I am a faculty member in the Department of Computer Engineering at Universitas Sriwijaya, with expertise in computer networks, operating systems, cybersecurity, distributed systems, and parallel computing. I have professional and managerial experience as Head of the Computer Networking Laboratory, where I was responsible for managing laboratory infrastructure, servers, and Linux-based networking environments, as well as developing learning and research platforms for networking and distributed computing experiments. I have also served as Head of the Study Program, with responsibilities including academic management, curriculum development and evaluation, quality assurance, and coordination of faculty and academic staff to ensure alignment with technological advancements and industry needs. In addition, I have held the position of Head of Subdivision (Kasubdit) at the Directorate of Information Technology Services and Development (DPPTI), Universitas Sriwijaya, where I was directly involved in managing campus-wide network infrastructure, data center services, information systems, and institutional IT security policies. My research interests focus on network and distributed systems security, particularly on intrusion detection and cyberattack mitigation using rule-based approaches, machine learning, and deep learning, as well as performance optimization in distributed and parallel computing environments, with a strong commitment to integrating academic expertise, practical experience, and institutional leadership to support the development of secure, reliable, and sustainable information technology systems.
Research Interests: 1. Computer Networks and Network Architecture 2. Network and System Security (Intrusion Detection Cyber Attack Mitigation) 3. Operating Systems and Linux-Based Server Management 4. Distributed Systems and Cloud Computing 5. Parallel Computing and High-Performance Computing (HPC) 6. Network Traffic Analysis and Anomaly Detection 7. Machine Learning and Deep Learning for Cybersecurity 8. Secure and Scalable IT Infrastructure
Intrusion Detection System is yet an interesting research topic. With a very large amount of traffic in real-time networks, feature selection techniques that are effectively able to find important and relevant features are required. Hence, the most important and relevant set of features is the key to improve the performance of intrusion detection system. This study aims to find the best relevant selected features that can be used as important features in a new IDS dataset. To achieve the aim, an approach for generating optimized ensemble IDS is developed. Six features selection methods are used and compared, i.e.: Information Gain (IG), Gain Ratio (GR), Symmetrical Uncertainty (SU), Relief-F (R-F), One-R (OR) and Chi-Square (CS). The feature selection techniques produce sets of selected features. Each best selected number of features that are obtained from feature ranking step for respective feature selection technique will be used to classify attacks via four classification methods, i.e.: Bayesian Network (BN), Naïve Bayesian (NB), Decision Tree: J48 and SOM. Then, each feature selection technique with its respective best features is combined with each classifier method to generate ensemble IDSs. Lastly, the ensemble IDSs are evaluated using Hold-up, K-fold validation approaches, as well as F-Measure and statistical validation approaches. Experimental results using Weka tools on ITD-UTM dataset show the optimized ensemble IDSs using (SU and BN); using (CS and BN) or (CS and SOM) or (IG and NB); and using (OR and BN) with respective ten, four and seven best selected features achieves 81.0316%, 85.2593%, and 80.8625% of accuracy, respectively. In addition, ensemble IDSs using (SU and BN) and using (OR and J48) with ten and six best respective selected features, perform the best F-measure value, i.e.: 0.853 and 0.830, respectively. Indirect comparison with other ensemble IDS on different dataset is discussed.
<span>The openness of the World Wide Web (Web) has become more exposed to cyber-attacks. An attacker performs the cyber-attacks on Web using malware Uniform Resource Locators (URLs) since it widely used by internet users. Therefore, a significant approach is required to detect malicious URLs and identify their nature attack. This study aims to assess the efficiency of the machine learning approach to detect and identify malicious URLs. In this study, we applied features optimization approaches by using a bio-inspired algorithm for selecting significant URL features which able to detect malicious URLs applications. By using machine learning approach with static analysis technique is used for detecting malicious URLs applications. Based on this combination as well as significant features, this paper shows promising results with higher detection accuracy. The bio-inspired algorithm: particle swarm optimization (PSO) is used to optimized URLs features. In detecting malicious URLs, it shows that naïve Bayes and support vector machine (SVM) are able to achieve high detection accuracy with rate value of 99%, using URL as a feature.</span>
The Repository Mahasiswa (RAMA) is a national repository of research reports in the form of final assignments, student projects, theses, dissertations, and research reports of lecturers or researchers that have not yet been published in journals, conferences, or integrated books from the scientific repository of universities and research institutes in Indonesia. The increasing popularity of the RAMA Repository leads to security issues, including the two most widespread, vulnerable attacks i.e., Structured Query Language (SQL) injection and cross-site scripting (XSS) attacks. An attacker gaining access to data and performing unauthorized data modifications is extremely dangerous. This paper aims to provide an attack detection system for securing the repository portal from the abovementioned attacks. The proposed system combines a Long Short–Term Memory and Principal Component Analysis (LSTM-PCA) model as a classifier. This model can effectively solve the vanishing gradient problem caused by excessive positive samples. The experiment results show that the proposed system achieves an accuracy of 96.85% using an 80%:20% ratio of training data and testing data. The rationale for this best achievement is that the LSTM’s Forget Gate works very well as the PCA supplies only selected features that are significantly relevant to the attacks’ patterns. The Forget Gate in LSTM is responsible for deciding which information should be kept for computing the cell state and which one is not relevant and can be discarded. In addition, the LSTM’s Input Gate assists in finding out crucial information and stores specific relevant data in the memory.
Ransomware is a malware that represents a serious threat to a user’s information privacy. By investigating howransomware works, we may be able to recognise its atomic behaviour. In return, we will be able to detect theransomware at an earlier stage with better accuracy. In this paper, we propose Control Flow Graph (CFG) asan extracting opcode behaviour technique, combined with 4-gram (sequence of 4 “words”) to extract opcodesequence to be incorporated into Trojan Ransomware detection method using K-Nearest Neighbors (K-NN)algorithm. The opcode CFG 4-gram can fully represent the detailed behavioural characteristics of Trojan Ransomware.The proposed ransomware detection method considers the closest distance to a previously identifiedransomware pattern. Experimental results show that the proposed technique using K-NN, obtains the best accuracyof 98.86% for 1-gram opcode and using 1-NN classifier.
This study aimed to propose a tool for measuring the research performance of researchers, institutions, and journals in Indonesia based on bibliometrics. Specifically, the output of this measurement tool, referred to as the S-score, is described, as well as its implementation on the main database portal in Indonesia. The S-score was developed by a focus group discussion. The following 8 evaluation items for journal accreditation were analyzed in the development process: journal title, aims and scope; publisher; editorial and journal management; quality of articles; writing style; format of PDF and e-journal; regularity; and dissemination. The elements of the S-score are as follows: number of journal article documents in Scopus, number of non-journal-article in Scopus, number of citations in Scopus, number of citations in Google Scholar, the h-index in Scopus, and the h-index in Google Scholar. The S-score yields results ranging from S1 to S6. The above metrics were implemented on the Science and Technology Index, a database portal in Indonesia. The measurement tool developed through the focus group discussion was successfully implemented on the database portal. Its validity and reliability should be monitored consistently through regular assessments of S-scores. The S-score may be a good example of a metric for measuring the performance of researchers, institutions, and journals in countries where most journals are not indexed by Scopus.
Data analysis to identifying attacks/anomalies is a crucial task in anomaly detection and network anomaly detection itself is an important issue in network security. Researchers have developed methods and algorithms for the improvement of the anomaly detection system. At the same time, survey papers on anomaly detection researches are available. Nevertheless, this paper attempts to analyze futher and to provide alternative taxonomy on anomaly detection researches focusing on methods, types of anomalies, data repositories, outlier identity and the most used data type. In addition, this paper summarizes information on application network categories of the existing studies .
Web Application becomes the leading solution for the utilization of systems that need access globally, distributed, cost-effective, as well as the diversity of the content that can run on this technology. At the same time web application security have always been a major issue that must be considered due to the fact that 60% of Internet attacks targeting web application platform. One of the biggest impacts on this technology is Cross Site Scripting (XSS) attack, the most frequently occurred and are always in the TOP 10 list of Open Web Application Security Project (OWASP). Vulnerabilities in this attack occur in the absence of checking, testing, and the attention about secure coding practices. There are several alternatives to prevent the attacks that associated with this threat. Network Intrusion Detection System can be used as one solution to prevent the influence of XSS Attack. This paper investigates the XSS attack recognition and detection using regular expression pattern matching and a preprocessing method. Experiments are conducted on a testbed with the aim to reveal the behaviour of the attack.
Data analysis to identifying attacks/anomalies is a crucial task in anomaly detection and network anomaly detection itself is an important issue in network security. Researchers have developed methods and algorithms for the improvement of the anomaly detection system. At the same time, survey papers on anomaly detection researches are available. Nevertheless, this paper attempts to analyze futher and to provide alternative taxonomy on anomaly detection researches focusing on methods, types of anomalies, data repositories, outlier identity and the most used data type. In addition, this paper summarizes information on application network categories of the existing studies .
Visualization became one of the solutions in showing the attack on the network. With Visualize the attack, it would be easier in recognizing and conclude the pattern from the complex image visual. The target of DoS attacks can be addressed to the various parts of the network, it can be routing, web, electronic mail or DNS servers (Domain Name System). The purpose of the DoS attacks create a server shutdown, reboot, crashes or not responding. The pattern of DoS attacks on the dataset ISCX form a pattern where much of his host's IP just to exploit to a single server. Snort detects a DoS attack on testbed ISCX dataset as much as 42 alert HttpDoS attack. Percentage accuracy of the clustering algorithm using k-means of 97,83%, to its rate of detection 98,63%, and the false alarm of the programme amounting to 0.02%. Meanwhile, the value of the percentage accuracy of the clustering algorithm using k-means with tool WEKA of 99,69%, the detection rate of 99.01% and false alarms of 3.70%. The difference in accuracy between value and clustering tool WEKA caused the value of the centroid is used in mneg-cluster data packets randomly selected from a data value pack.
Focus of this research is TCP FIN flood attack pattern recognition in Internet of Things (IoT) network using rule based signature analysis method. Dataset is taken based on three scenario normal, attack and normal-attack. The process of identification and recognition of TCP FIN flood attack pattern is done based on observation and analysis of packet attribute from raw data (pcap) using a feature extraction and feature selection method. Further testing was conducted using snort as an IDS. The results of the confusion matrix detection rate evaluation against the snort as IDS show the average percentage of the precision level.
