Cross-layer ransomware detection framework for SDN using HMM, LSTM, and Bayesian inference

Basit Öğe Kaydı
dc.authorid0000-0003-2865-6370
dc.contributor.authorSerter, Cemal Emreen_US
dc.contributor.authorÇeliktaş, Barışen_US
dc.date.accessioned2026-03-06T07:12:03Z
dc.date.available2026-03-06T07:12:03Z
dc.date.issued2025-08-28
dc.departmentIşık Üniversitesi, Lisansüstü Eğitim Enstitüsü, Bilgisayar Mühendisliği Yüksek Lisans Programıen_US
dc.departmentIşık University, School of Graduate Studies, Master’s Program in Computer Engineeringen_US
dc.departmentIşık Üniversitesi, Mühendislik ve Doğa Bilimleri Fakültesi, Bilgisayar Mühendisliği Bölümüen_US
dc.departmentIşık University, Faculty of Engineering and Natural Sciences, Department of Computer Engineeringen_US
dc.description.abstractRansomware continues to pose a serious threat to endpoint computers as well as network systems, especially in Software Defined Networks (SDN) environments where programmability and centralized control offer novel attack surfaces. In this paper, a cross-layer detection model for ransomware is introduced that integrates host-based behavioral modeling using Hidden Markov Models (HMM), anomaly detection at flow level using Long Short-Term Memory (LSTM) networks, and probabilistic fusion through Bayesian inference. By correlating host and SDN layer anomalies, the system enhances early-stage detection and reduces false positives. A variational Bayesian approximation technique is utilized for decision score stabilization under ambiguous conditions. The model is evaluated with new ransomware datasets and obtains a range between 97.5%-99.92% F1-score across three benchmark datasets with less than 50 ms latency for detection. The hybrid framework gives a promising direction for real-time threat detection in resilient programmable networks.en_US
dc.description.versionPublisher's Versionen_US
dc.identifier.citationSerter, C. E. & Çeliktaş, B. (2025). Cross-layer ransomware detection framework for SDN using HMM, LSTM, and Bayesian inference. Paper presented at the 6th International Conference on Electrical, Communication and Computer Engineering, ICECCE 2025 - Conference Proceedings, 1-6. doi:https://doi.org/10.1109/ICECCE67514.2025.11257888en_US
dc.identifier.doi10.1109/ICECCE67514.2025.11257888
dc.identifier.endpage6
dc.identifier.isbn9798331549152
dc.identifier.scopus2-s2.0-105030023814
dc.identifier.scopusqualityN/A
dc.identifier.startpage1
dc.identifier.urihttps://hdl.handle.net/11729/7102
dc.identifier.urihttps://doi.org/10.1109/ICECCE67514.2025.11257888
dc.indekslendigikaynakScopusen_US
dc.institutionauthorSerter, Cemal Emreen_US
dc.institutionauthorÇeliktaş, Barışen_US
dc.institutionauthorid0000-0003-2865-6370
dc.language.isoenen_US
dc.peerreviewedYesen_US
dc.publicationstatusPublisheden_US
dc.publisherInstitute of Electrical and Electronics Engineers Inc.en_US
dc.relation.ispartof6th International Conference on Electrical, Communication and Computer Engineering, ICECCE 2025 - Conference Proceedingsen_US
dc.relation.publicationcategoryKonferans Öğesi - Uluslararası - Öğrencien_US
dc.relation.publicationcategoryKonferans Öğesi - Uluslararası - Kurum Öğretim Elemanıen_US
dc.rightsinfo:eu-repo/semantics/closedAccessen_US
dc.subjectBayesian inferenceen_US
dc.subjectHMMen_US
dc.subjectHybrid detection systemsen_US
dc.subjectLSTMen_US
dc.subjectRansomwareen_US
dc.subjectSDNen_US
dc.subjectVariational approximationen_US
dc.subjectAnomaly detectionen_US
dc.subjectBayesian networksen_US
dc.subjectComputation theoryen_US
dc.subjectComputer control systemsen_US
dc.subjectComputer networksen_US
dc.subjectHidden Markov modelsen_US
dc.subjectInference enginesen_US
dc.subjectVariational techniquesen_US
dc.subjectCross layeren_US
dc.subjectDetection frameworken_US
dc.subjectDetection systemen_US
dc.subjectHidden-Markov modelsen_US
dc.subjectHybrid detectionen_US
dc.subjectHybrid detection systemen_US
dc.subjectShort term memoryen_US
dc.subjectSoftware-defined networksen_US
dc.subjectMalwareen_US
dc.titleCross-layer ransomware detection framework for SDN using HMM, LSTM, and Bayesian inferenceen_US
dc.typeConference Objecten_US
dspace.entity.typePublicationen_US

Dosyalar

Orijinal paket
Listeleniyor 1 - 1 / 1
Küçük Resim Yok
İsim:
Cross_Layer_Ransomware_Detection_Framework_for_SDN_Using_HMM_LSTM_and_Bayesian_Inference.pdf
Boyut:
954.6 KB
Biçim:
Adobe Portable Document Format
İndir
Lisans paketi
Listeleniyor 1 - 1 / 1
Küçük Resim Yok
İsim:
license.txt
Boyut:
1.17 KB
Biçim:
Item-specific license agreed upon to submission
Açıklama:
İndir

Koleksiyon

Öğrenci Yayınları Bildiri Koleksiyonu
Bildiri Koleksiyonu | Bilgisayar Mühendisliği Bölümü
Lisansüstü Eğitim Enstitüsü Diğer Yayınlar Koleksiyonu
Scopus İndeksli Yayınlar Koleksiyonu