• Community Detection in Suspect Networks (Prepared by Arzu KAKIŞIM)

  • In recent years, with the rise of the use of social networks, the issue of community detection in social networks has come into prominence. Many approaches have been developed to extract latent communities analyzing social documents and connections. In this study, a generative probabilistic community detection model is developed to analyze suspicious networks which are not proven as criminal networks. In addition to the discovery of connection information in classic methods, this model makes content analysis about topics interested by actors in the social network. By the use of directive message information of users in a network, network members who talk about the same topics, are tried to be grouped in the same community. Community-topic model is used as base for the model developed in this study. Community-topic model produces topologically diverse communities as it does not use connection information of the network. This deficiency has been tried to be solved with the addition of connection information to the community-topic model. With the tests made on the e-mail information belonging to Enron company, it is observed that topically and topologically similar users are successfully grouped in a single community.

  • Designing Computer Security System using keystroke rhythms (Prepared by Aykut GÜVEN)

  • Studies which have been done in computer science to protect computer systems are very important. Computers make peoples’ lives easy and increase productivity but it is difficult to make them secure.

    To design computer security systems the traditional way is to create a username and password for all users. Although this is a simple method it is not reliable. Someone who knows a username and password to log in to a system may access parts of it that one would not want them to see. This is very dangerous for important network systems in, for example, military and financial areas.

    Biometric applications are the best solution to supply security for computer systems. Biometric systems teaches computers their users’ biological differences. For example, a finger print sensor can be placed over a keyboard. But, the most important disadvantage of these systems is their high cost.

    In this thesis, security software which understands peoples’ writing rhythms has been designed. Explanations about biometric systems and biorhythmic systems are included.

    Algorithms on biorhythm which have been designed in the G.Y.T.E Computer engineering department will be explained and experimental results given.

  • Design of a Remote Authentication System using Smart Cards (Prepared by Belgin BİLGİN)

  • Remote user authentication is an important necessity in many applications such as banking, e-commerce, etc. There are many authentication methods to provide security for these applications. In a naïve authentication approach, password or verification tables are used. But, these methods have some shortcomings such as replay attacks modification attacks, etc.

    Some methods use smartcards and passwords for remote authentication. Thus, they enhance the security level of a system. Many methods, which use smartcards and passwords, store one secret key on a server. Although these methods have low cost, they are not more secure and have same disadvantage with naive methods. If an intruder can somehow break into the server, the secret key can be stolen easily. Then, the intruder can create a new legal user account by using the secret key.

    In this thesis, an authentication scheme named as (AKKİDO) using multiple servers have been proposed. AKKİDO is more secure than other solutions, because the main goal of AKKİDO is to provide the security of the secret by distributing it in parts over multiple servers. AKKİDO uses Shamir’s “secret sharing” scheme to generate parts of the key and recomposing secret. The system consists of secure authentication, mutual confidence and generation of session key using for security of all transaction after authentication.

  • Smart Card Based Remote Authentication System Design (Prepared by Esma ERGÜNER ÖZKOÇ)

  • Nowadays with the widespread use of the Internet, remote user authentication has become important process to provide security of the system resources. The process of authentication determines the identity of a person who attempts to access the system. Various cryptographic algorithms have been developed previously for remote user authentication by using smart card to provide better security.

    One of the previously developed smart card based remote user authentication scheme is Liaw et al.’s scheme, which based on hash function. Besides their enhancements, there is some vulnerability such as inefficient wrong password detection. Denial of service attack is possible by using stolen smart card attack by adversary with their scheme.

    In this thesis, a more secure solution is proposed for Liaw et al.’s remote user authentication scheme via applying elliptic curve cryptography (ECC) to improve its’ security features. This is a novel approach for smart card based remote user authentication systems. Proposed scheme offers ECC for smaller key length while providing the same level security with other methods. The proposed scheme and some other schemes are implemented and simulated in java platform to better analyze computational costs.

  • Analysis and Comparison of Image Encryption Algorithms (Prepared by İsmet ÖZTÜRK)

  • With the fast progression of data exchange in electronic way, information security is becoming more important in data storage and transmission. Because of widely using images in industrial process, it is important to protect the confidential image data from unauthorized access. Security is an important issue in communication and storage of images, and encryption is one of the ways to ensure security. Image encryption has applications in internet communication, multimedia systems, medical imaging, telemedicine, military communication, etc.

