Filtreler

2023 - 202613
Filtreleri Sıfırla

Ayarlar

Yazar: Çeliktaş, Barış × Bölüm: Işık University, School of Graduate Studies, Master’s Program in Computer Engineering ×

Arama Sonuçları

Listeleniyor 1 - 10 / 13
  • Küçük Resim
    Yayın
    Efficient estimation of Sigmoid and Tanh activation functions for homomorphically encrypted data using Artificial Neural Networks
    (Institute of Electrical and Electronics Engineers Inc., 2024) Harb, Mhd Raja Abou; Çeliktaş, Barış
    This paper presents a novel approach to estimating Sigmoid and Tanh activation functions using Artificial Neural Networks (ANN) optimized for homomorphic encryption. The proposed method is compared against second-degree polynomial and Piecewise Linear approximations, demonstrating a minor loss in accuracy while maintaining computational efficiency. Our results suggest that the ANN-based estimator is a viable alternative for secure machine learning models requiring privacypreserving computation.
  • Küçük Resim
    Yayın
    ANN activation function estimators for homomorphic encrypted inference
    (Institute of Electrical and Electronics Engineers Inc., 2025-06-13) Harb, Mhd Raja Abou; Çeliktaş, Barış
    Homomorphic Encryption (HE) enables secure computations on encrypted data, facilitating machine learning inference in sensitive environments such as healthcare and finance. However, efficiently handling non-linear activation functions, specifically Sigmoid and Tanh, remains a significant computational challenge for encrypted inference using Artificial Neural Networks (ANNs). This study introduces a lightweight, ANN-based estimator designed to accurately approximate activation functions under homomorphic encryption. Unlike traditional polynomial and piecewise linear approximations, the proposed ANN estimators achieve superior accuracy with lower computational overhead associated with bootstrapping or high-degree polynomial techniques. These estimators are trained on plaintext data and seamlessly integrated into encrypted inference pipelines, significantly outperforming conventional methods. Experimental evaluations demonstrate notable improvements, with ANN estimators enhancing accuracy by approximately 2% for Sigmoid and up to 73% for Tanh functions, improving F1-scores by approximately 2% for Sigmoid and up to 88% for Tanh, and markedly reducing Mean Square Error (MSE) by up to 96% compared to polynomial approximations. The ANN estimator achieves an accuracy of 97.70% and an AUC of 0.9997 when integrated into a CNN architecture on the MNIST dataset, and an accuracy of 85.25% with an AUC of 0.9459 on the UCI Heart Disease dataset during ciphertext inference. These results underscore the estimator’s practical effectiveness and computational feasibility, making it suitable for secure and efficient ANN inference in encrypted environments.
  • Küçük Resim
    Yayın
    Analyst-aware incident assignment in security operations centers: a multi-factor prioritization and optimization framework
    (Uğur Şen, 2025-07-15) Kılınçdemir, Eyüp Can; Çeliktaş, Barış
    In this paper, we propose a comprehensive and scalable framework for incident assignment and prioritization in Security Operations Centers (SOCs). The proposed model aims to optimize SOC workflows by addressing key operational challenges such as analyst fatigue, alert overload, and inconsistent incident handling. Our framework evaluates each incident using a multi-factor scoring model that incorporates incident severity, service-level agreement (SLA) urgency, incident type, asset criticality, threat intelligence indicators, frequency of repetition, and a correlation score derived from historical incident data. We formalize this evaluation through a set of mathematical functions that compute a dynamic incident score and derive incident complexity. In parallel, analyst profiles are quantified using Analyst Load Factor (ALF) and Experience Match Factor (EMF), two novel metrics that account for both workload distribution and expertise alignment. The incident–analyst matching process is expressed as a constrained optimization problem, where the final assignment score is computed by balancing incident priority with analyst suitability. This formulation enables automated, real-time assignment of incidents to the most appropriate analysts, while ensuring both operational fairness and triage precision. The model is validated using algorithmic pseudocode, scoring tables, and a simplified case study, which illustrates the realworld applicability and decision logic of the framework in large-scale SOC environments. To validate the framework under real-world conditions, an empirical case study was conducted using 10 attack scenarios from the CICIDS2017 benchmark dataset. Overall, our contributions lie in the formalization of a dual-factor analyst scoring scheme and the integration of contextual incident features into an adaptive, rule-based assignment framework. To further strengthen operational value, future work will explore adaptive weighting mechanisms and integration with real-time SIEM pipelines. Additionally, feedback loops and supervised learning models will be incorporated to continuously refine analyst-incident matching and prioritization.