Enterprise Resouce Planning(ERP) Fakultas Ilmu Komputer Universitas Sriwijaya merupakan sebuah layanan yang membantu proses bisnis dari Fakultas Ilmu Komputer UNSRI dalam memberikan pelayanan ke segenap civitas akademika kampus. Aplikasi ERP tersimpan di dalam server. Server ini terdiri dari sebuah komputer yang terhubung dengan peralatan jaringan komputer dan menyediakan berbagai jenis layanan yang dapat diakses oleh komputer lainnya (client). Server ERP dalam proses produksinya membutuhkan perangkat-perangkat jaringan agar service yang disediakan dapat dimanfaaatkan secara maksimal oleh pengguna. Server dan perangkat jaringan harus selalu aktif dalam melayani client ERP. Jika komponen-komponen ERP down maka client tidak memperoleh informasi yang diperlukan.Oleh karena itu, dibangun sistem monitoring ERP untuk memantau kondisi server-server dan perangkat jaringan yang ada di dalam sistem ERP fasilkom. Sistem monitoring menggunakan protokol SNMP dan ICMP. Sistem monitoring mampu mendapatkan status dari server dan perangkat jaringan yang telah digunakan pada ERP. Berdasarkan hasil percobaan, sistem monitoring mampu memberikan informasi up dan down dari perangkat jaringan kurang dari 5 detik.
Perkembangan teknologi digital telah memberikan informasi yang berlimpah kepada semua orang dengan segala macam kemudahan/fasilitas. Masyarakat dengan menggunakan komputer/gadget dapat mengakses konten digital seluruh dunia, dari mana saja dan kapan saja selama terkoneksi dengan jaringan internet. Banyak hal positif yang bisa didapatkan dengan pemanfaatan produk-produk internet sekarang ini. I nternet yang dapat digunakan sebagai media update berbagai ilmu pengetahuan. Internet juga merupakan tempat bertebaran data pribadi yang bersifat sensitif yang dapat disalah gunakan oleh pihak yang tidak berwenang, data-data tersebut seperti email, password, dan account-account berharga seperti internet banking. Informasi-informasi tersebut akan sangat rentan terhadap phising, scam dan spam . Pada pengabdian kepada masyarakat tahun 2019 di kota pangkal Pinang telah dilakukan Workshop Teknik Keamanan Jaringan Internet Pada Siswa Sma/Smk Di Pangkal Pinang , sehingga para peserta dapat memaksimalkan manfaat internet dan mengurangi hal negatif dari internet.
Food security is one of the Indonesian government's strategic programs.In support of the Food Security Program, the Ministry of Agriculture has established a policy on the distribution of subsidized fertilizer needs, especially for food crops, which are six right policies.Subsidized fertilizer distribution planning is very important to support the achievement of the six right policies because proper distribution planning will result in meeting the needs of farmers for fertilizer.Distribution Requirement Planning (DRP) method is used to determine the planning needs and it is expected that with the distribution pattern, good marketing stock, success in meeting the needs of the fertilizer stock inventory will be more optimal.In this paper, the DRP method will be used to optimize the role of subsidized fertilizer management systems.The case study for this paper is the warehouses of PT.Pupuk Sriwidjaja Palembang, namely PPD Sumsel, while the type of subsidized fertilizer that will become the scope is urea fertilizer.From this study can be concluded that the DRP method provides a more coordinated distribution reference for urea subsidized fertilizer.With the distribution schedule, the company can prepare everything so that it can distribute products.Moreover, the implementation of DRP in the subsidized fertilizer data management system is used to optimize existing data collection and reporting functions, by adding feature requirements according to the DRP concept such as fertilizer management of stock, demand and distribution, safety stock and DRP calculation, also fertilizer report for a company manager.
Databases are the main need for every computer application to store, process and modify data. One important problem faced in databases is the availability of adequate information technology infrastructure in managing and securing data contained in the database. Data stored on the database must have protection against threats and disturbances. Threats and disruptions can result from a variety of things, such as maintenance, data damage, and natural disasters. To anticipate data loss and damage, replication of the database system needs to be done. The replication mechanism used by researchers is multi-master replication. The replication technique is able to form a database cluster with replication time of fewer than 0.2 seconds.
An intrusion detection system (IDS) is software or hardware that works as a monitoring and defense system against cyberattacks. This system monitors computer systems or network activities that have the potential to violate security policies. In general, there are two techniques used by an IDS in its cyberattack detection system: signature-based and anomaly-based. However, these techniques still face some problems, such as false alarm warnings, low accuracy and precision rates, high-dimensional data, complex data structures, and long computational times. IDS performance can be improved by implementing feature selection, which can reduce the amount of data to be processed on the IDS detection engine. This research used correlation-based feature selection (CFS). Experimental results on CIC-IDS2018 dataset show optimal IDS performance. The proposed CFS-based IDS achieves an accuracy of 99.9995%, recall of 100%, specificity of 99.9985%, precision of 99.9992, F1-score of 99.9996%, true positive rate of 99.9992%, and true negative rate of 100%.
Thispaper proposes the learning phase for enhancing the learning phase of intrusion prevention systems in heterogeneous environment. We represent accuracy and precision as means to identify and recognize suspicious threats through new model examination alarms and assessment that match with an event database. The aims of this work are: firstly topresent a comprehensive analysis mapping problem in terms of intrusion prevention, and secondly toprovide a promising model of examining new merging suspicious threats. Throughout this paper, the proposed a model are implemented to evaluating system security in order to help security officers to be more aware of their network status.
Penelitian ini menyajikan visualisasi dalam bidang two dimensional (2D) untuk mengkategorikan paket ISCX dan DARPA dataset. Paket data akan dibedakan dalam dua kategori yaitu paket data attack dan paket data normal berdasarkan pattern serangan brute force. Serangan brute force melakukan penyerangan pada beberapa layanan protokol seperti secure shell (SSH) dan telecommunication network (Telnet). Pada ISCX dataset serangan brute force terjadi pada layanan SSH , sedangkan DARPA dataset terjadi pada layanan TELNET. Metode K-Means dan metode Naive Bayes diimplementasikan pada penelitian ini untuk mendapatkan hasil pengkategorian yang efektif Hasil akhir dari penelitian menunjukkan metode yang digunakan mendapatkan hasil yang baik dalam hal accuracy dengan mengurangi false alarm yang terjadi.
Sistem database yang selalu tersedia merupakan kebutuhan mutlak pada insfrastruktur setiap organisasi. Data yang tersimpan harus terus tersedia pada saat dibutuhkan. Banyak hambatan dan gangguan dalam menyimpan data dalam suatu database. Hambatan dan gangguan tersebut tersebut bisa diakibatkan dari berbagai macam hal, seperti maintenance, kerusakan database, kerusakan media, data corruption dan bencana yang tak terduga (bencana alam). Oleh karena itu, diperlukan suatu Teknik replikasi yang baik untuk menjaga keutuhan data. Teknik replikasi Multi Master (Master-Master) telah diimplementasikan pada penelitian ini. Hasil penelitian ini, untuk melakukan replikasi 3 node server diperlukan waktu dengan rentang 0,1-0,2 detik
Granblue Fantasy is one of Role Playing Games (RPG). It’s a video role-playing game developed by Cygames. This research to observes the Granblue Fantasy Game. The purpose is to analyze the traffic data of the Granblue Fantasy to find the pattern using Deep Packet Inspection (DPI), Capturing the Data Traffic, Feature Extraction Process and Visualize the Pattern. The Pattern are Gacha, Solo Raid, Casino and Multiraid. This research demonstrate that Multiraid battle has more data than other pattern with TTL 237.
Abstrak: Tujuan penelitian ini adalah untuk memperoleh deskripsi tentang penerapan model pembelajaran berbasis masalah ( Problem Based Learning ) yang dapat meningkatkan hasil belajar siswa di kelas VII A SMP Labschool UNTAD Palu pada materi penjumlahan dan pengurangan bentuk aljabar. Jenis penelitian yang digunakan adalah penelitian tindakan kelas. Desain penelitian ini mengacu pada desain penelitian Kemmis dan Mc. Taggart. Penelitian ini dilaksanakan dalam dua siklus. Hasil penelitian menunjukkan bahwa melalui penerapan model pembelajaran berbasis masalah ( Problem Based Learning ) yang dapat meningkatkan hasil belajar siswa, dengan mengikuti langkah-langkah, yaitu: (1) orientasi siswa pada masalah, (2) mengorganisasikan siswa untuk belajar, (3) membimbing penyelidikan individu dan kelompok, (4) mengembangkan dan menyajikan hasil karya dan (5) menganalisis dan mengevaluasi proses pemecahan masalah. Kata Kunci: Model pembelajaran berbasis masalah ( Problem Based Learning) ; hasil belajar; penjumlahan dan pengurangan bentuk aljabar.
Rule-Based Signature or also known as Misuse Detection is IDS which rely on matching data captured on retrieval of attack pattern which in system that allow attacks. If the attack activity detected according to existing signature, then it will be read by system and called as attack. The advantage of this Signature-Based IDS is the accuracy of detecting matched attack which in the system with low false-positive result and high true-positive. Cross-Site Scripting is type of attack which is perform by injecting code (usually) JavaScript to a site. XSS is very often utilized by attacker to steal web browser resource such as cookie, credentials, etc. Dataset which used in this research is dataset which created by injecting script into a website. Once obtained the dataset, then feature extraction is performed to separate the attribute which used. XSS attack pattern can be easily recognized from URI, and then detected using engine which has been created. Detection result of algorithm which used is evaluated using confusion matrix to determine detection accuracy value which performed. Obtained accuracy detection of research result reached 99.4% with TPR 98.8% and FPR 0%.
Server is a host device applications to serve every request in finding information needs. The server must fully support the services used for the organization's digital needs 24 hours in a day, 7 days in a week, and 365 days in a year. The concept of High Availability is needed to maintain the quality of server services. The algorithm used to build HA can use both classical and modern algorithms. The algorithm used in this research is using backpropagation neural network. In this study, the parameter values to obtain optimal accuracy are learning rate 0.1, training data 80 and test data 20, the number of nodes in hidden layer 4, minimum error 0.0001, and the number of iterations 2500.The best accuracy value using these parameters is 93.79% .
