Gürol CANBEK
Accomplished Control and Computer Engineer (MSc), PhD candidate on Machine Learning. Expertise on Software Engineering, Database Management Systems (RDMS), Geographic Information Systems (GIS), Software Project Management, Software Team Management, Information Security Management Systems (ISMS), ISO 27001, Cyber Security, Data Science, Statistics, Mobile Security, (Android) Mobile Malware Analysis, Taxonomy, Visualization
- Journal Articles* (10)
- Conference, Symposium, Workshop Articles* (4)
- Articles and Technical Reports (5)
- Books (3)
- Panels, Courses, Presentations
* Peer-reviewed
2016
Canbek, G., Sagiroglu, S., & Baykal, N. (2016). New Comprehensive Taxonomies on Mobile Security and Malware Analysis. International Journal of Information Security Science (IJISS), 5(4), 106–138.
Full PDF* | Mendeley | ResearchGate
Interactive Online Data: Mobile Security Taxonomy | Mobile Malware Analysis Taxonomy
* Click "PDF" below "Full Text:"
Abstract
Taxonomies are known to provide a systematic and theoretical classification of elements in a particular domain and could be efficiently used to express concepts in a structural manner. Unfortunately, security literature witnesses a few taxonomies having about 40 nodes on average in mostly a narrowed scope and maximum of 25 nodes on mobile scope only. This study surveyed security related taxonomies with quality criteria and proposes new comprehensive mobile security taxonomy and mobile malware analysis subtaxonomy from not only defensive but also offensive point of view. We have developed a levelling scheme and notation for security taxonomies in general and proposed a new definite method to build the taxonomies having over 1,300 nodes. We have also visualized our taxonomies for researchers, security professionals and even common end users to provide comprehensible, well structured, and handy maps. As security threats and vulnerabilities dynamically increase and diversify, these new taxonomies would help to see the entire perspective of mobile security without losing any details and present new perspective to bring mobile computing and cyber security disciplines closer.
2017
Canbek, G., Baykal, N., & Sagiroglu, S. (2017). Clustering and Visualization of Mobile Application Permissions for End Users and Malware Analysts. In 2017 5th International Symposium on Digital Forensic and Security (ISDFS) (pp. 1–10). Tirgu Mures: IEEE. http://doi.org/10.1109/ISDFS.2017.7916512
IEEE Xplore (Full Text, Metrics) | Mendeley | ResearchGate
Abstract
Application permissions at the core of Android security mechanism are the first leading transparent feature for users to assess any mobile application before download or installation and for experts to analyse any malware. Representing vast, dispersed permissions and achieving clarity is not a trivial matter. In this study, we first examined Android permissions, their groups and formal representations with the limitations. We also surveyed limited studies on clustering/visualization of permissions. We grouped 251 Android permissions into 12 clusters semantically and proposed a new visualization approach that looks more conventional to both end users and experts and helps comprehending permissions easily and quickly. We applied the proposed clustering and visualization on calculated discriminative malign permissions concept for malware analysis and demonstrated potential effectiveness of the approach. Our approach improves expressing and understanding of large number of mobile application permissions in a better context, provides more understanding and insight, and helps interpreting or inferring interesting patterns related to permissions for malware classification.
Canbek, G., Sağıroğlu, Ş., & Baykal, N. (2013). Bilgisayar Ağlarından Yazılıma: Bütüncül Siber Güvenlik Yaklaşımı {A Holistic Cyber Security Approach: from Computer Networks to Software} (in Turkish). In the 1st International Symposium on Digital Forensics and Security (ISDFS), (pp. 126–130). Elazig, Turkey.
SlideShare Presentation (Turkish) | Blog Post (Turkish) | Mendeley | ResearchGate (Full Text Available)
Abstract
This study presents the differences of two main focus points on cyber security: computer networks and software or application security. While the threats are heading towards the application layer, the defense seems to mainly concentrate on link, internet and transportation layers. This study addresses the imbalance that is confirmed with the latest statistics: latest cyber attacks having worldwide impact, and even in the topics covered in information and cyber security literature and conferences like the ones in Turkey lately.
