Browsing by Author "Tuğlular, Tuğkan"

Now showing 1 - 20 of 111

Citation Count: 6
The 1st workshop on model-based verification & validation: Directed acyclic graph modeling of security policies for firewall testing
(2009) Tuglular, T.; Kaya, Ö.; Müftüoǧlu, C.A.; Belli, F.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Currently network security of institutions highly depend on firewalls, which are used to separate untrusted network from trusted one by enforcing security policies. Security policies used in firewalls are ordered set of rules where each rule is represented as a predicate and an action. This paper proposes modeling of firewall rules via directed acyclic graphs (DAG), from which test cases can be automatically generated for firewall testing. The approach proposed follows test case generation algorithm developed for event sequence graphs. Under a local area network setup with the aid of a specifically developed software for this purpose, generated test cases are converted to network test packets, test packets are sent to the firewall under test (FUT), and sent packets are compared with passed packets to determine test result. © 2009 IEEE.
Access monitoring system for distributed firewall policies
(Izmir Institute of Technology, 2008) Çakı, Oğuzhan; Tuğlular, Tuğkan; Tuğlular, Tuğkan
Internet has provided several benefits in terms of information sharing. However, Internet is an insecure environment that can cause threats to private networks. As a result, network security becomes a critical issue. One of the important tools used in network security is firewall. Firewalls protect a private network from external threats by restricting network traffic according to predefined security rules. Basically, firewalls apply these rules to each packet that passes over them. Distributed firewalls are a new approach to firewall to overcome some drawbacks of traditional firewalls. Distributed firewall design is based on the idea of enforcing the policy rules at the endpoints rather than a single entry point to network. Management of policy rules is a critical issue in both traditional and distributed firewalls. We propose a monitoring application for distributed firewall policies to keep track of actions (create, read. update, delete) performed on policy rule set. The resulting data produced by the monitoring application will be very helpful in policy management process.
Citation Count: 4
Advances in Model-Based Testing of Graphical User Interfaces
(Elsevier Academic Press inc, 2017) Belli, Fevzi; Beyazit, Mutlu; Budnik, Christof J.; Tuglular, Tugkan; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Graphical user interfaces (GUIs) enable comfortable interactions of the computer-based systems with their environment. Large systems usually require complex GUIs, which are commonly fault prone and thus are to be carefully designed, implemented, and tested. As a thorough testing is not feasible, techniques are favored to test relevant features of the system under test that will be specifically modeled. This chapter summarizes, reviews, and exemplifies conventional and novel techniques for model-based GUI testing.
Analysis of intrusion prevention methods
(Izmir Institute of Technology, 2004) Semerci, Hakan; Tuğlular, Tuğkan; Tuğlular, Tuğkan
Today, the pace of the technological development and improvements has compelled the development of new and more complex applications. The obligatory of application development in a short time to rapidly changing requirements causes skipping of some stages, mostly the testing stage, in the software development cycle thus, leads to the production of applications with defects. These defects are, later, discovered by intruders to be used to penetrate into computer systems. Current security technologies, such as firewalls, intrusion detection systems, honeypots, network-based antivirus systems, are insufficient to protect systems against those, continuously increasing and rapid-spreading attacks. Intrusion Prevention System (IPS) is a new technology developed to block today.s application-specific, data-driven attacks that spread in the speed of communication. IPS is the evolved and integrated state of the existing technologies; it is not a new approach to network security. In this thesis, IPS products of various computer security appliance developer companies have been analyzed in details. At the end of these analyses, the requirements of network-based IPSs have been identified and an architecture that fits those requirements has been proposed. Also, a sample network-based IPS has been developed by modifying the open source application Snort.