Salah satu masalah ayng ada pada bidang komputer security adalah serangan Denial of Service (DoS) . Sudah banyak dikembangkan, beberapa metode yang dapat digunakan untuk mendeteksi jenis serangan ini, salah satunya adalah anomaly detection. Pada penelitian ini diterapakan salah satu algoritma Artificial Immune System, yaitu dendritic cell algorithm. Pada penelitian ini menggunakan dataset iscx, dimana serangan DoS dibuat dengan memanfaatkan tools slowloris. Slowloris merupakan s alah satu tools yang diguanakan untuk melakukan serangan DoS. Tools slowloris ini, menghabiskan socket yang tersedia pada web server, dan mengirimkan get request yang tidak lengkap.
Dragon Nest is one of Massively Multiplayer Online Role-playing Game (MMORPG online games. It has become the most popular online game played by people around the world. This work observes two examples of the MMORPG online games: the Dragon Nest INA and the Legend DN II. The purpose is to analyze the traffic data of the Dragon Nest to find and discern the patterns of behavior of the Dragon Nest INA and the Legend DN II using Deep Packet Inspection (DPI). A dataset is constructed by capturing traffic data from the testbed environment. Then feature extraction, feature selection, and visualization are performed during the experiments. Experiment results shows the traffic data of the Dragon Nest INA is higher than the Legend DN II. It is because of the difference in the number of entries in the game. Then, the Bloom filter method is used as a tool to check the existence of a pattern of the Dragon Nest in the dataset. The false positive rate of matching is 0.399576%.
Watering plants is work done and still done manually. To request that watering run optimally needs to be done, so that verified plants do not need to spend the costs incurred for plants. Factors that influence watering plants are soil moisture and temperature because evaporation of air temperature affects the level of soil moisture. Monitoring is done using the Internet of Things concept with the Thingspeak platform, automatic watering of plants is made using the fuzzy logic control method. DHT22 sensor as a temperature and humidity sensor, sensor Soil Moisture YL-69 as a soil moisture sensor and light sensor BH1750 as a light intensity sensor. From the tests conducted, the feasibility of the DHT22 sensor is 98.6%, the soil moisture sensor is 98.2% and the BH1750 sensor is able to read values up to 13.582 lx. Showing the fan is able to reduce the air temperature and increase the air temperature after 31 minutes, this automatic watering system can increase soil moisture in just one minute. Website runs well, can display accurate display the data within 1 minute in graphical form and user can be downloaded in CSV form and accessed in the ThingsView application from a smartphone.
Android smartphones is widely used for banking transactions. Thus, it can be at risk of malware attacks. Malware classification is a method that serves to identify and distinguish types of data classified as malware or normal. Banking Malware is malware designed to gain access to user's online banking accounts by impersonating a real banking application or web banking interface. This study aims to obtain the best level of accuracy in the classification of Banking Malware using the random forest algorithm with a dataset originating from the University of New Brunswick, namely CICMALDROID2020. The extraction feature used is the CICFlowMeters tool to process a dataset from a PCAP file into a CSV file. This research also use feature selection boruta which functions to select the best features in the dataset. The classification results using the random forest algorithm are evaluated using a confusion matrix. The highest accuracy obtained in this study was 92.5%, with a precision value of 93.28% and a recall of 93.73%.
Supervisory Control And Data Acquisition is an Industry Control System used to monitor and control processes in the critical national infrastructure sector, one of the communication protocols SCADA is IEC 60870-5-104 which is used to send messages. The MITM attack was a process of attacks in which hackers slipped in the middle of a connection to obtain unknown information, modify, cut connections and can even steal very important data. On this research, Support Vector Machine is used to distinguish between normal packages and packages Attack. Detection results evaluated with Confusion Matrix to determine accuracy mitm attack detection with SVM method. From the results of this research, the accuracy obtained is 97.78%. The Visualization in this Research aims to make it easier for in recognizing and inferding differences from normal data packets and data Attack. Indicators used for comparison are frame_length and causeTx.
Distributed Denial of Service is a type of attack that is generated by many sources that are distributed simultaneously by overloading bandwidth on the target server. SYN Flood Attack Distributed Denial of Service aims to spend resources by sending many SYN request package to target machines. The SYN Flood attack was found based on Snort IDS from the dataset resulting from a SYN Flood attack in the form of raw data (pcap file). From these results, information is obtained in the form of alerts that will be needed in determining the attack pattern for the detection process by applying the Rule-Based Signature method in the Python Algorithm. From the results of the detection, the value of True Positive Rate was 95.6%, while the value of False Negative Rate was 4.4%, and Accuracy was 95.6%.
Distributed Denial of Service (DDoS) attacks on a network continue to grow in the society. Especially the DDoS DNS Flooding attack carried out by irresponsible people and aimed at someone else's Router network to paralyze the Router network. Therefore network forensics is needed to obtain forensic evidence so that the perpetrators of crimes can be prosecuted according to the applicable law. The purpose of this research is to identify DNS Flooding attack patterns, perform data acquisition and analizing the attacks on Router networks, and search for attack traffic information on Router networks that can be used as digital evidence through the Live Forensics method. The dataset used in this study is a dataset created by utilizing Hping3's tools to create DNS Flooding attack data traffic with three dataset creation scenarios, then the dataset will be extracted to get the attack pattern . The process of analyzing and data acquisition using the Wireshark tool aims to process data or information retrieval regarding the activity log and the attacker's IP address. In this study, it was successful in retrieving DDoS attack information data related to attack patterns, the state of the victim's computer before and after being attacked, activity log data and the attacker's IP address.
Fokus penelitian ini adalah membuat jaringan VLAN yang akan dirancang menjadi jaringan Inter VLAN Routing pada salah satu perangkat jaringan yaitu Juniper Switch. Jaringan yang dibuat pada penelitian ini memiliki empat VLAN dimana VLAN kedua, VLAN ketiga dan VLAN keempat sebagai user sedangkan VLAN pertama sebagai administrator atau user dengan menggunakan komunikasi Console dan kabel UTP. Inter VLAN Routing adalah jenis jaringan yang dilakukan untuk menghubungkan antar vlan yang berbeda network. Pada penelitian ini dilakukan tiga skenario pengujian : (i) pengujian pertama melakukan tes ping interface irb pada switch, (ii) pengujian kedua melakukan tes ping antar vlan member, dan (iii) pengujian ketiga melakukan tes ping antar vlan network, verifikasi vlan dan tracert. Hasil yang diperoleh dari penelitian berupa jaringan vlan dan Inter vlan dapat berkomunikasi satu sama lain, Time To Live yang didapat dalam tes ping interface irb pada switch rata-rata sebesar 64, untuk tes ping antar vlan member dan network sebesar 127-128 serta perancangan Inter-VLAN Routing berhasil dilakukan pada Juniper Switch dengan melakukan konfigurasi Integrated Routing and Bridging.
<strong>The Development of an Internet of Things (IoT) Network Traffic Dataset with Simulated Attack Data.</strong> Abstract— This research focuses on the requirements for and the creation of an intrusion detection system (IDS) dataset for an Internet of Things (IoT) network domain. A minimal requirements Internet of Things (IoT) network system was built to produce a dataset according to IDS testing needs for IoT security. Testing was performed with 12 scenarios and resulted in 24 datasets which consisted of normal, attack and combined normal-attack traffic data. Testing focused on three denial of service (DoS) and distributed denial of service (DDoS) attacks—“finish” (FIN) flood, User Datagram Protocol (UDP) flood, and Zbassocflood/association flood—using two communication protocols, IEEE 802.11 (WiFi) and IEEE 802.15.4 (ZigBee). A preprocessing test result obtained 95 attributes for the WiFi datasets and 64 attributes for the Xbee datasets . <strong>TCP FIN Flood Attack Pattern Recognition on Internet of Things with Rule Based Signature Analysis</strong> Abstract-Focus of this research is TCP FIN flood attack pattern recognition in Internet of Things (IoT) network using rule based signature analysis method. Dataset is taken based on three scenarios normal, attack and normal-attack. The process of identification and recognition of TCP FIN flood attack pattern is done based on observation and analysis of packet attribute from raw data (pcap) using a feature extraction and feature selection method. Further testing was conducted using snort as an IDS. The results of the confusion matrix detection rate evaluation against the snort as IDS show the average percentage of the precision level. Citing<br> Citation data : "TCP FIN Flood Attack Pattern Recognition on Internet of Things with Rule Based Signature Analysis" - https://online-journals.org/index.php/i-joe/article/view/9848 <pre><code>@article{article, author = {Stiawan, Deris and Wahyudi, Dimas and Heryanto, Ahmad and Sahmin, Samsuryadi and Idris, Yazid and Muchtar, Farkhana and Alzahrani, Mohammed and Budiarto, Rahmat}, year = {2019}, month = {04}, pages = {124}, title = {TCP FIN Flood Attack Pattern Recognition on Internet of Things with Rule Based Signature Analysis}, volume = {15}, journal = {International Journal of Online and Biomedical Engineering (iJOE)}, doi = {10.3991/ijoe.v15i07.9848} }</code></pre> <strong>Features Extraction on IoT Intrusion Detection System Using Principal Components Analysis (PCA)</strong> Feature extraction solves the problem of finding the most efficient and comprehensive set of features. A Principle Component Analysis (PCA) feature extraction algorithm is applied to optimize the effectiveness of feature extraction to build an effective intrusion detection method. This paper uses the Principal Components Analysis (PCA) for features extraction on intrusion detection system with the aim to improve the accuracy and precision of the detection. The impact of features extraction to attack detection was examined. Experiments on a network traffic dataset created from an Internet of Thing (IoT) testbed network topology were conducted and the results show that the accuracy of the detection reaches 100 percent. Citing<br> Citation data : "Features Extraction on IoT Intrusion Detection System Using Principal Components Analysis (PCA)" - https://ieeexplore.ieee.org/document/9251292 <pre><code>@inproceedings{inproceedings, author = {Sharipuddin, and Purnama, Benni and Kurniabudi, Kurniabudi and Winanto, Eko and Stiawan, Deris and Hanapi, Darmawiiovo and Idris, Mohd and Budiarto, Rahmat}, year = {2020}, month = {10}, pages = {114-118}, title = {Features Extraction on IoT Intrusion Detection System Using Principal Components Analysis (PCA)}, doi = {10.23919/EECSI50503.2020.9251292} }</code></pre>
Abstract -- Software Defined Network (SDN) is a new technology in the computer network. SDN provides convenience in designing, building and managing computer networks. Control plane and data plane can be separated in data communications on a computer network. Network devices can be set centrally at the controller. SDN controller is a computer with a Linux operating system and run the application opendaylight. OpenFlow protocol used in preparing insfratruktur SDN. OpenFlow is a standard communication interface that is located between the control and forwarding layer. Mininet used in building an effective and efficient platform. This simulator offers features that is sufficient to perform network simulation SDN. Keyword— Software Defined Network, Controler, OpenFlow, Opendaylight, Mininet. Abstrak— Software Defined Network (SDN) merupakan teknologi baru di jaringan komputer. SDN memberikan kemudahan dalam mendesain, membangun dan mengelola jaringan komputer. Control plane dan data plane dapat dipisahkan dalam komunikasi data di jaringan komputer. Perangkat jaringan dapat disetting secara terpusat pada kontroler. Controler SDN adalah komputer dengan sistem operasi linux dan menjalankan aplikasi opendaylight. Protokol OpenFlow digunakan dalam menyusun insfratruktur SDN. OpenFlow adalah sebuah standar komunikasi antarmuka yang berada antara control dan forwarding layer. Mininet digunakan dalam membangun platform yang efektif dan efisien. Simulator ini menawarkan fitur-fitur yang sangat memadai untuk melakukan simulasi jaringan SDN. Kata Kunci— Software Defined Network, Controler, OpenFlow, Opendaylight, Mininet.
