LEE- Bilgi Güvenliği Mühendisliği ve Kriptografi-Yüksek Lisans

Bu koleksiyon için kalıcı URI

http://hdl.handle.net/11527/19196

Gözat

Son Başvurular

Şimdi gösteriliyor 1 - 5 / 13
  • Öge
    Design and analysis of privacy-preserving and regulations-compliant central bank digital currency
    (Graduate School, 2024-07-12) Doğan, Ali ; Bıçakcı, Kemal ; 707211012 ; Cybersecurity Engineering and Cryptography
    Significant advances has been made in the field of Central Bank Digital Currency (CBDC) in the last five years. These advances are available not only in the academic world but also in central banks. Currently, more than 130 countries continue their CBDC studies at research, pilot and proof of concept levels. The increased interest in CBDC can be attributed to various factors such as the increasing progress in digital payment technologies, the widespread use of cryptocurrencies in the digital money market and the advantages brought by this technology. In addition to these advantages, there are challenges and problems that have not yet been resolved in order for CBDCs to reach the maturity level. One of these problems is the conflict between efforts to protect the privacy of digital currency users and the compliance mechanisms introduced by states to ensure financial stability and social order. States try to prevent and monitor financial crimes through regulations such as combating dirty money and preventing financing of terrorism. However, such regulations could lead to citizens' lives being completely monitored in the transition to digital money. In addition to this conflict, a significant part of the existing CBDCs are operated on a blockchain-based system. Due to the transparent structure of the blockchain, parties included in the network can track and monitor users' transactions, but transaction privacy is ignored. In the present study, solutions to the mentioned privacy problems are introduced with cryptographic techniques such as zero knowledge proofs, threshold cryptography, and homomorphic encryption. In the proposed system, the user's balance is kept homomorphically encrypted in the blockchain. To perform a transfer transaction, the sender encrypts the amount he wants to transfer with his own public key, the receiver's public key, and the regulators' public key. The sender then creates a zero-knowledge proof that the amount is the same in all three ciphertexts. Since the transaction is processed through encrypted texts, the user must create a range proof that the balance he has is sufficient. After creating all the proofs and transmitting them to the blockchain, the nodes confirm the transaction and the user's balance is homomorphically reduced via the ciphertext and the recipient's balance is increased. In any suspicious case, the user's transaction history can be traced back by government institutions called regulators. However, threshold encryption was used to ensure that this control was not left to the initiative of a single institution. These institutions must reach a consensus and after reaching the threshold value, they can see the transaction details. Additionally, techniques have been suggested so that commercial banks can continue their services in this system.
  • Öge
    Analyzing individual data for insider threat detection
    (Graduate School, 2024-07-16) Yakar, Burak ; Özdemir, Enver ; 707211003 ; Cybersecurity Engineering and Cryptography
    Insider threats have been recognized as one of the most significant risks in cybersecurity. Research indicates that a majority of security breaches are caused by attacks or vulnerabilities originating from within the organization. Even with the most secure systems, as long as humans are part of the system, absolute security cannot be guaranteed. Technology is everywhere in our lives. People use smartphones, smartwatches, computers, and various other smart devices, all of which collect data to some extent. This data collection occurs not only on a personal level but also across businesses of all sizes. As businesses invest heavily in their operations, they need to secure their assets. To protect these assets, businesses invest in security measures. While some of these investments are physical precautions against physical risks, others are related to cybersecurity to mitigate cyber risks. Even if businesses build the best IDS (Intrusion Detection System) or IPS (Intrusion Protection System), there may still be ways for attackers to infiltrate and sneak in. This is because humans are the weakest component of any ICT (Information and Communications Technology) security system and present the greatest risks and threats to a company, organization, or system. Insider threats are cybersecurity threats that originate from authorized users, such as employees, business partners, contractors, vendors, and former employees. Misusing legitimate user credentials and account hijacking are some methods to carry out these intentions. These actions are not necessarily all intentional; some may be unintentional. However, as a result of these actions, the confidentiality, integrity, and availability of systems and data are compromised. The cost of these actions can cause significant expenses that most SMEs (small to medium-sized businesses) cannot afford. This study focuses on defining insider threats, mitigating security risks leading to insider vulnerabilities, and preventing insider threats by analyzing individual data using the random forest algorithm. The aim of this study is to find a method to detect malicious intentions and prevent potential attacks before they occur.
  • Öge
    Generating synthetic data for user behavior based intrusion detection systems
