Penerapan Metode Support Vector Machine pada Sistem Deteksi Intrusi secara Real-time

Intrusion detection system is a system for detecting attacks or intrusions in a network or computer system, generally intrusion detection is done with comparing network traffic pattern with known attack pattern or with finding unnormal pattern of network traffic. The raise of internet activity has increase the number of packet data that must be analyzed for build the attack or normal pattern, this situation led to the possibility that the system can not detect the intrusion with a new technique, so it needs a system that can automaticaly build a pattern or model.This research have a goal to build an intrusion detection system with ability to create a model automaticaly and can detect the intrusion in real-time environment with using support vector machine method as a one of data mining method for classifying network traffic audit data in 3 classes, namely: normal, probe, and DoS. Audit data was established from preprocessing of network packet capture files that obtained from Tshark. Based on the test result, the sistem can help system administrator to build a model or pattern automaticaly with high accuracy, high attack detection rate, and low false positive rate. The sistem also can run in real-time environment

Intrusion Detection Using Self-Training Support Vector Machines

Intrusion is broadly defined as a successful attack on a network. Intrusion Detection System (IDS) is a software tool used to detect unauthorized access to a computer system or network. It is a dynamic monitoring entity that complements the static monitoring abilities of a firewall. Data Mining techniques provide efficient methods for the development of IDS. The idea behind using data mining techniques is that they can automate the process of creating traffic models from some reference data and thereby eliminate the need of laborious manual intervention. Such systems are capable of detecting not only known attacks but also their variations.Existing IDS technologies, on the basis of detection methodology are broadly classified as Misuse or Signature Based Detection and Anomaly Detection Based System. The idea behind misuse detection consists of comparing network traffic against a Model describing known intrusion. The anomaly detection method is based on the analysis of the profiles that represent normal traffic behavior. Semi-Supervised systems for anomaly detection would reduce the demands of the training process by reducing the requirement of training labeled data. A Self Training Support Vector Machine based detection algorithm is presented in this thesis. In the past, Self-Training of SVM has been successfully used for reducing the size of labeled training set in other domains. A similar method was implemented and results of the simulation performed on the KDD Cup 99 dataset for intrusion detection show a reduction of upto 90% in the size of labeled training set required as compared to the supervised learning techniques

Analisis dan Implementasi Algoritma RIPPER untuk Membangun Misuse Intrusion Detection Model

ABSTRAKSI: Keamanan data dan ketersediaan resource pada jaringan komputer dari berbagai jenis intrusi, selalu menjadi perhatian banyak pihak, terutama administrator jaringan. Banyaknya jumlah data yang harus diaudit dan perkembangan jenis-jenis intrusi yang terus meningkat menjadi tugas yang tidak mudah bagi administrator. Data mining memiliki kemampuan mengekstraksi informasi dari sekumpulan data yang sebelumnya tidak diketahui polanya. Dengan menerapkan konsep dan metode data mining pada data aktifitas koneksi jaringan komputer, akan didapatkan informasi dan pola-pola dari data tersebut, sebuah detection model. Detection model digunakan pada intrusion detection system (IDS) sebagai filter untuk menyaring data aktifitas jaringan komputer, yang membedakan antara jenis koneksi normal atau koneksi yang berupa intrusi. Suatu tantangan dalam membangun detection model yang memiliki kemampuan deteksi intrusi yang akurat. Pada tugas akhir ini diimplementasikan algoritma repeated incremental pruning to produce error reduction (RIPPER) untuk membangun misuse detection model. RIPPER merupakan salah satu bentuk sequence covering algorithm yang menghasilkan model berupa sekumpulan rule (rule-based classifier). Penerapan feature selection dan resampling ditujukan untuk membentuk training data yang representatif. Pada tahap analisis dan pengujian, detection model yang dihasilkan mampu memberikan nilai akurasi terbaik sebesar 92,91256%. Dan dengan nilai CPE minimum adalah 0,1964, lebih rendah dibanding dengan pemenang KDD Cup 1999 dengan CPE sebesar 0,2331.Kata Kunci : intrusion detection system, misuse detection model, RIPPER, feature selection, resampling.ABSTRACT: Information security and resource availability on computer network from a lot tipe of intrusions always become interesting to people, especially network administrator. A lot number of data to be audited and increasing grow of intrusions, become important task to administrator. Data mining has an ability to extract informations and patterns from amount of data that never seen before. By applying concept and method of data mining to computer network activity data, we will get the informations and also patterns of those data, a detection model. Detection model used by intrusion detection system (IDS) as a tool filtering computer network activitiy data, to distinguish between normal connection or bad connection (intrusion). It is a challenge to develop detection model that has an ability to detect intrusions accurately. This project implemented repeated incremental pruning to produce error reduction (RIPPER) algorithm to develop misuse intrusion detection model. RIPPER is one kind of sequence covering algorithm that produce set of rule as a model (rule-based classifier). Feature selection and resampling is used to produce training data in representatif form. In the analysis and testing phase, detection model produced by RIPPER give accurate rate 92.91256%. And with minimum CPE rate is 0.1964, smaller compared with the winner of KDD Cup 1999 which CPE rate is 0.2331.Keyword: intrusion detection system, misuse detection model, RIPPER, feature selection, resampling