Server adalah Sebuah komputer yang terhubung dengan jaringan komputer dan menyediakan berbagai jenis layanan yang dapat diakses oleh komputer lainnya (client). Server harus didukung dengan oleh hardware dan software yang handal. Komputer Server harus selalu aktif supaya client ERP tetap bisa mengaksesnya setiap saat. Sebaliknya Jika server ERP down maka aplikasi web tidak bisa diakses sama sekali oleh client. Oleh karena itu, dibutuhkan mekanisme monitoring server ERP untuk mengetahui status dari server tempat aplikasi ERP tersedia. Sistem monitoring menggunakan ICMP dan SNMP untuk mendapatkan status dari setiap server yang digunakan. Berdasarkan data percobaan, SNMP dan ICMP mampu memberikan informasi yang akurat dan cepat untuk mendapatkan status aktif atau down dari server yang menjadi objek penelitian.
One use of RFID is used as a user authentication tool that can provide more access to a system. Security is much needed on RFID. If authentication rights are misused for the wrong thing then it is very dangerous. The scheme used is to send RFID Tag ID data as a unique authentication code. RFID Tag ID will be sent from client to server using local network scale. RFID Tag ID data transmission can be done using wireless transmission media. When shipping the bugs can steal data with sniffing techniques. To minimize the risk of data theft can be applied data encryption method with DES algorithm. There will be a modified 8-bit RFID Tag ID which will add 8-bit user passwords. So 16 bit data can be processed with DES algorithm. With the data encryption at the time of delivery from client to server then data sent will be encrypted. So tappers can not misuse existing data.
Sistem tertanam dapat diintegrasikan kepada data center dengan menggunakan protocol HTTP. Informasi dapat dikirim, diolah dan disimpan dalam sistem yang terdistribusi tanpa terbatas antar jarak, lokasi dan waktu. Data dapat diakses dimana saja dan kapan saja. HTTP merupakan protocol yang aman dan handal untuk membawa data sensor. Pada firewall, paket HTTP dianggap sebagai data yang legal untuk melewati jaringan komputer sehingga data sensor dapat dikirim dan tidak diblok oleh firewall. Sistem Tertanam akan membentuk jaringan sensor dengan mengirimkan informasi melalui web service, sehingga data yang dikumpulkan oleh mikrokontroler dapat dikirim dan selanjutnya dapat diolah oleh data center.
Indralaya known as the City of Students and Education, also has more than 30 boarding school, and 60 senior high school / vocational school spread over Ogan Ilir. Implementation of community service performed in Inderalaya to determine the relationship of the behavior of teenagers surfs the internet and provide knowledge about healthy and safe while surfing an internet. The method of data collection using questionnaires. Number of questionnaires distributed as many as 27 participants from SMAN 1 Inderalaya Utara and Pondok Pesantren Al Ittifaqiyah based on age from 15 to 17 years. Results showed teenagers have the tendency to access the internet every day with a duration of 1-2 hours and mostly done in the bedroom. Applications often they use is social networking. The teens also have the courage to meet with people who are known via online with a percentage of 29.6%.
According to the Basic Data of Directorate of Technical and Vocational Education that there are 18 vocational Computer Engineering and Networks in Palembang with consist of 2 state and 16 private schools. Utilization of the wireless network delivered in the training method that involves cognitive, affective and psychomotor aspects. The basic training taught basic computer network, especially related to wireless networks. These three aspects are evaluated through a pre test and post test. The results of pre and post test showed that 6.7% of the participants were not able to increase their knowledge about the wireless network while 93.3% are able.
The use of Wi-Fi technology is not only in public places but also educational institutions, hotspot allows the smoothness of a lecture process, the use of hotspots within the campus will be more focused due to the Wi-Fi network on campus network on a large scale, the use of CAPsMAN’s (Controlled Access Point System Manager) MikroTik features to become one of the proponents for wireless device. This research uses the descriptive method and the data taken through documentation, observation, and laboratory methods. Method in system development using NDLC (Network Development Life Cycle). The result of the research are 2 (two) Access Point can be used as hotspot and use different SSID. All Access Points are controlled by CAPsMAN and each Access Point is assigned their respective policies and can communicate with CAPsMAN via DTLS (Datagram Transport Layer Security). Therefore, the use of hotspot with Mikrotik CAPsMAN technology can control the wireless network centrally.
Software Defined Network (SDN) is a network architecture which separates control plane and data plane. Focus of this research is discusses Bellman-Ford algorithm in determining the shortest path, as well as a QoS single topology and custom topology using parameters throughput, delay, packet loss refers to standardization ITU-T G.1010. Bellman-Ford algorithm is implemented on a POX controller and tested in a custom topology. Scenario is source host sends packet to destination host using PING command, then when packet delivery is in progress a traffic engineering link failure is made such as link down. Based on tests that have been done, it can be concluded that Bellman-Ford algorithm applied in custom topology SDN network is able to find other shortest paths as alternative paths based on number of hops shortest between switches. For QoS results in a single topology, throughput smallest TCP 720 Kbps and largest TCP 758 Kbps, while smallest UDP 695 Kbps and largest UDP 729 Kbps. Delay value single topology smallest TCP 0,00670 s and largest TCP 0,00705 s, while smallest UDP 0,01142 s and largest UDP 0,01199 s. Packet loss value single topology smallest TCP 0% and largest TCP 0,00383%, while smallest UDP 0% and largest UDP 0,01596%. In custom topology, throughput smallest TCP 431 Kbps and largest TCP 497 Kbps, while smallest UDP 413 Kbps and largest UDP 460 Kbps. Delay value smallest TCP 0,01016 s and largest TCP 0,01168 s, while smallest UDP 0,01690 s and largest UDP 0,02015 s. Packet loss value smallest TCP 0,00052% and largest TCP 0,02363%, while smallest UDP 0% and largest UDP 0,06445%. Based on results of QoS tests that have been obtained, it can be concluded that a SDN network single topology and custom topology has good QoS performance which refers to standardization ITU-T G.1010.
Computer networks have become a necessity for everyone in the current digital era, but the use of these networks must be regulated so that the network used can be stable and even. Excessive use of the network to make the network unstable requires a method to regulate the use of the network in accordance with its designation. Network access settings and bandwidth usage settings are used as solutions that can be taken to minimize the use of these networks using the Hierarchical Token Bucket (HTB). Hierarchical Token Bucket is a method used to manage bandwidth sharing, where bandwidth distribution is done hierarchically which can be divided into classes so as to facilitate bandwidth management. The Hierarchical Token Bucket can be applied to the proxy router on the network by using the Mangle and Queue Tree configuration which is aimed at an IP Address, protocol, or content, so that the network is allowed or not to be accessed.
VLAN technology can be used as network segmentation in switch equipment in the switch method; the switch can be connected to a router to connect all VLANs. Besides this, VLANs can also be assisted with the MikroTik CAPsMAN feature which is useful for managing all Access Point devices centrally. The purpose of this study is to configure VLANs using the MikroTik CAPsMAN feature and centrally manage wireless. This research was conducted at the Laboratory of the Faculty of Computer Science, Sriwijaya University with a descriptive method approach and the data were processed by literature, observation and experiment methods. The results of the study there are two Access Points that also become CAPsMAN and CAPs. Access Points also function as wireless and VLAN so that all are connected to each other centrally. Therefore, VLAN and CAPsMAN implementations can collaborate on time efficiency and also make it easier to control wireless networks.
Radio Frequency Identification (RFID) is a wireless technology that uses radio waves as a key for item tracking, localization of movable assets and for automatic operations. In some cases, it is not possible for the reader to identify all the tags which result in the tag being undetected. One of the factors that influence tag identification is interference. In this paper discusses the calculation of distance calculations obtained using the RSSI technique and the speed of detection at the time of the interference and simulation of the detection at the time of the interference influence using the slotted aloha method. And the results obtained calculations results in the smallest distance difference is 0.00639 meters and the largest is 0.3877 meters, and the fastest average time when detecting 10 tags is when the interference probability is 0 which is 27.1828 ms and the longest average time when the detection of 10 tags is when the interference probability is 0.5 that is 54,3656 ms.
In this study, the authors detected using the Naive Bayes method for distributed smurf attack (DDoS) on a software defined network (SDN) implemented in mininet simulations. Smurf Attack is a dos attack by sending an icmp request packet without a reply from the server. In detecting, it can recognize unique attributes that are considered as attack patterns from smurf ddos such as frame length, icmp type, and icmp identifier. The attack pattern is used as a detecting parameter in detecting using the Naive Bayes method. The scenario uses six hosts, three hosts as attackers, two hosts as clients and one host as a server running http services. The results of tests that have been carried out by detecting using the Naive Bayes method will be compared with the Snort Intrusion detection System, the Naive Bayes method has a 99.96% accuracy presentation while the IDS snort has an accuracy of 99.99%.
