Ödemiş, Murat
Loading...
Name Variants
Job Title
Araş.Gör.
Email Address
Main Affiliation
01.01.09.01. Bilgisayar Mühendisliği Bölümü
Status
Former Staff
Website
ORCID ID
Scopus Author ID
Turkish CoHE Profile ID
Google Scholar ID
WoS Researcher ID
Sustainable Development Goals
1NO POVERTY
0
Research Products
2ZERO HUNGER
0
Research Products
3GOOD HEALTH AND WELL-BEING
0
Research Products
4QUALITY EDUCATION
0
Research Products
5GENDER EQUALITY
0
Research Products
6CLEAN WATER AND SANITATION
0
Research Products
7AFFORDABLE AND CLEAN ENERGY
0
Research Products
8DECENT WORK AND ECONOMIC GROWTH
0
Research Products
9INDUSTRY, INNOVATION AND INFRASTRUCTURE
0
Research Products
10REDUCED INEQUALITIES
0
Research Products
11SUSTAINABLE CITIES AND COMMUNITIES
0
Research Products
12RESPONSIBLE CONSUMPTION AND PRODUCTION
0
Research Products
13CLIMATE ACTION
0
Research Products
14LIFE BELOW WATER
0
Research Products
15LIFE ON LAND
0
Research Products
16PEACE, JUSTICE AND STRONG INSTITUTIONS
1
Research Products
17PARTNERSHIPS FOR THE GOALS
0
Research Products
Documents
4
Citations
9
h-index
1
Documents
3
Citations
10
Scholarly Output
6
Articles
1
Views / Downloads
0/0
Supervised MSc Theses
1
Supervised PhD Theses
1
WoS Citation Count
8
Scopus Citation Count
9
Patents
0
Projects
0
WoS Citations per Publication
1.33
Scopus Citations per Publication
1.50
Open Access Source
1
Supervised Theses
2
| Journal | Count |
|---|---|
| 13th International Conference on Cyber Warfare and Security (ICCWS) | 1 |
| 16th European Conference on Cyber Warfare and Security ECCWS 2017 | 1 |
| International Symposium for Production Research ISPR 2020 | 1 |
| Security and Communication Networks | 1 |
Current Page: 1 / 1
Scopus Quartile Distribution
Quartile distribution chart data is not available
Competency Cloud
6 results
Scholarly Output Search Results
Now showing 1 - 6 of 6
Doctoral Thesis Siber tehdit istihbaratında kullanıcı davranışının belirlenmesi için mobil ve web analitiği(2021) Ödemiş, Murat; Koltuksuz, Ahmet HasanBu tezde, bilgisayar korsanı ile hedef bir sunucu arasında iletişimin kurulduğu durumda, bu kişinin loglarına bakarak bilgisayar korsanının, ne kadar tecrübeli olduğu ve kişiliği ile ilgili analiz yapan bir deney tasarlanmıştır. Bu sebeple, bir bal küpü sunucusu kurulmuş ve dizayn edilmiştir. Bu bal küpü sunucusunda toplanacak olan, kim olduğunu bildiğimiz ve kendilerine test yaptığımız hackerların verilerini analiz ederek, kim olduğunu bilmediğimiz hackerların uzmanlık ve kişilikleri hakkında tahmin yapılabilecektir. Bu tezde yapılan araştırmaya göre, böyle bir tasarım, literatürde, bilgisayar korsanlarına uygulanan anketler ve bu anketlerin kendi içerisindeki analizleri dışında, gerçek logları da katarak test edilmemiştir. Bu tezde hackerların gerçek bilgisayar logları da analize katılmıştır. Bu çalışma hacker'ın kişiliğini ve uzmanlığını anlamak için bir bal küpü tasarımı sağlar ve bu verilerin testlerle ilişkisini gösterir. Sonrasında ise loglara bakarak tahminde bulunulur. Honeypsy ismi verilen sistem, Big-5 kişilik testi, siber uzmanlık testi ve bu sırayla uygulanan honeypot ile logları toplamak için bir bayrağı yakalama (CTF) yarışmasından oluşur. Bu üç adım, bilinen siber korsanların uzmanlığı ve psikolojisi hakkında veri üretir. Kim olduğu bilinen hackerların logları, katıldıkları CTF etkinliği ile elde edilmektedir. Honeypot tasarımı ve CTF soruları bu araştırma için özel olarak hazırlanmıştır. Amaç, bu verileri analiz ederek bilinmeyen bir bilgisayar korsanının uzmanlığını ve kişiliğini tahmin etmektir. Bilinen bilgisayar korsanlarının verilerini inceleyerek/analiz ederek, bilinmeyen bilgisayar korsanlarının uzmanlıkları ve kişilikleri hakkında tahminlerde bulunmak mümkün olacaktır. Aynı mantık, sunucuya saldıran bilinmeyen bilgisayar korsanlarının bir sonraki hamlesini tahmin etmeye çalıştığında da geçerlidir. Böylece, bu tezde oluşturulan sistemden faydalanan bir kurum, kendilerine yapılan bir saldırı durumunda, saldıran tehditin ne kadar tecrübeli olduğu ve kişiliği hakkında bilgi edinebilir. Bu analizlere göre savunma stratejileri geliştirebilir, acil önlemler alabilir.Master Thesis Mobil bazlı elektronik seçim sistemi(2016) Ödemiş, Murat; Koltuksuz, Ahmet HasanBu tezin temel amacı, devletin yaptığı seçimlerde, kamu kurumlarının ve özel kurumların kullanabileceği, toplantılar esnasında da anlık olarak kullanılabilecek güvenli ve yetkilendirme sistemi içeren bir seçim sistemi oluşturmaktır. Uygulamanın yazılımı için Apple iOS platformu baz alınmıştır. Bunun yanında da Android ve mobil tarayıcılarla da yüksek ölçüde uyumludur. Mobil uygulama tarafında CORDOVA platformu, sunucu tarafındaki yönetim sistemi ve web servisler ASP.NET MVC5, sertifikasyon sürecinde