Enhance density peak clustering algorithm for anomaly intrusion detection system

In this paper proposed new model of Density Peak Clustering algorithm to enhance clustering of intrusion attacks. The Anomaly Intrusion Detection System (AIDS) by using original density peak clustering algorithm shows the stable in result to be applied to data-mining module of the intrusion detection system. The proposed system depends on two objectives; the first objective is to analyzing the disadvantage of DPC; however, we propose a novel improvement of DPC algorithm by modifying the calculation of local density method based on cosine similarity instead of the cat off distance parameter to improve the operation of selecting the peak points. The second objective is using the Gaussian kernel measure as a distance metric instead of Euclidean distance to improve clustering of high-dimensional complex nonlinear inseparable network traffic data and reduce the noise. The experimentations evaluated with NSL-KDD dataset

Penerapan Metode Support Vector Machine pada Sistem Deteksi Intrusi secara Real-time

Intrusion detection system is a system for detecting attacks or intrusions in a network or computer system, generally intrusion detection is done with comparing network traffic pattern with known attack pattern or with finding unnormal pattern of network traffic. The raise of internet activity has increase the number of packet data that must be analyzed for build the attack or normal pattern, this situation led to the possibility that the system can not detect the intrusion with a new technique, so it needs a system that can automaticaly build a pattern or model.This research have a goal to build an intrusion detection system with ability to create a model automaticaly and can detect the intrusion in real-time environment with using support vector machine method as a one of data mining method for classifying network traffic audit data in 3 classes, namely: normal, probe, and DoS. Audit data was established from preprocessing of network packet capture files that obtained from Tshark.  Based on the test result, the sistem can help system administrator to build a model or pattern automaticaly with high accuracy, high attack detection rate, and low false positive rate. The sistem also can run in real-time environment

A New Deep Learning Approach for Anomaly Base IDS using Memetic Classifier

A model of an intrusion-detection system capable of detecting attack in computer networks is described. The model is based on deep learning approach to learn best features of network connections and Memetic algorithm as final classifier for detection of abnormal traffic.One of the problems in intrusion detection systems is large scale of features. Which makes typical methods data mining method were ineffective in this area. Deep learning algorithms succeed in image and video mining which has high dimensionality of features. It seems to use them to solve the large scale of features problem of intrusion detection systems is possible. The model is offered in this paper which tries to use deep learning for detecting best features.An evaluation algorithm is used for produce final classifier that work well in multi density environments.We use NSL-KDD and Kdd99 dataset to evaluate our model, our findings showed 98.11 detection rate. NSL-KDD estimation shows the proposed model has succeeded to classify 92.72% R2L attack group

Penerapan Metode Support Vector Machine pada Sistem Deteksi Intrusi secara Real-time

Abstrak Sistem deteksi intrusi adalah sebuah sistem yang dapat mendeteksi serangan atau intrusi dalam sebuah jaringan atau sistem komputer, umum pendeteksian intrusi dilakukan dengan membandingkan pola lalu lintas jaringan dengan pola serangan yang diketahui atau mencari pola tidak normal dari lalu lintas jaringan. Pertumbuhan aktivitas internet meningkatkan jumlah paket data yang harus dianalisis untuk membangun pola serangan ataupun normal, situasi ini menyebabkan kemungkinan bahwa sistem tidak dapat mendeteksi serangan dengan teknik yang baru, sehingga dibutuhkan sebuah sistem yang dapat membangun pola atau model secara otomatis. Penelitian ini memiliki tujuan untuk membangun sistem deteksi intrusi dengan kemampuan membuat sebuah model secara otomatis dan dapat mendeteksi intrusi dalam lingkungan real-time, dengan menggunakan metode support vector machine sebagai salah satu metode data mining untuk mengklasifikasikan audit data lalu lintas jaringan dalam 3 kelas, yaitu: normal, probe, dan DoS. Data audit dibuat dari preprocessing rekaman paket data jaringan yang dihasilkan oleh Tshark. Berdasar hasil pengujian, sistem dapat membantu sistem administrator untuk membangun model atau pola secara otomatis dengan tingkat akurasi dan deteksi serangan yang tinggi serta tingkat false positive yang rendah. Sistem juga dapat berjalan pada lingkungan real-time.   Kata kunci— deteksi intrusi, klasifikasi, preprocessing, support vector machine     Abstract Intrusion detection system is a system  for detecting attacks or intrusions in a network or computer system, generally intrusion detection is done with comparing network traffic pattern with known attack pattern or with finding unnormal pattern of network traffic. The raise of internet activity has increase the number of packet data that must be analyzed for build the attack or normal pattern, this situation led to the possibility that the system can not detect the intrusion with a new technique, so it needs a system that can automaticaly build a pattern or model. This research have a goal to build an intrusion detection system with ability to create a model automaticaly and can detect the intrusion in real-time environment with using support vector machine method as a one of data mining method for classifying network traffic audit data in 3 classes, namely: normal, probe, and DoS. Audit data was established from preprocessing of network packet capture files that obtained from Tshark. Based on the test result, the system can help system administrator to build a model or pattern automaticaly with high accuracy, high attack detection rate, and low false positive rate. The system also can run in real-time environment.   Keywords— intrusion detection, classification, preprocessing, support vector machin

