Search  English (United States) Hrvatski (Hrvatska)

innovative promotional partnershipArtificial Intelligence towards EU Multilingualism

Technical co-sponsorship

Hybrid Event
Event program
Tuesday, 5/23/2023 10:30 AM - 1:00 PM,
Collegium, Grand hotel Adriatic, Opatija
10:30 AM - 1:00 PMPapers 
1.G. Marvin (dSPACE Engineering d.o.o., Zagreb, Croatia)
The Latest Developments and Future Perspectives of Artificial Intelligence Systems for In-Vehicle Communication Intrusion Detection 
CAN (Controller Area Network) is a message-based protocol that achieves communication by the exchange of packets of data between devices on the network. The protocol is widely used for in-vehicle communication in the automotive industry as it is designed to be robust, able to handle a high rate of data transfer, and tolerant of the electrical noise. However, the original CAN implementation lacks built in security mechanisms which makes it vulnerable to intrusion attacks that can be detrimental to the driver or the system itself. With the very rapid evolution of Artificial Intelligence (AI) various Intrusion Detection Systems (IDS) have been developed to tackle the problem of detecting these attacks. In controlled environment, the new technology makes very fast and accurate attack detection possible. This article surveys several approaches that introduce State of The Art methodologies (SoA) in the field of AI based IDS. A comparison of various known attacks, detection techniques on available benchmark datasets, and a few advanced improvements of current security implementations and limitations are emphasized.
2.M. Kaniški, J. Dobša, D. Kermek (Fakultet organizacije i informatike, Varaždin, Croatia)
Deep Learning within the Web Application Security Scope – Literature Review 
Over the last few years, several breakthroughs in deep learning have contributed to the development of new models. One of many areas they are applied to is the web application security scope. Web applications are still one of the biggest information and business security threats. Requests sent to the Web application are divided into normal and malicious. Malicious requests contain a payload that exploits a discovered vulnerability. Detection of Web attacks can be reduced to natural language processing classification problem. Lately, pre-trained models on Transformer neural networks showed promising results in the detection of Web attacks. In development of models preprocessing step of data preparation is crucial. After preparation of good datasets and application of powerful models it is very important to evaluate and compare performance of algorithms. The goal of this paper is to conduct an overview of the deep learning methods used for Web attack detection. The research is conducted by querying scientific databases, analyzing relevant articles within the security scope and summarizing the proposed state-of-the-art approaches. Also, open problems will be emphasized, as well as challenges and possibly new opportunities for the future research.
3.I. Tomicic (Fakultet organizacije i informatike Varaždin, Varaždin, Croatia)
Social Engineering Aspects of Email Phishing: An Overview and Taxonomy 
Numerous online resources and reports are pointing to the growing effectiveness of email phishing techniques, with some of those indicating for example that 85% of IT breaches involved the human element, and that 96% or social attacks arrive via email. Phishing is a common occurrence, and a significantly successful one. While most of the available research on phishing involves phishing detection, prevention, filtering, anti-phishing tools, techniques and countermeasures, and the remaining body of research is tackling phishing and social engineering in a (too) generic and broad contexts, this paper will propose a focused effort to identify the specific groups of techniques that attackers are using in email phishing, and the principles which run "behind the scenes" that make these attacks successful. Thus, the goal of this paper is threefold: (1) to propose a taxonomy of the observed email phishing techniques, (2) to associate the principles and factors of influence with observed techniques and shed light behind their effectiveness, and (3) to raise awareness and lay grounds towards working on the model of human resilience against these manipulative forms of cyber attacks.
4.R. Carlsson, T. Heino, S. Rauti (University of Turku, Turku, Finland)
Data Leaks to Third Parties in Web Services for Vulnerable Groups 
Third-party analytics services are increasingly being used to improve sales and usability of websites. While these services often have great value for companies and organizations using them, they also rise privacy issues. When information is gathered using third-party analytics, third parties also receive lots of personal data about users. This is often especially true for many vulnerable groups who may be forced the use online services instead of on-site services, such as the elderly, people with medical issues, or people living in remote locations. We conduct a comprehensive study of 15 Finnish web services often used by vulnerable groups by analyzing their network traffic. Our findings show most of these services use third-party analytics and, despite their delicate nature, send highly sensitive personal data to third parties. The study also discusses the implications of the found data leakages and offers some recommendations on how to improve privacy of online services from a software engineering point of view.
5.R. Carlsson (University of Turku, Turku, Finland), S. Laato (Tampere University, Tampere, Finland), T. Heino, V. Leppänen, S. Rauti (University of Turku, Turku, Finland)
Privacy in Popular Children's Mobile Applications: A Network Traffic Analysis 