2013
2009
Sağıroğlu, Ş., & Canbek, G. (2009). Keyloggers - Increasing Threats to Computer Security and Privacy. Technology and Society Magazine, IEEE, 28(3), 10–17. http://doi.org/10.1109/MTS.2009.934159
IEEE Xplore (Full Text*, Metrics) | Mendeley | ResearchGate
* Front Cover Article
Abstract
Keyloggers are powerful tools that can perform many task. Standard security measures for machine-to-machine interfaces do not protect computer systems from keylogger attacks. Human-to-machine interfaces must be considered to combat keylogger intrusions. The judicious use of keyloggers by employers and computer owners could, in some situations, improve security, privacy, and efficiency. But the possible positive effects must be balanced against the possible negative effects on employees, users, and children.
Poster
(Click to Enlarge)
2008
Canbek, G., & Sağıroğlu, Ş. (2008). Casus Yazılımlar: Bulaşma Yöntemleri ve Önlemler {Spyware: Infection Methods and Preventive Measures} (in Turkish). Journal of the Faculty of Engineering and Architecture of Gazi University, 23(1), 165–180.
Full Text* | Mendeley | ResearchGate (Full Text Available)
* Click "PDF" below "Tam Metin"
Abstract
Spyware is one of the top threats and attacks becoming widespread and dangerous in information and computer security. As a result of malicious usage of spyware, all sort of home and corporative users trying to make use of computer technologies are exposed to severe losses. We review the methods that spyware uses to infect computer systems. The methods are supported by concrete examples. The preventive measures against spyware are presented in both user and system administrator level. Comprehending spyware infection methods makes users wide-awake and following and applying the measures presented ensures the effective protection.
Canbek, G., & Sağıroğlu, Ş. (2008). Kişisel Gizlilik ve Yasal Düzenlemelere Kötücül Yazılımlar Açısından Bakış {A Perspective to Personal Privacy and Legal Regulations in Terms of Malicious Software} (in Turkish). Kara Harp Okulu Dergisi {The Journal of Defense Sciences}, 7(2), 119–139.
Table of Contents | Mendeley | ResearchGate
Abstract
In this study, spyware threatening information and computer security; cyber crime threatening privacy and personal security and current legal regulations in this scope preventing the threats in Turkey and in the world are reviewed. On one hand, the progress and enhancement in information technologies bring considerable benefits. While on the other hand, cyber crime against privacy and computer security increases significantly due to availability many spyware. Consequently, it is determined that since the e-structures in Turkey are not advanced, the interest in this matter and the legal regulations in this frame are limited and insufficient comparing to the countries having advanced e-structures. It is necessary to reconsider the subject by government, universities and NGOs in Turkey and prepare the dissuasive and comprehensive legal regulations that minimize the cyber crime and protect the privacy and computer security.
2007
Canbek, G., & Sağıroğlu, Ş. (2007). Kötücül ve Casus Yazılımlara Karşı Elektronik İmzanın Sağlamış Olduğu Korunma Düzeyi {The Level of Protection of E-Signature against Malware and Spyware} (in Turkish). In Information Security & Cryptology Conference (ISCTurkey) (pp. 263–269). Ankara.
Full Text | Mendeley | ResearchGate (Full Text Available)
Abstract
Malware and spyware are the most critical, very dangerous and the foremost attacking structures against information and computer security. Electronic signature (e-sign) is expected and planned to be used widespread in order to provide efficiency, reliability, and rapidity in the applications such as e-commerce and e-government. In this paper, the level of protection and the level of vulnerabilities of e-sign against malicious software are studied. This paper concludes that it is necessary not to ignore the negative effects of malware on signature creation applications and it points out the urgent necessity to take measures noteworthy.
Canbek, G., & Sağıroğlu, Ş. (2007). Çocukların ve Gençlerin Bilgisayar ve İnternet Güvenliği {Computer and Internet Security for Children and Teenagers} (in Turkish). Politeknik Dergisi, 10(1), 33–39. http://doi.org/10.2339/2007.10.1.33-39
Full Text* | Mendeley | ResearchGate (Full Text Available)
* Click "PDF Indir"
Abstract
This study introduces the threats encountered by children and teenagers using computer systems and Internet, revises what could be done to protect them, and presents some suggestions how the threats could be minimized. We can conclude that being aware of the usefulness of Internet facilities would not be enough to use Internet efficiently. Families and responsible state units should be focused on how to protect children, what sort of precautions are supposed to be done, how the experiences and knowledge could be improved and what sort of reactions to protect children and teenagers should be taken for further achievements.
