Papers by Sarunas Grigaliunas
Electronics, Mar 7, 2024
This article is an open access article distributed under the terms and conditions of the Creative... more This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY
Future Internet
A surge in successful Information Security (IS) breaches targeting Research and Education (R&E) i... more A surge in successful Information Security (IS) breaches targeting Research and Education (R&E) institutions highlights a pressing need for enhanced protection. Addressing this, a consortium of European National Research and Education Network (NREN) organizations has developed a unified IS framework. This paper aims to introduce the Security Baseline for NRENs and a security maturity model tailored for R&E entities, derived from established security best practices to meet the specific needs of NRENs, universities, and various research institutions. The models currently in existence do not possess a system to smoothly correlate varying requirement tiers with distinct user groups or scenarios, baseline standards, and existing legislative actions. This segmentation poses a significant hurdle to the community’s capacity to guarantee consistency, congruency, and thorough compliance with a cohesive array of security standards and regulations. By employing taxonomical engineering principle...
IEEE Access
In an era in which social media platforms are proliferating and becoming primary communication ch... more In an era in which social media platforms are proliferating and becoming primary communication channels, the identification of evidence for crimes from such platforms is crucial for digital forensics and legal proceedings. This paper presents a novel approach for systematically structuring and categorising digital attributes that are interlinked across social media platforms using digital ontologies, as well as a method for user profiling using domain-specific digital artefacts. The ontology models consist of classes with subclass distinctions for text, image, and video types of evidence. These models are flexible and can be expanded to include various social media platforms and evidence categories. Simultaneously, the user profiling method employs mathematical formulas and visual representations to develop comprehensive profiles of individuals based on extracted social media data. This methodology evaluates the relevance of a set of digital artefacts and related attributes, such as interests, location, and activities, using their weights. Additionally, the research addresses the legal and ethical considerations pertinent to the collection of data from social media. Despite the approaches' immense potential for expediting evidence collection and developing insightful profiles, obstacles such as scalability, legal complexities, and data noise are identified. This work makes a substantial contribution to the development of digital forensics and cybercrime investigations involving social media platforms. INDEX TERMS Social media, digital evidence, profiling, digital forensics, digital artefacts.
Visual Analytics uses data visualization techniques for enabling compelling data analysis by enga... more Visual Analytics uses data visualization techniques for enabling compelling data analysis by engaging graphical and visual portrayal. In the domain of cybersecurity, convincing visual representation of data enables to ascertain valuable observations that allow the domain experts to construct efficient cyberattack mitigation strategies and provide useful decision support. We present a survey of visual analytics tools and methods in the domain of cybersecurity. We explore and discuss Technical Threat Intelligence visualization tools using the Five Question Method. We conclude the analysis of the works using Moody's Physics of Notations, and VIS4ML ontology as a methodological background of visual analytics process. We summarize our analysis as a high-level model of visual analytics for cybersecurity threat analysis.
IEEE Intelligent Systems, Sep 1, 2021
The aim of a forensic investigation is to provide situation awareness in terms of identification ... more The aim of a forensic investigation is to provide situation awareness in terms of identification and preservation of digital evidence, extraction of information, and analysis of extracted information to facilitate time-critical decision making. Digital forensic investigation is a process of collecting, examining, and analyzing digital data from various places such as digital devices, networks, and big data in the cloud. Here we propose a novel digital evidence object (DEO) model for the reduction of forensics data in digital forensic investigation and describe its application. The proposed DEO model is based on the synergy of category theory and integration of 5Ws (Who, What, When, Where, and Why) of digital investigation analysis techniques for digital evidence acquisition. We present a real-life case study to demonstrate its suitability for assisting computer forensics experts in the digital evidence investigation. Our results demonstrate that the application of the DEO model can noticeably decrease the number of false positive evidence objects submitted to a forensics expert, thus reducing his/her workload and improving decision making performance in a time-critical setting.