Penerapan Metode Support Vector Machine pada Sistem Deteksi Intrusi secara Real-time

AbstrakSistem deteksi intrusi adalah sebuah sistem yang dapat mendeteksi serangan atau intrusi dalam sebuah jaringan atau sistem komputer, umum pendeteksian intrusi dilakukan dengan membandingkan pola lalu lintas jaringan dengan pola serangan yang diketahui atau mencari pola tidak normal dari lalu lintas jaringan. Pertumbuhan aktivitas internet meningkatkan jumlah paket data yang harus dianalisis untuk membangun pola serangan ataupun normal, situasi ini menyebabkan kemungkinan bahwa sistem tidak dapat mendeteksi serangan dengan teknik yang baru, sehingga dibutuhkan sebuah sistem yang dapat membangun pola atau model secara otomatis.Penelitian ini memiliki tujuan untuk membangun sistem deteksi intrusi dengan kemampuan membuat sebuah model secara otomatis dan dapat mendeteksi intrusi dalam lingkungan real-time, dengan menggunakan metode support vector machine sebagai salah satu metode data mining untuk mengklasifikasikan audit data lalu lintas jaringan dalam 3 kelas, yaitu: normal, probe, dan DoS. Data audit dibuat dari preprocessing rekaman paket data jaringan yang dihasilkan oleh Tshark.Berdasar hasil pengujian, sistem dapat membantu sistem administrator untuk membangun model atau pola secara otomatis dengan tingkat akurasi dan deteksi serangan yang tinggi serta tingkat false positive yang rendah. Sistem juga dapat berjalan pada lingkungan real-time. Kata kunci— deteksi intrusi, klasifikasi, preprocessing, support vector machine  AbstractIntrusion detection system is a system  for detecting attacks or intrusions in a network or computer system, generally intrusion detection is done with comparing network traffic pattern with known attack pattern or with finding unnormal pattern of network traffic. The raise of internet activity has increase the number of packet data that must be analyzed for build the attack or normal pattern, this situation led to the possibility that the system can not detect the intrusion with a new technique, so it needs a system that can automaticaly build a pattern or model.This research have a goal to build an intrusion detection system with ability to create a model automaticaly and can detect the intrusion in real-time environment with using support vector machine method as a one of data mining method for classifying network traffic audit data in 3 classes, namely: normal, probe, and DoS. Audit data was established from preprocessing of network packet capture files that obtained from Tshark. Based on the test result, the system can help system administrator to build a model or pattern automaticaly with high accuracy, high attack detection rate, and low false positive rate. The system also can run in real-time environment. Keywords— intrusion detection, classification, preprocessing, support vector machin

A Predictive Model for Network Intrusion Detection System Using Deep Neural Network

Network Intrusion Detection System (NIDS) is an important part of Cyber safety and security. It plays a key role in all networked ICT systems in detecting rampant attacks such as Denial of Service (DoS) and ransom ware attacks. Existing methods are inadequate in terms of accuracy detection of attacks. However, the requirement for high accuracy detection of attacks using Deep Neural Network requires expensive computing resources which in turn make most organisations, and individuals shy away from it. This study therefore aims at designing a predictive model for network intrusion detection using deep neural networks with very limited computing resources. The study adopted Cross Industry Standard Process for Data Mining (CRISP-DM) as one of the formal methodologies and python was used for both testing and training, using crucial parameters such as the learning rate, number of epochs, neurons and hidden layers which greatly determined the accuracy level of the DNN algorithm. These parameters were experimented with values that are lesser compared to previous studies, training and evaluation were also done on the KDD99 data-set. The varying values of accuracy obtained from this study on four models with different numbers of layers of 50-epochs and learning rate of 0.01 achieved competitive results in comparison with the previous research of 100-1000 epochs and learning rate of 0.1. Therefore, the model with two layers attained same accuracy of 0.955 as the model with three layers from the previous study out of the four models tested in this study. Also, the models with three and four layers in this study attained an accuracy of 0.956, which is 0.001greater than the previous study's models. Keywords: Network-Based IDS, Host-Based IDS, Deep Neural Network, Denial of Service, Knowledge Discovery Datase