    (Graduate School, 2024-07-16) İbrahimov, Ughur ; Özdemir, Enver ; 707211009 ; Cybersecurity Engineering and Cryptography
    Intrusion detection systems are at a critical point in the effort to mitigate cyber vulnerabilities. While malicious actors are increasing day by day, the demand for multifunctional IDS models constantly increases. Since data plays the most crucial role in all cybersecurity measures, obtaining data is really important while developing these security precautions. At this point, synthetic data provides unique contributions to overcoming the problem of data scarcity. This thesis examines the intrusion detection concept, necessity of synthetic data in cybersecurity and synthetic data generation methods. The analyse provides information about relationship between synthetic data and intrusion detection systems, application process of synthetic data and privacy topics while generating and implementing artifical data for cybersecurity measures. After a detailed analyse, we decide generation method and tool for the purpose of this thesis. Since there are various methods and techniques to produce synthetic data for different purposes, we need to choose the right modeling and method for our work. Synthetic data producing methods include machine learning approaches like generative adversarial networks (GAN), variational autoenconders (VAE) furthermore, apporaches like simulation, interpolation and extrapolation, statistical modelling and more others. In this thesis, we generate synthetic data that shows daily behavior of the user who works as information technologies support technician and deals with tickets. We use Python language libraries are implemented for technical side to produce manufactured data. Moreover, scenario was developed to establish a synthetic dataset that is close to real life incidents as possible. Constants like ticket identifications, ticket types, action types are clearly defined in order to generate balanced synthetic data. One of the necessities of synthetic data usage in different industries is it being constructed in a balanced shape. Ticket types are defined as task, bug, support, question, feature, then we defined actions that contains work on ticket, reassign ticket, attach file to a ticket, and others. Although approximately 35,000 movements were created over a two-week period, the duration of the experiment could be extended over a longer period of time for a more realistic distribution in later developments. We also decided to make the synthetic data show actions between 9 A.M and 5 P.M which are work hours. The time spent is calculated from the difference between randomly assigned start and finish times between these hours. xxii Generated data is stored in Excel file, which contains approximately 35000 lines. It is possible to change the amount according to the purpose by making changes in the code. The statistical distribution of the result is shown in histograms at the end.
  • Öge
    Privacy and security enhancements of federated learning
    (Graduate School, 2024-07-12) Erdal, Şükrü ; Özdemir, Enver ; Karakoç, Ferhat ; 707211008 ; Cybersecurity Engineering and Cryptography
    Federated Learning has emerged as a revolutionary approach in the field of machine learning, addressing significant concerns related to data privacy and security. Traditional centralized machine learning models require data aggregation on central servers, posing substantial risks of data breaches and privacy violations. FL, on the other hand, distributes the model training process across multiple decentralized edge devices, keeping the raw data localized and mitigating the privacy risks associated with centralized data storage and processing. The motivation for this thesis stems from the growing need to enhance privacy and security in FL applications. As data privacy regulations become more stringent and public awareness of data security increases, there is a pressing demand for robust FL frameworks that can protect sensitive information while maintaining high model performance. FL's ability to leverage the computational power of edge devices, such as smartphones and IoT gadgets, makes it a promising solution for various domains including healthcare, finance, and the Internet of Things. The primary objectives of this thesis are threefold: 1. To provide a comprehensive survey of existing research on privacy-enhanced FL, synthesizing key concepts, methodologies, and findings. 2. To identify gaps, limitations, and open research questions in the current literature on privacy-enhanced FL. 3. To evaluate and compare different privacy-enhancing techniques and methodologies used in FL, assessing their effectiveness, scalability, and trade-offs. FL inherently mitigates several privacy risks by keeping data local to clients. However, it introduces new challenges, particularly related to inference attacks and model update poisoning. Inference attacks exploit model updates to extract sensitive information, while model update poisoning involves malicious clients injecting false updates to corrupt the global model. These challenges necessitate robust solutions to ensure the integrity and privacy of the FL process. Non-IID data and communication overheads further complicate FL implementation. Non-IID data, where data distributions vary across clients, can hinder model convergence and performance. Additionally, frequent and substantial data exchanges between clients and servers result in significant communication overheads, which can strain network resources. Several strategies have been developed to address these privacy and security challenges. Differential privacy introduces noise to data updates, ensuring that individual contributions remain confidential. Protocols that incorporate cryptographic