  • Küçük Resim
    Yayın
    A metric-driven IT risk scoring framework: incorporating contextual and organizational factors
    (Institute of Electrical and Electronics Engineers Inc., 2025-09-24) Ünal, Nezih Mahmut; Çeliktaş, Barış
    Risk analysis is a critical process for organizations seeking to manage their cybersecurity posture effectively. However, traditional risk analysis frameworks, such as the Common Vulnerability Scoring System (CVSS), primarily evaluate technical impacts without incorporating organizational context and dynamic risk factors. This paper presents a metric-based risk analysis framework designed to provide a more adaptable and context-aware risk-scoring framework. The proposed model enables risk owners to define customized threat scenarios and dynamically adjust metric weights based on organizational needs. Unlike traditional approaches, our method integrates contextual parameters to improve the accuracy and relevance of risk calculations. Experimental evaluations demonstrate that the proposed framework enhances risk prioritization and provides more actionable insights for decision-makers. This study contributes to the field by addressing the limitations of existing risk analysis models and offering a systematic approach for cybersecurity risk management.
  • Küçük Resim
    Yayın
    Çok ölçekli görsel benzerlik analizi ile oltalama saldırısı tespiti
    (Institute of Electrical and Electronics Engineers Inc., 2025-08-15) Kılıç, Bartu; Çeliktaş, Barış
    Oltalama saldırıları teknolojinin gelişmesiyle günümüzün en yaygın siber güvenlik tehditlerinden biri haline gelmiştir. Bu çalışma, web sitelerinin ekran görüntülerini gelişmiş bir görsel benzerlik analizi yöntemiyle inceleyerek oltalama saldırılarını yüksek doğrulukla tespit eden bir yaklaşım sunmaktadır. Oltalama tespiti için önerilen yöntemde, algısal özütleme tabanlı çoklu çözünürlük analizi, akıllı ilgi bölgesi (ROI) tespiti ve çoklu metrik füzyonu gibi teknikler birleştirilerek yüksek doğrulukta tespit yapılabilmektedir. Veri seti, popüler bankacılık, e-posta ve sosyal medya platformlarının gerçek ve oltalama sayfalarından oluşan 23 gerçek ve 3 oltalama sayfası ekran görüntülerinden derlenmiştir. Yapılan testler, yöntemin %85 doğruluk oranı ile tekil metrik tabanlı yaklaşımlardan daha iyi performans gösterdiğini ortaya koymuştur. Dil bağımsız çalışan bu yöntem, URL ve HTML manipülasyonlarına karşı dayanıklıdır ve gerçek zamanlı oltalama tespiti için güçlü bir çözüm sunmaktadır.
  • Küçük Resim
    Yayın
    Comparative analysis of supervised, unsupervised, semi-supervised, and reinforcement learning methods for data loss prevention
    (BIDGE Publications, 2023-05-24) Vural, Ahmet; Çeliktaş, Barış; Çoğun, Hikmet Yeter; Parlar, İshak; Üzmuş, Hasan
    Veri Kaybını Önleme (DLP), veri kaybını, hassas verilerin güvenli olmayan veya uygun olmayan bir şekilde paylaşılmasını, transferini veya kullanılmasını engelleyen bir güvenlik çözümüdür. DLP ayrıca Genel Veri Koruma Yönetmeliği (GDPR) ve diğer düzenleyici gereklilikler gibi düzenlemelere uyum sağlamamıza yardımcı olmaktadır. DLP'nin temel amacı hassas verilerin sızmasını önlemek ve böylece veri sahiplerinin itibarlarını korumak, maliyetleri azaltmak ve iş sürekliliğini sağlamaktır. DLP, veri sızmasını engellemek veya önceden belirlenmiş veri sınıflandırma politikaları kullanarak olayları kaydetmek için bir dizi kural kullanan bir uygulamadır. Bu etiketler genellikle bir program tarafından