Yazar "Akleylek, Sedat" seçeneğine göre listele

Listeleniyor 1 - 11 / 11
  • Küçük Resim
    Öğe
    Anomaly detection system for ADS-B data: Attack vectors and machine learning models
    (Elsevier B.V., 2025) Çevik, Nurşah; Akleylek, Sedat
    The topic of security challenges and solutions for Automatic Dependent Surveillance-Broadcast (ADS-B) systems is becoming more critical day-to-day because of the increasing air traffic volume. Since aircraft and ground stations receive broadcast ADS-B data cannot check the source and integrity of data, ADS-B systems can be spoofed easily by transmitting false data. In this paper, we develop an anomaly detection system for ADS-B data as a security solution. Various parameter sets were analyzed to identify critical ones. We created attack vectors for eight different attack scenarios, such as spoofing, message injection, and virtual trajectory change attacks, and created hybrid datasets by combining different attack vectors to increase the detection ability of different attack scenarios. These datasets have covered a wide range of attack scenarios to increase the robustness of anomaly detection assessments. We used attack datasets to evaluate the performance of different ML and DL models. The random forest classifier and the extra tree classifier are the standout performers, both achieving an impressive accuracy of 0.999. The decision tree classifier, with an accuracy of 0.992, also demonstrates strong performance, though slightly below that of the random forest and extra tree models. The results of the decision tree classifier have the lowest false negative and false positive rate, which are 0.004 and 0, respectively. Among the deep learning models, the multilayer perceptron model achieves notable success with an accuracy of 0.981744. Based on the results of our model, we increase the accuracy and reliability compared to existing methods. Additionally, we share our datasets to encourage further research and enable other researchers to expand our findings. © 2024 Elsevier B.V.
  • Küçük Resim Yok
    Öğe
    Anomaly detection with machine learning models using API calls
    (Springer science and business media deutschland GmbH, 2025) Şahin, Varol; Satılmış, Hami; Yazar, Bilge Kağan; Akleylek, Sedat
    Malware is malicious code developed to damage telecommunications and computer systems. Many malware causes anomaly events, such as occupying the systems’ resources, such as CPU and memory, or preventing their use. Malware causing these events can hide their destructive activities. Therefore, monitoring their behavior to detect and block such malicious software is necessary. In other words, the anomalies they cause are detected and intervened by monitoring the behaviors exhibited by malware. Various features such as application programming interface (API) calls or system calls, registry modification, and network activities constitute malware behavior. API calls and various statistical information of these calls, extracted by dynamic analysis, are considered one of the most representative features of behavior-based detection systems. Each API call in the sequences is associated with previous or subsequent API calls. Such relationships may contain patterns of destructive functions of malware. Many intrusion/anomaly detection systems are proposed, including machine and deep learning models, in which various information about API/system calls are used as features. This paper aims to evaluate the effect of various statistical information of API calls on the models in detecting anomaly events and classification performances. The anomaly detection performances of various machine learning (ML) models with known effects in the literature are examined using a dataset containing API calls. As a result of the experiments, it is seen that the models using statistical features of API calls have reached high performance in terms of precision, recall, f1-score, and accuracy metrics.
  • Küçük Resim
    Öğe
    Application of BukaGini algorithm for enhanced feature İnteraction analysis in intrusion detection systems
    (Taylor & Francis, 2024) Bouke, Mohamed Aly; Abdullah, Azizol; Cengiz, Korhan; Akleylek, Sedat
    This article presents an evaluation of BukaGini, a stability-aware Gini index feature selection algorithm designed to enhance model performance in machine learning applications. Specifically, the study focuses on assessing BukaGini's effectiveness within the domain of intrusion detection systems (IDS). Recognizing the need for improved feature interaction analysis methodologies in IDS, this research aims to investigate the performance of BukaGini in this context. BukaGini's performance is evaluated across four diverse datasets commonly used in IDS research: NSLKDD (22,544 samples), WUSTL EHMS (16,318 samples), WSN-DS (374,661 samples), and UNSWNB15 (175,341 samples), amounting to a total of 588,864 data samples. The evaluation encompasses key metrics such as stability score, accuracy, F1-score, recall, precision, and ROC AUC. Results indicate significant advancements in IDS performance, with BukaGini achieving remarkable accuracy rates of up to 99% and stability scores consistently surpassing 99% across all datasets. Additionally, BukaGini demonstrates an average reduction in dimensionality of 25%, selecting 10 features for each dataset using the Gini index. Through rigorous comparative analysis with existing methodologies, BukaGini emerges as a promising solution for feature interaction analysis within cybersecurity applications, particularly in the context of IDS. These findings highlight the potential of BukaGini to contribute to robust model performance and propel intrusion detection capabilities to new heights in real-world scenarios.
