Browsing by Author "Gelenbe, Erol"

Now showing 1 - 15 of 15

Citation - Scopus: 1
An Associated Random Neural Network Detects Intrusions and Estimates Attack Graphs
(IEEE Computer Society, 2024) Mert Nakıp; Erol Gelenbe; Nalip, Mert; Nakip, Mert; Gelenbe, Erol
Cyberattacks especially Botnet Distributed Denial of Service (DDoS) increasingly target networked systems compromise interconnected nodes by constantly spreading malware. In order to prevent these attacks in their early stages which includes stopping the spread of malware it is vital to identify compromised nodes and successfully predict potential attack paths. To this end this paper proposes a novel system based on an Associated Random Neural Network (ARNN) that simultaneously detects intrusion at the network-level and estimates the network attack graph. In this system ARNN is trained online to minimize problem-specific multi-Task loss so that it identifies compromised network nodes while the neural network connection weights also estimate the attack path. The performance of the method is calculated using the Kitsune attack dataset showing that the method achieves a recall rate above 0.95 in estimating the network attack graph and provides a near-perfect classification of compromised nodes. The ARNN-based system for dynamic and continuous estimation of compromised nodes and network attack graphs can pave the way for enhancing security measures and stopping Botnet DDoS attacks from spreading in networked systems. © 2025 Elsevier B.V. All rights reserved.
Citation - Scopus: 11
Botnet Attack Detection with Incremental Online Learning
(Springer Science and Business Media Deutschland GmbH, 2022) Mert Nakıp; Erol Gelenbe; Nakip, Mert; Gelenbe, Erol; E. Gelenbe , M. Jankovic , D. Kehagias , A. Marton , A. Vilmos
In recent years IoT devices have often been the target of Mirai Botnet attacks. This paper develops an intrusion detection method based on Auto-Associated Dense Random Neural Network with incremental online learning targeting the detection of Mirai Botnet attacks. The proposed method is trained only on benign IoT traffic while the IoT network is online, therefore it does not require any data collection on benign or attack traffic. Experimental results on a publicly available dataset have shown that the performance of this method is considerably high and very close to that of the same neural network model with offline training. In addition both the training and execution times of the proposed method are highly acceptable for real-time attack detection. © 2025 Elsevier B.V. All rights reserved.
Citation - Scopus: 13
Decentralized Online Federated G-Network Learning for Lightweight Intrusion Detection
(IEEE Computer Society, 2023) Mert Nakıp; Baran Can Gul; Erol Gelenbe; Gül, Baran Can; Nakip, Mert; Gelenbe, Erol
Cyberattacks are increasingly threatening net-worked systems often with the emergence of new types of unknown (zero-day) attacks and the rise of vulnerable devices. uch attacks can also target multiple components of a Supply Chain which can be protected via Machine Learning (ML)-based Intrusion Detection Systems (IDSs). However the need to learn large amounts of labelled data often limits the applicability of ML-based IDSs to cybersystems that only have access to private local data while distributed systems such as Supply Chains have multiple components each of which must preserve its private data while being targeted by the same attack To address this issue this paper proposes a novel Decentralized and Online Federated Learning Intrusion Detection (DOF-ID) architecture based on the G-Network model with collaborative learning that allows each IDS used by a specific component to learn from the experience gained in other components in addition to its own local data without violating the data privacy of other components. The performance evaluation results using public Kitsune and Bot-loT datasets show that DOF -ID significantly improves the intrusion detection performance in all of the collaborating components with acceptable computation time for online learning. © 2024 Elsevier B.V. All rights reserved.
Citation - WoS: 4
Citation - Scopus: 17
Diffusion Analysis Improves Scalability of IoT Networks to Mitigate the Massive Access Problem
(IEEE Computer Society, 2021) Erol Gelenbe; Mert Nakıp; Dariusz Marek; Tadeusz Czachórskí; Czachorski, Tadeusz; Marek, Dariusz; Nakip, Mert; Gelenbe, Erol
A significant challenge of IoT networks is to offer Quality of Service (QoS) and meet deadline requirements when packets from a massive number of IoT devices are forwarded to an IoT gateway. Many IoT devices tend to report their data to their wired or wireless network gateways at closely correlated instants of time leading to congestion known as the Massive Access Problem (MAP) which increases the probability that the IoT data will not meet its required deadlines. Since IoT data loses much of its value if it arrives to destination beyond a required deadline MAP has been extensively studied in the literature. Thus we first take a queueing theoretic view of the problem and also use a Diffusion Approximation to gain insight into the IoT traffic statistics that affect MAP. Then we introduce the Quasi-Deterministic Transmission Policy (QDTP) which significantly alleviates MAP when the average traffic rate grows beyond a given level and substantially reduces the probability that IoT data deadlines are missed. The results are validated using real IoT data which has been placed in IP packets for transmission. © 2022 Elsevier B.V. All rights reserved.
