Browsing by Author "Yucel, Cagatay"

Now showing 1 - 6 of 6

Citation - WoS: 1
Citation - Scopus: 1
An Annotated Bibliographical Survey on Cyber Intelligence for Cyber Intelligence Officers
(ACAD CONFERENCES LTD, 2014) Cagatay Yucel; Ahmet Koltuksuz; Yucel, Cagatay; Koltuksuz, Ahmet; A Liaropoulos; G Tsihrintzis
Since 2008 Cyberspace is officially regarded as a distinct military domain along with land sea and air for many countries (Goel 2011). Several nations are developing defensive and offensive cyber capabilities for this domain. The nature of warfare in cyberspace is radically different than the traditional warfare: the attacks are more remote stealthy and it may be impossible to detect the identity of the adversary (Greengard 2010). Moreover the time parameter becomes extremely important in this domain since conducting an attack takes only seconds even if the target is at the globally farthest point possible. Therefore the power and impacts of cyber operations are limited by fast computation and transmission skills of your front. Nations need intelligence in this relatively new domain of war in order to know the strengths and weaknesses of other nations and themselves. With cyber intelligence of high quality nations can assess the effects of attacks, detect their vulnerabilities therefore mitigating the risks and implement cyber security processes based on well-defined decisions (Rudner 2013). This paper presents a literature survey on computer science methodologies that can be useful for intelligence officers working in the cyberspace. The methodologies including defensive identification methods such as incident response strategies social network analysis (Yip et al. 2012) (Benjamin and Hsinchun 2012) intrusion detection systems (Zaman and Karray 2009) and anomaly detections (Chandola et al. 2009) as well as offensive methods such as disinformation destruction of information and communication and advance persistent threats (APTs).
An information geometrical evaluation of Shannon information metrics on a discrete n-dimensional digital manifold
(Elsevier Ltd, 2023) Ahmet Hasan Koltuksuz; Cagatay Yucel; Anas Maazu Kademi; Yucel, Cagatay; Maazu Kademi, Anas; Kademi, Anas Maazu; Koltuksuz, Ahmet
The definition and nature of information have perplexed scientists due to its dual nature in measurements. The information is discrete and continuous when evaluated on a metric scale and the Laplace-Beltrami operator and Gauss-Bonnet Theorem can map one to another. On the other hand defining the information as a discrete entity on the surface area of an n-dimensional discrete digital manifold provides a unique way of calculating the entropy of a manifold. The software simulation shows that the surface area of the discrete n-dimensional digital manifold is an effectively computable function. Moreover it also provides the information-geometrical evaluation of Shannon information metrics. © 2023 Elsevier B.V. All rights reserved.
Clandestine cell based honeypot networks
(Curran Associates Inc., 2016) Cagatay Yucel; Ahmet Hasan Koltuksuz; Hüseyin Yaǧci; Yucel, Cagatay; Yagci, Huseyin; Koltuksuz, Ahmet; R. Koch , G.D. Rodosek
A Clandestine Cell is a type of an intelligence organization where a cell only knows the immediate superior and the associated members of itself. This kind of organizational structure is used by intelligence agencies throughout the world to provide security against a breach thus ensuring the safety of the members. This well-known intelligence organization is applied to solve an advanced cyber security issue. A relatively new kind of a cyber threat known as an Advanced Persistent Threat (APTs) has been around for some time now Stuxnet being the very first identified. There are several points to consider when identifying the characteristics of an APT such as the aim its interactions with Internet way of collecting information operations they do disrupt and concealment mechanisms utilized. An important aspect is whether it is statistically analyzable or dynamically identifiable that its communication patterns need to be inspected to identify the characteristics. The traces of an APT might be identified this way. In this research a honeypot network with a communication policy based on a clandestine cell is introduced. Each honeypot only knows a hub. And a hub only knows the main malware analysis server. By utilizing this approach the communications are hidden from possible attackers without compromising the main server. In each honeypot server dead-ends are created and implemented in the honeypot servers. Advantages and ramifications are discussed regarding the types of malware. It is aimed to create yet another taxonomy of malware regarding the network activities as they are being trapped by our introduced honeypot network. A clandestine cell format is one of its kind within organizations. This is the very first time that such kind of format is being applied to honeypot design for APT hunting. This is the paper in which an intelligence organizational structure meets with a network architecture in order to solve a very hard to crack cyber security problem. The idea itself is a new and untried one. © 2023 Elsevier B.V. All rights reserved.
