Yücel, Çağatay
Loading...
Name Variants
Job Title
Öğrt.Gör.
Email Address
Main Affiliation
01.01.09.01. Bilgisayar Mühendisliği Bölümü
Status
Former Staff
Website
ORCID ID
Scopus Author ID
Turkish CoHE Profile ID
Google Scholar ID
WoS Researcher ID
Sustainable Development Goals
SDG data is not available
Documents
19
Citations
94
h-index
5
This researcher does not have a WoS ID.
Scholarly Output
11
Articles
4
Views / Downloads
0/0
Supervised MSc Theses
1
Supervised PhD Theses
1
WoS Citation Count
32
Scopus Citation Count
39
Patents
0
Projects
0
WoS Citations per Publication
2.91
Scopus Citations per Publication
3.55
Open Access Source
2
Supervised Theses
2
| Journal | Count |
|---|---|
| 13th European Conference on Cyber Warfare and Security (ECCWS) | 1 |
| 13th International Conference on Cyber Warfare and Security (ICCWS) | 1 |
| 15th European Conference on Cyber Warfare and Security ECCWS 2016 | 1 |
| 16th European Conference on Cyber Warfare and Security ECCWS 2017 | 1 |
| 8th International Conference on Computer Science and Engineering UBMK 2023 | 1 |
Current Page: 1 / 2
Scopus Quartile Distribution
Quartile distribution chart data is not available
Competency Cloud
11 results
Scholarly Output Search Results
Now showing 1 - 10 of 11
Master Thesis Software Development for Transitions of Graphs from Discrete State into the Continous State(2012) Yücel, Çağatay; Koltuksuz, Ahmet H.The contemporary information model deals only with syntactics of information,such as frequency of the occurances of characters, length of words andcompression amount of documents. Computable models targeting semantic propertiesof information, such as relations between words, should be defined and studiedin order to improve the analysis and the retrieval of information.Manifolds are suitable differentiable mathematical objects for information to bedefined on. By their very definition they are non-euclidean in the global viewbut in local scales they resemble euclidean spaces. This property provides thatthe contemporary models can also be defined within the previsioned new modelsof information models.One of the most basic representation of information is through graphs. They arediscrete and highly computable mathematical bojects. In this thesis, the main aim is toinvestigate methods of embedding this simple piece of information ontomanifolds. This aim is supposed to lead us to defining the geometrical aspectsof information.Conference Object Citation - WoS: 1Citation - Scopus: 1An Annotated Bibliographical Survey on Cyber Intelligence for Cyber Intelligence Officers(ACAD CONFERENCES LTD, 2014) Cagatay Yucel; Ahmet Koltuksuz; Yucel, Cagatay; Koltuksuz, Ahmet; A Liaropoulos; G TsihrintzisSince 2008 Cyberspace is officially regarded as a distinct military domain along with land sea and air for many countries (Goel 2011). Several nations are developing defensive and offensive cyber capabilities for this domain. The nature of warfare in cyberspace is radically different than the traditional warfare: the attacks are more remote stealthy and it may be impossible to detect the identity of the adversary (Greengard 2010). Moreover the time parameter becomes extremely important in this domain since conducting an attack takes only seconds even if the target is at the globally farthest point possible. Therefore the power and impacts of cyber operations are limited by fast computation and transmission skills of your front. Nations need intelligence in this relatively new domain of war in order to know the strengths and weaknesses of other nations and themselves. With cyber intelligence of high quality nations can assess the effects of attacks, detect their vulnerabilities therefore mitigating the risks and implement cyber security processes based on well-defined decisions (Rudner 2013). This paper presents a literature survey on computer science methodologies that can be useful for intelligence officers working in the cyberspace. The methodologies including defensive identification methods such as incident response strategies social network analysis (Yip et al. 2012) (Benjamin and Hsinchun 2012) intrusion detection systems (Zaman and Karray 2009) and anomaly detections (Chandola et al. 2009) as well as offensive methods such as disinformation destruction of information and communication and advance persistent threats (APTs).Article Citation - WoS: 1Citation - Scopus: 1Software development for transitions of graphs from discrete state into the continuous state(Natural Sciences Publishing Co. amis@naturalspublishing.com, 