ccn basic -ccp ../asset-transfer-basic/chaincode-javascript -ccl javascript

Docker container showing images created

Note: in the end run ./network.sh down to stop process. Check docker's to confirm all processes are stopped..

Translate to Braille

Swapan — Thu, 16 Sep 2021 20:29:12 +0000

In 2015, there were an estimated 253 million people with visual impairment worldwide. Of these, 36 million were blind and a further 217 million had moderate to severe visual impairment (MSVI). Many blind people use Braille for reading purposes.
Braille is the world's most popular tactile reading and writing system.
In the below program, I have shown a way to convert English to Braille, another program, I’m working on is to convert image to speech.
Program takes into account alphabets, numbers, puntuations and symbols.

Created using Python 3.9 (Latest version) -download here

Defining translation values based on Grade 1 Braille

   alphaBraille = ['⠁', '⠃', '⠉', '⠙', '⠑', '⠋', '⠛', 
   '⠓', '⠊', '⠚', '⠅', '⠇','⠍', '⠝', '⠕', '⠏', '⠟', '⠗', 
   '⠎', '⠞', '⠥', '⠧', '⠺', '⠭', '⠽', '⠵', ' ']
   numBraille = ['⠼⠁', '⠼⠃', '⠼⠉', '⠼⠙', '⠼⠑', '⠼⠋', 
   '⠼⠛', '⠼⠓', '⠼⠊', '⠼⠚']
   alphabet = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 
    'j', 'k', 'l', 'm','n', 'o', 'p', 'q', 'r', 's', 't', 
    'u', 'v', 'w', 'x', 'y', 'z', ' ']
   nums = ['1', '2', '3', '4', '5', '6', '7', '8', '9','0']

Logic

    if len(translateToBraille) > 0 : 
    for n in translateToBraille.lower():
        if n in alphabet:
            inputString += alphaBraille[alphabet.index(n)]
        elif n in nums:
            inputString += numBraille[nums.index(n)]
        elif n in puntuation:
            inputString += puntuationBraille[puntuation.index(n)]
        elif n in character:
            inputString += characterBraille[character.index(n)]
    print(inputString)

To test our cases

translateToBraille = 'This is good day & Tony what are you planning to do @ the mall ?'

Output

Code in Github
Reach me on my Twitter

Note: Thanks to Paul for this photo via @unsplash 🎁

Other item to look into:

Currency Converter with Python

Swapan ・ May 3 '21

#python #ui #devjournal #forex

GUI Dictionary using api calls in python (with pronunciation)

Swapan ・ May 8 '21

#python #dictonary #watercooler #vscode