Anomaly detection using network traffic characterization
(Izmir Institute of Technology, 2009) Yarımtepe, Oğuz; Tuğlular, Tuğkan; Tuğlular, Tuğkan
Detecting suspicious traffic and anomaly sources are a general tendency about approaching the traffic analyzing. Since the necessity of detecting anomalies, different approaches are developed with their software candidates. Either event based or signature based anomaly detection mechanism can be applied to analyze network traffic. Signature based approaches require the detected signatures of the past anomalies though event based approaches propose a more flexible approach that is defining application level abnormal anomalies is possible. Both approach focus on the implementing and defining abnormal traffic. The problem about anomaly is that there is not a common definition of anomaly for all protocols or malicious attacks. In this thesis it is aimed to define the non-malicious traffic and extract it, so that the rest is marked as suspicious traffic for further traffic. To achieve this approach, a method and its software application to identify IP sessions, based on statistical metrics of the packet flows are presented. An adaptive network flow knowledge-base is derived. The knowledge-base is constructed using calculated flows attributes. A method to define known traffic is displayed by using the derived flow attributes. By using the attributes, analyzed flow is categorized as a known application level protocol. It is also explained a mathematical model to analyze the undefined traffic to display network traffic anomalies. The mathematical model is based on principle component analysis which is applied on the origindestination pair flows. By using metric based traffic characterization and principle component analysis it is observed that network traffic can be analyzed and some anomalies can be detected.
Application of graph neural networks on software modeling
(01. Izmir Institute of Technology, 2020-12) Leblebici, Onur Yusuf; Tuğlular, Tuğkan; Tuğlular, Tuğkan; Belli, Fevzi; 01. Izmir Institute of Technology
Deficiencies and inconsistencies introduced during the modeling of software systems can cause undesirable consequences that may result in high costs and negatively affect the quality of all developments made using these models. Therefore, creating better models will help the software engineers to build better software systems that meet expectations. One of the software modelling methods used for analysis of graphical user interfaces is Event Sequence Graphs (ESG). The goal of this thesis is to propose a method that predicts missing or forgotten links between events defined in an ESG via Graph Neural Networks (GNN). A five-step process consisting of the following steps is proposed: (i) data collection from ESG model, (ii) dataset transformation, (iii) GNN model training, (iv) validation of trained model and (v) testing the model on unseen data. Three performance metrics, namely cross entropy loss, area under curve and accuracy, were used to measure the performance of the GNN models. Examining the results of the experiments performed on different datasets and different variations of GNN, shows that even with relatively small datasets prepared from ESG models, predicts missing or forgotten links between events defined in an ESG can be achieved.
Citation Count: 1
Application of Human-Robot Interaction Features to Design and Purchase Processes of Home Robots
(Springer international Publishing Ag, 2021) Yapici, Nur Beril; Tuglular, Tugkan; Basoglu, Nuri; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Production of home robots, such as robotic vacuum cleaners, currently focuses more on the technology and its engineering than the needs of people and their interaction with robots. An observation supporting this view is that the home robots are not customizable. In other words, buyers cannot select the features and built their home robots to order. Stemmed from this observation, the paper proposes an approach that starts with a classification of features of home robots. This classification concerns robot interaction with humans and the environment, a home in our case. Following the classification, the proposed approach utilizes a new hybrid model based on a built-to-order model and dynamic eco-strategy explorer model, enabling designers to develop a production line and buyers to customize their home robots with the classified features. Finally, we applied the proposed approach to robotic vacuum cleaners. We developed a feature model for robotic vacuum cleaners, from which we formed a common uses scenario model.
Citation Count: 0
Application of the Law of Minimum and Dissimilarity Analysis to Regression Test Case Prioritization
(Ieee-inst Electrical Electronics Engineers inc, 2023) Ufuktepe, Ekincan; Tuglular, Tugkan; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Regression testing is one of the most expensive processes in testing. Prioritizing test cases in regression testing is critical for the goal of detecting the faults sooner within a large set of test cases. We propose a test case prioritization (TCP) technique for regression testing called LoM-Score inspired by the Law of Minimum (LoM) from biology. This technique calculates the impact probabilities of methods calculated by change impact analysis with forward slicing and orders test cases according to LoM. However, this ordering doesn't consider the possibility that consecutive test cases may be covering the same methods repeatedly. Thereby, such ordering can delay the time of revealing faults that exist in other methods. To solve this problem, we enhance the LoM-Score TCP technique with an adaptive approach, namely with a dissimilarity-based coordinate analysis approach. The dissimilarity-based coordinate analysis uses Jaccard Similarity for calculating the similarity coefficients between test cases in terms of covered methods and the enhanced technique called Dissimilarity-LoM-Score (Dis-LoM-Score) applies a penalty with respective on the ordered test cases. We performed our case study on 10 open-source Java projects from Defects4J, which is a dataset of real bugs and an infrastructure for controlled experiments provided for software engineering researchers. Then, we hand-seeded multiple mutants generated by Major, which is a mutation testing tool. Then we compared our TCP techniques LoM-Score and Dis-LoM-Score with the four traditional TCP techniques based on their Average Percentage of Faults Detected (APFD) results.
