An Ontology-Based Transformation Model for the Digital Forensics Domain

The creation of an ontology makes it possible to form common information structures, to reuse knowledge, to make assumptions within a domain and to analyse every piece of knowledge. In this paper, we aim to create an ontologybased transformation model and a framework to develop an ontology-based transformation system in the digital forensics domain. We describe the architecture of the ontology-based transformation system and its components for assisting computer forensics experts in the appropriate selection of tools for digital evidence investigation. We consider the use of the attributes of Extensible Markup Language document transformation to map the computer forensics ontology and we use the representations in the National Institute of Standards and Technology's "Computer Forensics Tool Catalog" for aligning one form with the other

Kompiuterių ir operacinių sistemų saugos modulio programos sudarymas

Informacinės technologijos turi tinkamai atlikti kontrolę, užtikrinančią informacijos saugą nuo įvairių pavojų – nepageidaujamo ar nesankcionuoto informacijos skleidimo, pakeitimo ar netekimo ir panašiai. Tarptautinių ir Lietuvos institucijų, tiriančių kompiuterių saugos incidentus, duomenimis, informacijos saugos pažeidimų skaičius nemažėja. Įvairūs tyrimai, atlikti Lietuvos valstybinių ir nepriklausomų organizacijų, rodo, kad Lietuvoje nėra specialių informacijos saugos specialistų rengimostudijų programų, nors jų poreikis yra akivaizdus. Europos ir JAV universitetuose kompiuterių saugos dalykai dėstomi įvairiais būdais – yra atskiros studijų programos arba saugos moduliai įtraukti į bendrąsias kompiuterių mokslo ar inžinerijos programas. Straipsnyje, išnagrinėjus Vakarų universitetų informacijos saugos studijų programas ir patirtį, siūloma Kompiuterių ir operacinių sistemų saugos modulio programa, apimanti svarbiausius informacijos saugos dalykus.Development of Computer and Operating Systems Security Module CurriculumAlgimantas Venčkauskas, Jevgenijus Toldinas, Vita Krivickienė SummaryThe purpose of Information technologies is to protect an organization’s valuable resources, such as information, from unauthorized publishing, changing or missing. Total number of information security breaches unabated, according to Worldwide and Lithuanian institutions inquiring computer security incidents. In recent years a number of Government and independence Lithuanian organizations have recognized the need for security education in Lithuania (especially in information security), and lack of information security courses. In Europe and USA computer security course modules are taught as separate study programs or they are integrated into existing computer science or engineering programs. In this paper we analyze information security programs curriculums and experiences of west universities in this area. We investigate the Computer and operating systems security module course curriculum where main information security priorities are included

A Multilayered Preprocessing Approach for Recognition and Classification of Malicious Social Network Messages

The primary methods of communication in the modern world are social networks, which are rife with harmful messages that can injure both psychologically and financially. Most websites do not offer services that automatically delete or send malicious communications back to the sender for correction, or notify the sender of inaccuracies in the content of the messages. The deployment of such systems could make use of techniques for identifying and categorizing harmful messages. This paper suggests a novel multilayered preprocessing approach for the recognition and classification of malicious social network messages to limit negative impact, resulting in fewer toxic messages, scams, and aggressive comments in social media messages and commenting areas. As a result, less technical knowledge would be required to investigate the effects of harmful messages. The dataset was created using the regional Lithuanian language with four classes: aggressive, insulting, toxic, and malicious. Three machine learning algorithms were examined, five use cases of a multilayered preprocessing approach were suggested, and experiments were conducted to identify and classify harmful messages in the Lithuanian language

Ensemble-Based Classification Using Neural Networks and Machine Learning Models for Windows PE Malware Detection

The security of information is among the greatest challenges facing organizations and institutions. Cybercrime has risen in frequency and magnitude in recent years, with new ways to steal, change and destroy information or disable information systems appearing every day. Among the types of penetration into the information systems where confidential information is processed is malware. An attacker injects malware into a computer system, after which he has full or partial access to critical information in the information system. This paper proposes an ensemble classification-based methodology for malware detection. The first-stage classification is performed by a stacked ensemble of dense (fully connected) and convolutional neural networks (CNN), while the final stage classification is performed by a meta-learner. For a meta-learner, we explore and compare 14 classifiers. For a baseline comparison, 13 machine learning methods are used: K-Nearest Neighbors, Linear Support Vector Machine (SVM), Radial basis function (RBF) SVM, Random Forest, AdaBoost, Decision Tree, ExtraTrees, Linear Discriminant Analysis, Logistic, Neural Net, Passive Classifier, Ridge Classifier and Stochastic Gradient Descent classifier. We present the results of experiments performed on the Classification of Malware with PE headers (ClaMP) dataset. The best performance is achieved by an ensemble of five dense and CNN neural networks, and the ExtraTrees classifier as a meta-learner

