This page has only limited features, please log in for full access.

Mr. Dainius Čeponis
lector

Basic Info

Basic Info is private.

Research Keywords & Expertise

0 malware detection
0 machine learning
0 deep leaning
0 intrusion detection systems
0 system calls

Honors and Awards

The user has no records in this section


Career Timeline

The user has no records in this section.


Short Biography

The user biography is not available.
Following
Followers
Co Authors
The list of users this user is following is empty.
Following: 0 users

Feed

Journal article
Published: 26 November 2020 in Applied Sciences
Reads 0
Downloads 0

Information technology (IT) security risk analysis preventatively helps organizations in identifying their vulnerable systems or internal controls. Some researchers propose expert systems (ES) as the solution for risk analysis automation since risk analysis by human experts is expensive and timely. By design, ES need a knowledge base, which must be up to date and of high quality. Manual creation of databases is also expensive and cannot ensure stable information renewal. These facts make the knowledge base automation process very important. This paper proposes a novel method of converting attack trees to a format usable by expert systems for utilizing the existing attack tree repositories in facilitating information and IT security risk analysis. The method performs attack tree translation into the Java Expert System Shell (JESS) format, by consistently applying ATTop, a software bridging tool that enables automated analysis of attack trees using a model-driven engineering approach, translating attack trees into the eXtensible Markup Language (XML) format, and using the newly developed ATES (attack trees to expert system) program, performing further XML conversion into JESS compatible format. The detailed method description, along with samples of attack tree conversion and results of conversion experiments on a significant number of attack trees, are presented and discussed. The results demonstrate the high method reliability rate and viability of attack trees as a source for the knowledge bases of expert systems used in the IT security risk analysis process.

ACS Style

Donatas Vitkus; Jonathan Salter; Nikolaj Goranin; Dainius Čeponis. Method for Attack Tree Data Transformation and Import Into IT Risk Analysis Expert Systems. Applied Sciences 2020, 10, 8423 .

AMA Style

Donatas Vitkus, Jonathan Salter, Nikolaj Goranin, Dainius Čeponis. Method for Attack Tree Data Transformation and Import Into IT Risk Analysis Expert Systems. Applied Sciences. 2020; 10 (23):8423.

Chicago/Turabian Style

Donatas Vitkus; Jonathan Salter; Nikolaj Goranin; Dainius Čeponis. 2020. "Method for Attack Tree Data Transformation and Import Into IT Risk Analysis Expert Systems." Applied Sciences 10, no. 23: 8423.

Journal article
Published: 30 March 2020 in Applied Sciences
Reads 0
Downloads 0

Intrusion and malware detection tasks on a host level are a critical part of the overall information security infrastructure of a modern enterprise. While classical host-based intrusion detection systems (HIDS) and antivirus (AV) approaches are based on change monitoring of critical files and malware signatures, respectively, some recent research, utilizing relatively vanilla deep learning (DL) methods, has demonstrated promising anomaly-based detection results that already have practical applicability due low false positive rate (FPR). More complex DL methods typically provide better results in natural language processing and image recognition tasks. In this paper, we analyze applicability of more complex dual-flow DL methods, such as long short-term memory fully convolutional network (LSTM-FCN), gated recurrent unit (GRU)-FCN, and several others, for the task specified on the attack-caused Windows OS system calls traces dataset (AWSCTD) and compare it with vanilla single-flow convolutional neural network (CNN) models. The results obtained do not demonstrate any advantages of dual-flow models while processing univariate times series data and introducing unnecessary level of complexity, increasing training, and anomaly detection time, which is crucial in the intrusion containment process. On the other hand, the newly tested AWSCTD-CNN-static (S) single-flow model demonstrated three times better training and testing times, preserving the high detection accuracy.

ACS Style

Dainius Čeponis; Nikolaj Goranin. Investigation of Dual-Flow Deep Learning Models LSTM-FCN and GRU-FCN Efficiency against Single-Flow CNN Models for the Host-Based Intrusion and Malware Detection Task on Univariate Times Series Data. Applied Sciences 2020, 10, 2373 .

AMA Style

Dainius Čeponis, Nikolaj Goranin. Investigation of Dual-Flow Deep Learning Models LSTM-FCN and GRU-FCN Efficiency against Single-Flow CNN Models for the Host-Based Intrusion and Malware Detection Task on Univariate Times Series Data. Applied Sciences. 2020; 10 (7):2373.

Chicago/Turabian Style

Dainius Čeponis; Nikolaj Goranin. 2020. "Investigation of Dual-Flow Deep Learning Models LSTM-FCN and GRU-FCN Efficiency against Single-Flow CNN Models for the Host-Based Intrusion and Malware Detection Task on Univariate Times Series Data." Applied Sciences 10, no. 7: 2373.

Research article
Published: 11 November 2019 in Security and Communication Networks
Reads 0
Downloads 0

The increasing amount of malware and cyberattacks on a host level increases the need for a reliable anomaly-based host IDS (HIDS) that would be able to deal with zero-day attacks and would ensure low false alarm rate (FAR), which is critical for the detection of such activity. Deep learning methods such as convolutional neural networks (CNNs) and recurrent neural networks (RNNs) are considered to be highly suitable for solving data-driven security solutions. Therefore, it is necessary to perform the comparative analysis of such methods in order to evaluate their efficiency in attack classification as well as their ability to distinguish malicious and benign activity. In this article, we present the results achieved with the AWSCTD (attack-caused Windows OS system calls traces dataset), which can be considered as the most exhaustive set of host-level anomalies at the moment, including 112.56 million system calls from 12110 executable malware samples and 3145 benign software samples with 16.3 million system calls. The best results were obtained with CNNs with up to 90.0% accuracy for family classification and 95.0% accuracy for malicious/benign determination. RNNs demonstrated slightly inferior results. Furthermore, CNN tuning via an increase in the number of layers should make them practically applicable for host-level anomaly detection.

ACS Style

Dainius Čeponis; Nikolaj Goranin. Evaluation of Deep Learning Methods Efficiency for Malicious and Benign System Calls Classification on the AWSCTD. Security and Communication Networks 2019, 2019, 1 -12.

AMA Style

Dainius Čeponis, Nikolaj Goranin. Evaluation of Deep Learning Methods Efficiency for Malicious and Benign System Calls Classification on the AWSCTD. Security and Communication Networks. 2019; 2019 ():1-12.

Chicago/Turabian Style

Dainius Čeponis; Nikolaj Goranin. 2019. "Evaluation of Deep Learning Methods Efficiency for Malicious and Benign System Calls Classification on the AWSCTD." Security and Communication Networks 2019, no. : 1-12.