Citation Count: 0
An Architecture for Verification of Access Control Policies with Multi Agent System Ontologies
(Ieee, 2009) Tekbacak, Fatih; Tuglular, Tugkan; Dikenelli, Oguz; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Multi-agent systems (MAS) which communicate with intra-domain and inter-domain agent platforms have access control requirements. Instead of a central mechanism, a fine-graned access control mechanism could have been applied to MAS platforms. This paper emphasizes MAS-based domain and security ontologies with XACML-based access control approach for MAS platforms. The domain dependent behaviour and access control parameters in agent ontologies could be combined within a common XACML policy documents should be consistent to enforce policies for MAS. To obtain this conditions. Agent-based access control requirements and common XACML policy documents should be consistent to enforce policies for MAS. To obtain this condition, the translation of organizational policies and platform based policies have to be considered in derail and the verified policy features have to be enforced in MAS to provide access for resources.
Citation Count: 3
An architecture for verification of access control policies with multi agent system ontologies
(2009) Tekbacak, F.; Tuglular, T.; Dikenelli, O.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Multi-agent systems (MAS) which communicate with intra-domain and inter-domain agent platforms have access control requirements. Instead of a central mechanism, a fine-graned access control mechanism could have been applied to MAS platforms. This paper emphasizes MAS-based domain and security ontologies with XACML-based access control approach for MAS platforms. The domain dependent behaviour and access control parameters in agent ontologies could be combined within a common XACML policy document that is used through different MAS applications. Agent-based access control requirements and common XACML policy documents should be consistent to enforce policies for MAS. To obtain this condition, the translation of organizational policies and platform based policies have to be considered in detail and the verified policy features have to be enforced in MAS to provide access for resources. © 2009 IEEE.
Automatic Code Generation with Document Responsibility Collaboration Modelling Method
(Institute of Electrical and Electronics Engineers Inc., 2020) Tuglular, T.; Leblebici, O.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
UML is highly preferred for design in current software development approaches. However, the conceptual gap between entities in business processes and classes in UML designs is not small. To reduce this gap, this paper proposes using documents that are vital to every business. The proposed new method called Document Responsibility Collaboration puts the concept of documents at the center. In the proposed method, documents are meta-models of classes in terms of programming, and at the same time, they are meta-models of relationships in terms of permanence. The proposed Document Responsibility Collaboration method uses the domain concept in which domains are made up of documents, and a document defined in a domain can work with another document in any domain to fulfill its responsibility. Document Responsibility Collaboration method defines a process, which starts at the transition from analysis to design phase and continues to the code generation phase. An example from the order management domain is provided to validate the recommended method. © 2020 IEEE.
Citation Count: 0
Automatic Code Generation with Document Responsibility Collaboration Modelling Method
(Ieee, 2020) Tuglular, Tugkan; Leblebici, Onur; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
UML is highly preferred for design in current software development approaches. However, the conceptual gap between entities in business processes and classes in UML designs is not small. To reduce this gap, this paper proposes using documents that are vital to every business. The proposed new method called Document Responsibility Collaboration puts the concept of documents at the center. In the proposed method, documents are meta-models of classes in terms of programming, and at the same time, they are meta-models of relationships in terms of permanence. The proposed Document Responsibility Collaboration method uses the domain concept in which domains are made up of documents, and a document defined in a domain can work with another document in any domain to fulfill its responsibility. Document Responsibility Collaboration method defines a process, which starts at the transition from analysis to design phase and continues to the code generation phase. An example from the order management domain is provided to validate the recommended method.