Sensors, Mar 22, 2023
This article is an open access article distributed under the terms and conditions of the Creative... more This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY
Elektronika Ir Elektrotechnika, Jun 15, 2017
The creation of an ontology makes it possible to form common information structures, to reuse kno... more The creation of an ontology makes it possible to form common information structures, to reuse knowledge, to make assumptions within a domain and to analyse every piece of knowledge. In this paper, we aim to create an ontologybased transformation model and a framework to develop an ontology-based transformation system in the digital forensics domain. We describe the architecture of the ontology-based transformation system and its components for assisting computer forensics experts in the appropriate selection of tools for digital evidence investigation. We consider the use of the attributes of Extensible Markup Language document transformation to map the computer forensics ontology and we use the representations in the National Institute of Standards and Technology's "Computer Forensics Tool Catalog" for aligning one form with the other. Index Terms-Computers and information processing; computer-aided software engineering; digital forensics and software tools; XML document transformation.
Electronics, Aug 1, 2021
This article is an open access article distributed under the terms and conditions of the Creative... more This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY
Electronics, Feb 18, 2021
This article is an open access article distributed under the terms and conditions of the Creative... more This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY
Electronics, May 13, 2020
Network intrusion detection is one of the main problems in ensuring the security of modern comput... more Network intrusion detection is one of the main problems in ensuring the security of modern computer networks, Wireless Sensor Networks (WSN), and the Internet-of-Things (IoT). In order to develop efficient network-intrusion-detection methods, realistic and up-to-date network flow datasets are required. Despite several recent efforts, there is still a lack of real-world network-based datasets which can capture modern network traffic cases and provide examples of many different types of network attacks and intrusions. To alleviate this need, we present LITNET-2020, a new annotated network benchmark dataset obtained from the real-world academic network. The dataset presents real-world examples of normal and under-attack network traffic. We describe and analyze 85 network flow features of the dataset and 12 attack types. We present the analysis of the dataset features by using statistical analysis and clustering methods. Our results show that the proposed feature set can be effectively used to identify different attack classes in the dataset. The presented network dataset is made freely available for research purposes.
Electronics, Jan 25, 2023
This article is an open access article distributed under the terms and conditions of the Creative... more This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY
Mokslinis vadovas: Prof. dr. Jevgenijus TOLDINAS (Kauno technologijos universitetas, technologijo... more Mokslinis vadovas: Prof. dr. Jevgenijus TOLDINAS (Kauno technologijos universitetas, technologijos mokslai, informatikos inžinerija, T 007). Redagavo: Aurelija Gražina Rukšaitė (leidykla "Technologija") Informatikos inžinerijos mokslo krypties disertacijos gynimo taryba: prof. dr. Rimantas BUTLERIS (Kauno technologijos universitetas, technologijos mokslai, informatikos inžinerija, T 007)-pirmininkas; prof. habil. dr. Gintautas DZEMYDA (Vilniaus universitetas, informatikos inžinerija, T 007), doc. dr. Nikolaj GORANIN (Vilniaus Gedimino technikos universitetas, informatikos inžinerija, T 007), prof. dr. Rytis MASKELIŪNAS (Kauno technologijos universitetas, informatikos inžinerija, T 007), doc. dr. Raimundas MATULEVIČIUS (Tartu universitetas, Estija, technologijos mokslai, informatikos inžinerija, T 007). Disertacija bus ginama viešame Informatikos inžinerijos mokslo krypties disertacijos gynimo tarybos posėdyje 2020 m. rugpjūčio 28 d. 10 val. Kauno technologijos universiteto disertacijų gynymo salėje.