Canbek, G., & Sağıroğlu, Ş. (2007). Bilgisayar Sistemlerine Yapılan Saldırılar ve Türleri: Bir İnceleme {Attacks against Computer Systems and Their Types: A Review Study} (in Turkish). Erciyes Üniversitesi Fen Bilimleri Enstitüsü Dergisi, 23(1–2), 1–12.
Full Text* | Mendeley | ResearchGate (Full Text Available)
* Click "PDF" below "Tam Metin"
Abstract
Although computer system security being upgraded day by day, the attacks against the systems have also increased. The attacks attempting to bypass the system increase in diversity and quantity. Monitoring and evaluating the attacks are essential requirements for building up a sufficient and efficient information and computer security system. In this study, we have reviewed the attacks conducted to computer system; evaluated attack-attacker relation; presented the common characteristics of attacks; inspected the tendency of the conducted attacks and fundamental attacks types. Consequently, the methods and methodology used in the attacks against computer systems must be studied. Targeted systems under attacks must be secured and upgraded. The characteristics of the attacks must be traced. The targeted vulnerabilities and weak points must be eliminated, and the attacker profile must be taken into account while determining the precautions. We can conclude that it is necessary to apply the security life cycle in securing the systems truly and efficiently to liminate the weaknesses and deficiencies faced in computer security systems to reduce the losses.
Canbek, G., & Sağıroğlu, Ş. (2006). İş Yeri Gözetleme ve Etkinlik İzleme Sistemleri {Workplace Surveillance and Activity Monitoring Systems}. Standard, Economical and Technical Journal, 102–109.
Full Text* | Mendeley | ResearchGate (Full Text Available)
* Click "PDF" below "Tam Metin" ("Bu PDF dosyasını indir")
Abstract
Employee's computer and Internet usage that is unrelated with work; cause work power lost, decrease in productivity and performance. Intentional and unintentional information disclosure via uncontrolled media (such as e-mail ) results loss and damage. In order to sense the employee's company IT usage workplace surveillance can be used. This may deter the information leakage and measure the work power performance.
Canbek, G., & Akcayol, M. A. (2006). İnternet Gazetesi Sayfa Düzeninin Gerçek Zamanlı Eniyilemesinin Benzetilmiş Tavlama Algoritmasıyla Gerçekleştirilmesi {Implementation of Real-Time Optimization of Page Layout of Internet Newspaper using Simulated Annealing} (in Turkish). Journal of the Faculty of Engineering and Architecture of Gazi University, 21(2), 341–348.
Full Text* | Mendeley | ResearchGate (Full Text Available)
* Click "PDF" below "Tam Metin" ("Bu PDF dosyasını indir")
Abstract
Due to the rapid update of Internet newspapers or news sites, the page layout of Internet newspapers should be arranged so that the users can read easily and the page has minimum wasted space. Since the number of articles that users require and their contents are different it is hard to prepare an optimum page layout quickly. It is not possible to prepare these pages being updated frequently and used intensively by means of manual or classical methods in time. The appearance of this kind of pages should be well readable. Furthermore, the pages must be prepared depending on the settings of the user’s web browser. In this study, simulated annealing algorithm is used for the layout optimization of Internet newspapers. The articles that users inquire are placed on the page in the browser in users computers in an optimum layout. Making the page layout in real-time on the client-side as soon as all the articles are downloaded from the web server relieves the server load. The experimental results have showed that the implementation of simulated annealing algorithm is very effective and fast in real-time optimization of web page layout.
2006
Canbek, G., & Sağıroğlu, Ş. (2006). Bilgi, Bilgi Güvenliği ve Süreçleri Üzerine Bir İnceleme {A Review on Information, Information Security and Security Processes} (in Turkish). Politeknik Dergisi {Journal of Polytechnic}, 9(3), 165–174.