Citation Count: 1
Automatic enforcement of location aware user based network access control policies
(World Scientific and Engineering Acad and Soc, 2008) Tuglular, Tugkan; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Multiple interconnected network segments distributed across various locations, such as corporate networks, where users or employees constantly travel among segments and require to access servers, need to have network access control mechanisms that are able to adapt to these location changes. The idea of a firewall changing or adapting its rules depending on the location of users is presented by an architecture in this paper. This architecture proposes deployment of a policy server at the management level and policy agents at the firewall level, so that policy-driven network security management is enabled by specifying location aware user based network access control policies at the network security management and enforcing them at the managed firewalls. The architecture presented in this paper utilizes user VPN connection event triggers for dynamic policy configuration and automated policy deployment to firewalls. Location aware user based network access control policies, which are management level policies, are implemented using XACML. A network level policy is usually a configuration, or policy, file local to the firewall. The policy agent incorporated into the firewall performs the mapping from management level policy to firewall policy.
Automatic question generation using natural language processing techniques
(Izmir Institute of Technology, 2018-07) Keklik, Onur; Tuğlular, Tuğkan; Tuğlular, Tuğkan; Tekir, Selma
This thesis proposes a new rule based approach to automatic question generation. The proposed approach focuses on analysis of both syntactic and semantic structure of a sentence. The design and implementation of the proposed approach are also explained in detail. Although the primary objective of the designed system is question generation from sentences, automatic evaluation results shows that, it also achieves great performance on reading comprehension datasets, which focus on question generation from paragraphs. With respect to human evaluations, the designed system significantly outperforms all other systems and generated the most natural (human-like) questions.
Citation Count: 1
Automation Architecture for Bayesian Network Based Test Case Prioritization and Execution
(Ieee, 2016) Ufuktepe, Ekincan; Tuglular, Tugkan; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
An automation architecture for Bayesian Network based test case prioritization is designed for software written in Java programming language following the approach proposed by Mirarab and Tahvildari [2]. The architecture is implemented as an integration of a series of tools and called Bayesian Network based test case prioritization and execution platform. The platform is triggered by a change in the source code, then it collects necessary information to be supplied to Bayesian Network and uses Bayesian Network evaluation results to run high priority unit tests.
Citation Count: 0
Bağlamsal Doğrulama için Bir Yazılım Tasarım Şablonu
(2017) Tuğlular,Tuğkan; Tuğlular, Tuğkan
Yazılım tasarım şablonları, tekrar eden yazılım tasarım problemleri için hazır çözümler sunar. Model-Görünüm-Denetçi (İng. MVC) gibi bileşik tasarım şablonları ise, var olan tasarım şablonlarının biraraya getirilmesi ile daha büyük ölçekli problemleri çözmek için geliştirilmektedir. Bu çalışmada bağlamsal doğrulama problemi için bir bileşik tasarım şablonu geliştirilmiştir. Bağlamsal doğrulama, bir işlem gerçekleş- tirilmeden önce o işlem için gerekli tüm nesnelerin gerekli koşulları sağladığının doğrulanması anlamına gelmektedir. Bileşik tasarım şablonu geliştirme yöntemi ile ortaya konan bağlamsal doğrulama tasarım şablonu; tek sorumluluk, açık-kapalı ve bağımlılığı tersine çevirme nesne temelli tasarım ilkelerine göre geliştirilmiştir. Geliştirilen bağlamsal doğrulama tasarım şablonu bünyesinde Ziyaretçi, Strateji, Dekoratör ve Bildirim tasarım şablonlarını barındırmaktadır. Ortaya konan bağlamsal doğrulama tasarım şablonu, kullanım şekli itibariyle iki örnek uygulama üzerinde tartışılmıştır.