tanımlanan bilgilere dayalı olarak oluşturmakta ve uygulamaktadır. Bu çalışmamız, DLP sistemlerinde denetimli, denetimsiz, yarı denetimli ve takviyeli öğrenme yöntemlerinin kullanımına odaklanmakta olup, veri sınıflandırması için makine öğrenme algoritmaları aracılığıyla verilerin işlenmesi ve kullanılmasıyla veri ihlallerini ve ihlallerini en aza indirmeyi amaçlamaktadır. Çalışmamızda, makine öğrenme yöntemlerinin yeteneklerine dayalı olarak en uygun seçenekler değerlendirilecektir. Çalışmanın bulguları, denetimli öğrenme yöntemlerinin karşılaştırmalı analizinin DLP için en etkili yaklaşım olduğunu önermektedir, ancak yarı denetimli ve güçlendirme öğrenme yöntemleri sınırlı etiketli veri olduğunda kullanışlı olabilmektedir. Çalışma ayrıca makine öğrenme algoritmaları kullanarak otomatik olarak DLP prensiplerinin oluşturulmasının faydalarını içermektedir. El ile hazırlanan sınıflandırmaların otomatikleştirilmesiyle, sistemin daha verimli olması ve yanlış pozitif değerlerin en aza indirilmesi beklenmektedir. Özetle, bu çalışma kullanıcıların veri işleme standartları veya alışkanlıklarını makine öğrenmeyle birleştirerek bu etiketlerin ve verilerin DLP kurallarında kullanılmasını mümkün kılmaktadır. El ile yapılan manuel sınıflandırma, makine öğrenme ile otomatikleştirilebilir, bu da daha iyi kontrollerin yapılmasına olanak sağlamaktadır. Makine öğrenme ve DLP aynı anda kullanıldığında, veri sınıflandırması hatalı olmadan gerçekleştirilecek ve yanlış pozitif alarm sayısı azalacaktır. Dosyaların yapısı ve içeriği kullanıcı alışkanlıklarına göre doğru bir şekilde belirlenecek, ilgili kuralların doğruluğu ve güvenilirliği sağlanacaktır. Kullanıcılar belirli algoritmalar aracılığıyla izlenecek, dosya içeriğinde en sık kullanılan veriler raporlanabilecek ve bunun şirket riski olarak kabul edilebilir olup olmadığı belirlenebilecektir. Sonuç olarak, kurum ve kuruluşlar, veri koruma politikalarını daha verimli ve kullanılabilir hale getirebilecek ve veri kaybı riskini azaltabilecek ve düzenlemelere tabi kişisel verileri kontrol altına alabilecektir.
  • Küçük Resim
    Yayın
    Secure and interpretable dyslexia detection using homomorphic encryption and SHAP-based explanations
    (Institute of Electrical and Electronics Engineers Inc., 2025-10-25) Harb, Mhd Raja Abou; Çeliktaş, Barış; Eroğlu, Günet
    Protecting sensitive healthcare data during machine learning inference is critical, particularly in cloud-based environments. This study addresses the privacy and interpretability challenges in dyslexia detection using Quantitative EEG (QEEG) data. We propose a privacy-preserving framework utilizing Homomorphic Encryption (HE) to securely perform inference with an Artificial Neural Network (ANN). Due to the incompatibility of non-linear activation functions with encrypted arithmetic, we employ a dedicated approximation strategy. To ensure model interpretability without compromising privacy, SHapley Additive exPlanations (SHAP) are computed homomorphically and decrypted client-side. Experimental evaluations demonstrate that the encrypted inference achieves an accuracy of 90.03% and an AUC of 0.8218, reflecting only minor performance degradation compared to plaintext inference. SHAP value comparisons (Spearman correlation = 0.59) validate the reliability of the encrypted explanations. These results confirm that integrating privacy-preserving and explainable AI approaches is feasible for secure, ethical, and compliant healthcare deployments.
