Skip to main content

S. Sezer

Followers

21

Following

5

Co-authors

7

Public Views

Vrije Universiteit Brussel

Kansas State University

Albert-Ludwigs-Universität Freiburg

Armando Marques-Guedes

UNL - New University of Lisbon

Macquarie University

Sciences Po, Paris

Universidad Nacional de la Matanza

Roshan Chitrakar

Nepal College of Information Technology

Graduate Center of the City University of New York

CSIC (Consejo Superior de Investigaciones Científicas-Spanish National Research Council)

Interests

Uploads

Papers by S. Sezer

Continuous Implicit Authentication for Mobile Devices based on Adaptive Neuro-Fuzzy Inference System

by Suleiman Y Yerima and S. Sezer

As mobile devices have become indispensable in modern life, mobile security is becoming much more... more As mobile devices have become indispensable in modern life, mobile security is becoming much more important. Traditional password or PIN-like point-of-entry security measures score low on usability and are vulnerable to brute force and other types of attacks. In order to improve mobile security, an adaptive neuro-fuzzy inference system(ANFIS)-based implicit authentication system is proposed in this paper to provide authentication in a continuous and transparent manner. To illustrate the applicability and capability of ANFIS in our implicit authentication system, experiments were conducted on behavioural data collected for up to 12 weeks from different An-droid users. The ability of the ANFIS-based system to detect an adversary is also tested with scenarios involving an attacker with varying levels of knowledge. The results demonstrate that ANFIS is a feasible and efficient approach for implicit authentication with an average of 95% user recognition rate. Moreover, the use of ANFIS-based system for implicit authentication significantly reduces manual tuning and configuration tasks due to its self-learning capability.

FPGA-Based Lookup Circuit for Session-Based IP Packet Classification

Second NASA/ESA Conference on Adaptive Hardware and Systems (AHS 2007), 2007

In this paper, we present the architecture and implementation of an FPGA-based lookup circuit for... more

Feature Set Reduction for the Detection of Packed Executables

ABSTRACT Emerging sophisticated malware utilises obfuscation to circumvent detection. This is ach... more ABSTRACT Emerging sophisticated malware utilises obfuscation to circumvent detection. This is achieved by using packers to disguise their malicious intent. In this paper a novel malware detection method for detecting packed executable files using entropy analysis is proposed. It utilises a reduced feature set of variables to calculate an entropy score from which classification can be performed. Competitive analysis with state-of-the-art reveals an increase in classification accuracy.

Reconfigurable architectures for network processing

2005 IEEE VLSI-TSA International Symposium on VLSI Design, Automation and Test, 2005. (VLSI-TSA-DAT)., 2005

ABSTRACT An overview of research on reconfigurable architectures for network processing applicati... more ABSTRACT An overview of research on reconfigurable architectures for network processing applications within the Institute of Electronics, Communications and Information Technology (ECIT) is presented. Three key network processing topics, namely node throughput, Quality of service (QoS) and security are examined where custom reconfigurability allows network nodes to adapt to fluctuating network traffic and customer demands. Various architectural possibilities have been investigated in order to explore the options and tradeoffs available when using reconfigurability for packet/frame processing, packet-scheduling and data encryption/decryption. This research has shown there is no common approach that can be applied. Rather the methodologies used and the cost-benefits for incorporation of reconfigurability depend on each of the functions considered, for example being well suited to encryption/decryption but not packet/frame processing.

Malware detection: program run length against detection rate

by Philip O'Kane and S. Sezer

IET Software, 2014

N-gram analysis is an approach that investigates the structure of a program using bytes, characte... more N-gram analysis is an approach that investigates the structure of a program using bytes, characters or text strings. This research uses dynamic analysis to investigate malware detection using a classification approach based on N-gram analysis. A key issue with dynamic analysis is the length of time a program has to be run to ensure a correct classification. The motivation for this research is to find the optimum subset of operational codes (opcodes) that make the best indicators of malware and to determine how long a program has to be monitored to ensure an accurate support vector machine (SVM) classification of benign and malicious software. The experiments within this study represent programs as opcode density histograms gained through dynamic analysis for different program run periods. A SVM is used as the program classifier to determine the ability of different program run lengths to correctly determine the presence of malicious software. The findings show that malware can be detected with different program run lengths using a small number of opcodes.

Reconfigurable system-on-a-chip motion estimation architecture for multi-standard video coding

IET Computers & Digital Techniques, 2010

A Scalable Packet Sorting Circuit for High-Speed WFQ Packet Scheduling

by Holger Blume and S. Sezer

IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 2000

A novel implementation of a tag sorting circuit for a weighted fair queueing (WFQ) enabled Intern... more A novel implementation of a tag sorting circuit for a weighted fair queueing (WFQ) enabled Internet protocol (IP) packet scheduler is presented. The design consists of a search tree, matching circuitry, and a custom memory layout. It is implemented using 130-nm silicon technology and supports quality of service (QoS) on networks at line speeds of 40 Gb/s, enabling next generation IP services to be deployed.

