Nikolaj Goranin scite author profile

Critical information infrastructure exists in different sectors of each country. Its loss or sustainability violation will lead to a negative impact on the supply of essential services, as well as on the social or economic well-being of the population. It also may even pose a threat to people’s health and lives. In the modern world, such infrastructure is more vulnerable and unstable than ever, due to rapid technological changes, and the emergence of a new type of threat—information threats. It is necessary to determine which infrastructure are of crucial importance when decision-makers aim to achieve the reliability of essential infrastructure. This article aims to solve the problem of ensuring the sustainable development of EU countries in terms of identifying critical information infrastructures. Integrated multi-criteria decision-making techniques based on fuzzy WASPAS and AHP methods are used to identify essential information infrastructures, which are related to a new type of potential threat to national security. The paper proposes a model for identifying critical information infrastructures, taking into account the sustainable development of countries.

show abstract

Towards a Robust Method of Dataset Generation of Malicious Activity for Anomaly-Based HIDS Training and Presentation of AWSCTD Dataset

Čeponis¹,

Goranin²

2018

BJMC

View full text Add to dashboard Cite

Classical signature-based attack detection methods demonstrate stagnation and inability to fight the zero-day and similar attacks, while anomaly-based detection methods are still characterized by huge numbers of false-positives. The progress achieved in recent years in the area of deep learning techniques provide a potential for renewing investigations on anomaly-based intrusion detection system training. While network-based intrusion detection systems have datasets for training, host-based intrusion detection systems researchers lack this component. Most datasets are created for Linux OS and the latest Windows OS dataset was introduced in 2013 and included only minimal collection of system calls' features. In this article we propose a method for automated system-level anomaly dataset generation that is to be used in further artificial intelligence-based host-based intrusion detection systems training as well as our generated exhaustive collection of Windows OS malware-based system calls, that also includes additional information on malware activity. Main characteristics of the dataset are presented.

show abstract

Security Ontology for Adaptive Mapping of Security Standards

Ramanauskaitė

Olifer

Goranin

et al. 2013

INT J COMPUT COMMUN, Int. J. Comput. Commun. Control

View full text Add to dashboard Cite

Adoption of security standards has the capability of improving the security level in an organization as well as to provide additional benefits and possibilities to the organization. However mapping of used standards has to be done when more than one security standard is employed in order to prevent redundant activities, not optimal resource management and unnecessary outlays. Employment of security ontology to map different standards can reduce the mapping complexity however the choice of security ontology is of high importance and there are no analyses on security ontology suitability for adaptive standards mapping. In this paper we analyze existing security ontologies by comparing their general properties, OntoMetric factors and ability to cover different security standards. As none of the analysed security ontologies were able to cover more than 1/3 of security standards, we proposed a new security ontology, which increased coverage of security standards compared to the existing ontologies and has a better branching and depth properties for ontology visualization purposes. During this research we mapped 4 security standards (ISO 27001, PCI DSS, ISSA 5173 and NISTIR 7621) to the new security ontology, therefore this ontology and mapping data can be used for adaptive mapping of any set of these security standards to optimize usage of multiple security standards in an organization.

show abstract

Information Security Risk Assessment in Critical Infrastructure: A Hybrid MCDM Approach

Turskis¹,

Goranin²,

Nurusheva³

et al. 2019

View full text Add to dashboard Cite

The risk analysis has always been one of the essential procedures for any areas. The majority of security incidents occur because of ignoring risks or their inaccurate assessment. It is especially dangerous for critical infrastructures. Thus, the article is devoted to the description of the developed model of risk assessment for the essential infrastructures. The goal of the model is to provide a reliable method for multifaceted risk assessment of information infrastructure. The purpose of the article is to present a developed model based on integrated MCDM approaches that allow to correctly assess the risks of the critical information infrastructures.

show abstract

Evaluation of Deep Learning Methods Efficiency for Malicious and Benign System Calls Classification on the AWSCTD

Čeponis

Goranin

2019

Security and Communication Networks

View full text Add to dashboard Cite

The increasing amount of malware and cyberattacks on a host level increases the need for a reliable anomaly-based host IDS (HIDS) that would be able to deal with zero-day attacks and would ensure low false alarm rate (FAR), which is critical for the detection of such activity. Deep learning methods such as convolutional neural networks (CNNs) and recurrent neural networks (RNNs) are considered to be highly suitable for solving data-driven security solutions. Therefore, it is necessary to perform the comparative analysis of such methods in order to evaluate their efficiency in attack classification as well as their ability to distinguish malicious and benign activity. In this article, we present the results achieved with the AWSCTD (attack-caused Windows OS system calls traces dataset), which can be considered as the most exhaustive set of host-level anomalies at the moment, including 112.56 million system calls from 12110 executable malware samples and 3145 benign software samples with 16.3 million system calls. The best results were obtained with CNNs with up to 90.0% accuracy for family classification and 95.0% accuracy for malicious/benign determination. RNNs demonstrated slightly inferior results. Furthermore, CNN tuning via an increase in the number of layers should make them practically applicable for host-level anomaly detection.