This research focus on pattern recognition of TCP FIN flood and zbassocflood/association flooding attacks on Internet of Things (IoT) network using rule based signature analysis method. The research was conducted on WiFi and IEEE 802.15.4 communication with normal traffic, attack traffic and combined normal – attack traffic, fifteen different datasets were generated from these schemes, consisting of normal datasets, attack datasets and normal-attack datasets. The testing was performanced on two stages, there are : (i) testing with Snort Rules as Intrusion Detection System (IDS), and (ii) testing with rule based signature analysis method using Intrusion Detection Engine (IDE) naive string matching. In this research, the measurement of detection result using confusion matrix detection rate method bases on Snort IDS and Intrusion Detection Engine (IDE) naive string matching are presented. The Snort IDS shows that has average 17,7845% of TPR, 0,0266% FPR, 79,9734% TNR, 62,2155% for FNR and the detection accuracy is 26,3268%. While the Intrusion Detection Engine (IDE) using naive string matching that has average percentage 99,9131% of TPR, 0% FPR, 100% TNR, 0,0869% FNR and the detection accuracy is 99,9199%.
Sekolah Menengah Kejuruan IT Mutiara Azzam Palembang merupakan sekolah yang mengkhususkan pendidikan dengan kurikulum SMK yang berorientasi kepada keahlian teknologi informasi. Sekolah tersebut mempunyai jurusan teknik komputer dan jaringan, teknik elektro, multimedia dan desain komunikasi visual serta akuntansi. Metode pelatihan yang digunakan dalam pengabdian ini berupa metode pelatihan langsung berupa pemaparan/presentasi, tutorial serta diskusi. Dalam pengabdian kepada masyarakat instrumen yang digunakan dalam menganalisa kebutuhan, dan dampak pelatihan kepada siswa adalah tes tertulis yaitu pre-test dan post-test. Berdasarkan indikator menyimpulkan bahwa PKM 2016 telah mencapai tujuan utamanya dan dapat dikatakan berhasil dalam memberikan pemahaman multimedia
Pengabdian masyarakat tahun 2018 mememberikan workshop teknik keamanan dalam menggunakan internet pada siswa smk di Indralaya kepada masyarakat yang terdiri dari SMK N 1 Pemulutan Selatan. Setiap aktifitas di internet selalu memiliki sisi positif dan negatif. Pada kegiatan workshop memerbikan pengetahuan kepada peserta untuk memproteksi diri terhadap konten-koten negatif dengan menggunakan router mikrotik.
Fokus penelitian ini ialah pada deteksi serangan distribute denial of service (DDoS), dengan mengenali pola dari serangan distribute denial of service (DDoS) yang terjadi pada jaringan internet of things, jaringan internet of things yang dibangun dalam penelitian ini memiliki empat node dengan sensor pada setiap nodenya, dimana setiap sensor akan melakukan pembacaan data yang akan dikirim ke mesin Raspberry Pi yang berfungsi sebagai node agregator yang selanjutnya akan diforward ke mesin server sekaligus sebagai dashboard visualisasi dengan menggunakan protokol komunikasi zigbee. Serangan distribute denial of service merupakan serangan yang bersifat connectionless yang melakukan flooding request sehingga dapat membuat jaringan menjadi sibuk dengan traffic yang tidak normal. Pola serangan distribute denial of service pada protokol zigbee dapat dikenali dari beberapa parameter berikut, seperti no_packet, ip_dst, frame_number, protocol, time, packet_length, ip_src, dan info_packet. Pada penelitian ini, algoritma yang digunakan untuk deteksi serangan DDoS ialah algoritma Naive Bayes, dengan hasil akhir penelitian memperoleh nilai rata-rata akurasi 99,94%, presisi 99,9%, dan nilai recall sebesar 99,9%.
LAN is a Local Area Network network where the network with wide area coverage and limited physical location in exchanging data and information. In an institution or company that is small and large scale, of course wants smoothness in exchanging data or information that is not limited to physical location. Then the VLAN network or Virtual Local Area Network is a network that is not limited to physical location so that in exchanging data and exchanging information that is not hampered by physical location. In communicating and exchanging data, a company wants data security so that it can be done with the concept of Newtork Local Virtual Area, where a VLAN concept in limiting access rights between specified VLANs so that communicating and exchanging data becomes safer. The result of implementing a Private Virtual Local Area Network system, in communicating between VLANs, can only communicate between predetermined VLANs. As in the implementation of between VLANs that can communicate, that is only fellow VLANs, Keuagan Division only and VLAN Employee Staff fellow Staff Staff only, Inter-Finance Division with Staff Employees cannot communicate with each other
The focus of this research is to protect the network from brute force login cyber attacks, by implementing a raw firewall on one of the network devices, namely mikrotik. The network built in this study has four LANs where the first LAN, second LAN and third LAN are attackers while the fourth LAN is administrator or attacked using WiFi communication and UTP cable. Brute force attack is a type of attack carried out to gain access as a user with an authentication attempt. This attack is carried out by trying all the passwords until the correct one is found. In this study two test scenarios were conducted: (i) the first test carried out a brute force attack before the implementation of the raw firewall, and (ii) the second test carried out a brute force attack again after the implementation of the raw firewall. Raw firewall rules are applied as many as seven rules. The results obtained from the study in the form of logs and address lists that are applied successfully get the source of the attack and limit the attack, Filtered port services applied successfully protect the remote access login port, the use of cpu resources before the raw firewall implementation on average is 28.24% and the cpu resource after implementation raw firewall on average by 2.28% when an attack occurs, the implementation of raw firewall against cyber attack brute force login successfully protects the network.
Internet of Things (IoT) is a system where various devices can be interconnected to exchange information, moreover allows objects to interact directly with other objects or referred to as Machine-to-Machine communication (M2M). Message Queue Telemetry Transport (MQTT) is a machine-to-machine connectivity protocol designed as message delivery that provides different Quality of Service (QoS) levels i.e 0, 1 and 2 for various use cases and provide a publish/subscribe architecture and multicasting messages. The most important feature is the low overhead provided for efficient communication between devices. In this study, MQTT is implemented by using mosquito broker which functions to manage the delivery of messages between Publisher and Subscriber by using the poll system call to handle multiple network sockets in one thread. With the scheme of increasing the number of nodes in each test, MQTT protocol has an overall average delay of 0.0029 seconds, average throughput of 218 Kbps, average packet loss of 0.2% and average packet delivery ratio of 99.7%. From this results, MQTT protocol has the potential to be able to meet usage requirements with limited bandwidth which can be adjusted to the QoS level provided by MQTT and low packet loss rates.
Distributed Denial of Service attacks prevents authorized users from accessing the service. One type of DDoS attack is a UDP flood, in which an attacker tries to flood the server traffic by sending a lot of requests with the UDP protocol. In this research, the string matching algorithm was successful in detecting the UDP flood attack by utilizing the payload as a pattern. With the detection result using string matching, then performing the process of taking attributes for blacklisting so that it can be used for the prevention process using an IPTABLES. The detection results using string matching obtained a true positive rate of 83% with a False Positive Rate of 0% and an accuracy of 83%. While the prevention using IPTABLES obtained a True Positive Rate of 100% with a False Positive Rate of 4% and an accuracy of 99%.
Teknologi informasi dan komunikasi dibutuhkan dalam meningkatkan produktivitas pada suatu perusahaan. Dengan semakin banyaknya persaingan dan tantangan yang dihadapi di era industry 4.0, membuat perusahaan melakukan inovasi digital dalam menjalankan proses bisnisnya. Salah satu teknologi yang berperan penting dalam digilitasisi industri adalah sistem database. Perusaahan dapat dengan mudah mengakses dan menyimpan data melalui database. Setiap server database harus mendapatkan perawatan yang rutin, dalam rangka menjaga performa dan kinerja server selalu dalam kondisi optimal. Perawatan yang harus dilakukan adalah melakukan tuneup server. Pada penelitian ini, kami menguji suatu sistem database untuk menemukan slow query dan melakukan tunup terhadap server agar slow query tersebut dapat diatasi dengan tepat. Tuneup yang telah dilakukan dapat meningkatkan performa server sebesar 47 % untuk CPU dan 45 % untuk penggunaan memori .
Intrusion Prevention System (IPS) is an approach used to build a computer security system that is more advanced than the Intrusion Detection System (IDS), because this IPS can do more than just analyze traffic / logs and generate alerts. IPS responds to detected intrusion packets and will block malicious activity on the network. The dataset used is NSL - KDD which will be detected by IDS Snort so that it gets an attack pattern to perform the detection process using the support vector machine method. The results of the accuracy value of detection using a support vector machine obtained 91.75%. In this study, the IPS system will search for and block packets from Buffer Overflow attacks which have the aim of gaining root access by executing code created by the attacker, the IPS system used is the Suricata Engine which serves as IDPS and performs packet inspection on raw data using rules alert, then suricata will act as IPS and regulate which network traffic is allowed to pass through the IPS system and drop packets that have buffer overflow attacks and drop will be used only in IPS / inline mode. Keywords : Intrusion Prevention System, Buffer Overflow, Support Vector Machine, NSL – KDD, Suricata
Serangan Syn Flood DDoS merupakan aktivitas serangan yang mengeksploitasi proses three way handshake pada koneksi TCP yang memanfaatkan Hping3. Sebagai tools yang untuk membuat traffic data serangan Syn Flood DDoS yang terdiri dari tiga skenario pembuatan dataset sehingga mendapatkan dataset yang bersifat homogen. Algoritma Dendritic Cell atau dikenal dengan DCA merupakan algoritma yang dirancang sebagai deteksi anomali pada traffic jaringan. Pada penelitian ini, serangan Syn Flood dapat diatasi menggunakan Artificial Immune System (AIS) dengan pemanfaatan Algoritma Dendritic Cell. Hasil dari deteksi Artificial Immune System (AIS) dengan pemanfaatan Dendritic Cell Algorithm (DCA) telah berhasil mendeteksi Serangan DDoS SYN Flood dengan tingkat akurasi 98,04 %, TPR 97,05 %, TNR 98,48 %, FPR 1,51% dan TNR 2,94%.