A VLSI GFP frame delineation circuit

Emerging VLSI Technologies and …, 2006

GFP Frame delineation is specified by the ITU-T in recommendation G.7041. At the transmitter the ... more

A pipelined SoPC architecture for data link layer protocol processing

SOC Conference, 2003. Proceedings. …, 2003

Thispaperpresents the archifechrre and implementation of a 2.5Gbps Programmable Data Link her Pro... more

System on a FPGA Virtual Concatenation

… Machines, 2001. FCCM' …, 2001

1 System on a FPGA Virtual Concatenation Sakir Sezer and Eimear Stewart (QUB) Marc Carson,Claire ... more

Obfuscation: The Hidden Malware

by Philip O'Kane, S. Sezer, and Philip O'Kane

IEEE Security & Privacy, 2011

N-gram density based malware detection

by Philip O'Kane and S. Sezer

2014 World Symposium on Computer Applications & Research (WSCAR), 2014

N-gram analysis is an approach that investigates the structure of a program using bytes, characte... more N-gram analysis is an approach that investigates the structure of a program using bytes, characters or text strings. This research uses dynamic analysis to investigate malware detection using a classification approach based on N-gram analysis. A key issue with dynamic analysis is the length of time a program has to be run to ensure a correct classification. The motivation for this research is to find the optimum subset of operational codes (opcodes) that make the best indicators of malware and to determine how long a program has to be monitored to ensure an accurate support vector machine (SVM) classification of benign and malicious software. The experiments within this study represent programs as opcode density histograms gained through dynamic analysis for different program run periods. A SVM is used as the program classifier to determine the ability of different program run lengths to correctly determine the presence of malicious software. The findings show that malware can be detected with different program run lengths using a small number of opcodes.

SVM Training phase reduction using dataset feature filtering for malware detection

by Philip O'Kane, S. Sezer, and Philip O'Kane

N-gram analysis is an approach that investigates the structure of a program using bytes, characte... more N-gram analysis is an approach that investigates the structure of a program using bytes, characters, or text strings. A key issue with N-gram analysis is feature selection amidst the explosion of features that occurs when N is increased. The experiments within this paper represent programs as operational code (opcode) density histograms gained through dynamic analysis. A support vector machine is

Obfuscation: The Hidden Malware

by Philip O'Kane, S. Sezer, and Philip O'Kane

IEEE Security & Privacy, 2011

EMULATOR vs REAL PHONE: Android Malware Detection Using Machine Learning

by Mohammed Alzaylaee, Suleiman Y Yerima, and S. Sezer

The Android operating system has become the most popular operating system for smartphones and tab... more The Android operating system has become the most popular operating system for smartphones and tablets leading to a rapid rise in malware. Sophisticated Android malware employ detection avoidance techniques in order to hide their malicious activities from analysis tools. These include a wide range of anti-emulator techniques, where the malware programs attempt to hide their malicious activities by detecting the emulator. For this reason, countermeasures against anti-emulation are becoming increasingly important in Android malware detection. Analysis and detection based on real devices can alleviate the problems of anti-emulation as well as improve the effectiveness of dynamic analysis. Hence, in this paper we present an investigation of machine learning based malware detection using dynamic analysis on real devices. A tool is implemented to automatically extract dynamic features from Android phones and through several experiments, a comparative analysis of emulator based vs. device based detection by means of several machine learning algorithms is undertaken. Our study shows that several features could be extracted more effectively from the on-device dynamic analysis compared to emulators. It was also found that approximately 24% more apps were successfully analysed on the phone. Furthermore, all of the studied machine learning based detection performed better when applied to features extracted from the on-device dynamic analysis.

Video steganalysis of lsb based motion vector steganography

by Fatih Kurugollu and S. Sezer

Detecting packed executables using steganalysis

by S. Sezer and Fatih Kurugollu

Ethics and Privacy in National Security and Critical Infrastructure Protection

by Jennifer Betts and S. Sezer

Protection of critical infrastructures has a growing role in national security issues. These incl... more Protection of critical infrastructures has a growing role in
national security issues. These include power and water
supplies, traffic management systems, financial services and
communication networks. Attacks on any of these can damage
economies, cause disasters and may lead to loss of life.
Dependence on critical infrastructures in modern societies
makes them targets for organized crime and terrorism. Their
protection is vital to national security and public safety. This
paper highlights the importance of ethical principles in the
design of critical infrastructure network protection systems,
focusing on privacy and data protection. It introduces our
research addressing privacy in the design of one such system
funded by the European Commission’s FP7 Programme.
Debates surrounding national security and privacy involve
policy makers, regulators, academics, security engineers and
the public. A proposal from the designer of the Privacy by
Design framework is discussed and the paper concludes by
challenging policy makers, researchers and the technology
industry to review and develop such proposals and enable the
protection of national security and privacy.