Sustainability, Apr 23, 2021
This article is an open access article distributed under the terms and conditions of the Creative... more This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY
Baltic Journal of Modern Computing, 2020
The amount of data stored on computers is growing rapidly every year, which makes time-consuming ... more The amount of data stored on computers is growing rapidly every year, which makes time-consuming investigation of digital evidence in cybercrime, because of the need to investigate a large amount of data and extract criminal evidence from it. Expert investigation begins with the collection, copying and authentication of each content on the digital medium. The following steps deal with the findings and extract evidence of crime using a variety of methods and tools. Our research deals with the frameworks, methods, models and tools of the search for digital evidence of cybercrime. However, there is as yet no specialized method and tool available to assist an expert in reducing the size of investigated data and to solve the problem of searching for and identifying digital evidence of cybercrime due to the lack of specialized tools and techniques to automate expert investigation. In this paper we propose cybercrime forensic investigation tool based on the digital evidence object model
Electronics, 2021
The security of information is among the greatest challenges facing organizations and institution... more The security of information is among the greatest challenges facing organizations and institutions. Cybercrime has risen in frequency and magnitude in recent years, with new ways to steal, change and destroy information or disable information systems appearing every day. Among the types of penetration into the information systems where confidential information is processed is malware. An attacker injects malware into a computer system, after which he has full or partial access to critical information in the information system. This paper proposes an ensemble classification-based methodology for malware detection. The first-stage classification is performed by a stacked ensemble of dense (fully connected) and convolutional neural networks (CNN), while the final stage classification is performed by a meta-learner. For a meta-learner, we explore and compare 14 classifiers. For a baseline comparison, 13 machine learning methods are used: K-Nearest Neighbors, Linear Support Vector Machin...
Sustainability, 2022
The COVID-19 pandemic has forced much education to move into a distance learning (DL) model. The ... more The COVID-19 pandemic has forced much education to move into a distance learning (DL) model. The problem addressed in the paper is related to the increased necessity for the capacity of data, secure infrastructure, Wi-Fi possibilities, and equipment, learning resources which are needed when students connect to systems managed by institutional, national, and international organizations. Meanwhile, there have been cases when learners were not able to use technology in a secure manner, since they were requested to connect to external learning objects or systems. The research aims to develop a sustainable strategy based on a security concept model that consists of three main components: (1) security assurance; (2) users, including administration, teachers, and learners; and (3) DL organizational processes. The security concept model can be implemented at different levels of security. We modelled all the possible levels of security. To implement the security concept model, we introduce a...
Sustainability, 2021
Lack of guidelines for implementing distance learning, lack of infrastructure, lack of competenci... more Lack of guidelines for implementing distance learning, lack of infrastructure, lack of competencies, and security-related problems were the challenges met during the pandemic. These challenges firstly fall on the administration of a higher education institution. To assist in solving the challenges of the pandemic for the administration of a higher education institution, the paper presents several models for the organization of the processes of distance learning. These models are as follows: a conceptual model of distance learning, a model of strategic planning of distance learning, a model of the assessment before the start of distance learning, a model of the preparation for distance learning, and a model of the process of distance learning and remote work. Student profile, lecturer profile, organizational environment, assessment, and planning of the infrastructure of information and communication technology (ICT), assessment and planning of the virtual learning environment, and as...
Electronics, 2020
Network intrusion detection is one of the main problems in ensuring the security of modern comput... more Network intrusion detection is one of the main problems in ensuring the security of modern computer networks, Wireless Sensor Networks (WSN), and the Internet-of-Things (IoT). In order to develop efficient network-intrusion-detection methods, realistic and up-to-date network flow datasets are required. Despite several recent efforts, there is still a lack of real-world network-based datasets which can capture modern network traffic cases and provide examples of many different types of network attacks and intrusions. To alleviate this need, we present LITNET-2020, a new annotated network benchmark dataset obtained from the real-world academic network. The dataset presents real-world examples of normal and under-attack network traffic. We describe and analyze 85 network flow features of the dataset and 12 attack types. We present the analysis of the dataset features by using statistical analysis and clustering methods. Our results show that the proposed feature set can be effectively ...
Uploads
Papers by Sarunas Grigaliunas