Banking Trojans are one of the most well-known types of malware because they are designed to measure money directly from the bank accounts of mobile or PC users. Tinba is a small malware which is very difficult to detect because of its small size, smaller than other Trojan that is commonly known. The purpose of this paper is to monitor tinba traffic. Before the blocking stage, the initial stage is by checking the traffic with the Snort Engine, the traffic pattern is unique to the traffic. The data sets used were sourced from the Stratosphere IPS. Then the results from the Snort engine obtained attack data which will be processed by machine learning random forest to prove the accuracy of the dataset used. In this study, the accuracy obtained was 99.69%. The next stage is to prevent traffic using the Suricata engine. At this stage a manual simulation is carried out by attacking the victim's device. In the final stage of this research, 27 traffic successfully blocked by the IPS mode Suricata engine.
The development of technology triggers the development of malicious files called malware. Malware is software that is explicitly designed with the aim of finding weaknesses or even damaging software or operating systems. In this study, the dowgin and benign malware classification was carried out using the Random Forest algorithm method by comparing weka data and spyder programs. The dataset used in this study is the CICAndMal2017 csv (Comma Separated Values) category with the dowgin type in this dataset has 1197 for 53% dowgin data and 792 begign data or 47% where this dataset has 85 attributes. After the classification, the accuracy value for the accuracy value is 0.998% and the OOB Error value is 0.16%, while using the Random Forest method the accuracy value for the spyder program is 0.891% and the OOB Error value is 0.108%.
Malware can also be interpreted as software installed on a computer system without the knowledge of the user or the owner of the system. Malware is also commonly found on Android systems, one type of adware.The that can be used to analyze malware is by analyzing application program code that is suspected of containing malware, one of which is reverse engineering. By using the reverse engineering that uses static analysis, the title of the final project is taken, namely malware detection on the android platform with the reverse engineering method which purpose to detect the presence of adware malware.Of the 20 application samples obtained from CICAndMal2017 and CIC dataset and reverse engineering process has been carried out, 284 permissions were obtained from the androidmanifest.xml file obtained by static analysis of 24 permissions which are considered youmi adware malware by taking samples from the available dataset.
Remote Access Trojans (RATs) are a serious problem that needs to be resolved. RATs run silently in the background making them difficult to detect by users. Intrusion Detection and Prevention System (IDPS) is usually applied to solved this. Many NIDPS devices have been distributed from various vendors, but these devices are difficult to reach Small Office and Home Office (SOHO) because they have quite expensive selling price. To solve this problem, researchers designed IDPS on a Small Board Computer to improve resource efficiency. To improve the performance of the system to be built, the researcher added the Support Vector Machine algorithm for training data taken from the IDPS log. The results obtained from this training process will be used to update rules on the IDPS engine. Testing in this study was carried out in real time analyzing network traffic. Traffic indicated that RATs attacks will be immediately dropped and the IDPS system will issue an alert written in the drop log. From this research, the SVM method has good results in detecting RATs attacks.
The technology in the digital era is currently something that is needed and used on local networks and wider networks, the development of a signified network area that there are still constraints during the configuration process because there is no system that can control the access point centrally and each access point doesn’t have a wide enough signal range. Therefore a system is built that functions as a centralized system control and each access point has a multi SSID that can transmit a wider signal. SSID is a Service set identifier which is a place to enter the name of the access point and CAPsMAN is a feature contained in the proxy that can function as a centralized system control. The results of this research are that all access points can be controlled in one device and each access point has 2 SSIDs using CAPsMAN contained in the microtic.
This study was conducted to examine the implementation Constrained Application Protocol (CoAP) with Constrained RESTful Environments (CoRE) on RFC 7252 which was used as research parameter. The implementation of Constrained Application Protocol (CoAP) used the Internet of Things (IoT) technology. The testing technique was done offline and the devices that have been used were based on constrained device. Network performance testing parameters in this study were UDP throughput, UDP delay, UDP packet loss and UDP packet delivery ratio. Network performance testing with LED output and Buzzer produced the largest throughput of 4,5737 kbps while the smallest average was 1,2293 kbps, the largest average UDP delay was 2 seconds and the smallest was 0.6 seconds, then the average UDP packet loss was 0% while the average success of the packet delivery ratio was 100%. From this result, Constrained Application Protocol (CoAP) protocol has small network performance than the Hyper Text Transfer Protocol (HTTP) protocol to be implemented on the Internet of Things (IoT) technology.
Layanan aplikasi ERP dari Fakultas Ilmu Komputer Universitas Sriwijaya merupakan layanan yang digunakan oleh seluruh civitas akademika Fasilkom dalam melakukan aktifitas belajar dan mengajar. Setiap hari layanan ERP melayanani ribuan request yang dilakukan oleh client. Setiap request dari client harus dapat direspon dengan mengirimkan replay data yang diminta. Untuk memberikan layanan yang baik. Server layanan ERP harus di dukung oleh server-server yang handal. Server-server ERP agar dapat bertahan terhadap beban komputasi dan komunikasi disusun dengan konsep kluster. Sistem kluster dapat memberikan high availability pada aplikasi ERP dengan menyeimbangkan beban komputasi.
Supervisory Control and Data Acquisition is hardware that functions to control geographically dispersed industrial systems, where a centralized data acquisition needed in the operation of the system. IEC 60870-5-104 is one of the protocols used in Scada communication, this protocol has vulnerabilities security in the application layer and data link layer. Man in the Middle attacks has a very high risk of the Scada network, where these attacks can take over the communication between devices that communicate unnoticed. The detection system program in this research uses artificial Neural Networks to distinguish attack packages and normal packages. Detection results are evaluated with the Confusion Matrix to determine the accuracy of MITM ttack detection. From the results of this research, an accuracy of 99.91% was obtained with a TPR value of 100% and an FPR value of around 0.18% for error detection, while TNR ranged between 99.85% and FNR 0%.
Denial of Service (DoS) adalah teknik serangan yang sering dilakukan oleh attacker yang bertujuan untuk melumpuhkan kemampuan sistem. Serangan dari Denial of Service (DoS) merupakan ancaman yang serius dalam jaringan saat ini, Serangan Smurf merupakan serangan yang dapat memanfaatkan IP dari Host target sebagai sumber ICMP Request, serta mendapat keuntungan terhadap protokol jaringan paket ICMP. Pada kasus ini peneliti menggunakan metode dari Supervised Learning algoritma Iterative Dichotomiser 3 (ID3) yang membentuk suatu model Tree, metode ini akan menghasilkan nilai Entropy sebagai sampel hasil pengujian pada Node. Pada penelitian ini ada 5 skenario yang dilakukan terhadap 2 kelas serangan yang berbeda dan 1 kelas serangan normal dengan jumlah 10 model ID3 dan menggunakan 2 Hyperparameter Min Sample Leaf 100000 dan Hyperparameter Max Leaf Nodes dengan nilai Leaf 3 dari teknik Pruning Decision Tree Learning. Dari 10 model ID3 yang diuji coba, model terbaik diperoleh dengan 50% data uji dari Max Leaf Nodes 3 dan 80% data uji dari Min Sample Leaf Nodes 100000. Model ID3 memiliki evaluasi tertinggi pada skenario 2 kelas serangan DoS Hyparameter Max Leaf Nodes 3 dengan nilai Sensitivitas 99,979%, Presisi 99,933%, Spesifisitas 99,989%, Akurasi 99,982% dan F1 99,956%.
Intrusion Prevention System is a system that combines firewall techniques and Intrusion Detection System to overcome threats on a network with a network that then provides a warning. In contrast to IDS, IPS provides a response to traffic that is considered an attack and that traffic. The data set used in this research is Stratosphere CTU-25-5 which will compile into the snort IDS engine to get attack patterns from Botnet attacks, once recognized and the proper rules have been supported then the results of the process are validated using Machine Learning with the Support method. Vector Machine and an accuracy value of 98.3%. Furthermore, Suricata Engine is used as an IPS system to be stored, and Botnet attack packages, specifically caused by Zeus Malware. This attack aims to sneak malware to infect computers and reports to become part of the botnet. This system will only order packages based on the rules used (rule-based).
Attack detection is an activity to analyze data or files whether the data has an attack or not. Snort IDS (intrusion detection system) help in analyzing and detecting attacks on a network in the bitcoin mining process. Malware Ransomware attack is a very dangerous attack because it requires a fee to be able to access the desired file. Ransomware attacks usually attack bitcoin miners who are doing the mining. Bitcoin Mining is a process carried out by miners to get a profit whose profits are commonly called Bitcoin. K-Means can be used to detect attacks on the bitcoin mining dataset. Malware Ransomware attack patterns on mining bitcoin mining datasets can recognized by several parameters such as source port, destination port, TTL, and protocol. In this study, the results obtained were 99% accuracy, which indicates the accuracy in the classification of malware attacks in this study.
Parallel computing and multi-core processors become promising platforms and are capable of processing multiple tasks, instructions, and data simultaneously, the goal of which is to save and speed up calculations that traditional computers cannot cope with. OpenMP Protocol programming model is implemented into a cluster system using Rasberry pi. This cluster is built by applying 5 nodes Rasberry pi, which can later be calculated the speed and efficiency of a parallel program. The program tested is matrix multiplication by order n x n. After the system is built-in, the test gets the value of several parameters, namely acceleration, efficiency, throughput, availability of resources. The OpenMP protocol used results in faster execution times compared to programs on single-node systems. The Rasberry Pi bee cluster system is faster than the simulation system due to the speeding results obtained 5.52 times and efficiency of more than 90%.
The existence of a Wireless network for the needs of society at this time is very necessary, because in addition to help for the needs of internet connection and information exchange, in terms of the cost of building a Wireless Internet network is cheaper when compared with cable. Basically the user or client will connect to the Access Point as long as the client is in the Access Point area. The purpose of this final project is how to prevent client connections are not disturbed when moving places when connected to Wireless network using the concept of Wireless Distribution System. This Final Project requires four items of Access Point for results according to design, then configure Wireless Mode on each Access Point and implement it in the specified place. The advantages of this final project is wireless client connection will not be disconnected even though the client moved from one Access Point as long as the client is still within the reach of three other Access Point.
Malware classification is a way to recognize types of data that are classified as malware or normal files. Banking Malware is a type of trojan that aims to deceive bank customers and financial institutions, allowing victims to transfer funds from the victim's account to the attacker's account. The purpose of this study is to obtain the best level of accuracy in the classification of Banking Malware using a support vector machine method using a dataset from the University of New Brunswick, namely the CICMALDROID2020. The extraction feature in the study uses the CICFlowMeters tool to convert files into ready-to-process files. This research also uses a feature selection extra-tree classifier which aims to select the best features. The results of the classification using the support vector machine method show fairly good results, namely an accuracy value of 87% which indicates the accuracy in the classification of banking malware attacks in this study.