Continuous Implicit Authentication for Mobile Devices based on Adaptive Neuro-Fuzzy Inference System

by Suleiman Y Yerima and S. Sezer

As mobile devices have become indispensable in modern life, mobile security is becoming much more... more As mobile devices have become indispensable in modern life, mobile security is becoming much more important. Traditional password or PIN-like point-of-entry security measures score low on usability and are vulnerable to brute force and other types of attacks. In order to improve mobile security, an adaptive neuro-fuzzy inference system(ANFIS)-based implicit authentication system is proposed in this paper to provide authentication in a continuous and transparent manner. To illustrate the applicability and capability of ANFIS in our implicit authentication system, experiments were conducted on behavioural data collected for up to 12 weeks from different An-droid users. The ability of the ANFIS-based system to detect an adversary is also tested with scenarios involving an attacker with varying levels of knowledge. The results demonstrate that ANFIS is a feasible and efficient approach for implicit authentication with an average of 95% user recognition rate. Moreover, the use of ANFIS-based system for implicit authentication significantly reduces manual tuning and configuration tasks due to its self-learning capability.

FPGA-Based Lookup Circuit for Session-Based IP Packet Classification

Second NASA/ESA Conference on Adaptive Hardware and Systems (AHS 2007), 2007

In this paper, we present the architecture and implementation of an FPGA-based lookup circuit for... more

Feature Set Reduction for the Detection of Packed Executables

ABSTRACT Emerging sophisticated malware utilises obfuscation to circumvent detection. This is ach... more ABSTRACT Emerging sophisticated malware utilises obfuscation to circumvent detection. This is achieved by using packers to disguise their malicious intent. In this paper a novel malware detection method for detecting packed executable files using entropy analysis is proposed. It utilises a reduced feature set of variables to calculate an entropy score from which classification can be performed. Competitive analysis with state-of-the-art reveals an increase in classification accuracy.

Reconfigurable architectures for network processing

2005 IEEE VLSI-TSA International Symposium on VLSI Design, Automation and Test, 2005. (VLSI-TSA-DAT)., 2005

ABSTRACT An overview of research on reconfigurable architectures for network processing applicati... more ABSTRACT An overview of research on reconfigurable architectures for network processing applications within the Institute of Electronics, Communications and Information Technology (ECIT) is presented. Three key network processing topics, namely node throughput, Quality of service (QoS) and security are examined where custom reconfigurability allows network nodes to adapt to fluctuating network traffic and customer demands. Various architectural possibilities have been investigated in order to explore the options and tradeoffs available when using reconfigurability for packet/frame processing, packet-scheduling and data encryption/decryption. This research has shown there is no common approach that can be applied. Rather the methodologies used and the cost-benefits for incorporation of reconfigurability depend on each of the functions considered, for example being well suited to encryption/decryption but not packet/frame processing.

Malware detection: program run length against detection rate

by Philip O'Kane and S. Sezer

IET Software, 2014

N-gram analysis is an approach that investigates the structure of a program using bytes, characte... more N-gram analysis is an approach that investigates the structure of a program using bytes, characters or text strings. This research uses dynamic analysis to investigate malware detection using a classification approach based on N-gram analysis. A key issue with dynamic analysis is the length of time a program has to be run to ensure a correct classification. The motivation for this research is to find the optimum subset of operational codes (opcodes) that make the best indicators of malware and to determine how long a program has to be monitored to ensure an accurate support vector machine (SVM) classification of benign and malicious software. The experiments within this study represent programs as opcode density histograms gained through dynamic analysis for different program run periods. A SVM is used as the program classifier to determine the ability of different program run lengths to correctly determine the presence of malicious software. The findings show that malware can be detected with different program run lengths using a small number of opcodes.

Reconfigurable system-on-a-chip motion estimation architecture for multi-standard video coding

IET Computers & Digital Techniques, 2010

A Scalable Packet Sorting Circuit for High-Speed WFQ Packet Scheduling

by Holger Blume and S. Sezer

IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 2000

A novel implementation of a tag sorting circuit for a weighted fair queueing (WFQ) enabled Intern... more A novel implementation of a tag sorting circuit for a weighted fair queueing (WFQ) enabled Internet protocol (IP) packet scheduler is presented. The design consists of a search tree, matching circuitry, and a custom memory layout. It is implemented using 130-nm silicon technology and supports quality of service (QoS) on networks at line speeds of 40 Gb/s, enabling next generation IP services to be deployed.

