Browsing by Author "Dag, Hasan"

Now showing 1 - 9 of 9

Citation Count: 4
AnomalyAdapters: Parameter-Efficient Multi-Anomaly Task Detection
(IEEE-Inst Electrical Electronics Engineers Inc, 2022) Dağ, Hasan; Dag, Hasan
The emergence of technological innovations brings sophisticated threats. Cyberattacks are increasing day by day aligned with these innovations and entails rapid solutions for defense mechanisms. These attacks may hinder enterprise operations or more importantly, interrupt critical infrastructure systems, that are essential to safety, security, and well-being of a society. Anomaly detection, as a protection step, is significant for ensuring a system security. Logs, which are accepted sources universally, are utilized in system health monitoring and intrusion detection systems. Recent developments in Natural Language Processing (NLP) studies show that contextual information decreases false-positives yield in detecting anomalous behaviors. Transformers and their adaptations to various language understanding tasks exemplify the enhanced ability to extract this information. Deep network based anomaly detection solutions use generally feature-based transfer learning methods. This type of learning presents a new set of weights for each log type. It is unfeasible and a redundant way considering various log sources. Also, a vague representation of model decisions prevents learning from threat data and improving model capability. In this paper, we propose AnomalyAdapters (AAs) which is an extensible multi-anomaly task detection model. It uses pretrained transformers' variant to encode a log sequences and utilizes adapters to learn a log structure and anomaly types. Adapter-based approach collects contextual information, eliminates information loss in learning, and learns anomaly detection tasks from different log sources without overuse of parameters. Lastly, our work elucidates the decision making process of the proposed model on different log datasets to emphasize extraction of threat data via explainability experiments.
Citation Count: 0
Comparing Deep Neural Networks and Machine Learning for Detecting Malicious Domain Name Registrations
(Ieee, 2024) Ecevit, Mert İlhan; Dağ, Hasan; Dag, Hasan; Creutzburg, Reiner
This study highlights the effectiveness of deep neural network (DNN) models, particularly those integrating natural language processing (NLP) and multilayer perceptron (MLP) techniques, in detecting malicious domain registrations compared to traditional machine learning (ML) approaches. The integrated DNN models significantly outperform traditional ML models. Notably, DNN models that incorporate both textual and numeric features demonstrate enhanced detection capabilities. The utilized Canine + MLP model achieves 85.81% accuracy and an 86.46% F1-score on the MTLP Dataset. While traditional ML models offer advantages such as faster training times and smaller model sizes, their performance generally falls short compared to DNN models. This study underscores the trade-offs between computational efficiency and detection accuracy, suggesting that their superior performance often justifies the added costs despite higher resource requirements.
Citation Count: 0
A Comprehensive Review of Open Source Intelligence in Intelligent Transportation Systems
(Ieee Computer Soc, 2024) Ecevit, Mert İlhan; Dağ, Hasan; Dag, Hasan; Creutzburg, Reiner
This paper offers an insightful review of Open Source Intelligence (OSINT) within Intelligent Transportation Systems (ITS), emphasizing its heightened importance amidst the digital and connected evolution of the transportation sector. It highlights the integration of technologies like IoT and SCADA systems, which, while beneficial, introduce new cyber vulnerabilities. Focusing on the utilization of OSINT for surveillance, threat detection, and risk assessment, the study evaluates key tools such as Shodan and Aircrack-ng, addressing their roles in enhancing transportation system security. The paper also tackles challenges in OSINT application, from data reliability to ethical and legal considerations, stressing the need for a balance between technological advancement and privacy protection. Through realworld case studies, the paper illustrates OSINT's practical applications in scenarios like maritime security and military surveillance. Conclusively, it underscores the necessity for continuous dialogue among experts to navigate the complexities of OSINT in transportation, particularly as technology evolves and data volumes increase.
