Security Ontology for Adaptive Mapping of Security Standards

Adoption of security standards has the capability of improving the security level in an organization as well as to provide additional benefits and possibilities to the organization. However mapping of used standards has to be done when more than one security standard is employed in order to prevent redundant activities, not optimal resource management and unnecessary outlays. Employment of security ontology to map different standards can reduce the mapping complexity however the choice of security ontology is of high importance and there are no analyses on security ontology suitability for adaptive standards mapping. In this paper we analyze existing security ontologies by comparing their general properties, OntoMetric factors and ability to cover different security standards. As none of the analysed security ontologies were able to cover more than 1/3 of security standards, we proposed a new security ontology, which increased coverage of security standards compared to the existing ontologies and has a better branching and depth properties for ontology visualization purposes. During this research we mapped 4 security standards (ISO 27001, PCI DSS, ISSA 5173 and NISTIR 7621) to the new security ontology, therefore this ontology and mapping data can be used for adaptive mapping of any set of these security standards to optimize usage of multiple securitystandards in an organization

Malicious botnet survivability mechanism evolution forecasting by means of a genetic algorithm

Botnets are considered to be among the most dangerous modern malware types and the biggest current threats to global IT infrastructure. Botnets are rapidly evolving, and therefore forecasting their survivability strategies is important for the development of countermeasure techniques. The article propose the botnet-oriented genetic algorithm based model framework, which aimed at forecasting botnet survivability mechanisms. The model may be used as a framework for forecasting the evolution of other characteristics. The efficiency of different survivability mechanisms is evaluated by applying the proposed fitness function. The model application area also covers scientific botnet research and modelling tasks. Article in English. Kenkėjiškų botnet tinklų išgyvenamumo mechanizmų evoliucijos prognozavimas genetinio algoritmo priemonėmis Santrauka. Botnet tinklai pripažįstami kaip vieni pavojingiausių šiuolaikinių kenksmingų programų ir vertinami kaip viena iš didžiausių grėsmių tarptautinei IT infrastruktūrai. Botnettinklai greitai evoliucionuoja, todėl jų savisaugos mechanizmų evoliucijos prognozavimas yra svarbus planuojant ir kuriant kontrpriemones. Šiame straipsnyje pateikiamas genetiniu algoritmu pagrįstas modelis, skirtas Botnet tinklų savisaugos mechanizmų evoliucijai prognozuoti, kuris taip pat gali būti naudojamas kaip pagrindas kitų Botnet tinklų savybių evoliucijai modeliuoti. Skirtingi savisaugos mechanizmai vertinami taikant siūlomą tinkamumo funkciją. Raktiniai žodžiai: Botnet; genetinis algoritmas; prognozė; savisauga; evoliucija; modeli

Investigation of Dual-Flow Deep Learning Models LSTM-FCN and GRU-FCN Efficiency against Single-Flow CNN Models for the Host-Based Intrusion and Malware Detection Task on Univariate Times Series Data

Intrusion and malware detection tasks on a host level are a critical part of the overall information security infrastructure of a modern enterprise. While classical host-based intrusion detection systems (HIDS) and antivirus (AV) approaches are based on change monitoring of critical files and malware signatures, respectively, some recent research, utilizing relatively vanilla deep learning (DL) methods, has demonstrated promising anomaly-based detection results that already have practical applicability due low false positive rate (FPR). More complex DL methods typically provide better results in natural language processing and image recognition tasks. In this paper, we analyze applicability of more complex dual-flow DL methods, such as long short-term memory fully convolutional network (LSTM-FCN), gated recurrent unit (GRU)-FCN, and several others, for the task specified on the attack-caused Windows OS system calls traces dataset (AWSCTD) and compare it with vanilla single-flow convolutional neural network (CNN) models. The results obtained do not demonstrate any advantages of dual-flow models while processing univariate times series data and introducing unnecessary level of complexity, increasing training, and anomaly detection time, which is crucial in the intrusion containment process. On the other hand, the newly tested AWSCTD-CNN-static (S) single-flow model demonstrated three times better training and testing times, preserving the high detection accuracy.This article belongs to the Special Issue Machine Learning for Cybersecurity Threats, Challenges, and Opportunitie

Specialized Genetic Algorithm Based Simulation Tool Designed For Malware Evolution Forecasting

From the security point of view malware evolution forecasting is very important, since it provides an opportunity to predict malware epidemic outbreaks, develop effective countermeasure techniques and evaluate information security level. Genetic algorithm approach for mobile malware evolution forecasting already proved its effectiveness. There exists a number of simulation tools based on the Genetic algorithms, that could be used for malware forecasting, but their main disadvantages from the user’s point of view is that they are too complicated and can not fully represent the security entity parameter set. In this article we describe the specialized evolution forecasting simulation tool developed for security entities, such as different types of malware, which is capable of providing intuitive graphical interface for users and ensure high calculation performance. Tool applicability for the evolution forecasting tasks is proved by providing mobile malware evolution forecasting results and comparing them with the results we obtained in 2010 by means of MATLAB

Automated Expert System Knowledge Base Development Method for Information Security Risk Analysis