Citation - WoS: 4
Citation - Scopus: 10
G-Networks Can Detect Different Types of Cyberattacks
(IEEE COMPUTER SOC, 2022) Erol Gelenbe; Mert Nakilp; Nakilp, Mert; Nakip, Mert; Gelenbe, Erol
Malicious network attacks are a serious source of concern and machine learning techniques are widely used to build Attack Detectors with off-line training with real attack and non-attack data and used online to monitor system entry points connected to networks. Many machine learning based Attack Detectors are typically trained to identify specific types attacks and the training of such algorithms to cover several types of attacks may be excessively time consuming. This paper shows that G-Networks which are queueing networks with product form solution and special customers such as negative customers and triggers can be trained just with non-attack traffic can accurately detect several different attack types. This is established with a special case of G-Networks with triggerred customer movement. A DARPA attack and non-attack traffic repository is used to train and test the the G-Network yielding comparable or clearly better accuracy than most known attack detection techniques.
Citation - WoS: 3
Citation - Scopus: 6
Impact of IoT System Imperfections and Passenger Errors on Cruise Ship Evacuation Delay
(Multidisciplinary Digital Publishing Institute (MDPI), 2024) Yuting Ma; Erol Gelenbe; Kezhong Liu; Liu, Kezhong; Ma, Yuting; Gelenbe, Erol
Cruise ships and other naval vessels include automated Internet of Things (IoT)-based evacuation systems for the passengers and crew to assist them in case of emergencies and accidents. The technical challenges of assisting passengers and crew to safety during emergencies include various aspects such as sensor failures imperfections in the sound or display systems that are used to direct evacuees the timely selection of optimum evacuation routes for the evacuees as well as computation and communication delays that may occur in the IoT infrastructure due to intense activities during an emergency. In addition during an emergency the evacuees may be confused or in a panic and may make mistakes in following the directions offered by the evacuation system. Therefore the purpose of this work is to analyze the effect of two important aspects that can have an adverse effect on the passengers’ evacuation time namely (a) the computer processing and communication delays and (b) the errors that may be made by the evacuees in following instructions. The approach we take uses simulation with a representative existing cruise ship model which dynamically computes the best exit paths for each passenger with a deadline-driven Adaptive Navigation Strategy (ANS). Our simulation results reveal that delays in the evacuees’ reception of instructions can significantly increase the total time needed for passenger evacuation. In contrast we observe that passenger behavior errors also affect the evacuation duration but with less effect on the total time needed to evacuate passengers. These findings demonstrate the importance of the design of passenger evacuation systems in a way that takes into account all realistic features of the ship’s indoor evacuation environment including the importance of having high-performance data processing and communication systems that will not result in congestion and communication delays. © 2024 Elsevier B.V. All rights reserved.
Citation - WoS: 8
Improving Massive Access to IoT Gateways
(ELSEVIER, 2022) Erol Gelenbe; Mert Nakip; Tadeusz Czachorski; Czachorski, Tadeusz; Nakip, Mert; Gelenbe, Erol
IoT networks handle incoming packets from large numbers of IoT Devices (IoTDs) to IoT Gateways. This can lead to the IoT Massive Access Problem that causes buffer overflow large end-to-end delays and missed deadlines. This paper analyzes a novel traffic shaping method named the Quasi-Deterministic Traffic Policy (QDTP) that mitigates this problem by shaping the incoming traffic without increasing the end-to-end delay or dropping packets. Using queueing theoretic techniques and extensive data driven simulations with real IoT datasets the value of QDTP is shown as a means to considerably reduce congestion at the Gateway and significantly improve the IoT network's overall performance.(c) 2022 The Author(s). Published by Elsevier B.V. This is an open access article under the CCBY license (http://creativecommons.org/licenses/by/4.0/).
