This page has only limited features, please log in for full access.

Mr. Donatas Vitkus
Vilnius Gediminas Technical University

Basic Info


Research Keywords & Expertise

0 Expert Systems
0 Information Security
0 Information Security Governance
0 Information Security Management
0 Risk Analysis

Honors and Awards

The user has no records in this section


Career Timeline

The user has no records in this section.


Short Biography

The user biography is not available.
Following
Followers
Co Authors
The list of users this user is following is empty.
Following: 0 users

Feed

Journal article
Published: 26 November 2020 in Applied Sciences
Reads 0
Downloads 0

Information technology (IT) security risk analysis preventatively helps organizations in identifying their vulnerable systems or internal controls. Some researchers propose expert systems (ES) as the solution for risk analysis automation since risk analysis by human experts is expensive and timely. By design, ES need a knowledge base, which must be up to date and of high quality. Manual creation of databases is also expensive and cannot ensure stable information renewal. These facts make the knowledge base automation process very important. This paper proposes a novel method of converting attack trees to a format usable by expert systems for utilizing the existing attack tree repositories in facilitating information and IT security risk analysis. The method performs attack tree translation into the Java Expert System Shell (JESS) format, by consistently applying ATTop, a software bridging tool that enables automated analysis of attack trees using a model-driven engineering approach, translating attack trees into the eXtensible Markup Language (XML) format, and using the newly developed ATES (attack trees to expert system) program, performing further XML conversion into JESS compatible format. The detailed method description, along with samples of attack tree conversion and results of conversion experiments on a significant number of attack trees, are presented and discussed. The results demonstrate the high method reliability rate and viability of attack trees as a source for the knowledge bases of expert systems used in the IT security risk analysis process.

ACS Style

Donatas Vitkus; Jonathan Salter; Nikolaj Goranin; Dainius Čeponis. Method for Attack Tree Data Transformation and Import Into IT Risk Analysis Expert Systems. Applied Sciences 2020, 10, 8423 .

AMA Style

Donatas Vitkus, Jonathan Salter, Nikolaj Goranin, Dainius Čeponis. Method for Attack Tree Data Transformation and Import Into IT Risk Analysis Expert Systems. Applied Sciences. 2020; 10 (23):8423.

Chicago/Turabian Style

Donatas Vitkus; Jonathan Salter; Nikolaj Goranin; Dainius Čeponis. 2020. "Method for Attack Tree Data Transformation and Import Into IT Risk Analysis Expert Systems." Applied Sciences 10, no. 23: 8423.

Journal article
Published: 21 April 2020 in International Journal of Computers Communications & Control
Reads 0
Downloads 0

Fast development of information systems and technologies while providing new opportunities for people and organizations also make them more vulnerable at the same time. Information security risk assessment helps to identify weak points and preparing mitigation actions. The analysis of expert systems has shown that rule-based expert systems are universal, and because of that can be considered as a proper solution for the task of risk assessment automation. But to assess information security risks quickly and accurately, it is necessary to process a large amount of data about newly discovered vulnerabilities or threats, to reflect regional and industry specific information, making the traditional approach of knowledge base formation for expert system problematic. This work presents a novel method for an automated expert systems knowledge base formation based on the integration of data on regional malware distribution from Cyberthreat real-time map providing current information on newly discovered threats. In our work we collect the necessary information from the web sites in an automated way, that can be later used in a relevant risk calculation. This paper presents method implementation, which includes not only knowledge base formation but also the development of the prototype of an expert system. It was created using the JESS expert system shell. Information security risk evaluation was performed according to OWASP risk assessment methodology, taking into account the location of the organization and prevalent malware in that area.

ACS Style

Donatas Vitkus; Justina Jezukevičiūtė; Nikolaj Goranin. Dynamic Expert System-Based Geographically Adapted Malware Risk Evaluation Method. International Journal of Computers Communications & Control 2020, 15, 1 .

AMA Style

Donatas Vitkus, Justina Jezukevičiūtė, Nikolaj Goranin. Dynamic Expert System-Based Geographically Adapted Malware Risk Evaluation Method. International Journal of Computers Communications & Control. 2020; 15 (3):1.

Chicago/Turabian Style

Donatas Vitkus; Justina Jezukevičiūtė; Nikolaj Goranin. 2020. "Dynamic Expert System-Based Geographically Adapted Malware Risk Evaluation Method." International Journal of Computers Communications & Control 15, no. 3: 1.

Journal article
Published: 02 February 2020 in International Journal of Computers Communications & Control
Reads 0
Downloads 0

Information security risk analysis is a compulsory requirement both from the side of regulating documents and information security management decision making process. Some researchers propose using expert systems (ES) for process automation, but this approach requires the creation of a high-quality knowledge base. A knowledge base can be formed both from expert knowledge or information collected from other sources of information. The problem of such approach is that experts or good quality knowledge sources are expensive. In this paper we propose the problem solution by providing an automated ES knowledge base development method. The method proposed is novel since unlike other methods it does not integrate ontology directly but utilizes automated transformation of existing information security ontology elements into ES rules: The Web Ontology Rule Language (OWL RL) subset of ontology is segregated into Resource Description Framework (RDF) triplets, that are transformed into Rule Interchange Format (RIF); RIF rules are converted into Java Expert System Shell (JESS) knowledge base rules. The experiments performed have shown the principal method applicability. The created knowledge base was later verified by performing comparative risk analysis in a sample company.

ACS Style

Donatas Vitkus; Žilvinas Steckevičius; Nikolaj Goranin; Diana Kalibatienė; Antanas Čenys. Automated Expert System Knowledge Base Development Method for Information Security Risk Analysis. International Journal of Computers Communications & Control 2020, 14, 743 -758.

AMA Style

Donatas Vitkus, Žilvinas Steckevičius, Nikolaj Goranin, Diana Kalibatienė, Antanas Čenys. Automated Expert System Knowledge Base Development Method for Information Security Risk Analysis. International Journal of Computers Communications & Control. 2020; 14 (6):743-758.

Chicago/Turabian Style

Donatas Vitkus; Žilvinas Steckevičius; Nikolaj Goranin; Diana Kalibatienė; Antanas Čenys. 2020. "Automated Expert System Knowledge Base Development Method for Information Security Risk Analysis." International Journal of Computers Communications & Control 14, no. 6: 743-758.