Voting Scheme Nearest Neighbors by Difference Distance Metrics Measurement

K-Nearest Neighbor (KNN) is a widely used method for both classification and regression cases. This algorithm, known for its simplicity and effectiveness, relies primarily on the Euclidean formula for distance metrics. Therefore, this study aimed to develop a voting model where observations were made using different distance calculation formulas. The nearest neighbors algorithm was divided based on differences in distance measurements, with each resulting model contributing a vote to determine the final class. Consequently, three methods were proposed, namely k-nearest neighbors (KNN), Local Mean-based KNN, and Distance-Weighted neighbor (DWKNN), with an inclusion of a voting scheme. The robustness of these models was tested using umbilical cord data characterized by imbalance and small dataset size. The results showed that the proposed voting model for nearest neighbors consistently improved performance by an average of 1-2% across accuracy, precision, recall, and F1 score when compared to the conventional non-voting method

IRS-BAG-Integrated Radius-SMOTE Algorithm with Bagging Ensemble Learning Model for Imbalanced Data Set Classification

Imbalanced learning problems are a challenge faced by classifiers when data samples have an unbalanced distribution among classes. The Synthetic Minority Over-Sampling Technique (SMOTE) is one of the most well-known data pre-processing methods. Problems that arise when oversampling with SMOTE are the phenomenon of noise, small disjunct samples, and overfitting due to a high imbalance ratio in a dataset. A high level of imbalance ratio and low variance conditions cause the results of synthetic data generation to be collected in narrow areas and conflicting regions among classes and make them susceptible to overfitting during the learning process by machine learning methods. Therefore, this research proposes a combination between Radius-SMOTE and Bagging Algorithm called the IRS-BAG Model. For each sub-sample generated by bootstrapping, oversampling was done using Radius SMOTE. Oversampling on the sub-sample was likely to overcome overfitting problems that might occur. Experiments were carried out by comparing the performance of the IRS-BAG model with various previous oversampling methods using the imbalanced public dataset. The experiment results using three different classifiers proved that all classifiers had gained a notable improvement when combined with the proposed IRS-BAG model compared with the previous state-of-the-art oversampling methods. Doi: 10.28991/ESJ-2023-07-05-04 Full Text: PD

EVALUASI INFRASTRUKTUR VOIP PADA NETWORK JARINGAN SOHO

VOIP merupakan bentuk perkembangan komunikasi yang digunakan oleh beberapa perusahaan. Keuntungan mengimplementasikan VOIP mampu memberikan proses komunikasi yang lebih efisien. Untuk mengukur kualitas VOIP yang sudah terimplementasi, dibutuhkan proses evaluasi infrastruktur untuk menilai seberapa stabil komunikasi yang didapatkan pada VOIP. Pada penelitian yang dilakukan, pengukuran atau evaluasi dilakukan terhadap penggunaan bandwidth, Jitter dan MOS(Mean Opinion Score). Pengujian dilakukan pada tipe jaringan SOHO yang megimplementasikan VOIP sebagai proses komunikasi dalam operasional perusahaan. Untuk mengamati pengukuran secara real time menggunakan Voip Log Viewer. Hasil penelitian menunjukkan bahwa penggunaan VOIP yang diimplementasikan memerlukan bandwidth sekitar 10 – 20 Kbps pada komunikasi 2 komunikator, tipe komunikasi dari Smartphone ke PSTN memiliki nilai jitter tertinggi dan nilai MOS 4:4 untuk mendapatkan kualitas komunikasi terbai

Pengembangan Mekanisme Korelasi dan Deteksi Aktivitas Botnet Pada Jaringan Komputer