Children increasingly download and use mobile applications from marketplaces such as Apple's App Store or Google Play Store. One would expect that applications intended for children are free of third-party analytics, or at least make sure parents give their consent for collecting personal data from children. In this study, we performed an in-depht technical analysis of a representative snapshot (n=15) of applications from Google Play Store aimed at children (age group classifications 0-5, 6-8 and 9-12). We recorded the network traffic of these applications and compared it to the privacy policies of the applications. Across the applications, we noticed that a significant number (13/15) were delivering more information about the users to various third parties than they admitted in their privacy policies. We elaborate on the implications of our findings on user privacy and discuss strategies for preserving privacy particularly for sensitive audiences such as children.
6.D. Pranić (Atlantic Grupa d.d., Zagreb, Croatia)
Analysis of DMARC Implementation in Republic of Croatia 
Many security reports and analyses continuously emphasize email service as the cause or starting point of numerous security incidents. The insecurity of email service results in a steady increase in financial fraud caused by compromising user accounts. The use of more advanced authentication protocols such as DMARC, significantly reduces the risk of these threats. The DMARC protocol and its role in improving email service authentication will be explained in detail. Numerous advantages of the DMARC protocol and implementation challenges will be highlighted. The extent to which DMARC is applied in Republic of Croatia will be shown by an analysis of DMARC implementation at most important companies per total income and relevant entities of public sector. Analysis will show how much are private companies and public sector focused on security of email service and will give an insight into the DMARC complexity.
Tuesday, 5/23/2023 4:00 PM - 6:30 PM,
Collegium, Grand hotel Adriatic, Opatija
4:00 PM - 6:30 PMPapers 
1.A. Kerr, T. Hynninen (South-Eastern Finland University of Applied Sciences, Mikkeli, Finland)
Towards Improving Online Security Awareness Skills with Phishing and Spoofing Labs 
It can be especially hard for novices to examine their online browsing habits, or to be aware of the dangers related to online security. In this paper, we describe laboratory exercises designed to improve awareness of online security, in addition to teaching cybersecurity knowledge and skills. The exercises were used as a part of an information security fundamentals course for IT students with none or only novice experience in the field. These lessons are suitable for both delivery in the classroom and online in a virtual laboratory environment. The exercises were developed using the design science research methodology (DSR). Following DSR principles, the evaluation of the developed material was done by extracting observations from student reports. The thematic analysis method was used to process the data. The evaluation of the student learning reports revealed that the labs and the course were successful in the following ways: Improving security knowledge, improving critical thinking skills, and improving security awareness. Additionally, the material was perceived as useful for future working life.
2.T. Selker, J. Pelletier (Rochester Institute of Technology, Rochester, United States)
Secure, Accessible, Virtual Voting Infrastructure (SAVVI): Reducing Barriers for Disabled and Overseas Voters 
We describe a way to deploy a secured ballot return for overseas, vision, or dexterity-impaired voters. SAVVI is a secure, accessible, virtual voting infrastructure. It uses multiple communication channels with synchronized multi–factor authentication, encryption, and hashing to preserve privacy, confidentiality, and vote integrity. Our usability goal is to supply voters easy access to a hardened system that will present secure instances of their familiar browser and email clients. A key to its viability is synchronizing authentication through two low tech verifications such as phone calls. This strives to enhance security and usability for remote voting by mimicking best practices for in-person polling place procedures. Other more standard cryptographic measures include layered encryption and dynamically provisioning a secure virtual container–a virtual voting machine (VVM)–to process each ballot. In aggregate, the design of SAVVI seeks to allow remote voting while reducing difficulty for the voter, programming complexity for the election administrator, and material procurement for the voting authority.
3.V. Pagon, B. Skendrović, I. Kovačević (Fakultet elektrotehnike i računarstva, Zagreb, Croatia)
JavaScript Library Version Detection 
There are more than 1.6 billion websites today, and almost every one of them uses JavaScript libraries. Knowing that, it's very important to show problems that occur as a result of not paying enough attention to security, such as using outdated versions of JavaScript libraries, insecure libraries, and so on. This paper describes created algorithm for JavaScript library version detection. Algorithm detects version of an unknown JavaScript library based on differences between neighboring library versions. It's designed in such a way that it can be run periodically and automatically on the server. The paper also presents results and efficiency of the algorithm on a smaller set of data collected from the Croatian Web space. The success of the algorithm in detecting the correct version is about 50\%, and the range of probable versions is an additional 25\%. From these results, i.e. the detected versions, it is evident that the JavaScript libraries used on the websites of the Croatian web space are not regularly updated. Limitations and also possible potential improvements of the algorithm are listed at the end of the paper.
4.S. Lončarević, I. Kovačević, S. Groš (Fakultet elektrotehnike i računarstva, Zagreb, Croatia)
