Research Information System
Thesis Type: Doctorate
Institution Of The Thesis: Gazi University, Fen Bilimleri Enstitüsü, Turkey
Approval Date: 2023
Thesis Language: Turkish
Student: Emre HALİSDEMİR
Supervisor: Hacer Karacan
Open Archive Collection: AVESIS Open Access Collection
Abstract:
In this thesis, we aimed to develop intrusion detection systems, which are crucial components of cybersecurity architecture, utilizing deep learning algorithms. A Long Short Term Memory (LSTM) model, which addresses the problem of vanishing gradient through its long-term short-term memory, was developed, and novel regularization techniques were implemented to enhance the model performance. When the LSTM model was applied to the NSL-KDD dataset, an accuracy value of 83.18% was achieved. To observe the impact of long-term short-term memory on model performance, Gated Recurrent Unit (GRU) and simple Recurrent Neural Network (RNN) models were developed, and the obtained results were discussed. Additionally, an image dataset was obtained using a method utilizing numerical values from the NSL-KDD dataset, which is used for the first time in the literature, and a Convolutional Neural Network (CNN)-based model, commonly used for image classification, was developed, achieving an accuracy level of 90.99%. To examine the impact of feature selection on computational cost, the dataset obtained using Chi-square, Principal Component Analysis (PCA), and local algorithm feature selection methods were tested with the LSTM model, and evaluations were done. Next, we focused on the dataset, which is one of the most important components for the success of a deep learning model, so the features of recent datasets such as CICIDS 2017, CICIDS-001, UGR'16, and UNSW NB15 were examined. The results obtained from applying the UNSW-NB15 dataset to the LSTM model were shared. To contribute to the literature by generating a new publicly available dataset, we produced a dataset using the network traffic of the Locked Shields exercise, which is organized annually by NATO CCDCOE (Cooperative Cyber Defence Centre of Excellence) and holds an important place in the field of cyber security. For this purpose, a virtual blue team was implemented into the exercise for the first time, and the dataset was generated using the network traffic of this team. A novel method was used for labeling to obtain a more reliable dataset.
Key Words : Artificial Intelligence, deep learning, information security, network intrusion detection