scispace - formally typeset
Search or ask a question
Author

Emin Anarim

Bio: Emin Anarim is an academic researcher from Boğaziçi University. The author has contributed to research in topics: Intrusion detection system & Denial-of-service attack. The author has an hindex of 15, co-authored 149 publications receiving 1273 citations. Previous affiliations of Emin Anarim include TÜBİTAK Marmara Research Center.


Papers
More filters
Journal ArticleDOI
TL;DR: The principle interest of this work is to benchmark the performance of the proposed hybrid IDS architecture by using KDD Cup 99 Data Set, the benchmark dataset used by IDS researchers.
Abstract: In this paper, we propose a novel Intrusion Detection System (IDS) architecture utilizing both anomaly and misuse detection approaches. This hybrid Intrusion Detection System architecture consists of an anomaly detection module, a misuse detection module and a decision support system combining the results of these two detection modules. The proposed anomaly detection module uses a Self-Organizing Map (SOM) structure to model normal behavior. Deviation from the normal behavior is classified as an attack. The proposed misuse detection module uses J.48 decision tree algorithm to classify various types of attacks. The principle interest of this work is to benchmark the performance of the proposed hybrid IDS architecture by using KDD Cup 99 Data Set, the benchmark dataset used by IDS researchers. A rule-based Decision Support System (DSS) is also developed for interpreting the results of both anomaly and misuse detection modules. Simulation results of both anomaly and misuse detection modules based on the KDD 99 Data Set are given. It is observed that the proposed hybrid approach gives better performance over individual approaches.

460 citations

Journal ArticleDOI
TL;DR: In this correspondence, the problem of directional and multiscale edge detection is considered and with the application of the Teager's energy operator at the analysis stage, it is possible to obtain a reduction in unwanted zero-crossings.
Abstract: In this correspondence, the problem of directional and multiscale edge detection is considered. Orthogonal and linear-phase M-band wavelet transform is used to decompose the image into M/spl times/M channels. These channels are then combined such that each combination, which we refer to as decomposition filter, results in zero-crossings at the locations of edges corresponding to different directions and resolutions, and inherently performs regularization against noise. By applying a zero-crossing detector on the outputs of the decomposition filters, edge maps of desired resolution and direction are obtained. In addition, with the application of the Teager's energy operator at the analysis stage, it is possible to obtain a reduction in unwanted zero-crossings. Final edge maps of images are obtained through simple combinations of directional edge maps.

87 citations

Journal ArticleDOI
TL;DR: This work addresses the issue of security of hashes and proposes a keying technique, and thereby a key-dependent hash function, based on the periodicity series of the fundamental frequency and on singular-value description of the cepstral frequencies.
Abstract: Perceptual hash functions provide a tool for fast and reliable identification of content. We present new audio hash functions based on summarization of the time-frequency spectral characteristics of an audio document. The proposed hash functions are based on the periodicity series of the fundamental frequency and on singular-value description of the cepstral frequencies. They are found, on one hand, to perform very satisfactorily in identification and verification tests, and on the other hand, to be very resilient to a large variety of attacks. Moreover, we address the issue of security of hashes and propose a keying technique, and thereby a key-dependent hash function.

59 citations

Proceedings ArticleDOI
01 Jun 2016
TL;DR: This paper provides a naive Bayes classifier with two frequency based methods of discrete Fourier transform and discrete wavelet transform in order to separate between attack and normal traffics and finds that, frequency analysis of DDoS attack can result in good performance.
Abstract: Being available for their legitimate users is one of the main concerns of web service servers. One of the main threats to availability of servers are DDoS attacks. Flooding the server with bogus packets which leads to overuse the sources of it, a DDoS attack deprives authorized clients of benefits from their services. In order to disguise itself from intrusion detection systems, sophisticated DDoS attack mechanisms are invented whose packets are very similar to those in normal traffics. Frequency domain analysis would be a promising alternative for conventional methods of detection. In this paper we provide a naive Bayes classifier with two frequency based methods of discrete Fourier transform and discrete wavelet transform in order to separate between attack and normal traffics. It founds that, frequency analysis of DDoS attack can result in good performance.

53 citations

Journal ArticleDOI
01 Oct 2020
TL;DR: This work proposes a DDoS attack detection and defense scheme using time-series analysis for SDN that employs a model based on the upcoming traffic feature forecasting and the chaos theory together with the exponential filter and the dynamic threshold method to detect instant changes in the network.
Abstract: Software defined networking (SDN) has emerged as the integral part of cloud services since it provides flexible management capabilities to monitor and to analyze the network traffic with the help of programmable entities. Although, such functionalities play a significant role in terms of protecting the availability of cloud services against the security threats, SDN still has some vulnerabilities such as the distributed denial of service (DDoS) attacks. The DDoS attackers use spurious packets similar to normal ones and endanger the service continuity of SDN. Although conventional packet-based intrusion detection systems have broad databases to detect DDoS attacks, they are impotent of detection when the attack traffic is sheltered by the normal network traffic. The idea is therefore, to come up with a new countermeasure by observing and distinguishing the instant changes in network. In this work, we propose a DDoS attack detection and defense scheme using time-series analysis for SDN. The proposed scheme employs a model based on the upcoming traffic feature forecasting and the chaos theory together with the exponential filter and the dynamic threshold method to detect instant changes in the network. The experimental result shows that our algorithm has high detection rate and low false alarm.

34 citations


Cited by
More filters
Christopher M. Bishop1
01 Jan 2006
TL;DR: Probability distributions of linear models for regression and classification are given in this article, along with a discussion of combining models and combining models in the context of machine learning and classification.
Abstract: Probability Distributions.- Linear Models for Regression.- Linear Models for Classification.- Neural Networks.- Kernel Methods.- Sparse Kernel Machines.- Graphical Models.- Mixture Models and EM.- Approximate Inference.- Sampling Methods.- Continuous Latent Variables.- Sequential Data.- Combining Models.

10,141 citations

Journal ArticleDOI
TL;DR: 40 selected thresholding methods from various categories are compared in the context of nondestructive testing applications as well as for document images, and the thresholding algorithms that perform uniformly better over nonde- structive testing and document image applications are identified.
Abstract: We conduct an exhaustive survey of image thresholding methods, categorize them, express their formulas under a uniform notation, and finally carry their performance comparison. The thresholding methods are categorized according to the information they are exploiting, such as histogram shape, measurement space clustering, entropy, object attributes, spatial correlation, and local gray-level surface. 40 selected thresholding methods from various categories are compared in the context of nondestructive testing applications as well as for document images. The comparison is based on the combined performance measures. We identify the thresholding algorithms that perform uniformly better over nonde- structive testing and document image applications. © 2004 SPIE and IS&T. (DOI: 10.1117/1.1631316)

4,543 citations

01 Jan 1990
TL;DR: An overview of the self-organizing map algorithm, on which the papers in this issue are based, is presented in this article, where the authors present an overview of their work.
Abstract: An overview of the self-organizing map algorithm, on which the papers in this issue are based, is presented in this article.

2,933 citations