A VLSI GFP frame delineation circuit

Emerging VLSI Technologies and …, 2006

GFP Frame delineation is specified by the ITU-T in recommendation G.7041. At the transmitter the ... more

A pipelined SoPC architecture for data link layer protocol processing

SOC Conference, 2003. Proceedings. …, 2003

Thispaperpresents the archifechrre and implementation of a 2.5Gbps Programmable Data Link her Pro... more

System on a FPGA Virtual Concatenation

… Machines, 2001. FCCM' …, 2001

1 System on a FPGA Virtual Concatenation Sakir Sezer and Eimear Stewart (QUB) Marc Carson,Claire ... more

Obfuscation: The Hidden Malware

by Philip O'Kane, S. Sezer, and Philip O'Kane

IEEE Security & Privacy, 2011

N-gram density based malware detection

by Philip O'Kane and S. Sezer

2014 World Symposium on Computer Applications & Research (WSCAR), 2014

N-gram analysis is an approach that investigates the structure of a program using bytes, characte... more N-gram analysis is an approach that investigates the structure of a program using bytes, characters or text strings. This research uses dynamic analysis to investigate malware detection using a classification approach based on N-gram analysis. A key issue with dynamic analysis is the length of time a program has to be run to ensure a correct classification. The motivation for this research is to find the optimum subset of operational codes (opcodes) that make the best indicators of malware and to determine how long a program has to be monitored to ensure an accurate support vector machine (SVM) classification of benign and malicious software. The experiments within this study represent programs as opcode density histograms gained through dynamic analysis for different program run periods. A SVM is used as the program classifier to determine the ability of different program run lengths to correctly determine the presence of malicious software. The findings show that malware can be detected with different program run lengths using a small number of opcodes.

SVM Training phase reduction using dataset feature filtering for malware detection

by Philip O'Kane, S. Sezer, and Philip O'Kane

N-gram analysis is an approach that investigates the structure of a program using bytes, characte... more N-gram analysis is an approach that investigates the structure of a program using bytes, characters, or text strings. A key issue with N-gram analysis is feature selection amidst the explosion of features that occurs when N is increased. The experiments within this paper represent programs as operational code (opcode) density histograms gained through dynamic analysis. A support vector machine is

Obfuscation: The Hidden Malware

by Philip O'Kane, S. Sezer, and Philip O'Kane

IEEE Security & Privacy, 2011

EMULATOR vs REAL PHONE: Android Malware Detection Using Machine Learning

by Mohammed Alzaylaee, Suleiman Y Yerima, and S. Sezer

The Android operating system has become the most popular operating system for smartphones and tab... more The Android operating system has become the most popular operating system for smartphones and tablets leading to a rapid rise in malware. Sophisticated Android malware employ detection avoidance techniques in order to hide their malicious activities from analysis tools. These include a wide range of anti-emulator techniques, where the malware programs attempt to hide their malicious activities by detecting the emulator. For this reason, countermeasures against anti-emulation are becoming increasingly important in Android malware detection. Analysis and detection based on real devices can alleviate the problems of anti-emulation as well as improve the effectiveness of dynamic analysis. Hence, in this paper we present an investigation of machine learning based malware detection using dynamic analysis on real devices. A tool is implemented to automatically extract dynamic features from Android phones and through several experiments, a comparative analysis of emulator based vs. device based detection by means of several machine learning algorithms is undertaken. Our study shows that several features could be extracted more effectively from the on-device dynamic analysis compared to emulators. It was also found that approximately 24% more apps were successfully analysed on the phone. Furthermore, all of the studied machine learning based detection performed better when applied to features extracted from the on-device dynamic analysis.

Video steganalysis of lsb based motion vector steganography

by Fatih Kurugollu and S. Sezer

Detecting packed executables using steganalysis

by S. Sezer and Fatih Kurugollu

Ethics and Privacy in National Security and Critical Infrastructure Protection

by Jennifer Betts and S. Sezer

Protection of critical infrastructures has a growing role in national security issues. These incl... more Protection of critical infrastructures has a growing role in
national security issues. These include power and water
supplies, traffic management systems, financial services and
communication networks. Attacks on any of these can damage
economies, cause disasters and may lead to loss of life.
Dependence on critical infrastructures in modern societies
makes them targets for organized crime and terrorism. Their
protection is vital to national security and public safety. This
paper highlights the importance of ethical principles in the
design of critical infrastructure network protection systems,
focusing on privacy and data protection. It introduces our
research addressing privacy in the design of one such system
funded by the European Commission’s FP7 Programme.
Debates surrounding national security and privacy involve
policy makers, regulators, academics, security engineers and
the public. A proposal from the designer of the Privacy by
Design framework is discussed and the paper concludes by
challenging policy makers, researchers and the technology
industry to review and develop such proposals and enable the
protection of national security and privacy.