Citation - WoS: 6
Citation - Scopus: 17
IoT Traffic Shaping and the Massive Access Problem
(Institute of Electrical and Electronics Engineers Inc., 2022) Erol Gelenbe; Karl Sigman; Sigman, Karl; Gelenbe, Erol
IoT gateways aim to meet the deadlines and QoS needs of packets from as many IoT devices as possible though this can lead to a form of congestion known as the Massive Access Problem (MAP). While much work was conducted on predictive or reactive scheduling schemes to match the arrival process of packets to the service capabilities of IoT gateways such schemes may use substantial computation and communication between gateways and IoT devices. This paper proves that the recently proposed "Quasi-Deterministic-Transmission-Policy (QDTP)"traffic shaping approach which delays packets at IoT devices substantially alleviates the MAP: QDTP does not increase overall end-to-end delay and reduces gateway queue length. We then introduce the Adaptive Non-Deterministic Transmission Pol-icy (ANTP) that requires only one packet buffer at the gateway offering substantial QoS improvement over FIFO scheduling. © 2022 Elsevier B.V. All rights reserved.
Citation - Scopus: 4
Measurement Based Evaluation and Mitigation of Flood Attacks on a LAN Test-Bed
(IEEE COMPUTER SOC, 2023) Mohammed Nasereddin; Mert Nakip; Erol Gelenbe; Nakıp, Mert; Nasereddin, Mohammed; Gelenbe, Erol; E Bulut; F Tschorsch; K Thilakarathna
The IoT is vulnerable to network attacks and Intrusion Detection Systems (IDS) can provide high attack detection accuracy and are easily installed in IoT Servers. However IDS are seldom evaluated in operational conditions which are seriously impaired by attack overload. Thus a Local Area Network test-bed is used to evaluate the impact of UDP Flood Attacks on an IoT Server whose first line of defence is an accurate IDS. We show that attacks overload the multi-core Server and paralyze its IDS. Thus a mitigation scheme that detects attacks rapidly and drops packets within milli-seconds after the attack begins is proposed and experimentally evaluated.
Citation - WoS: 25
MIRAI Botnet Attack Detection with Auto-Associative Dense Random Neural Network
(IEEE, 2021) Mert Nakip; Erol Gelenbe; Nakip, Mert; Gelenbe, Erol
Internet connected IoT devices have often been particularly vulnerable to Botnet attacks of the Mirai family in recent years. Thus we develop an attack detection scheme for Mirai Botnets using the Auto-Associative Dense Random Neural Network that has recently been successful for other attacks such as the SYN attack. The resulting method is trained with normal traffic and tested with attack traffic and shown to result in high accuracy detection of attacks with low false alarms. The approach is compared on the same data set with two other common Machine learning methods (Lasso and KNN) and shown to have higher accuracy and much lower computation times than KNN and slightly higher (but comparable) computation times with respect to Lasso.
Citation - Scopus: 3
Mitigating the Massive Access Problem in the Internet of Things
(Springer Science and Business Media Deutschland GmbH, 2022) Erol Gelenbe; Mert Nakıp; Dariusz Marek; Tadeusz Czachórskí; Czachorski, Tadeusz; Marek, Dariusz; Nakıp, Mert; Gelenbe, Erol; E. Gelenbe , M. Jankovic , D. Kehagias , A. Marton , A. Vilmos
The traffic from the large number of IoT devices connected to the IoT is a source of congestion known as the Massive Access Problem (MAP) that results in packet losses delays and missed deadlines for real-time data. This paper reviews the literature on MAP and summarizes recent results on two approaches that have been designed to mitigate MAP. One approach is based on randomizing the packet arrival instants to IoT gateways within a given time interval that is chosen so that packet arrivals do not exceed their deadlines but also so that they do not constitute bulk arrivals. The second approach is a novel traffic shaping policy named the Quasi-Deterministic-Transmission-Policy (QDTP) which has been proved to drastically reduce queue formation at the receiving gateway by delaying packet departures from the IoT devices in a judicious manner. Both analytical and experimental results are summarized that describe the benefits of these techniques. © 2022 Elsevier B.V. All rights reserved.