Detecting JavaScript Libraries Using Identifiers and Hashes 
The web is a widespread platform for data exchange and service delivery on which many depend. Due to the high demand for website creation, methods are offered that provide more time-efficient design and programming. One of them comes down to using JavaScript libraries which can introduce vulnerabilities into web applications. Due to the sheer number of websites, as well as libraries and their vulnerabilities, it is difficult to maintain security. There is a need to create tools that will automatically and proactively search for vulnerable libraries and enable timely remediation. Therefore, this paper deals with the given problem and provides an insight into the implemented solution. Paper describes how JavaScript libraries are obtained and used, and multiple methods for detecting them. The technical side of the implementation is presented, as well as the results obtained by detecting libraries on a set of web pages from the Croatian web space. Also, the usage distribution of popular libraries and their vulnerabilities is shown. The limitations observed during the implementation were commented on, as well as their potential solutions with the aim of improving the project.
5.T. Dujmović, B. Skendrović, S. Groš (Fakultet elektrotehnike i računarstva, Zagreb, Croatia)
Detection and Analysis of Obfuscated and Minified JavaScript in Croatian Web Space 
JavaScript libraries allow for faster and easier programming of web content. In order to conceal know-how secrets and malicious code, obfuscation is used. Obfuscation is a deliberate act of reshaping something to make it harder to understand. Commonly used obfuscators provide many methods that produce different obfuscated versions of the same source code. Minification has similar techniques to obfuscation, but unlike obfuscation, minification reduces the size of the code, which speeds it up and is its primary functionality. This paper provides an overview of obfuscation and minification and the methods therein. The developed software tool uses regex, entropy and word size to detect and distinguish minified and obfuscated JavaScript libraries. The result of running the software tool on a database of pages in the Croatian web space is presented. The results show a high presence of minified and a small number of obfuscated JavaScript libraries. This automated detection has proven to be faster and in some cases more accurate than manual detection of obfuscation and minification. Observed problems with the tool implementation are commented on and potential improvements are discussed at the end of the paper.
6.D. Lawal, D. Gresty, D. Gan (University of Greenwich, London, United Kingdom)
Forensic Implication of a Cyber-Enabled Fraud Taking Advantage of an Offline Adversary-in-the-Middle (AiTM) Attack 
Many computer users utilise the High-Definition Multimedia Interface (HDMI) for connecting external displays as this interface is common on modern computers. This work investigates the feasibility of performing an offline adversary-in-the-middle attack with a portable programmable device such as the Screen Crab which leverages the HDMI interface to covertly capture information being sent to the external display. This work also addresses the possibility of such attacks being carried out as a part of the reconnaissance phase of a wider attack or being carried out as a standalone attack for data exfiltration, data theft, or espionage. Among the operational observations of the Screen Crab while it was exfiltrating data include its property of being storage and process efficient. In addition, there were no indicators on the external display (e.g., quality drop, lag/latency) to suggest to the target user that any form of tampering had been done to their machine. This paper also shows how it might be difficult for forensic analysts to detect the use of this device which poses a risk of the target user (victim) being falsely accused, or wrongly prosecuted for divulging sensitive or classified information in this kind of situations.
7.I. Spoljaric, D. Delija, G. Sirovatka (Zagreb University of Applied Sciences, Zagreb, Croatia)
The Forensic Significance of Indexing Applications on the Windows Operating System 
During the forensic analysis of the Windows operating system and the search for the existence of suspicious files, applications or artifacts of the operating system, the process of recovering deleted data is very often done. Considering the increasing prevalence of fast, solid-state hard disks (SSD) SATA or NVMe interfaces in personal computers and taking into account properties such as wear leveling and garbage collection of solid-state hard disks, it is significantly more difficult to recover deleted data as well as to prove the startup and the presence of suspicious files on the attacker's or victim's computer. This article analyzes the Windows Search feature of the Windows operating system with the associated Windows.edb file as well as 3rd party operating system file indexing applications to find records of suspicious files, metadata, applications and their activities relevant to forensic analysis.
8.M. Knezovic, D. Delija, M. Zagar, G. Sirovatka, D. Možnik (Zagreb University of Applied Sciences, Zageb, Croatia)
Implementation of Biometric Verification of a Fingerprint Whose Image is Taken from a Glass Surface 
Biometric systems often use the comparison of fingerprint characteristics for authentication and identification of persons, especially in mobile devices. This paper presents the procedures, devices, tools and algorithms that, with the use of non-forensic specialized devices, successfully capture a fingerprint from a curved glass surface using a mobile phone's digital camera and create a 3D model of the fingerprint that successfully unlocks a Samsung Android mobile device.