de bunlara ek olarak PHP kullanılmıştır. Veri tabanı ve sertifika otoritesi için ise MSSQL kurulmuştur. Uygulama güvenliği için veriler AES-256 ile şifrelenip, çözülmektedir. Bu simetrik şifreleme için Kullanıcı ve sunucu tarafında kullanılacak ortak anahtar, Curve25519 isimli Eliptik Eğri Diffie-Hellman şemasıyla belirlenmektedir. Bunun yanında HMAC ile veri bütünlüğü kontrol edilmektedir. Apple Touch ID yardımıyla parmak izi teknolojisi kullanılmıştır. Sistemin önemli özelliklerinden biri de baskı altındayken aldatıcı şifre ile giriş yapıp oy verebilmektir. Kullanıcı kurumunun bilgileriyle giriş yaptıktan sonra, aktivasyon aşamasında bir şifre ve aldatıcı şifre, bir çizim şifresi ve aldatıcı çizim şifresi belirler. Seçim ekranını görmeden önce, bu aldatıcı şifrelerden birini girerek oy verebilir fakat oyu sayılmayacaktır. Uygulama; giriş, sertifikasyon, aktivasyon, seçim listeleme, seçim görüntüleme, oy verme ekranlarından oluşmaktadır. Tüm veriler şifreli gelip gider ve ağ SSL ile korunur. Oy gönderim aşamasında kullanıcı doğrulamasını seviyesini arttırmak için SMS ile Tek Kullanımlık Şifre girişi yapılması istenir ve oy sunucuya iletilmiş olur.Conference Object An authorization-based cryptographically secure mobile voting system(Curran Associates Inc., 2017) Murat Odemis; Ahmet Hasan Koltuksuz; Odemis, Murat; Koltuksuz, Ahmet; M. Scanlon , N.-A. Le-KhacGovernments and the private sector keep pace with the innovations on mobile technologies. Most countries have developed e-Government portals for their citizens which also have mobile applications. They aim to provide public services in efficient and effective manners. While the governments are administering existing duties through an electronic platform they are also trying to transform the paper-based voting into a fertile electronic method. Recent advancements in mobilebased communication networks and cryptography have made it possible to consider mobile voting as a feasible alternative for conventional elections. Mobile voting has the flexibility of allowing citizens to participate in an election no matter where they physically are. Benefits of this alternative may include a reduced cost and increased participation speed flexibility and accuracy as well as improved accessibility for disabled people. According to Chung and Wu (2012) mobile voting schemes should all have anonymity eligibility fairness mobility uniqueness verifiability uncoercibility limited transparency and appropriate location freedom. While previously published papers in the field of mobile voting has been scrutinized in this work this paper itself proposes for a reliable secure authorization-based mobile voting system which will enable instantaneous vote submissions for not only the government elections but also for institutions and meetings which currently lack such a favorable arrangement. A mobile application was also developed to prove the system. Hybrid cryptosystem is used for data security and the data gets encrypted and decrypted via AES-256. Elliptic Curve Diffie-Hellman schema called Curve25519 (Bernstein 2006) is used for the key exchange mechanism for Curve25519 provides one of the fastest results. In addition to this biometric fingerprint-scanning technology is used. One of the most important features of the system is that after user enters to the system with his institutive credential if and when under pressure voter can use the fake trapdoor. The user sets both genuine and fake character-based password and geometric pattern password to vote. The network is protected by SSL and OpenSSL is used on certification phases. The application consists of a login certification activation listing election and a voting screen. An Authorization-Based Cryptographically Secure Mobile Voting System will be introduced in this paper. © 2023 Elsevier B.V. All rights reserved.Article Citation - WoS: 8Citation - Scopus: 8Detecting User Behavior in Cyber Threat Intelligence: Development of Honeypsy System(Hindawi Limited, 2022) Murat Odemis; Cagatay Yucel; Ahmet Hasan Koltuksuz; Yucel, Cagatay; Odemis, Murat; Koltuksuz, AhmetThis research demonstrates a design of an experiment of a hacker infiltrating a server where it is assumed that the communication between the hacker and the target server is established and the hacker also escalated his rights on the server. Therefore the honeypot server setup has been designed to reveal the correlation of a hacker's actions with that of the hacker's experience personality expertise and psychology. To the best of our knowledge such a design of experiment has never been tested rigorously on a honeypot implementation except for self-reporting tests applied to hackers in the literature. However