Full Text* | Mendeley | ResearchGate (Full Text Available)
* Click "PDF" left of "Tam Metin" ("PDF İndir")
Abstract
In this article, the concept information is evaluated in details, the influence and dimension of information technologies on information and information security have been expressed and information security requirements have been revised. The security processes designating the security policy which is necessary to establish an effective information security in an environment where the attacks against the information security are increased in quantity and variety we summarized. Finally, the work has been evaluated on the basis of explanations given in this article.
2007
Canbek, G., Baykal, N., & Sagiroglu, S. (2017). Binary Classification Performance Measures/Metrics: A Comprehensive Visualized Roadmap to Gain New Insights. In 2017 International Conference on Computer Science and Engineering (UBMK’17). (pp. 821–826). Antalya, Turkey: IEEE. http://doi.org/10.1109/UBMK.2017.8093539
Abstract
Binary classification is one of the most frequent studies in applied machine learning problems in various domains, from medicine to biology to meteorology to malware analysis. Many researchers use some performance metrics in their classification studies to report their success. However, the
literature has shown a widespread confusion about the terminology and ignorance of the fundamental aspects behind metrics. This paper clarifies the confusing terminology, suggests formal rules to distinguish between measures and metrics for the first time, and proposes a new comprehensive visualized roadmap in a leveled structure for 22 measures and 22 metrics for exploring binary classification performance. Additionally, we introduced novel concepts such as canonical notation, duality, and complementation for measures/metrics, and suggested two new canonical base measures simplifying equations. It is expected that the study will guide other studies to have standardized approach to performance metrics for machine learning based solutions.
Cited by three works from medicine (Nnamoko, Hussain, & England, 2018), cyber security (Kaiafas et al., 2018), and software engineering (Ulysses, 2019)
2018
Canbek, G., (2018). Cyber Security by a New Analogy: “The Allegory of the
‘Mobile’Cave”. Journal of Applied Security Research, Routledge, 13(1), 63–88. http://doi.org/10.1080/19361610.2018.1387838
Abstract
Mobile devices as the most pervasive technology enablers also bring new security risks in cyberspace. However, related cyber security studies mainly focus on technologies and practices rather than fundamentals and root causes. These studies may also omit the current scientific knowledge gained on other relevant or irrelevant domains that may be adapted to cyber security and ignore human nature that is more important than technology and processes. This study surveys and associates all the analogical methods and proposes them to avoid such problems. Several examples on each analogical method are collectively provided to explore cyber/mobile security as a multidisciplinary complex domain and uncover some unknown facts or inconspicuous matters from other domains. As cyber attacks continue globally and effective cyber security could not be established, analogical methods will be method of choice. The study also extends the scientific inquiry with analogy and proposes a new comprehensive allegoric approach that is unprecedented in cyber security literature and questions mobile technologies and their security based on Plato’s infamous allegory of the cave.
Cyber security Mobile security Analogy Abductive reasoning Deductive reasoning Analogical reasoning Allegorical expression Cyber defense Metaphor Applied philosophy Mobile applications Mobile device Internet addiction Addiction theory Contemporary philosophy Mobile computing Awareness Self-awareness Situational awareness Security Network security Data security Computer security Modern age
Machine learning Classification Performance evaluation Performance measurements Classification performance Contingency tables Accuracy Performance metrics Performance measures Performance indicators Metrics Measures Indicators Data visualization Statistics Periodic table of chemical elements
Taxonomy Mobile security Malware research Malware Cyber security Information visualization Ontology Mobile operating systems Android iOS Malware payloads Taxonomic enumeration Taxonomy notation Security taxonomies Taxonomy quality Defensive security Offensive security Cyber security education Mobile malware analysis Mobile assets Security case studies Misuse case diagram Security UML Class
Clustering Cluster analysis Information visualization Mobile applications Access control Least privileges End user Malware Android iOS Mobile malware Google Apple Mobile device Mobile application development Clustering visualization Application permissions Self-Organizing Maps GUI Android SDK Security design Machine learning Malware detection Feature selection
Cyber security Network security Secure software Application development Application security Security design Holism Security trends Security literature Network vs. Software SQL injection DoS/DDoS Hacker psychology Software quality Secure development lifecycle OSI layers Application layer Transportation layer Security conferences Developer conferences
Keylogger Computer security Privacy Tracking software Keystroke loggers Snoopware Keyboard sniffers Screen scrapers Anti-keylogger Malware Anti-malware Hardware keyloggers Software keyloggers Microsoft Windows Kernel-level security Identity theft
2017
Canbek, G., (2017). Yeni siber düzen ve siber silahlanma: Ne yapılabilir? {The New Cyber Order and Cyber Weaponry: What should we do?}. (in Turkish), Aljazeera Türkiye, 29 March 2017.