Citation Count: 5
Deepfake detection using deep learning methods: A systematic and comprehensive review
(Wiley Periodicals, inc, 2024) Dağ, Hasan; Navimipour, Nima Jafari; Dag, Hasan; Unal, Mehmet
Deep Learning (DL) has been effectively utilized in various complicated challenges in healthcare, industry, and academia for various purposes, including thyroid diagnosis, lung nodule recognition, computer vision, large data analytics, and human-level control. Nevertheless, developments in digital technology have been used to produce software that poses a threat to democracy, national security, and confidentiality. Deepfake is one of those DL-powered apps that has lately surfaced. So, deepfake systems can create fake images primarily by replacement of scenes or images, movies, and sounds that humans cannot tell apart from real ones. Various technologies have brought the capacity to change a synthetic speech, image, or video to our fingers. Furthermore, video and image frauds are now so convincing that it is hard to distinguish between false and authentic content with the naked eye. It might result in various issues and ranging from deceiving public opinion to using doctored evidence in a court. For such considerations, it is critical to have technologies that can assist us in discerning reality. This study gives a complete assessment of the literature on deepfake detection strategies using DL-based algorithms. We categorize deepfake detection methods in this work based on their applications, which include video detection, image detection, audio detection, and hybrid multimedia detection. The objective of this paper is to give the reader a better knowledge of (1) how deepfakes are generated and identified, (2) the latest developments and breakthroughs in this realm, (3) weaknesses of existing security methods, and (4) areas requiring more investigation and consideration. The results suggest that the Conventional Neural Networks (CNN) methodology is the most often employed DL method in publications. According to research, the majority of the articles are on the subject of video deepfake detection. The majority of the articles focused on enhancing only one parameter, with the accuracy parameter receiving the most attention. This article is categorized under:Technologies > Machine LearningAlgorithmic Development > MultimediaApplication Areas > Science and Technology
Citation Count: 16
An ensemble of pre-trained transformer models for imbalanced multiclass malware classification
(Elsevier Advanced Technology, 2022) Dağ, Hasan; Demirkıran, Ferhat; Unal, Gur; Dag, Hasan
Classification of malware families is crucial for a comprehensive understanding of how they can infect devices, computers, or systems. Hence, malware identification enables security researchers and incident responders to take precautions against malware and accelerate mitigation. API call sequences made by malware are widely utilized features by machine and deep learning models for malware classification as these sequences represent the behavior of malware. However, traditional machine and deep learning models remain incapable of capturing sequence relationships among API calls. Unlike traditional machine and deep learning models, the transformer-based models process the sequences in whole and learn relationships among API calls due to multi-head attention mechanisms and positional embeddings. Our experiments demonstrate that the Transformer model with one transformer block layer surpasses the performance of the widely used base architecture, LSTM. Moreover, BERT or CANINE, the pre-trained transformer models, outperforms in classifying highly imbalanced malware families according to evaluation metrics: F1-score and AUC score. Furthermore, our proposed bagging-based random transformer forest (RTF) model, an ensemble of BERT or CANINE, reaches the state-of-the-art evaluation scores on the three out of four datasets, specifically it captures a state-of-the-art F1-score of 0.6149 on one of the commonly used benchmark dataset. (C) 2022 Elsevier Ltd. All rights reserved.
Citation Count: 0
Network intrusion detection system by learning jointly from tabular and text-based features
(Wiley, 2024) Dağ, Hasan; Cayir, Aykut; Unal, Ugur; Dag, Hasan
Network intrusion detection systems (NIDS) play a critical role in maintaining the security and integrity of computer networks. These systems are designed to detect and respond to anomalous activities that may indicate malicious intent or unauthorized access. The need for robust NIDS solutions has never been more pressing in today's digital landscape, characterized by constantly evolving cyber threats. Deploying effective NIDS can be challenging, particularly in accurately identifying network anomalies amid the ever-increasing sophisticated and difficult-to-detect cyber threats. The motivation for our research stems from the recognition that while NIDS studies have made significant strides, there remains a crucial need for more effective and accurate methods to detect network anomalies. Commonly used features in NIDS studies include network logs, with some studies exploring text-based features such as payload. However, traditional machine and deep learning models may need to be improved in learning jointly from tabular and text-based features. Here, we present a new approach that integrates both tabular and text-based features to improve the performance of NIDS. Our research aims to address the existing limitations of NIDS and contribute to the development of more reliable and efficient network security solutions by introducing more effective and accurate methods for detecting network anomalies. Our internal experiments have revealed that the deep learning approach utilizing tabular features produces favourable results, whereas the pre-trained transformer approach needs to perform sufficiently. Hence, our proposed approach, which integrates both feature types using deep learning and pre-trained transformer approaches, achieves superior performance. These findings indicate that integrating both feature types using deep learning and pre-trained transformer approaches can significantly improve the accuracy of network anomaly detection. Moreover, our proposed approach outperforms the state-of-the-art methods in terms of accuracy, F1-score, and recall on commonly used NIDS datasets consisting of ISCX-IDS2012, UNSW-NB15, and CIC-IDS2017, with F1-scores of 99.80%, 92.37%, and 99.69%, respectively, indicating its effectiveness in detecting network anomalies.