no study evaluates the actual data of these hackers and these tests. This study also provides a honeypot design to understand the personality and expertise of the hacker and displays the correlation of these data with the tests. Our Honeypsy system is composed of a Big-5 personality test a cyber expertise test and a capture-the-flag (CTF) event to collect logs with honeypot applied in this sequence. These three steps generate data on the expertise and psychology of known cyber hackers. The logs of the known hacker activities on honeypots are obtained through the CTF event that they have participated in. The design and deployment of a honeypot as well as the CTF event were specifically prepared for this research. Our aim is to predict an unknown hacker's expertise and personality by analyzing these data. By examining/analyzing the data of the known hackers it is now possible to make predictions about the expertise and personality of the unknown hackers. The same logic applies when one tries to predict the next move of the unknown hackers attacking the server. We have aimed to underline the details of the personalities and expertise of hackers and thus help the defense experts of victimized institutions to develop their cyber defense strategies in accordance with the modus operandi of the hackers. © 2022 Elsevier B.V. All rights reserved.Conference Object Citation - Scopus: 1Ranking of Private Turkish Universities: Proposal of New Indicators(Springer Science and Business Media Deutschland GmbH, 2021) Damla Kizilay; Murat Odemis; Kızılay, Damla; Ödemiş, Murat; N.M. Durakbasa , M.G. GençyılmazThis study evaluates a total of 65 Turkish Private Universities considering their both academic and social benefits to the students. The principal aim of this paper is to provide a ranking for all Turkish Private Universities. Therefore all universities can access their ranking since “University Ranking by Academic Performance” (URAP) only provides the ranking of 56 universities. Also they can see their different impacts on several issues such as environmental impacts technological impacts as well as academical impacts. The data for this study is obtained from open source reliable corporate sources such as Higher Education Institution of Turkey Scopus and Univerlist web site. Univerlist is a university guide which provides informed-decision making support for students. It also supported this study. The findings indicate that the positions of private universities in the rankings of research academic staff and opportunities do not vary much. However their positions differ when the rankings for teaching student choice and mobility indicators are considered. The findings of this paper could help students administrators and academicians to understand how the universities are performing in terms of many different perspectives. © 2020 Elsevier B.V. All rights reserved.Conference Object A Programmable Threat Intelligence Framework for Containerized Clouds(ACAD CONFERENCES LTD, 2018) Cagatay Yucel; Ahmet Koltuksuz; Murat Odemis; Anas Mu'aza Kademi; Gokhan Ozbilgin; Yücel, Çağatay; Özbilgin, Gökhan; Ödemiş, Murat; Kademi, Anas Muazu; Koltuksuz, Ahmet; JS Hurley; JQ ChenContemporarily one of the main challenges for information security community is the growing number of cyber threats. Large scaled globally orchestrated and constantly evolving attacks are affecting our information systems and technologies every day. Therefore collection and the exchange of cyber threat intelligence is of supreme importance. The term Cyber Threat Intelligence (CTI) has emerged with the contemporary because of merging the cyber intelligence concepts with the risk and threat management in cyber space. Today a number of security companies provide cyber threat intelligence with their sensors deployed worldwide Security Information and Event Management (SIEM) software and Intrusion Detection and Prevention Systems (IDPS) working collaboratively. The collection of Cyber Threat Intelligence is the process of collecting and producing actionable information of threats and threat actors aimed at increasing awareness and operational capabilities upon recognition of attack and attempt scenarios in a timely fashion. This research aims to investigate the recent developments of SDN and Containerized Clouds with a security perspective. The implementation of a containerized cloud with a programmable network of honeypot is implemented in this research. The implementation is tested with a scenario where a propagation of a worm that is originated from an infected container image. The security mechanisms on the cloud are fed with the collected CTI and results of the experiments along with discussions are presented.