Citation - WoS: 8
Citation - Scopus: 8
Detecting User Behavior in Cyber Threat Intelligence: Development of Honeypsy System
(Hindawi Limited, 2022) Murat Odemis; Cagatay Yucel; Ahmet Hasan Koltuksuz; Yucel, Cagatay; Odemis, Murat; Koltuksuz, Ahmet
This research demonstrates a design of an experiment of a hacker infiltrating a server where it is assumed that the communication between the hacker and the target server is established and the hacker also escalated his rights on the server. Therefore the honeypot server setup has been designed to reveal the correlation of a hacker's actions with that of the hacker's experience personality expertise and psychology. To the best of our knowledge such a design of experiment has never been tested rigorously on a honeypot implementation except for self-reporting tests applied to hackers in the literature. However no study evaluates the actual data of these hackers and these tests. This study also provides a honeypot design to understand the personality and expertise of the hacker and displays the correlation of these data with the tests. Our Honeypsy system is composed of a Big-5 personality test a cyber expertise test and a capture-the-flag (CTF) event to collect logs with honeypot applied in this sequence. These three steps generate data on the expertise and psychology of known cyber hackers. The logs of the known hacker activities on honeypots are obtained through the CTF event that they have participated in. The design and deployment of a honeypot as well as the CTF event were specifically prepared for this research. Our aim is to predict an unknown hacker's expertise and personality by analyzing these data. By examining/analyzing the data of the known hackers it is now possible to make predictions about the expertise and personality of the unknown hackers. The same logic applies when one tries to predict the next move of the unknown hackers attacking the server. We have aimed to underline the details of the personalities and expertise of hackers and thus help the defense experts of victimized institutions to develop their cyber defense strategies in accordance with the modus operandi of the hackers. © 2022 Elsevier B.V. All rights reserved.
Distributed and Biometric Signature-Based Identity Proofing System for the Maritime Sector
(Institute of Electrical and Electronics Engineers Inc., 2023) Taylan Akbas; Ahmet Hasan Koltuksuz; Cagatay Yucel; Yucel, Cagatay; Akbas, Taylan; Koltuksuz, Ahmet
The maritime sector is an industry that faces significant and various challenges related to cyber security and data management such as fraud and user authentication. Therefore there is a need for a secure solution that can effectively manage data transactions while resolving digital identity. A biometric signature application in blockchain for fighting fraud and fake identities may provide a solution in the maritime sector. This research proposes a biometric signature and an IPFS network-blockchain framework to address these challenges. This paper also discusses the proposed framework's cyber security challenges that threaten behavioral biometric security. © 2023 Elsevier B.V. All rights reserved.
Citation - WoS: 3
Suggesting a Honeypot Design to Capture Hacker Psychology- Personality and Sophistication
(ACAD CONFERENCES LTD, 2018) Murat Odemis; Cagatay Yucel; Ahmet Koltuksuz; Gokhan Ozbilgin; Yucel, Cagatay; Ozbilgin, Gokhan; Odemis, Murat; Koltuksuz, Ahmet; JS Hurley; JQ Chen
The benefits of collaborating across disciplines such as social sciences applied statistics and computer science primarily affect the security arena regarding the fields of open source intelligence information warfare and strategic studies of security. Computer science and psychology are becoming more and more involved with the advancements in big data analytics. Contemporary studies in this intersection show that personality traits such as neuroticism extroversion openness agreeableness and conscientiousness can be predicted through sensors logs and active user behaviors. In the security systems it is now a need for psychoanalysis to become more proactive as it plays an important role in the understanding of a cyber threat. The research question that leads the suggestions in this paper is How much can be learned from logs honeypots and collected security-related data about a hacker's psychology personality and sophistication? Hackers' traits have been investigated in the following dimensions: persistence skill greed motivation confidence and stealth. Honeypots have been designed to create a passive trap for the adversaries. This unlocks and reveals actionable information about the adversaries regarding their identities locations types of attacks they choose to use and their motivations. When a standard private honeypot server is online it will fill out its logs with many attacks from botnets and other automated malicious activities within a short time. In this mass production of logs and activities the quantity within the collection of useful information becomes unfeasible to have gathered without such a program. So far honeypots have been categorized according to their interaction levels and service types. A low-interaction honeypot emulates a few steps and replies of the vulnerable network protocol and the network stack is imitated while a high-interaction honeypot provides a full experience of the service for which it is designed. The amount of transferred data number of failed logins CPU and memory usage and the search sophistication levels are the characteristics which can be derived from a honeypot. This work-in-progress study will detail the specifications of a special type of honeypot that is designed to capture the aforementioned characteristics and sophistication of a hacker.