  • Küçük Resim Yok
    Öğe
    Comparison of machine learning based anomaly detection methods for ADS-B system
    (Springer science and business media deutschland GmbH, 2025) Çevik, Nurşah; Akleylek, Sedat
    This paper introduces an anomaly/intrusion detection system utilizing machine learning techniques for detecting attacks in the Automatic Detection System-Broadcast (ADS-B). Real ADS-B messages between Türkiye's coordinates are collected to train and test machine learning models. After data collection and pre-processing steps, the authors generate the attack datasets by using real ADS-B data to simulate two attack scenarios, which are constant velocity in-crease/decrease and gradually velocity increase or decrease attacks. The efficacy of five machine learning algorithms, including decision trees, extra trees, gaussian naive bayes, k-nearest neighbors, and logistic regression, is evaluated across different attack types. This paper demonstrates that tree-based algorithms consistently exhibit superior performance across a spectrum of attack scenarios. Moreover, the research underscores the significance of anomaly or intrusion detection mechanisms for ADS-B systems, highlights the practical viability of employing tree-based algorithms in air traffic management, and suggests avenues for enhancing safety protocols and mitigating potential risks in the airspace domain.
  • Küçük Resim Yok
    Öğe
    Development of Various Stacking Ensemble Based HIDS Using ADFA Datasets
    (Institute of Electrical and Electronics Engineers Inc., 2025) Satılmış, Hami; Akleylek, Sedat; Tok, Zaliha Yüce
    The rapid increase in the number of cyber attacks and the emergence of various attack variations pose significant threats to the security of computer systems and networks. Various intrusion detection systems (IDS) are developed to defend computer systems and networks in response to these threats. One type of IDS, known as a host-based intrusion detection system (HIDS), focuses on securing a single host. Numerous HIDS have been proposed in the literature, incorporating various detection methods. This study develops multiple machine learning (ML) models and stacking ensemble based HIDS that can be used as detection methods in HIDS. Initially, n-grams, standard bag-of-words (BoW), binary BoW, probability BoW, and term frequency-inverse document frequency (TF-IDF) BoW methods are applied to the ADFA-LD and ADFA-WD datasets. Mutual information and k-means methods are used together for feature selection on the resulting BoW datasets. Individual models are created using either selected features or all features. Subsequently, the outputs of these individual models are used in extreme gradient boosting (XGBoost) and adaptive boosting (AdaBoost) models to develop stacking ensemble based models. The experimental results show that the best accuracy (ACC) among models using ADFA-LD based BoW datasets is achieved by the stacking ensemble based XGBoost model, which has an ACC of 0.9747. This XGBoost model utilizes the standard BoW dataset and selected features. Among models using ADFA-WD based BoW datasets, the stacking ensemble based XGBoost is also the most successful in terms of ACC, with an ACC of 0.9163, using the standard BoW dataset and all features. © 2020 IEEE.
  • Küçük Resim Yok
    Öğe
    Expectation maximization—vector approximate message passing based generalized linear model for channel estimation in intelligent reflecting surface-assisted millimeter multi-user multiple-input multiple-output systems
    (PeerJ Inc., 2025) Shoukath, Ali K.; Sajan, Philip P.; Khan, Arfat Ahmad; Moses, Leeban; Cengiz, Korhan; Akleylek, Sedat
    Channel estimation poses a main challenge in intelligent reflecting surface (IRS)assisted millimeter wave (mmWave) multi-user multiple-input multiple-output (MIMO) systems due to the substantial number of antennas at the base station (BS) and the passive reflective elements within the IRS lacking sufficient signal processing capabilities. This article addresses this challenge by proposing a channel estimation technique for IRS-assisted mmWave MIMO systems. The problem of channel estimation is normally taken as a compressed sensing (CS) problem, typically addressed through algorithms such as Orthogonal Matching Pursuit (OMP), Generalized Approximate Message Passing (GAMP), and Vector Approximate Message Passing with Expectation-Maximization (EM-VAMP). EM-VAMP demonstrates better performance only when a Gaussian mixture (GM) distribution is chosen as the prior for the sparse channel, especially at high signal-to-noise ratios (SNRs). To address this, the article introduces the application of generalized linear models (GLMs), extensions of standard linear models, providing increased flexibility in modeling data that deviates from Gaussian distribution. Numerical results unveil that the proposed Its EM-VAMP-GLM is much more robust to the existing OMP, GAMP and EM-LAMP algorithms. Copyright 2025 K et al. Distributed under Creative Commons CC-BY 4.0
  • Küçük Resim Yok
    Öğe
    Password authenticated key exchange-based on Kyber for mobile devices
    (Peerj Inc, 2024) Seyhan, Kubra; Akleylek, Sedat; Dursun, Ahmet Faruk
    In this article, a password-authenticated key exchange (PAKE) version of the National Institute of Standards and Technology (NIST) post-quantum cryptography (PQC) public-key encryption and key-establishment standard is constructed. We mainly focused on how the PAKE version of PQC standard Kyber with mobile compatibility can be obtained by using simple structured password components. In the design process, the conventional password-based authenticated key exchange (PAK) approach is updated under the module learning with errors (MLWE) assumptions to add passwordbased authentication. Thanks to the following PAK model, the proposed Kyber.PAKE provides explicit authentication and perfect forward secrecy (PFS). The resistance analysis against the password dictionary attack of Kyber.PAKE is examined by using random oracle model (ROM) assumptions. In the security analysis, the cumulative distribution function (CDF) Zipf (CDF-Zipf) model is also followed to provide realistic security examinations. According to the implementation results, Kyber.PAKE presents better run-time than lattice-based PAKE schemes with similar features, even if it contains complex key encapsulation mechanism (KEM) components. The comparison results show that the proposed PAKE scheme will come to the fore for the future security of mobile environments and other areas.