Basic information:

Stjepan Groš (Croatia), Tonimir Kišasondi (Croatia)

Registration / Fees:

Price in EUR
Up to 8 May 2023
From 9 May 2023
Members of MIPRO and IEEE 230 260
Students (undergraduate and graduate), primary and secondary school teachers 120 140
Others 250 280

The discount doesn't apply to PhD students.


Stjepan Gros
University of Zagreb
Faculty of Electrical Engineering and Computing
Unska 3
HR-10000 Zagreb, Croatia


The best papers will get a special award.
Accepted papers will be published in the ISSN registered conference proceedings. Presented papers in English will be submitted for inclusion in the IEEE Xplore Digital Library.
There is a possibility that the selected scientific papers with some further modification and refinement are being published in the following journals: Journal of Computing and Information Technology (CIT)MDPI Applied ScienceMDPI Information JournalFrontiers and EAI Endorsed Transaction on Scalable Information Systems.


Opatija is the leading seaside resort of the Eastern Adriatic and one of the most famous tourist destinations on the Mediterranean. With its aristocratic architecture and style, Opatija has been attracting artists, kings, politicians, scientists, sportsmen, as well as business people, bankers and managers for more than 170 years.

The tourist offer in Opatija includes a vast number of hotels, excellent restaurants, entertainment venues, art festivals, superb modern and classical music concerts, beaches and swimming pools – this city satisfies all wishes and demands.

Opatija, the Queen of the Adriatic, is also one of the most prominent congress cities in the Mediterranean, particularly important for its ICT conventions, one of which is MIPRO, which has been held in Opatija since 1979, and has attracted more than a thousand participants from over forty countries. These conventions promote Opatija as one of the most desirable technological, business, educational and scientific centers in South-eastern Europe and the European Union in general.

For more details, please visit and

News about event
Currently there are no news
Patrons - random
HATZUNIPUT-HT ZagrebHEP ZagrebSveučilište u Zagrebu