2014) Ahmet Hasan Koltuksuz; Cagatay Yucel; Yücel, Çaǧatay; Koltuksuz, AhmetManifolds are suitable differentiable mathematical objects for information to be defined on. By their very definition they are non-Euclidean in the global view but in local scales they resemble Euclidean spaces. This property provides that the contemporary information models can also be defined within the previsioned new models of information models. One of the most basic representations of information is through graphs. They are discrete and highly computable mathematical objects. In this research the main aim is to investigate methods of embedding this simple piece of information onto manifolds. This research shows that the very fundamental data structures of computer science can be transformed into the continuous spaces and wide area of applications can be engineered such as pattern recognition or anomaly detection. The visualizations of the inspected methods are the evidence of that the graph data can carry new characteristics other than classical properties of graphs such as curvature locality or multi-dimensionality. © 2014 NSP Natural Sciences Publishing Cor. © 2014 Elsevier B.V. All rights reserved.Article Citation - WoS: 22Citation - Scopus: 29Imaging and evaluating the memory access for malware(ELSEVIER SCI LTD, 2020) Cagatay Yucel; Ahmet Koltuksuz; Yücel, Çağatay; Koltuksuz, AhmetMalware analysis is a forensic process. After infection and the damage represented itself with the full scale then the analysis of the attack the structure of the executable and the aim of the malware can be discovered. These discoveries are converted into analysis reports and malware signatures and shared among antivirus databases and threat intelligence exchange platforms. This highly valuable information is then utilized in the detection mechanisms to prevent further dissemination and infections of malware. The types of analysis of the malware sample in this process can be grouped into two categories: static analysis and dynamic analysis. In static analysis the executable file is reverted to the source code through disassemblers and reverse engineering software and analyzed whereas dynamic analysis includes running the sample in an isolated environment and analyzing its behavior. Both static and dynamic analysis have limitations such as packing obfuscation dead code insertion sandbox detection and anti-debugging techniques. Memory operations on the other hand are not possible to hide by these limitations and inevitable for any software since the inventions of the computational models. Therefore in this research memory operations and access patterns for the malicious acts are examined and a contribution of a novel approach for extracting of memory access images is presented. In addition to extraction methods of how these images can be used for detection and comparison is introduced through an image comparison technique. (C) 2020 Elsevier Ltd. All rights reserved.Article Citation - WoS: 8Citation - Scopus: 8Detecting User Behavior in Cyber Threat Intelligence: Development of Honeypsy System(Hindawi Limited, 2022) Murat Odemis; Cagatay Yucel; Ahmet Hasan Koltuksuz; Yucel, Cagatay; Odemis, Murat; Koltuksuz, AhmetThis research demonstrates a design of an experiment of a hacker infiltrating a server where it is assumed that the communication between the hacker and the target server is established and the hacker also escalated his rights on the server. Therefore the honeypot server setup has been designed to reveal the correlation of a hacker's actions with that of the hacker's experience personality expertise and psychology. To the best of our knowledge such a design of experiment has never been tested rigorously on a honeypot implementation except for self-reporting tests applied to hackers in the literature. However no study evaluates the actual data of these hackers and these tests. This study also provides a honeypot design to understand the personality and expertise of the hacker and displays the correlation of these data with the tests. Our Honeypsy system is composed of a Big-5 personality test a cyber expertise test and a capture-the-flag (CTF) event to collect logs with honeypot applied in this sequence. These three steps generate data on the expertise and psychology of known cyber hackers. The logs of the known hacker activities on honeypots are obtained through the CTF event that they have participated in. The design and deployment of a honeypot as well as the CTF event were specifically prepared