Botnet merupakan salah satu ancaman dalam keamanan jaringan komputer. Hal ini disebabkan karena botnet memiliki sifat independent, memiliki kemampuan untuk mereplikasi diri dan bersifat decentralized. Dari sifat yang dimiliki, menyebabkan botnet sulit untuk dideteksi oleh sistem keamanan jaringan seperti sistem deteksi intrusi atau antivirus malware. Kesulitan yang dimaksud adalah sulitnya membedakan aktivitas botnet dengan aktivitas normal, baik pada aktivitas bot tunggal ataupun aktivitas bot group. Tujuan dari penelitian ini adalah mengembangkan mekanisme korelasi dan deteksi untuk aktivitas bot group. Aktivitas bot group lebih berbahaya dan lebih sulit dikenali pola aktivitasnya dibandingkan dengan aktivitas bot tunggal, sehingga membutuhkan analisis yang lebih dalam untuk dideteksi. Beberapa pendekatan model deteksi telah dilakukan oleh peneliti sebelumnya, dengan fokus deteksi terhadap aktivitas bot tunggal. Selain itu, model deteksi yang dikenalkan pada penelitian sebelumnya, masih berfokus pada deteksi adanya indikasi atau eksistensi dari aktivitas bot, tidak mengarah pada pelaku penyerangan dan tidak menjelaskan hubungan keterkaitan antar aktivitas bot sebagai kumpulan aktivitas bot group. Salah satu bentuk hubungan keterkaitan antar aktivitas bot adalah bentuk hubungan kemiripan dan hubungan kausalitas aktivitas antar bot. Pada penelitian ini, dikembangkan model deteksi aktivitas bot group dengan mengenalkan 4 pendekatan yang berbeda. Setiap model deteksi memiliki tujuan dan keterbaruan penelitian yang berbeda. Secara keseluruhan, keempat model yang dikembangkan menggunakan proses segmentasi data berbasis waktu aktivitas, melakukan ekstraksi fitur dari data traffic aktivitas di jaringan, mengukur kemiripan aktivitas dan mengukur korelasi aktivitas untuk mendapatkan aktivitas bot yang saling memiliki keterkaitan dalam bentuk hubungan kausalitas aktivitas antar bot. Model yang dikembangkan dalam penelitian ini juga menggunakan pendekatan analisis berbasis graf dan network flows based. Analisis graf digunakan untuk menentukan nilai ambang kemiripan dan ambang korelasi. Sedangkan analisis berbasis network flows based digunakan untuk mendapatkan fitur pada proses ekstraksi fitur aktivitas bot. Hasil penelitian menunjukkan bahwa pengembangan mekanisme korelasi dan deteksi aktivitas botnet khususnya aktivitas bot group berhasil dilakukan. Selain mampu mendeteksi aktivitas bot, hubungan keterkaitan aktivitas antar bot berhasil diiukur melalui pengukuran kemiripan dan pengukuran korelasi untuk mendapatkan kausalitas aktivitas bot. Evaluasi deteksi dari keempat model yang dikembangkan dilakukan dengan pengukuran akurasi, precission dan recall. Hasil deteksi terbaik ditunjukkan pada model keempat melalui proses pengukuran korelasi kausalitas dengan nilai akurasi deteksi sebesar 99,18% pada dataset CTU dan 99,73% pada dataset Net-Centric Computing (NCC). Sedangkan nilai recall terbaik didapatkan sebesar 91,55% pada dataset CTU dan 99,29% pada dataset NCC. Pengukuran nilai precission didapatkan sebesar 42,29% pada dataset CTU, lebih rendah dari nilai precission pada dataset NCC sebesar 75,14%. Keterbaruan penelitian ini adalah model deteksi aktivitas bot yang dapat memberikan informasi keterkaitan aktivitas diantara bot dalam bentuk kemiripan aktivitas, rantai komunikasi bot dan hubungan kausalitas aktivitas bot. Selain itu, pada penelitian ini juga memiliki keterbaruan dalam deteksi skenario aktivitas penyerangan bot dalam bentuk tahapan aktivitas penyerangan dan berhasil dikembangkan menjadi dataset baru yang kumpulan pada jenis aktivitas bot group dengan nama dataset NCC. ====================================================================================================== Botnet is one of the threats to computer network security. This is because botnets are independent, can self-replicate, and are decentralized. Due to their nature, botnets are difficult to detect by network security systems such as intrusion detection systems or malware antivirus. The difficulty is distinguishing botnet activities from normal activities, both for single bot activities or bot group activities. This study aims to develop a correlation and detection mechanism for bot group activity. Grouped bot activity is more dangerous and more challenging to identify activity patterns than single bot activity, thus requiring deeper analysis to detect. Several detection model approaches have been carried out by previous researchers, focusing on detecting single bot activity. In addition, the detection model introduced in previous research still focuses on detecting any indication or existence of bot activity that does not lead to attackers and does not explain the relationship between bot activities as a collection of bot group activities. One form of the relationship between bot activities is a form of similarity relationship and activity causality between bots. This study developed a bot group activity detection model by introducing four approaches. Each detection model has a different purpose and research novelty. Overall, the four models developed using the activity time-based data segmentation process perform feature extraction from activity traffic data on the network, measure activity similarity, and measure activity correlation to obtain interrelated bot activities in the form of activity causality between bots. The model developed in this study also uses a graph-based and network flows-based analysis approach. Graph analysis is used to get the similarity and correlation threshold. Meanwhile, network flows-based analysis is used to obtain features in the feature extraction process of bot activities. The results showed that the correlation mechanism's development and botnet activity detection was successfully carried out, especially bot group activity. In addition to detecting bot activity, the relationship between bots was successfully measured through similarity and correlation measurements to determine the causality of bot activity. The four models' detection was carried out by measuring accuracy, precision, and recall. The best detection results are shown in the fourth model, with a detection accuracy value of 99.18% on the CTU dataset and 99.73% on the Net-Centric Computing (NCC) dataset. Besides, the best recall value was obtained at 91.55% in the CTU dataset and 99.29% in the NCC dataset. Measurement of precision value was obtained at 42.29% in the CTU dataset, lower than the precision value in the NCC dataset of 75.14%. .The novelty of this research is a bot activity detection model that can provide information on the activity linkages between bots in the form of similar activities, bot communication chains, and causality relationships between bots. In addition, this study also has an update on the detection of bot attack activity scenarios in the form of attack activity stages. Finally, it has been successfully developed into a new dataset collected on the type of bot group activity with the name NCC dataset

The Optimization of the ARP Poisoning Attack Detection Model Using a Similar Approach Based on NetFlow Analysis

Information security and threats are a concern in the cyber era. Attacks can be malicious activities. One of them is known as ARP poisoning attack activity, which attacks by falsifying a computer's identity through illegal access to retrieve confidential information in a target computer. Besides, it has also caused service deadlocks in the network. Previous studies have been introduced for the ARP Attack Detection model using rule-based and mining-based. Still, they cannot show optimal detection performance and obtain high false positive results. This paper proposed a detection model for ARP poisoning attacks using a similarity measurement approach adopting cosine similarity. The goal is to obtain measurements of host activities similar to ARP poisoning attacks. The experiment results showed that the model got an accuracy of 97.25%, recall of 96.43%, and precision of 81% with a similarity threshold value of 0.488. Comparison results with previous studies showed higher detection accuracy than previous studies and some classification methods. It shows that the model can improve intrusion detection performance and facilitate network administrators to analyze ARP poisoning attacks in computer networks