Abstract
The latest claims on the news about cyber operations among countries indicate the serious danger in front of us. So, is establishment of cyber defense armies by states one-by-one a solution?
Data breaches Cyber operations Cyber crisis Cyber war Cyber defense Cyber army Cyber security law Talinn Manual 2.0 CCDCOE N,NATO Cooperative Cyber Defense Centre of Excellence
Turkish Standardization Organization, (2016). Bilgi Varlıklarının Gizlilik Derecelerine Göre Sınıflandırılması {Criteria for Classification of Information Assets According to Their Confidentiality Levels}. (in Turkish), TSE K523, Ankara, Türkiye, May 2016.
Abstract
This guidance proposes the confidentialiy levels in the public sector in Turkey covering personal and commercial security.
2016
IST-114, (2016). Secure Information Sharing - Part I: SECRET to Lower Level Domains Interconnection Proposal. NATO Science & Technology Organization (STO), January 2016.
Abstract
This Technical Report describes the requirement for a secure and automated information exchange between a NATO SECRET domain and lower level domains. The document presents some possible solutions to implement an Information Exchange Gateway (IEG) that support a secure and automated information exchange from a domain with classification up to SECRET to lower level domains (e.g. UNCLASSIFIED). The IEG Scenario D (IEG-D) is relevant for the interconnection of a NATO CIS with a NNEs CIS and specific use cases are introduced to describe the operational need of secure information sharing between NATO and other entities (such as International Organizations (IOs), Governmental Organization (GO), Non-Governmental Organization (NGOs)). The IEG-D is detailed in terms of system architecture and by proposing a specific possible implementation that can address the identified use cases.
Canbek, G., (2015). Siber savaşın eşiğinde: sıfırıncı gün {On the verge of cyber war: zero day}. (in Turkish), Aljazeera Türkiye, 26 February 2015.
Abstract
Today, the every aspect of life; the activities conducted by and the system around the private, public, and military institutions and the systems have been dependent on and linked to the computers, Internet, and smart devices. This status quo is actually the inevitable primary source of cyber risks. Thus, cyber attacks are the today's reality.
2015
Information Security Association, (2012). Türkiye Ulusal Siber Güvenlik Stratejisi Önerisi {National Cyber Security Strategy Proposal of Turkey}. (in Turkish), Ankara Türkiye, June 2012.
Abstract
This document summarizes the principles, strategic goals, fundamental applications to achieve these goals and the steps to be taken in the first place in scope of Turkey's national cyber security.
2012
Canbek, G., (2012). Bilgi ve Bilgisayar Güvenliği: Casus Yazılımlar ve Korunma Yöntemleri {Information and Computer Security: Spyware and safeguarding Methods}. (in Turkish), Ankara Türkiye, ISBN 975-6355-26-3, Grafiker Publishing, 504 pages, December 2006.
Abstract
Information security is addressed academically with the most fundemantal elements, historical and practical points. Some of the subjects:
- Historical and modern encryption methods from yesterday to
- Scope and importance of information
- Data, information, knowledge, and wisdom: what is the ladder of information age?
- Information/computer security and its elements
- Information security risk management and security processes
- Development of cyberspace
- Hackers and their culture
- White and black-hat hackers, script kiddies, click kiddies, cracker, website tampering, hactivism,
- Cyber-terrorism and cyberwar or information wars
- Significant cyberspace events occurred from the world and Turkey
- Hackers from around the world and Turkey
- Attacks against computer systems and their types
- Attack threat characteristics and attackers' profile
- Social Engineering and human error
- Personal privacy and its dimensions
- Cyber crime
- Legal arrangements for cyber crime in our country
- Malware and all variants
- Keylogger
- The emergence and development of spyware
- Measures against spyware
- Antispyware
- The latest malware and spyware cases
- Risks for the kids and teenagers in cyberspace
2006
Canbek, G., (2000). Design with AutoCAD R.14. (in Turkish), Malatya Türkiye, İnönü University.