for this research. Our aim is to predict an unknown hacker's expertise and personality by analyzing these data. By examining/analyzing the data of the known hackers it is now possible to make predictions about the expertise and personality of the unknown hackers. The same logic applies when one tries to predict the next move of the unknown hackers attacking the server. We have aimed to underline the details of the personalities and expertise of hackers and thus help the defense experts of victimized institutions to develop their cyber defense strategies in accordance with the modus operandi of the hackers. © 2022 Elsevier B.V. All rights reserved.Conference Object A parallel cyber universe: Botnet implementations over TOR-like networks(Curran Associates Inc., 2017) Hüseyin Yaǧci; Cagatay Yucel; Ahmet Hasan Koltuksuz; Yüce, Çaǧatay; Yaǧci, Hüseyin; Koltuksuz, Ahmet; M. Scanlon , N.-A. Le-KhacThe first bot implemented in the history of computers was the Eggdrop (Fisher J 1998). The first instance of this kind was benign, it was an automated management tool for Internet Relay Chat (IRC) rooms. It wasn't much later when Internet users experienced the first botnet attack. The GTbot family was the first known malicious automated attack network on IRCs (Bächer et al. 2009) and new era for bots had begun. Botnets can be practically defined as a network of infected smart devices. As a result of the infiltration attacks made on a victim's computer with different malwares and zero-day attacks the control of the computer is confiscated without the victim being aware of it. Confiscated machines are connected to Command and Control (C&C) centers. In the case of a single infection this attack is nothing more than a data theft or privilege escalation. However when the number of the infected devices scales up to thousands the attack becomes a mass destruction weapon on global companies' networks. Amazon Spotify Twitter and many more companies were affected by DDoS attacks by the Mirai botnet in October 2016 (Allison Nixon John Costello 2016). The Mirai botnet was conducted by a malicious network utilizing the IoT devices. Moreover an even worse fact was the announcement of more similar botnet attacks after that October (Paganini 2016 Anon 2016). Today honeypot-based signature-based and host-based defenses as well as active and passive monitoring techniques are being developed against botnets (Silva et al. 2013). Botnets are fighting back for their existence by using binary obfuscation fast-flux networks domain generation algorithm (DGA) techniques and polymorphism while ciphering IP spoofing multi-hopping and email spoofing (Rodríguez-Gómez et al. 2013 Wang et al. 2016). Another important technique for botnets is to utilize The Onion Routing (TOR) networks where the communication scheme of the bot network is anonymized in the layers of the TOR scheme. The name of this network comes from a reference to the multi-layered structure of an onion. This research presents a novel implementation of a hidden botnet mechanism over like networks to The Onion Routing (TOR) ones. The focus is on creating parallel cyber universes with TOR-like structures and hiding the existence of the botnets in the blind range of the Internet. The design of such a network and the attack vector is explained in detail for the first time in the literature. © 2023 Elsevier B.V. All rights reserved.Article An information geometrical evaluation of Shannon information metrics on a discrete n-dimensional digital manifold(Elsevier Ltd, 2023) Ahmet Hasan Koltuksuz; Cagatay Yucel; Anas Maazu Kademi; Yucel, Cagatay; Maazu Kademi, Anas; Kademi, Anas Maazu; Koltuksuz, AhmetThe definition and nature of information have perplexed scientists due to its dual nature in measurements. The information is discrete and continuous when evaluated on a metric scale and the Laplace-Beltrami operator and Gauss-Bonnet Theorem can map one to another. On the other hand defining the information as a discrete entity on the surface area of an n-dimensional discrete digital manifold provides a unique way of calculating the entropy of a manifold. The software simulation shows that the surface area of the discrete n-dimensional digital manifold is an effectively computable function. Moreover it also provides the information-geometrical evaluation of Shannon information metrics. © 2023 Elsevier B.V. All rights reserved.Conference Object Distributed and Biometric Signature-Based Identity Proofing System for the Maritime Sector(Institute of Electrical and