Distributed Denial of Service (DDoS) merupakan serangan yang dapat mengganggu lalu lintas sebuah jaringan dengan memanfaatkan mesin zombie yang dikendalikan oleh penyerang. Serangan HTTP Flood dilakukan dengan mengeksploitasi permintaan HTTP GET dan HTTP POST ke target yang diserang. Pada penelitian ini menggunakan dataset CSE-CIC-IDS 2018 yang berasal dari University Of New Brunswick (UNB). Digunakan algoritma seleksi fitur Correlation-based Feature Selection (CFS) untuk mendapatkan fitur penting pada proses klasifikasi. Selain itu, digunakan algoritma Long Short Term Memory (LSTM) untuk mengklasifikasikan serangan DDoS HTTP Flood. Hasil pada penelitian ini menunjukkan bahwa Long Short Term Memory (LSTM) dengan memanfaatkan algoritma fitur seleksi Correlation-based Feature Selection (CFS) dapat melakukan klasifikasi serangan DDoS HTTP Flood dengan cukup baik dengan hasil akurasi sebesar 99.97%, sensitivitas sebesar 99.96%, spesifitas sebesar 99.95%, presisi sebesar 99,91%, F1-Score sebesar 99.93%
The increasing number and size of network devices in the computer network poses a risk of interference in computer networks. The implementation of a virtual local network can suppress the use of computer network devices and can even utilize the resources of a computer network device. Network monitoring activities are indispensable to facilitate the management of the network. The purpose of this final task is to implement a virtual local network (VLAN) and network monitoring using The dude. The methods applied by conducting computer network design are made in a way and implemented directly and can be seen through the process of monitoring The network using The dude. The test results of the dude with various features can display various information from network device, network interface, data traffic, and other details. The dude uses the SYSLOG notification in the application of virtual local networks in realtime
Supervisory Control And Data Acquisition system adalah suatu sistem yang biasa digunakan pada dunia industri dimana untuk mengontrol perangkat dari jarak jauh dengan memanfaatkan jaringan komputer. Perangkat ini berkomunikasi berdasarkan aturan atau protokol,dimana salah satu protokol yang digunakan adalah IEC-60870-5-104/IEC-104. Protokol IEC-104 memiliki suatu kerentanan dimana tidak menenkripsi data antara perangkat yang saling berkomunikasi yang memungkinkan serangan dapat dilakukan. Serangan Man In The Middle dapat dilakukan dengan menempatkan penyerang berada di antara 2 perangkat yang sedang berkomunikasi dengan tujuan untuk mendapatkan informasi. Di penelitian ini digunakan Snort IDS untuk melabeli antara dua kelas pada dataset , lalu akan diklasifikasikan menggunakan algoritma Random Forest (RF) untuk membedakan antara paket normal dan serangan. Hasil dari algoritma RF dengan confusion matrix didapatkan akurasi terbaik sebesar 99.93%, serta nlai OOB Score sebesar 0.07 % dan nilai Undetection Rate (UND) sebesar 0.05%.
The title of this research is the Implementation of the End-To-End Encryption Mechanism on IoT Using the Rivest Cipher 4 (RC4) Method. This study aims to implement RC4 cryptography in the process of securing data transmission on IoT devices. The method used is the Rivest Cipher 4 method. The stages of the research begin with literature study, IoT and topology design, server installation and configuration, assembling and coding IoT devices, performing sniffing, temporary analysis, implementing RC4 and sniffing again, until the final analysis and drawing conclusions. The results showed that the IoT device was able to send data via a wireless network that had been designed. The data was successfully stored in the available table and the sniffing results showed that the value of the data sent was no longer visible after encryption Thus, RC4 managed to anticipate the Eavesdrop well.
Intrusion detection system (IDS) which is a system for detecting traffic in a network, but the weakness of this IDS can only detect and provide alerts without responding if there is an attack packet. The system that detects and responds to network traffic is called an intrusion prevention system (IPS), which is a system that is capable of giving actions to deny or allow a packet passing through the network traffic. Remote to Local (R2L) is an intrusion that aims to access the system that is the attacker's target without having access rights to the system that will become the victim. Decision tree is a method that provides a higher level of accuracy than other algorithms in detecting DoS and Probe attacks, the detection results are evaluated using confusion matrix to get accuracy results. Therefore, the decision tree method is used in this study, and produces an accuracy of 94%.
WLAN networks are used to replace LAN networks, this happens because of the rapid advancement of technology. In educational institutions the WLAN network is very helpful in student activities in finding information. These WLAN networks sometimes experience many problems, especially in security. Even though you have used good hardware, network security is still a major problem. The absence of security mechanisms such as encryption and authentication is a major problem causing network security problems. After doing research, Radius Server can solve this problem, this system is designed to limit bandwidth usage in WLAN server authentication networks. In this research, WLAN network security also uses WPA-PSK and WPA2-PSK methods, because all wireless networks use these methods to increase security. And the channel used on the WLAN network is the 6th channel, namely 2437.
DDoS TCP Flood attack is a condition where the attacker exploits the three-way handshaking mechanism of the TCP connection establishment process, where the server will be flooded with requests for SYN packets without being responded by the server. In preventing TCP Flood DDoS attacks, we need a system that will detect the attack pattern and then independently reject packets that indicated as attacks. In this study, the attack prevention system uses a combination of iptables in which the ingress/egress filtering algorithm is applied and Suricata is in charge of rejecting attack packets with known patterns. The packets sent will initially be filtered based on their prefix in iptables, if the packet has a valid prefix then the packet will be analyzed by Suricata which will determine whether the packet is forwarded to the destination IP address or will be rejected, in the end, the captured packet details on the attacker's computer, the prevention system, and the victim's computer will be validated and compared the number of prevention failures. From the results of testing the attack prevention system using the ingress/egress filtering algorithm, in preventing DDoS TCP Flood attacks, the success rate of preventing IP addresses with valid prefixes reaches 93.33%. while prevention for IP addresses with invalid prefixes (Spoofing), ingress/egress filtering managed to prevent all these attack packets.
High availability cluster is the ability of the system to increase the availability of services provided by a cluster. The high availability process is when the main server cannot provide services, then another clustered server will replace the main server automatically. One of the obstacles in cloud computing is how to predict the resources that will be used in real-time. This study will prevent failover using the backpropagation neural network method based on CPU utilization, memory utilization, and disk utilization parameters. In this study, several experiments were carried out to obtain the best results of training accuracy and testing accuracy. So that the results obtained are 96.10% training accuracy and 96.58% testing accuracy. Keywords : High availability, Cloud computing, Server, Cluster, Failover, Neural network backpropagation.
This study focuses on checking the RAMA REPOSITORY pcap file dataset. Aims to see if there are any Port Scanning attack attempts, where Port Scanning generally occurs in the early stages of the attack, namely during the reconnaissance and intrusion processes. The attack pattern was successfully obtained based on the analysis of the pcap file datasaet traffic. There are 2 pcap file datasets that will be checked and analyzed later. The results of this analysis will later be visualized to facilitate further data traffic analysis. The results of Snort's checking of the RAMA REPOSITORY pcap file dataset found that there were a total of 622 alerts in the first pcap file dataset, 484 alerts including Port Scanning attacks. Meanwhile, in the second pcap file dataset, a total of 587 alerts were found, 480 of which were Port Scanning attacks.
<strong>Performance Analysis of Message Queue Telemetry Transport (MQTT) Protocol on Internet of Thing (IoT) </strong><br> <em>status : on review</em> Internet of Things (IoT) is a system where devices are connected and allows information exchange among them. It also allows devices/objects to interact directly with other objects or commonly refers to Machine-to-Machine (M2M) communication. Message Queue Telemetry Transport (MQTT) is machine-to-machine connectivity protocol, which is designed as messages delivery service that gives different level of Quality of Service (QoS) i.e.: level 0, 1 and 2 for variety of use cases, provides architecture of publish/subscribe and supports multicasting message. The importance feature of MQTT is low overhead for efficient communication between devices. This work implements MQTT using Mosquito Broker, which has a function to regulate the delivery of messages between Publisher and Subscriber using poll system call to handle multiple network socket in one thread. With a scenario of increasing number of nodes at each experiment, MQTT Protocol has an average overall delay of 0.0029 seconds, an average throughput of 218 Kbps, average of packet loss of 0.2% and average of packet delivery ratio of 99.7%. Of experiment results obtained, the MQTT Protocol has potential to be able to meet the needs of the use of a limited bandwidth network, which can be adjusted with the level of service provided by the MQTT and low packet loss rate.
The focus of this research is to protect the network from DHCP Rogue (fake DHCP server), by implementing DHCP Snooping and VLAN on one of the network devices, namely a switch. The network built in this study has two routers where a legitimate router that gives the correct IP address to the client and a hacker router that gives the wrong IP address to the client, and the client will be tricked. And a laptop as a client that receives an IP address using a UTP cable, a USB to serial cable. In this study, two checking scenarios were carried out: (1) checking the first IP address before implementing DHCP Snooping and VLAN, and (2) checking the second on the IP address after DHCP Rogue is active. The results obtained from the research: the client gets an IP address from a valid DHCP server, after implementing DHCP Snooping and the VLAN port is much safer.
Research focused on one of the FreeNAS features in the Syncthing plug to sync peer to peer files. The research method used includes NAS as data storage with an operating system specifically designed to serve a variety of data processing that is more practical and secure. NAS can be software on a computer connected to a server via a network. System testing is carried out in two scenarios: (1) the first test connects the smartphone to a server without an IP address and (2) the second test connects the server to a smartphone with an IP address. The results of the test resulted in a NAS built on a FreeNAS server, able to synchronize peer to peer files and build data storage in the form of webstorage that can make it easier for users to manage centralized system data. In sending packets in 1116 packets, the throughput is 69 k bits/s with a total delay of 0.05226 within 01:00 minutes. For 2191 packets, the throughput is 39 k bits/s, the total delay is 0.07261 within 02:59 minutes. Package 3119 throughput 66 k bits/s with a total delay of 0.05568 in 01:06 minutes and packet 2020 throughput of 66 k bits/s with a total delay of 0.05173 in 01:44 minutes.