Abstract
A lecture book introducing Computer Aided Design (CAD) software and its basic/intermediate techniques with examples.
2000
Canbek, G., Göldağ, B., Özcan, M., (2000). Fundamental Information Technologies (in Turkish), Malatya Türkiye, İnönü University.
Abstract
A lecture book introducing fundemental information technologies and software packages.
- Cyber Security in Smart Grids Panel, the 5th International Istanbul Smart Grids and Cities Congress and Fair (ICSG Istanbul), 20–21 April 2016, Istanbul
- Cyber Security and Defense Presentation, the 1. Convention on Child and Information Security, 8 December 2013, Ankara
- Secure Software Development Presentation, 1st International Symposium on Digital Forensics and Security (ISDFS’13), 20-21 May 2013, Elazığ
- II. National Cyber Security Exercise, Player and Team Lead, 10-11 January 2013, Ankara
- ICT Summit’12 EuroAsia, Panel and Presentation, 13 September 2012, Istanbul
- Information Security from Project Management View, Talk, Project Management Association, 7 July 2012, Ankara
- National Cyber Security Strategy Workshop, Moderator, 19 June 2012, Ankara
- Cyber Security Panel, ISCTURKEY, 18 May, 2012, Ankara
- Classical and Modern Cryptology with Technological Advances Course, Defense Industry and Technology Education Center, 26 October 2010, Ankara
2018
Canbek, G., Sagiroglu, S. (2018). Akıllı Şebekelerde Stratejik Siber Güvenlik Bakışı {Strategic Cyber-Security Perspective in Smart Grids} (in Turkish). In The 6th International Symposium on Digital Forensic and Security (ISDFS 2018). (pp. 1–6). Antalya, Turkey: IEEE. http://doi.org/10.1109/ISDFS.2018.8355346
IEEE Xplore (Full Text, Metrics) | Mendeley | ResearchGate | My Video Presentation
Abstract
Conventional energy grids growing in time have become complex, inefficient and expensive to operate and use. They are critical because of providing the whole energy needs of the technologies required for our modern life but also cumbersome entities. "Smarting" the grids by automating, facilitating the troubleshooting and productivity analysis with the help of information technologies infrastructure, reinforcing the controls, charging the services in details makes it possible to administrate efficiently and provide high-level quality services. But, cyber threats have involved in as a game-changer. This paper summarizes the inevitable strategic cyber security approach to be demonstrated against cyber threats and attacks exploiting the vulnerabilities of the smart grids that are one of the cyber-physical systems in critical infrastructures of many national cyber security strategies.
orcid.org/0000-0002-9337-097XCanbek, G., Sagiroglu, S., Taskaya Temizel, T. (2018). New Techniques in Profiling Big Datasets for Machine Learning with a Concise Review of Android Mobile Malware Datasets. In 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT 2018). (pp. 117–121). Ankara, Turkey: IEEE. http://doi.org/10.1109/ibigdelft.2018.8625275
IEEE Xplore (Full Text, Metrics) | Mendeley | ResearchGate
Abstract
As the volume, variety, velocity aspects of big data are increasing, the other aspects such as veracity, value, variability, and venue could not be interpreted easily by data owners or researchers. The aspects are also unclear if the data is to be used in machine learning studies such as classification or clustering. This study proposes four techniques with fourteen criteria to systematically profile the datasets collected from different resources to distinguish from one another and see their strong and weak aspects. The proposed approach is demonstrated in five Android mobile malware datasets in the literature and in security industry namely Android Malware Genome Project, Drebin, Android Malware Dataset, Android Botnet, and Virus Total 2018. The results have shown that the proposed profiling methods reveal remarkable insight about the datasets comparatively and directs researchers to achieve big but more visible, qualitative, and internalized datasets.