signatures and Secure Multiparty Computation techniques further enhance the security of model updates and ensure data integrity. Co-utility frameworks, which promote mutual benefit between servers and clients, and robust aggregation methods also play vital roles in safeguarding FL systems. Innovative methodologies such as Flamingo and SafeFL leverage advanced cryptographic techniques to provide secure aggregation and enhance privacy preservation. These solutions collectively improve the robustness, efficiency, and security of FL frameworks, enabling their application in real-world scenarios. FL has been applied successfully in various domains, demonstrating its versatility and effectiveness. In wireless communication, FL enhances vehicular communication, localization, and semantic communication by enabling collaborative model training without data centralization. In the IoT sector, FL improves privacy and reduces data transfer costs, with significant applications in smart homes and industrial IoT. Healthcare is another critical area where FL has made substantial impacts. By allowing institutions to collaboratively train models on medical imaging and predictive analytics without sharing patient data, FL addresses stringent privacy regulations while improving model accuracy and generalizability. Studies have shown that FL can maintain high diagnostic accuracy and support personalized medicine. In the financial sector, FL addresses privacy and regulatory challenges by enabling collaborative credit risk assessment and fraud detection. By leveraging data from multiple institutions without centralizing it, FL-based models achieve higher accuracy and adaptability, enhancing the detection of fraudulent activities and improving credit scoring models. Surveys play indispensable roles and offer numerous benefits within the FL domain. They serve as comprehensive repositories of existing research, providing newcomers with a foundational understanding while guiding experienced researchers toward unexplored frontiers. By scrutinizing and synthesizing a plethora of literature, surveys identify emerging trends, highlight successful applications, and outline future research directions. Federated Learning presents a transformative approach to machine learning by enabling decentralized data processing, which addresses critical privacy and security concerns inherent in traditional centralized models. This thesis explored various facets of FL, particularly focusing on the challenges and solutions related to privacy and security, as well as its diverse applications across different sectors. Emerging trends in FL research, including advancements in cryptographic techniques, federated learning frameworks, and regulatory compliance mechanisms, underscore the need for continuous innovation and interdisciplinary collaboration. As FL continues to evolve, it holds the potential to revolutionize secure communication systems and foster a culture of security awareness and privacy by design in machine learning technologies.
  • Öge
    Detecting malicious activity inside of the network
    (Graduate School, 2023-12-20) Kumbasar, Ayşenur ; Özdemir, Enver ; 707201002 ; Cybersecurity Engineering and Cryptography
    In today's world with the global development and digitalization, applications and services used in banking and finance sectors, as in all sectors, have started to adapt to the online world quickly. The increase in the rate of transition to the Internet environment shows that the issue of security is becoming more and more important and serious for banks and customers. Companies serving in the financial and banking sectors are an attractive target for cyber attackers in terms of damage to the target system and data obtained by attackers. The protection of information systems containing important and sensitive business and customer information, such as databases, servers, computers, networks used, is of high importance. In the same way, providing a secure and robust online communication environment in the services provided to customers and ensuring that data is transmitted in reliable environments is one of the most important elements in the banking sector Banks are also making major investments in security systems to ensure secure communication and the protection of personal and business information and documents as a precaution against this increasing number of cyber attacks. With these systems, they have the potential to prevent such attacks by detecting and responding to abnormal and unauthorized activities. However, research shows that the majority of cyber attacks are carried out by insiders. Most security products in use focus on external threats. However, if the attacker is a person working within the organization, these systems may be insufficient to detect such activities. The inside attacker has legitimate access privileges to sensitive data, systems, networks that outsiders do not have. It is difficult to predict and prevent as the malicious user inside follows legitimate paths and methods. Since the systems have detailed information about the internal organization such as the corporate network, they can misuse sensitive and confidential data and cause irreversible damage to the organizations by creating great losses. Therefore, it can be said that the cost of damage caused by internal threat is much higher than external threat. This study focuses on detecting insider threats by monitoring users with a behavioural focus. By examining normal user behaviour and malicious user behaviour with SVM, KNN and Random Forest algorithms, it is aimed to detect internal threats and help minimize the damage that can be done to the institution with preventive controls that will come with it.