  • Küçük Resim
    Yayın
    A multi-criteria evaluation of cybersecurity incident management frameworks: integrating AHP, CMMI and SWOT
    (Karyay Karadeniz Yayımcılık Ve Organizasyon Ticaret Limited Şirketi, 2026-01-15) Ağar, Hasan Çağlar; Çeliktaş, Barış
    With the growing complexity and frequency of cybersecurity incidents, the selection of an appropriate incident management framework has emerged as a strategic imperative and a nontrivial decision-making problem for organizations operating across diverse sectors. This study presents a multi-dimensional evaluation of four globally recognized frameworks and standards—ISO 27035, NIST 800-61, ITIL v4, and PCI DSS—to determine their effectiveness across 10 rigorously selected key performance parameters. The initial stage of the study involved the identification of 20 preliminary parameters through expert input and literature synthesis. These were then evaluated by 70 cybersecurity professionals using a hybrid decision-making model combining Likert scale scoring, standard deviation filtering, CV score, Z-score normalization and the Analytic Hierarchy Process (AHP) for pairwise comparisons. The top 10 key parameters were derived based on calculated priority weights. To assess each framework, we applied the Capability Maturity Model Integration (CMMI) and visualized results via radar charts and heatmaps, offering comparative insights into operational maturity. Additionally, SWOT analysis was conducted to examine strategic positioning and identify opportunities for improvement. The outcomes not only provide a practical benchmarking guide for practitioners but also introduce a replicable, evidence-based methodology for academic and industry adoption. This work offers a novel and structured lens to evaluate incident management maturity, addressing the pressing need for strategic alignment, automation integration, and adaptive resilience in cybersecurity operations.
  • Küçük Resim
    Yayın
    A context-aware, AI-driven load balancing framework for incident escalation in SOCs
    (Institute of Electrical and Electronics Engineers Inc., 2025-08-12) Abuaziz, Ahmed; Çeliktaş, Barış
    SOCs face growing challenges in incident management due to increasing alert volumes and the complexity of cyberattacks. Traditional rule-based escalation models often fail to account for the workload of the analyst, the severity of the incident, and the organizational context. This paper proposes a context-aware, AI-driven load balancing framework for intelligent analyst assignment and incident escalation. Our framework leverages large language models (LLMs) with retrievalaugmented generation (RAG) to evaluate incident relevance and historical assignments. A reinforcement learning (RL)-based scheduler continuously optimizes incident-to-analyst assignments based on operational outcomes, enabling the system to adapt to evolving threat landscapes and organizational structures. Planned simulations in realistic SOC environments will compare the model with traditional rule-based models using metrics such as Mean Time to Resolution (MTTR), workload distribution, and escalation accuracy. This work highlights the potential of AIdriven approaches to improve SOC performance and enhance incident response effectiveness.
  • Küçük Resim
    Yayın
    Adaptive incident escalation in SOCs via AI-driven skill-aware assignment and tier optimization
    (Institute of Electrical and Electronics Engineers Inc., 2026-04-15) Abuaziz, Ahmed; Çeliktaş, Barış
    Modern Security Operations Centers (SOCs) face significant operational bottlenecks driven by escalating alert volumes, increasingly sophisticated cyberattack vectors, and chronic imbalances in analyst workloads. Conventional rule-based escalation models frequently fail to account for the multi-dimensional nature of incident characteristics, the nuances of analyst expertise, and fluctuating operational demands. This study proposes a comprehensive AI-driven framework for intelligent incident assignment and workload optimization. The framework introduces five primary contributions: 1) a multi-factor scoring model that integrates severity and complexity metrics with dynamic workload balancing; 2) two novel optimization algorithms, Quantile-Targeted Normality-Regularized Optimization (QT-NRO) and Joint Optimization of Weights and Thresholds (JOWT), to calibrate scoring coefficients against target analyst utilization; 3) a Large Language Model (LLM) engine leveraging Retrieval-Augmented Generation (RAG) for semantic alignment between incident requirements and analyst expertise; 4) an Adaptive Capacity Zoning mechanism for dynamic workload management; and 5) a novel RAG Relevance Score metric—a pre-resolution, semantic alignment indicator that quantifies analyst-incident assignment quality independently of resolution time, addressing a fundamental limitation of traditional temporal metrics such as Mean Time to Resolution (MTTR) and providing a reusable benchmark applicable to any skill-aware assignment system. In addition, the framework incorporates a feedback-based continuous learning mechanism that utilizes historical resolution data to inform future assignments. An experimental evaluation using 10,021 real-world incidents from Microsoft Defender demonstrates that the JOWT algorithm achieves a tier distribution alignment within 0.8% of targets. LLM-enhanced semantic matching yields improvements between 26.7% and 126.8% in skill alignment across both normal-load and high-load evaluations, while simulations indicate a 31.8% reduction in MTTR. These results substantiate the efficacy of AI-driven methodologies in enhancing SOC operational efficiency and response precision.