Electronics Engineers Inc., 2023) Taylan Akbas; Ahmet Hasan Koltuksuz; Cagatay Yucel; Yucel, Cagatay; Akbas, Taylan; Koltuksuz, AhmetThe maritime sector is an industry that faces significant and various challenges related to cyber security and data management such as fraud and user authentication. Therefore there is a need for a secure solution that can effectively manage data transactions while resolving digital identity. A biometric signature application in blockchain for fighting fraud and fake identities may provide a solution in the maritime sector. This research proposes a biometric signature and an IPFS network-blockchain framework to address these challenges. This paper also discusses the proposed framework's cyber security challenges that threaten behavioral biometric security. © 2023 Elsevier B.V. All rights reserved.Doctoral Thesis Zararlı yazılımlar için bellek erişimlerinin görüntülenmesi ve değerlendirilmesi(2019) Yücel, Çağatay; Koltuksuz, Ahmet HasanKötü amaçlı yazılım analizi adli bilişsel bir süreçtir. Zararlı yazılım; başarılı bir şekilde hedef bilgisayara bulaştıktan, amaçladığı zarar hedef bilgisayarda oluştuktan ve yazılım kendini tam ölçekte gösterdikten sonra ancak çalıştırılabilir dosyanın hedefi ve yapısı gerçek anlamda anlaşılabilir. Zararlı yazılım analizi ile elde edilen bu bulgular kötü amaçlı yazılım imzalarına dönüştürülmekte; antivirüs veritabanları ve tehdit istihbarat değişim platformları arasında paylaşılmaktadır. Bu çok değerli bilgiler daha sonra kötü amaçlı yazılımların daha fazla yayılmasını önlemek amacıyla saptama/önleme mekanizmalarında kullanılır. Bu süreçte kötü amaçlı yazılım örneğinin analizi iki kategoriye ayrılır: statik analiz ve dinamik analiz. Statik analizde çalıştırılabilir dosya, tersine mühendislik yazılımları aracılığıyla kaynak koduna geri döndürülüp analiz edilirken, dinamik analiz, çalıştırılabilir dosyanın dışarıya kapalı bir ortamda çalıştırılmasını ve davranışlarının analizini içerir. Hem statik hem de dinamik analiz, paketleme, perdeleme, ölü kod ekleme, sanal makinenin algılanması ve hata ayıklama önleme teknikleri gibi analiz önleme teknikleriyle sınırlıdır. Öte yandan bellek üzerinden gerçekleştirilen analiz işlemleri bu sınırlamalarla gizlenemez ve bilgisayar sistemlerinin modellerinin icadından bu yana herhangi bir yazılım için kaçınılmazdır. Bu nedenle, bu araştırmada, kötü niyetli eylemler için bellek işlemleri ve bellek erişim örüntüleri incelenmiş, bellek erişim görüntülerinin çıkarılması için yeni bir yaklaşımın katkısı litaretüre sunulmuştur. Bu çıkarma yöntemine ek olarak, bu görüntülerin tespiti ve karşılaştırma için nasıl kullanılabileceği görüntü karşılaştırma tekniği ile ortaya konulmuştur.Conference Object A Programmable Threat Intelligence Framework for Containerized Clouds(ACAD CONFERENCES LTD, 2018) Cagatay Yucel; Ahmet Koltuksuz; Murat Odemis; Anas Mu'aza Kademi; Gokhan Ozbilgin; Yücel, Çağatay; Özbilgin, Gökhan; Ödemiş, Murat; Kademi, Anas Muazu; Koltuksuz, Ahmet; JS Hurley; JQ ChenContemporarily one of the main challenges for information security community is the growing number of cyber threats. Large scaled globally orchestrated and constantly evolving attacks are affecting our information systems and technologies every day. Therefore collection and the exchange of cyber threat intelligence is of supreme importance. The term Cyber Threat Intelligence (CTI) has emerged with the contemporary because of merging the cyber intelligence concepts with the risk and threat management in cyber space. Today a number of security companies provide cyber threat intelligence with their sensors deployed worldwide Security Information and Event Management (SIEM) software and Intrusion Detection and Prevention Systems (IDPS) working collaboratively. The collection of Cyber Threat Intelligence is the process of collecting and producing actionable information of threats and threat actors aimed at increasing awareness and operational capabilities upon recognition of attack and attempt scenarios in a timely fashion. This research aims to investigate the recent developments of SDN and Containerized Clouds with a security perspective. The implementation of a containerized cloud with a programmable network of honeypot is implemented in this research. The implementation is tested with a scenario where a propagation of a worm that is originated from an infected container image. The security mechanisms on the cloud are fed with the collected CTI and results of the experiments along with discussions are presented.