Information security risk analysis is a compulsory requirement both from the side of regulating documents and information security management decision making process. Some researchers propose using expert systems (ES) for process automation, but this approach requires the creation of a high-quality knowledge base. A knowledge base can be formed both from expert knowledge or information collected from other sources of information. The problem of such approach is that experts or good quality knowledge sources are expensive. In this paper we propose the problem solution by providing an automated ES knowledge base development method. The method proposed is novel since unlike other methods it does not integrate ontology directly but utilizes automated transformation of existing information security ontology elements into ES rules: The Web Ontology Rule Language (OWL RL) subset of ontology is segregated into Resource Description Framework (RDF) triplets, that are transformed into Rule Interchange Format (RIF); RIF rules are converted into Java Expert System Shell (JESS) knowledge base rules. The experiments performed have shown the principal method applicability. The created knowledge base was later verified by performing comparative risk analysis in a sample company

Dynamic Expert System-Based Geographically Adapted Malware Risk Evaluation Method

Fast development of information systems and technologies while providing new opportunities for people and organizations also make them more vulnerable at the same time. Information security risk assessment helps to identify weak points and preparing mitigation actions. The analysis of expert systems has shown that rule-based expert systems are universal, and because of that can be considered as a proper solution for the task of risk assessment automation. But to assess information security risks quickly and accurately, it is necessary to process a large amount of data about newly discovered vulnerabilities or threats, to reflect regional and industry specific information, making the traditional approach of knowledge base formation for expert system problematic. This work presents a novel method for an automated expert systems knowledge base formation based on the integration of data on regional malware distribution from Cyberthreat real-time map providing current information on newly discovered threats. In our work we collect the necessary information from the web sites in an automated way, that can be later used in a relevant risk calculation. This paper presents method implementation, which includes not only knowledge base formation but also the development of the prototype of an expert system. It was created using the JESS expert system shell. Information security risk evaluation was performed according to OWASP risk assessment methodology, taking into account the location of the organization and prevalent malware in that area.This is an open access article distributed under the terms and conditions of the Creative Commons Attribution-NonCommercial 4.0 International License

Content Based Model Transformations: Solutions to Existing Issues with Application in Information Security

Model-Driven Engineering uses models in various stages of the software engineering. To reduce the cost of modelling and production, models are reused by transforming. Therefore the accuracy of model transformations plays a key role in ensuring the quality of the process. However, problems exist when trying to transform a very abstract and content dependent model. This paper describes the issues arising from such transformations. Solutions to solve problems in content based model transformation are proposed as well. The usage of proposed solutions allowing realization of semi-automatic transformations was integrated into a tool, designed for OPC/XML drawing file transformations to CySeMoL models. The accuracy of transformations in this tool has been analyzed and presented in this paper to acquire data on the proposed solutions influence to the accuracy in content based model transformation

Method for Attack Tree Data Transformation and Import Into IT Risk Analysis Expert Systems

Information technology (IT) security risk analysis preventatively helps organizations in identifying their vulnerable systems or internal controls. Some researchers propose expert systems (ES) as the solution for risk analysis automation since risk analysis by human experts is expensive and timely. By design, ES need a knowledge base, which must be up to date and of high quality. Manual creation of databases is also expensive and cannot ensure stable information renewal. These facts make the knowledge base automation process very important. This paper proposes a novel method of converting attack trees to a format usable by expert systems for utilizing the existing attack tree repositories in facilitating information and IT security risk analysis. The method performs attack tree translation into the Java Expert System Shell (JESS) format, by consistently applying ATTop, a software bridging tool that enables automated analysis of attack trees using a model-driven engineering approach, translating attack trees into the eXtensible Markup Language (XML) format, and using the newly developed ATES (attack trees to expert system) program, performing further XML conversion into JESS compatible format. The detailed method description, along with samples of attack tree conversion and results of conversion experiments on a significant number of attack trees, are presented and discussed. The results demonstrate the high method reliability rate and viability of attack trees as a source for the knowledge bases of expert systems used in the IT security risk analysis process.This article belongs to the Special Issue Human-Centered Computing and Information Security: Recent Advances & Intelligent Application

Automated Expert System Knowledge Base Development Method for Information Security Risk Analysis

Information security risk analysis is a compulsory requirement both from the side of regulating documents and information security management decision making process. Some researchers propose using expert systems (ES) for process automation, but this approach requires the creation of a high-quality knowledge base. A knowledge base can be formed both from expert knowledge or information collected from other sources of information. The problem of such approach is that experts or good quality knowledge sources are expensive. In this paper we propose the problem solution by providing an automated ES knowledge base development method. The method proposed is novel since unlike other methods it does not integrate ontology directly but utilizes automated transformation of existing information security ontology elements into ES rules: The Web Ontology Rule Language (OWL RL) subset of ontology is segregated into Resource Description Framework (RDF) triplets, that are transformed into Rule Interchange Format (RIF); RIF rules are converted into Java Expert System Shell (JESS) knowledge base rules. The experiments performed have shown the principal method applicability. The created knowledge base was later verified by performing comparative risk analysis in a sample company

Raising effectiveness of access control systems by applying multi-criteria decision analysis: part 1 – problem definition

Currently, control of access to information and physical resources has become extremely important. Numerous methods and solutions for architecture of systems aimed at controlling physical access are available; however, there is little information about application of Multi-Criteria Decision Analysis methods when evaluating separate logical components, needed for the design of access control systems and their interconnection in the final architecture.This paper is the first part of a two-part article, discussing application of multi-criteria decision making for architecture of access control systems. The first part defines the problem and discusses the possibility to use Multi Criteria Decision Making techniques when designing access control systems, including risk analysis for specific criteria and practical application of the developed model. In the second part, the possible solution model will be presented