    Computer images are extremely data intensive and hence require large amounts of memory for storage. As a result, the transmission of an image from one machine to another can be very time consuming. By using data compression techniques, it is possible to remove some of the redundant information contained in images, requiring less storage space and less time to transmit.

    The file size problem for the image encryption and transmission has been eliminated by adding compression capability to the two of the algorithms which have been analyzed in this thesis (Mirror-like image encryption and Visual Cryptography). Effects of the added compression process on the algorithm runtime, image security and size are studied. Implementations of these two algorithms have been realized on MATLAB for experimental purposes and the results of decrease on the file sizes is illustrated with screenshots and detailed graphs are given in the fourth section of this thesis. These additions to the algorithms decrease the file size need to be transmitted or stored up to 91, 4%.

  • ISRAM: Information Security Risk Analysis Method (Prepared by Bilge Karabacak)

  • Continuously changing nature of technological environment has been enforcing to revise the process of information security risk analysis accordingly. A number of quantitative and qualitative risk analysis methods have been proposed by researchers and vendors. The purpose of these methods is to analyze today’s information security risks properly. Some of these methods are supported by a software package.

    In this thesis, a survey based quantitative approach is proposed to analyze security risks of information technologies by taking current necessities into consideration. The new method is named as Information Security Risk Analysis Method (ISRAM). Case study has shown that ISRAM yields consistent results in a reasonable time period by allowing the participation of the manager and staff of the organization.

  • Intrusion Detection Using User Behavior Analysis (Prepared by Rahim KARABAĞ)

  • Attacks on computer systems have been increasing and loss resulted from these attacks grow rapidly. Most of the companies today understand the importance of information security and are started to use various methods for protection. Technologies like firewalls, anti-virus software, vulnerability scanners and intrusion detection systems are some of the solutions used for providing information security.

    In this work, an anomaly-based intrusion detection system is designed by using user behavior analysis. In the proposed method, statistical information about the users on the network is gathered from data collected from the network by using data mining techniques. User behaviors are constituted from this statistical information. kNN classification is used for clustering the user behaviors. Intrusion detection is performed by using anomaly based analysis on these clusters. If an intruder is detected, an alarm is created and system administrator is informed about this intrusion. As a result, by using the proposed method users on the network can be controlled. So the system can be prevented from intrusions and unwanted network usage errors.

  • Intrusion Detection with K-Means and K Nearest Neighbor Methods (Prepared by Sibel KIRMIZIGÜL ÇALIŞKAN)

  • Today network security is one of the most important study and research places in information technology systems. Network security can be defined as, transmission of information in a safe environment with saving secrecy, integrity and availability; detection of the situations which are against network security and attacks and control of network device study regularly. For the continuousness of security a good analysis, collecting more information about network traffic, network device and users behavior are necessary. Intrusion detection systems which is improved by data mining methods for discovering hidden, important, unknown and useful information from databases which are include network traffic information and analyzing network status are used widespread. Intrusion detection systems are important products because of the detection of anomalous in a short time before damaging network security.

    Two different methods have been used which are K-means and K nearest neighbor in this work. For each two methods two different applications have been improved with working on attribute selection, relations between attributes, data preprocessing and similarity measures. A hybrid structure has been improved using two methods together because of getting better results from the applications.

    In this hybrid structure using two methods together; firstly data set has been divided into subsets by the improved K-means application. Later the improved K nearest neighbor application has to been run on all subsets having different characteristics. Finally the result of all data set has been got with combining the all subsets’ results. When analyzing the results of K-means, K nearest neighbor and K-means - K nearest neighbor applications, the hybrid application has been produced better results is seen. The application has been developed using Matlab 6.5.

  • INVUS: Integrated Vulnerability Scanner (Prepared by Türker AKYÜZ)

  • With the attacking tools becoming easily found and used by everyone, vulnerabilities in computer systems have become more obvious. Knowing the weak points of your system and performing necessary precautions before they are exploited is a very important step for information security. Vulnerability scanning tools scan computer systems in order to find known vulnerabilities and then prepare a detailed report on what was found with recommendations for how to repair them.

    This paper describes INVUS, a new vulnerability scanning model that is designed to find both network-based and host-based vulnerabilities on a computer system. INVUS has client/server architecture and utilizes a number of open-source tools in order to perform vulnerability scanning process and also provides an option to the user for repairing the found vulnerabilities by working with the firewall.