show abstract

Investigation of Dual-Flow Deep Learning Models LSTM-FCN and GRU-FCN Efficiency against Single-Flow CNN Models for the Host-Based Intrusion and Malware Detection Task on Univariate Times Series Data

Čeponis

Goranin

2020

Applied Sciences

View full text Add to dashboard Cite

Intrusion and malware detection tasks on a host level are a critical part of the overall information security infrastructure of a modern enterprise. While classical host-based intrusion detection systems (HIDS) and antivirus (AV) approaches are based on change monitoring of critical files and malware signatures, respectively, some recent research, utilizing relatively vanilla deep learning (DL) methods, has demonstrated promising anomaly-based detection results that already have practical applicability due low false positive rate (FPR). More complex DL methods typically provide better results in natural language processing and image recognition tasks. In this paper, we analyze applicability of more complex dual-flow DL methods, such as long short-term memory fully convolutional network (LSTM-FCN), gated recurrent unit (GRU)-FCN, and several others, for the task specified on the attack-caused Windows OS system calls traces dataset (AWSCTD) and compare it with vanilla single-flow convolutional neural network (CNN) models. The results obtained do not demonstrate any advantages of dual-flow models while processing univariate times series data and introducing unnecessary level of complexity, increasing training, and anomaly detection time, which is crucial in the intrusion containment process. On the other hand, the newly tested AWSCTD-CNN-static (S) single-flow model demonstrated three times better training and testing times, preserving the high detection accuracy.

show abstract

High-Level Self-Sustaining Information Security Management Framework

Kaušpadienė¹,

Čenys²,

Goranin³

et al. 2017

BJMC

View full text Add to dashboard Cite

Abstract. This paper is aimed to provide the inclusive approach of collaborative information security management framework architectural reference model. Integration and performance based design of information security models will be revised in sake to provide integrated holistic methodology for construction of a High-level self-sustaining information security management framework (HISM). In addition, this paper summarizes investigations of existing information security management frameworks and models as well as identifies the advantages of the framework proposed by the authors. Future research directions are discussed.

show abstract

Genetic algorithm based Internet worm propagation strategy modeling under pressure of countermeasures

Goranin¹,

Čenys²

2009

JESTR

View full text Add to dashboard Cite

Internet worms remain one of the major threats to the Internet infrastructure. Modeling allows forecasting the malware propagation consequences and evolution trends, planning countermeasures and many other tasks that cannot be investigated without harm to production systems in the wild. Existing malware propagation models mainly concentrate on malware epidemic consequences modeling, i.e. forecasting the number of infected computers, simulating malware behavior or economic propagation aspects and are based only on current malware propagation strategies. Significant research has been done in the world during the last years to fight the Internet worms. In this article we propose the extension to our genetic algorithm based model, which aims at Internet worm propagation strategies modeling under pressure of countermeasures. Genetic algorithm is selected as a modeling tool taking into consideration the efficiency of this method while solving optimization and modeling problems with large solution space. The main application of the proposed model is a countermeasures planning in advance and computer network design optimization

show abstract

12 3 4 5

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

334 Leonard St

Brooklyn, NY 11211

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Nikolaj Goranin

A Fuzzy WASPAS-Based Approach to Determine Critical Information Infrastructures of EU Sustainable Development

Towards a Robust Method of Dataset Generation of Malicious Activity for Anomaly-Based HIDS Training and Presentation of AWSCTD Dataset

Security Ontology for Adaptive Mapping of Security Standards

Information Security Risk Assessment in Critical Infrastructure: A Hybrid MCDM Approach

Evaluation of Deep Learning Methods Efficiency for Malicious and Benign System Calls Classification on the AWSCTD

Investigation of Dual-Flow Deep Learning Models LSTM-FCN and GRU-FCN Efficiency against Single-Flow CNN Models for the Host-Based Intrusion and Malware Detection Task on Univariate Times Series Data

High-Level Self-Sustaining Information Security Management Framework

Genetic algorithm based Internet worm propagation strategy modeling under pressure of countermeasures

Contact Info

Product

Resources

About