Citation - WoS: 19
Citation - Scopus: 37
Online Self-Supervised Deep Learning for Intrusion Detection Systems
(IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 2024) Mert Nakip; Erol Gelenbe; Nakip, Mert; Gelenbe, Erol
This paper proposes a novel Self-Supervised Intrusion Detection (SSID) framework which enables a fully online Deep Learning (DL) based Intrusion Detection System (IDS) that requires no human intervention or prior off-line learning. The proposed framework analyzes and labels incoming traffic packets based only on the decisions of the IDS itself using an Auto-Associative Deep Random Neural Network and on an online estimate of its statistically measured trustworthiness. The SSID framework enables IDS to adapt rapidly to time-varying characteristics of the network traffic and eliminates the need for offline data collection. This approach avoids human errors in data labeling and human labor and computational costs of model training and data collection. The approach is experimentally evaluated on public datasets and compared with well-known machine learning and deep learning models showing that this SSID framework is very useful and advantageous as an accurate and online learning DL-based IDS for IoT systems.
Protecting IoT Servers Against Flood Attacks with the Quasi Deterministic Transmission Policy
(Institute of Electrical and Electronics Engineers Inc., 2023) Erol Gelenbe; Mohammed Nasereddin; Gelenbe, Erol; Nasereddin, Mohammed; J. Hu , G. Min , G. Wang
Servers at Supply Chains and othet Cyber-physical systems that receive packets from IoT devices should meet the QoS needs of incoming packets and protect the system from Cyberattacks. UDP Floods are often included in attacks to overwhelm Supply Chains and the IoT through congestion that paralyzes their ability for timely Attack Detection and Mitigation. Thus this paper proposes an architecture that protects a connected Server using a Smart Quasi-Deterministic Transmission Policy Forwarder at its input. This Forwarder shapes the incoming traffic sends it to the Server without increasing the overall packet delay and avoids Server congestion. The relevant theoretical background is reviewed and measurements during a UDP Flood Attack are provided to compare the Server performance with and without the Forwarder. It is seen that during a UDP Flood Attack the Forwarder protects the Server from congestion allowing it to effectively identify Attack Packets. Congestion at the Forwarder is rapidly eliminated with "drop"commands generated by the Forwarder or sent by the Server to the Forwarder. © 2024 Elsevier B.V. All rights reserved.
Citation - WoS: 3
Citation - Scopus: 5
Real-Time Cyberattack Detection with Offline and Online Learning
(IEEE, 2023) Erol Gelenbe; Mert Nakip; Nakip, Mert; Gelenbe, Erol
This paper presents several novel algorithms for real-time cyberattack detection using the Auto-Associative Deep Random Neural Network. Some of these algorithms require offline learning while others allow the algorithm to learn during its normal operation while it is also testing the flow of incoming traffic to detect possible attacks. Most of the methods we present are designed to be used at a single node while one specific method collects data from multiple network ports to detect and monitor the spread of a Botnet. The evaluation of the accuracy of all these methods is carried out with real attack traces. The novel methods presented here are compared with other state-of-the-art approaches showing that they offer better or equal performance with lower learning times and shorter detection times as compared to the existing state-of-the-art approaches.
Citation - Scopus: 2
The Measurement and Optimization of ICT Energy Consumption
(Institute of Electrical and Electronics Engineers Inc., 2022) Erol Gelenbe; Gelenbe, Erol; T.V. Gopal , L. Lau , L. Chang , G. Adamson
The paper considers important issues surrounding the energy consumption by Information and Communication Technologies (ICT) which has been steadily growing and is now attaining approximately 10% of the worldwide electricity consumption with a significant impact on greenhouse gas emissions. The perimeter of ICT systems is discussed and the role of the sub-systems that compose ICT is considered. Data from recent years is used to consider how each of these subsystems contribute to ICT's energy consumption. The positive correlation between the penetration of ICT in some of the world's different economies and the same economies' contributions to undesirable greenhouse gas emissions is also discussed. We also examine how emerging technologies such as 5G edge computing and cryptocurrencies are contributing to the worldwide increase in electricity consumption by ICT despite the ever increase in efficiency in energy per bit processed stored or transmitted by ICT systems. The measurement of specific ICT systems' electricity consumption is considered and the manner in which this consumption can be minimized in two specific technical contexts is also discussed in some detail. © 2023 Elsevier B.V. All rights reserved.