Citation Count: 1
Behavior-Driven Development of Software Product Lines
(Institute of Electrical and Electronics Engineers Inc., 2021) Tuglular, T.; Coskun, D.E.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Software product lines (SPLs) develop families of similar software products, which share a standard set of features, and they build in variety via optional features. That means customers can select features according to their needs and come up with a product configuration. Then the SPL is expected automatically to generate and test the software product for the chosen configuration. There are various SPL solutions for the automatic generation of software products, but those SPLs lack automatic testing of the generated product. To overcome this shortcoming, the SPL should automatically compose a test suite according to the selected features, automatically execute the test suite on the product, and automatically generate a test report delivered to the customer with the product. This paper proposes such an approach through behavior driven development. The proposed method is evaluated with a smart home SPL. © 2021 IEEE.
Bir yazılımın dayanıklılığını ölçmeye yönelik bir yöntem
(Türk Patent ve Marka Kurumu, 2021-06-21) Tuğlular, Tuğkan; Ufuktepe, Ekincan; Tuğlular, Tuğkan; Izmir Institute of Technology; Izmir Institute of Technology
Buluş, bir yazılımın girdilere karşı dayanıklılığını ölçmeye yönelik; FIPS (Fonksiyon 5 Girdi Parametresi Durumu) düğümleri (A) ile, kod içerisinde birbirinden bağımsız olarak girdilere karşı zafiyetler için gerekli önlemlerin alınıp alınmadığını kontrol edilerek sayısal değerlerin alınması, FIPS düğümlerinde (A) alınan bu değerlerin incelenen zafiyetlere ilişkin zafiyet düğümlerine (B) aktarılması ve bilgilerin işlenmesi, zafiyet düğümlerinde (B) işlenen bilgilerin uygulama düğümüne (C) aktarılması, 10 uygulama düğümünün (C) gelen bilgileri değerlendirerek, yazılımın genel olarak dayanıklılığına dair çıkarsama yaparak bir ölçüm vermesi işlem adımlarını içeren bir yöntem ile ilgilidir.
Campus network topology discovery and distributed firewall policy generation
(Izmir Institute of Technology, 2011) Çalışkan, Ezgi; Tuğlular, Tuğkan; Tuğlular, Tuğkan
The change in technology of network components has enabled more complex and dynamic computer networks to occur. At present, most network components can easily be attached to or removed from computer networks. This situation causes the static prevention techniques to be inadequate. In static prevention, any situation which is different than expected ones occurs, the default rule is taken granted for it. Detecting unpredictable situations and finding out solutions for them takes time. There are some network systems, which control network parameters dynamically, such as intrusion detection systems integrated firewalls. However, even if these systems control traffic parameters, they can only alert when the parameter values are not in the given range. They may not be successful to determine well-designed attacks or even if the system determines the attack, it takes time to interfere. Instead of static approaches, a dynamic network security system, which is compatible with dynamic network topology and can update the security issues according to changes in network, is needed. To achieve this dynamic nature, the network must be monitored. Then controlling and managing new components could be easier and more secure. New security rules must be created for the newly attached network components or security rules must be removed for removed network components. In this thesis, an approach to monitor a campus area network and dynamically update firewall rules according to monitoring results is proposed. The implemented approach is validated through a case study.
Çevik Yazılım Ürün Hatları için Olay Sıra Çizge Tabanlı Test Üretim Yöntemi Geliştirilmesi
Tuğlular, Tuğkan; Tuğlular, Tuğkan; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Proje kapsamında, ilk olarak çevik yazılım ürün hatları için olay sıra çizgeleri özelleştirilerek genişletilecektir. Sonra bu genişletilmiş olay sıra çizgelerinden testleri üretecek yöntem geliştirilecektir. En sonunda da modelleme için kullanacak modelleme yazılımı ile bu modellerden otomatik test üretimini gerçekleştirecek test üretim yazılımı kodlanacaktır. Bu yazılımlar web üzerinde çalışacaktır. Ayrıca, çevik yöntemler ile geliştirilecek olan bir yazılım ürün hattı için olay sıra çizgeleri tabanlı test üretimi yöntemi kullanılarak bir doğrulama çalışması yapılacaktır.