Citation Count: 3
A Novel Blockchain-Based Deepfake Detection Method Using Federated and Deep Learning Models
(Springer, 2024) Dağ, Hasan; Navimipour, Nima Jafari; Dag, Hasan; Talebi, Samira; Unal, Mehmet
In recent years, the proliferation of deep learning (DL) techniques has given rise to a significant challenge in the form of deepfake videos, posing a grave threat to the authenticity of media content. With the rapid advancement of DL technology, the creation of convincingly realistic deepfake videos has become increasingly prevalent, raising serious concerns about the potential misuse of such content. Deepfakes have the potential to undermine trust in visual media, with implications for fields as diverse as journalism, entertainment, and security. This study presents an innovative solution by harnessing blockchain-based federated learning (FL) to address this issue, focusing on preserving data source anonymity. The approach combines the strengths of SegCaps and convolutional neural network (CNN) methods for improved image feature extraction, followed by capsule network (CN) training to enhance generalization. A novel data normalization technique is introduced to tackle data heterogeneity stemming from diverse global data sources. Moreover, transfer learning (TL) and preprocessing methods are deployed to elevate DL performance. These efforts culminate in collaborative global model training zfacilitated by blockchain and FL while maintaining the utmost confidentiality of data sources. The effectiveness of our methodology is rigorously tested and validated through extensive experiments. These experiments reveal a substantial improvement in accuracy, with an impressive average increase of 6.6% compared to six benchmark models. Furthermore, our approach demonstrates a 5.1% enhancement in the area under the curve (AUC) metric, underscoring its ability to outperform existing detection methods. These results substantiate the effectiveness of our proposed solution in countering the proliferation of deepfake content. In conclusion, our innovative approach represents a promising avenue for advancing deepfake detection. By leveraging existing data resources and the power of FL and blockchain technology, we address a critical need for media authenticity and security. As the threat of deepfake videos continues to grow, our comprehensive solution provides an effective means to protect the integrity and trustworthiness of visual media, with far-reaching implications for both industry and society. This work stands as a significant step toward countering the deepfake menace and preserving the authenticity of visual content in a rapidly evolving digital landscape.
Citation Count: 0
Power Consumption Estimation using In-Memory Database Computation
(Ieee, 2016) Dağ, Hasan; Alamin, Mohamed
In order to efficiently predict electricity consumption, we need to improve both the speed and the reliability of computational environment. Concerning the speed, we use inmemory database, which is taught to be the best solution that allows manipulating data many times faster than the hard disk. For reliability, we use machine learning algorithms. Since the model performance and accuracy may vary depending on data each time, we test many algorithms and select the best one. In this study, we use SmartMeter Energy Consumption Data in London Households to predict electricity consumption using machine learning algorithms written in Python programming language and in-memory database computation package, Aerospike. The test results show that the best algorithm for our data set is Bagging algorithm. We also emphatically prove that R-squared may not always be a good test to choose the best algorithm.
Citation Count: 0
Securing AI Systems: A Comprehensive Overview of Cryptographic Techniques for Enhanced Confidentiality and Integrity
(Ieee, 2024) Dağ, Hasan; Udechukwu, Izuchukwu Patrick; Ibrahim, Isiaq Bolaji; Chukwu, Ikechukwu John; Dag, Hasan; Dimitrova, Vesna; Mollakuqe, Elissa
The rapid evolution of artificial intelligence (AI) has introduced transformative changes across industries, accompanied by escalating security concerns. This paper contributes to the imperative need for robust security measures in AI systems based on the application of cryptographic techniques. This research analyzes AI-ML systems vulnerabilities and associated risks and identifies existing cryptographic methods that could constitute security measures to mitigate such risks. Information assets subject to cyberattacks are identified, such as training data and model parameters, followed by a description of existing encryption algorithms and a suggested approach to use a suitable technique, such as homomorphic encryption CKKS, along with digital signatures based on ECDSA to protect the digital assets through all the AI system life cycle. These methods aim to safeguard sensitive data, algorithms, and AI-generated content from unauthorized access and tampering. The outcome offers potential and practical solutions against privacy breaches, adversarial attacks, and misuse of AI-generated content. Ultimately, this work aspires to bolster public trust in AI technologies, fostering innovation in a secure and reliable AI-driven landscape.