  • Küçük Resim
    Öğe
    PPLBB: a novel privacy-preserving lattice-based blockchain platform in IoMT
    (Springer, 2025) Sezer, Bora Buğra; Akleylek, Sedat
    This paper proposes a quantum-secure, privacy-preserving blockchain platform for the Internet of Medical Things (IoMT). It defines a solution to quantum attacks on blockchain by integrating the Dilithium lattice-based signature scheme to enhance security and privacy. A layer-based structure, combined with the Constrained Application Protocol (CoAP), is used to improve the efficiency of data sharing, optimize security, and manage authentication in resource-constrained IoMT environments. Zero-knowledge proofs (ZKP) and lattice-based signatures are used for lightweight authentication and data integrity. Real-time testing on electrochemical sensor data validates the system's efficiency in securely managing IoMT communications. Additionally, event-based smart contracts (EBSC) are implemented to reduce communication costs and minimize blockchain overhead. Experimental results show that Dilithium outperforms other schemes like Falcon and ECDSA, making it a superior solution for real-time IoMT security.
  • Küçük Resim Yok
    Öğe
    SDN-IoT: SDN-based efficient clustering scheme for IoT using improved Sailfish optimization algorithm
    (Peerj Inc, 2023) Mohammadi, Ramin; Akleylek, Sedat; Ghaffari, Ali
    The Internet of Things (IoT) includes billions of different devices and various applications that generate a huge amount of data. Due to inherent resource limitations, reliable and robust data transmission for a huge number of heterogenous devices is one of the most critical issues for IoT. Therefore, cluster-based data transmission is appropriate for IoT applications as it promotes network lifetime and scalability. On the other hand, Software Defined Network (SDN) architecture improves flexibility and makes the IoT respond appropriately to the heterogeneity. This article proposes an SDN-based efficient clustering scheme for IoT using the Improved Sailfish optimization (ISFO) algorithm. In the proposed model, clustering of IoT devices is performed using the ISFO model and the model is installed on the SDN controller to manage the Cluster Head (CH) nodes of IoT devices. The performance evaluation of the proposed model was performed based on two scenarios with 150 and 300 nodes. The results show that for 150 nodes ISFO model in comparison with LEACH, LEACH-E reduced energy consumption by about 21.42% and 17.28%. For 300 ISFO nodes compared to LEACH, LEACH-E reduced energy consumption by about 37.84% and 27.23%.
  • Küçük Resim Yok
    Öğe
    SoK of Machine Learning and Deep Learning Based Anomaly Detection Methods for Automatic Dependent Surveillance- Broadcast
    (Ieee-Inst Electrical Electronics Engineers Inc, 2024) Cevik, Nursah; Akleylek, Sedat
    This paper focuses on the vulnerabilities of ADS-B, one of the avionics systems, and the countermeasures taken against these vulnerabilities proposed in the literature. Among the proposed countermeasures against the vulnerabilities of ADS-B, anomaly detection methods based on machine learning and deep learning algorithms were analyzed in detail. The advantages and disadvantages of using an anomaly detection system on ADS-B data are investigated. Thanks to advances in machine learning and deep learning over the last decade, it has become more appropriate to use anomaly detection systems to detect anomalies in ADS-B systems. To the best of our knowledge, this is the first survey to focus on studies using machine learning and deep learning algorithms for ADS-B security. In this context, this study addresses research on this topic from different perspectives, draws a road map for future research, and searches for five research questions related to machine learning and deep learning algorithms used in anomaly detection systems.
  • Küçük Resim Yok
    Öğe
    A Systematic Literature Review on Host-Based Intrusion Detection Systems
    (Ieee-Inst Electrical Electronics Engineers Inc, 2024) Satilmis, Hami; Akleylek, Sedat; Tok, Zaliha Yuce
    With the advancements in computer networks and systems, the number of security vulnerabilities and cyber attacks targeting/using these vulnerabilities continues to increase. Consequently, various intrusion detection systems (IDS) have been developed to detect cyber attacks and ensure information security. IDSs are categorized into two classes based on the data sources: Network-based intrusion detection system (NIDS) and host-based intrusion detection system (HIDS). In this systematic literature review (SLR), studies are examined that focus on HIDS or propose methods applicable to HIDS, as well as those related to IDSs that can be converted into HIDSs. The studies published between 2020 and 2023 are collected from widely used academic databases through various query statements. Filtering based on specific selection and elimination criteria is undergone by the collected studies, resulting in 21 studies for examination. Subsequently, these studies and their advantages and disadvantages are discussed. In addition, while examining the studies, five research questions are addressed. Finally, the defects, potential areas for improvement, and future research directions related to HIDSs are discussed.