A Methodology and Tool for Investigation of Artifacts Left by the BitTorrent Client

The BitTorrent client application is a popular utility for sharing large files over the Internet. Sometimes, this powerful utility is used to commit cybercrimes, like sharing of illegal material or illegal sharing of legal material. In order to help forensics investigators to fight against these cybercrimes, we carried out an investigation of the artifacts left by the BitTorrent client. We proposed a methodology to locate the artifacts that indicate the BitTorrent client activity performed. Additionally, we designed and implemented a tool that searches for the evidence left by the BitTorrent client application in a local computer running Windows. The tool looks for the four files holding the evidence. The files are as follows: *.torrent, dht.dat, resume.dat, and settings.dat. The tool decodes the files, extracts important information for the forensic investigator and converts it into XML format. The results are combined into a single result file

Framing Network Flow for Anomaly Detection Using Image Recognition and Federated Learning

The intrusion detection system (IDS) must be able to handle the increase in attack volume, increasing Internet traffic, and accelerating detection speeds. Network flow feature (NTF) records are the input of flow-based IDSs that are used to determine whether network traffic is normal or malicious in order to avoid IDS from difficult and time-consuming packet content inspection processing since only flow records are examined. To reduce computational power and training time, this paper proposes a novel pre-processing method merging a specific amount of NTF records into frames, and frame transformation into images. Federated learning (FL) enables multiple users to share the learned models while maintaining the privacy of their training data. This research suggests federated transfer learning and federated learning methods for NIDS employing deep learning for image classification and conducting tests on the BOUN DDoS dataset to address the issue of training data privacy. Our experimental results indicate that the proposed Federated transfer learning (FTL) and FL methods for training do not require data centralization and preserve participant data privacy while achieving acceptable accuracy in DDoS attack identification: FTL (92.99%) and FL (88.42%) in comparison with Traditional transfer learning (93.95%)

Distributed Agent-Based Orchestrator Model for Fog Computing

Fog computing is an extension of cloud computing that provides computing services closer to user end-devices at the network edge. One of the challenging topics in fog networks is the placement of tasks on fog nodes to obtain the best performance and resource usage. The process of mapping tasks for resource-constrained devices is known as the service or fog application placement problem (SPP, FAPP). The highly dynamic fog infrastructures with mobile user end-devices and constantly changing fog nodes resources (e.g., battery life, security level) require distributed/decentralized service placement (orchestration) algorithms to ensure better resilience, scalability, and optimal real-time performance. However, recently proposed service placement algorithms rarely support user end-device mobility, constantly changing the resource availability of fog nodes and the ability to recover from fog node failures at the same time. In this article, we propose a distributed agent-based orchestrator model capable of flexible service provisioning in a dynamic fog computing environment by considering the constraints on the central processing unit (CPU), memory, battery level, and security level of fog nodes. Distributing the decision-making to multiple orchestrator fog nodes instead of relying on the mapping of a single central entity helps to spread the load and increase scalability and, most importantly, resilience. The prototype system based on the proposed orchestrator model was implemented and tested with real hardware. The results show that the proposed model is efficient in terms of response latency and computational overhead, which are minimal compared to the placement algorithm itself. The research confirms that the proposed orchestrator approach is suitable for various fog network applications when scalability, mobility, and fault tolerance must be guaranteed

La motivación laboral y su insidencia en el nivel de ventas de las consultoras de una empresa de productos de belleza en la ciudad de Cajamarca durante el periodo mayo - agosto del 2015

El autor no autorizo la publicación de tesi

Method for Dynamic Service Orchestration in Fog Computing

Fog computing is meant to deal with the problems which cloud computing cannot solve alone. As the fog is closer to a user, it can improve some very important QoS characteristics, such as a latency and availability. One of the challenges in the fog architecture is heterogeneous constrained devices and the dynamic nature of the end devices, which requires a dynamic service orchestration to provide an efficient service placement inside the fog nodes. An optimization method is needed to ensure the required level of QoS while requiring minimal resources from fog and end devices, thus ensuring the longest lifecycle of the whole IoT system. A two-stage multi-objective optimization method to find the best placement of services among available fog nodes is presented in this paper. A Pareto set of non-dominated possible service distributions is found using the integer multi-objective particle swarm optimization method. Then, the analytical hierarchy process is used to choose the best service distribution according to the application-specific judgment matrix. An illustrative scenario with experimental results is presented to demonstrate characteristics of the proposed method