EMAIL: PASSWORD:
Front Office
UPT. PERPUSTAKAAN
Institut Teknologi Sepuluh Nopember Surabaya


Kampus ITS Sukolilo - Surabaya 60111

Phone : 031-5921733 , 5923623
Fax : 031-5937774
E-mail : libits@its.ac.id
Website : http://library.its.ac.id

Support (Customer Service) :
timit_perpus@its.ac.id




Welcome..guys!

Have a problem with your access?
Please, contact our technical support below:
LIVE SUPPORT


Moh. Fandika Aqsa


Davi Wahyuni


Tondo Indra Nyata


Anis Wulandari


Ansi Aflacha




ITS » Master Theses » Teknik Informatika - S2
Posted by eny at 23/12/2006 12:50:32  •  8206 Views


APLIKASI DATA MINING UNTUK PENDETEKSIAN INTRUSI PADA SISTEM JARINGAN DENGAN ALGORITMA CLUSTERING NEAREST NEIGHBOR

Author :
SYARIF , IWAN 




ABSTRAK

Intrusi adalah suatu tindakan perusakan sekuritas pada sistem jaringan yang membutuhkan suatu mekanisme deteksi serta penanganan tersendiri. Terdapat dua jenis teknik pendeteksian intrusi yaitu analisis signatur signature analysis dan deteksi anomali anomaly detection. Suatu trafik jaringan disebut mempunyai anomali jika secara statistik mempunyai perilaku yang menyimpang dari kondisi normal. Suatu anomali bisa terjadi karena adanya intrusi atau penyerangan attack baik dari dalam maupun dari luar sistem jaringan. Seiring dengan perkembangan internet yang sangat pesat tingkat kejahatan komputer juga meningkat tajam dan berbagai jenis intrusi baru selalu bermunculan. Kebanyakan sistem pendeteksi intrusi yang ada saat ini belum mempunyai kemampuan untuk mendeteksi intrusi baru yang sebelumnya tidak dikenali. Penelitian ini membahas tentang penerapan data mining untuk pendeteksian intrusi pada sistem jaringan dengan algoritma clustering Nearest Neighbor. Algoritma dengan teknik pembelajaran unsupervised ini dapat menganalisis data trafik jaringan yang tidak berlabel lalu kemudian mengelompokkannya ke dalam sejumlah kluster. Untuk ini data normal akan terkumpul pada suatu kluster tersendiri sedangkan data-data yang berisi intrusi akan dikelompokkan pada kluster yang berbeda. Kluster yang terbentuk ini dapat digunakan untuk melakukan pendeteksian intrusi pada data yang akan diuji. Pendeteksian intrusi dengan metode analisis signatur menggunakan perangkat lunak C4.5 dan Ripper menghasilkan tingkat deteksi hampir 100 untuk intrusi yang sudah pernah dipelajari tetapi sebaliknya tingkat deteksinya sangat rendah hampir 0 untuk jenis intrusi baru. Pendeteksian intrusi dengan algoritma Nearest Neighbor mempunyai kelebihan dapat mendeteksi intrusi yang sebelumnya tidak dikenali. Dari serangkain percobaan yang telah dilakukan metode ini dapat mendeteksi intrusi dengan kategori Probing attack dan Denial of Service DoS attack yang masing-masing terdeteksi dengan keberhasilan lebih dari 90. Sedangkan untuk intrusi dengan kategori Remote to Login R2L attack tingkat deteksinya hanya sekitar 60 hal ini disebabkan karena intrusi jenis ini mempunyai pola yang mirip dengan pola data normal sehingga lebih sulit untuk dideteksi.


ABSTRACT

Intrusion can be defined as a security violation in a network system that needs special detection and handling mechanisms. Presently there are two types of intrusion detection techniques that were already widely known i.e. those that are based on signature analysis and those that are based on anomaly detection. A network can be suspected to contain an anomaly if statistically its traffic exhibits the behavior deviations -that may be caused by some intrusion attacks from both inside and outside of a network system-from the normal conditions. Several new types of intrusions are emerged in accordance to the vast growing of computer crime. Unfortunately however research works that are concerned with the invention of intrusion detection tools that are capable of detecting new types of intrusions that are not already known are quite limited. This research is concerned with the application of data mining technique for detecting intrusions in a network system using the nearest-neighbor clustering algorithm. In this algorithm an unsupervised learning method is employed to detect the network traffic anomalies. The overall clustering algorithms implemented in this research are capable of analyzing the unlabelled network traffic data and exploiting the data into clusters. In this context normal data will be grouped into clusters with normal data while the data that are suspected to contain anomalies are grouped into clusters of data with anomalies. Both of these clusters are then used for detecting the intrusions on the data to be examined. Some experiments are performed to evaluate the performance of the algorithms that have been successfully implemented using various set of data obtained from many sources. The C4.5 and Ripper software that implement the signature analysis based intrusion detection algorithms are used for comparing the effectiveness of the nearest-neighbor clustering algorithm implemented in this research. Experimental results show that both C4.5 and Ripper are capable of detecting almost all intrusion types that have been previously trained with a detection rate of almost 100. However they fail to detect some new intrusions that have not been previously trained with a detection rate of almost 0. On the contrary the nearest-neighbor clustering algorithm exploits a sufficiently high detection rate for the unknown intrusion types. Experimental results for the same of dataset show that this method is capable of detecting intrusions with probing attack and denial of service categories each of which with a detection rate of more than 90 and Remote to Login attack category with a detection rate of 60



KeywordsIntrusion detection ; Signature analysis ; Anomaly detection ; Unsupervised clustering ; Nearest neighbor algorithm
 
Subject:  Pengolahana data elektronis
Contributor
  1. Dr.Ir. Arif Djunaidy, MSc.
    Febriliyan Samopa, S.Kom., M.Kom.
Date Create: 12/09/2003
Type: Text
Format: pdf ; 135 pages
Language: Indonesian
Identifier: ITS-Master-3100003018397
Collection ID: 3100005021397
Call Number: 005.740 68 Sya


Source
Theses Information Engineering RTIf 005.740 68 Sya a, 2003

Coverage
ITS Community

Rights
Copyright @2003 by ITS Library. This publication is protected by copyright and permission should be obtained from the ITS Library prior to any prohibited reproduction, storage in a retrievel system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise. For information regarding permission(s), write to ITS Library




[ Download - Summary ]

ITS-Master-3100005021397-185.pdf




 Similar Document...

     No similar subject found !


! ATTENTION !

To facilitate the activation process, please fill out the member application form correctly and completely

Registration activation of our members will process up to max 24 hours (confirm by email). Please wait patiently

POLLING

Bagaimana pendapat Anda tentang layanan repository kami ?

Bagus Sekali
Baik
Biasa
Jelek
Mengecewakan





You are connected from 75.101.220.230
using CCBot/2.0 (https://commoncrawl.org/faq/)



Copyright © ITS Library 2006 - 2020 - All rights reserved.
Dublin Core Metadata Initiative and OpenArchives Compatible
Developed by Hassan