<strong>Ping Flood Attack Pattern Recognition using K-Means Algorithm in Internet of Things (IoT) Network</strong> <br> <em>status: on repository</em> Abstract — This work investigates ping flood attack pattern recognition on Internet of Things (IoT) network. Experiments are conducted on WiFi communication with three different scenarios: normal traffic, attack traffic, and normal-attack combination traffic to create normal dataset, attack dataset, and normal attack (combined) dataset. The datasets are grouped into two clusters i.e.: (i) normal cluster and (ii) attack cluster. Clustering results using implemented K-Means algorithm show the average number of packets on the cluster of attack in total is 95,931 packets, and the average packets on normal cluster in total is 4,068 packets. Accuracy level of the clustering results then is calculated using confusion matrix equation. Based on the confusion matrix calculation, accuracy of clustering using implemented K-Means algorithm was 99.94%. The true negative rate reaches up to 98.62%, true positive rate is 100%, the false negative rate is 0%, and the false positive rate reaches 1.38%.
Sistem Supervisory Control And Acquisition (SCADA) adalah sistem kontrol industri otomatis yang digunakan untuk mengontrol serta memantau berbagai tahapan industri yang menyebar luas, dimana akuisisi data sangatlah penting didalam pengoperasian sistem. Salah satu protokol komunikasi yang digunakan dalam komunikasi SCADA adalah IEC 60870-5-104. Protokol IEC 60870-5-104 memiliki kerentanan pada keamanan application layer dan data link layer. Serangan Man In The Middle memiliki resiko cukup besar didalam sistem SCADA, dimana penyerang secara diam-diam memotong komunikasi antara dua perangkat atau lebih. Pada penelitian ini diklasifikasi menggunakan Support Vector Machine (SVM) untuk membedakan paket normal dan serangan. Dari hasil algoritma SVM dengan confusion matrix diperoleh nilai TPR adalah 100%, nilai FPR yang berkisar rentang 0.045%, nilai TNR berkisar pada 97.82%, nilai FNR adalah 0%, nilai Presisi berkisar pada 99.85%, nilai F-1 Score berkisar pada 99.92%, sedangkan nilai akurasi adalah 99.86%.
Cryptography is the science and art that studies data security, which is used to secure messages or information. In this study, a website will be created where important data entered into it will be stored in a database and the encryption process in the database uses the RSA algorithm. The Rivest-Shamir-Adleman (RSA) algorithm or often shortened to the RSA algorithm is an asymmetric scheme encryption algorithm. Algorithms of this type are algorithmic techniques whose security is very strong and useful in many implementations. Personal data is very suitable to use the RSA algorithm, where the RSA algorithm is an asymmetric key algorithm that uses two different keys to perform the encryption and description processes. Therefore, attackers will find it difficult to steal data using this RSA algorithm.
Brute Force is an attack carried out to crack passwords obtained from a set of passwords (wordlist) and will choose the right password to carry out such an attack. This research will present a regular expression method for an attack pattern. In the first step, the data will perform a data analysis manually by observing existing data, they will perform a rule experiment for an observed manual attack pattern. Then, it will be detected using the Snort Intrusion Detection System (IDS) to find out whether there is an attack in a public cloud. Furthermore, once detected, a separation of attack data or normal data will be carried out. In the last stage, pattern recognition will be carried out by using python coding using the regular expression (regex) method using the available rules in the extracted features. The dataset used in this study is the Brute Force Attack dataset. The proposed method allows for faster implementation and also achieves higher accuracy. In this case, the average value for the Brute Force A Attack dataset is 99% accuracy, 100% precision, 99% recall, and 100% f1 score. Compared to the DARPA 2000 dataset which only gets 91.5% accuracy. Based on these studies and results, it means that this method can be proposed and has higher accuracy in an attack pattern recognition study
Dragon Nest is one of Massively Multiplayer Online Role-playing Game (MMORPG online games. It has become the most popular online game played by people around the world. This work observes two examples of the MMORPG online games: the Dragon Nest INA and the Legend DN II. The purpose is to analyze the traffic data of the Dragon Nest to find and discern the patterns of behavior of the Dragon Nest INA and the Legend DN II using Deep Packet Inspection (DPI). A dataset is constructed by capturing traffic data from the testbed environment. Then feature extraction, feature selection, and visualization are performed during the experiments. Experiment results shows the traffic data of the Dragon Nest INA is higher than the Legend DN II. It is because of the difference in the number of entries in the game. Then, the Bloom filter method is used as a tool to check the existence of a pattern of the Dragon Nest in the dataset. The false positive rate of matching is 0.399576%.
Virtual Reality (VR) technology has evolved significantly, but it often falls short in delivering personalized and adaptable experiences.The "Neuroadaptive VR Enhancement" methodology addressed this challenge by integrating neuroscience and machine learning to dynamically tailor VR content to users' cognitive and emotional states in real-time.Performance metrics, including User Satisfaction Score (USS), Engagement Rate (ER), Classification Accuracy (CA), Adaptation Quality (AQ), Heart Rate Variability (HRV) data, Task Performance metrics, Content Relevance Score (CRS), Presence (PRE), Immersion (IMM), System Usability Scale (SUS), and Usability Score (US), were employed to gauge effectiveness.Results indicate a substantial increase in user satisfaction and engagement.High CA demonstrates accurate interpretation of user states.User feedback via AQ scores underscores alignment between adaptations and user preferences.HRV data reveals insights into emotional states.Task performance metrics show efficiency and effectiveness.Users consistently report higher CRS ratings, confirming content relevance.The research contributes to the advancement of VR by addressing personalization and adaptation challenges, offering potential applications in gaming, education, healthcare, and therapy.This study pioneers user-centric VR experiences, envisioning a more personalized, emotionally resonant, and engaging VR future.
<strong>Investigating UDP Flood Attack Pattern on Internet of Things Network</strong> <em>status: on review</em> Abstract: UDP does not have mechanism for retransmission when a transmitting error happens, it makes this protocol to be used as a DDoS attack tool against Internet of Things (IoTs) networks. This research work attempts to analyze the UDP Flood attacks packets dataset captured from an Io|T testbed network by Wireshark. A feature extraction process on generated CSV file was performed and then the feature extraction result are examined to find patterns of UDP flood attack packet. Lastly, the patterns are visualized to provide easy pattern recognition.
<strong>Implementation of Constrained Application Protocol on IoT using Constrained RESTful Environments Constrained Device.</strong><br> <em>status : on repository</em> This study discusses the implementation of the Constrained Application Protocol (CoAP) using Constrained RESTful Environments (CoRE) on RFC 7252 which is used as a research parameter. The implementation of this Limited Application Protocol uses Internet of Things (IoT) technology. The testing technique is carried out offline and the device used is based on the constrained device. Network performance testing parameters in this study are UDP throughput, UDP delay, UDP packet loss and UDP packet delivery ratio. Testing network performance with LED and Buzzer output produces the largest average UDP throughput, namely 4.5737 Kbps while the smallest average throughput is 1.2293 Kbps, the largest average UDP delay result is 2 seconds and the smallest average is 0.6 seconds, then the average UDP packet loss yield is 0% while the average successful packet delivery ratio is 100%. From the results of this test, the Constrained Application Protocol (CoAP) has smaller network performance results than the HyperText Transfer Protocol (HTTP) to be implemented in Internet of Things (IoT) technology.
<strong>Investigating UDP Flood Attack Pattern on Internet of Things Network</strong> <em>status: on review</em> Abstract: UDP does not have mechanism for retransmission when a transmitting error happens, it makes this protocol to be used as a DDoS attack tool against Internet of Things (IoTs) networks. This research work attempts to analyze the UDP Flood attacks packets dataset captured from an Io|T testbed network by Wireshark. A feature extraction process on generated CSV file was performed and then the feature extraction result are examined to find patterns of UDP flood attack packet. Lastly, the patterns are visualized to provide easy pattern recognition.
<strong>Implementation of Constrained Application Protocol on IoT using Constrained RESTful Environments Constrained Device.</strong><br> <em>status : on repository</em> This study discusses the implementation of the Constrained Application Protocol (CoAP) using Constrained RESTful Environments (CoRE) on RFC 7252 which is used as a research parameter. The implementation of this Limited Application Protocol uses Internet of Things (IoT) technology. The testing technique is carried out offline and the device used is based on the constrained device. Network performance testing parameters in this study are UDP throughput, UDP delay, UDP packet loss and UDP packet delivery ratio. Testing network performance with LED and Buzzer output produces the largest average UDP throughput, namely 4.5737 Kbps while the smallest average throughput is 1.2293 Kbps, the largest average UDP delay result is 2 seconds and the smallest average is 0.6 seconds, then the average UDP packet loss yield is 0% while the average successful packet delivery ratio is 100%. From the results of this test, the Constrained Application Protocol (CoAP) has smaller network performance results than the HyperText Transfer Protocol (HTTP) to be implemented in Internet of Things (IoT) technology.
<strong>Performance Analysis of Message Queue Telemetry Transport (MQTT) Protocol on Internet of Thing (IoT) </strong><br> <em>status : on review</em> Internet of Things (IoT) is a system where devices are connected and allows information exchange among them. It also allows devices/objects to interact directly with other objects or commonly refers to Machine-to-Machine (M2M) communication. Message Queue Telemetry Transport (MQTT) is machine-to-machine connectivity protocol, which is designed as messages delivery service that gives different level of Quality of Service (QoS) i.e.: level 0, 1 and 2 for variety of use cases, provides architecture of publish/subscribe and supports multicasting message. The importance feature of MQTT is low overhead for efficient communication between devices. This work implements MQTT using Mosquito Broker, which has a function to regulate the delivery of messages between Publisher and Subscriber using poll system call to handle multiple network socket in one thread. With a scenario of increasing number of nodes at each experiment, MQTT Protocol has an average overall delay of 0.0029 seconds, an average throughput of 218 Kbps, average of packet loss of 0.2% and average of packet delivery ratio of 99.7%. Of experiment results obtained, the MQTT Protocol has potential to be able to meet the needs of the use of a limited bandwidth network, which can be adjusted with the level of service provided by the MQTT and low packet loss rate.
<strong>The Development of an Internet of Things (IoT) Network Traffic Dataset with Simulated Attack Data.</strong> Abstract— This research focuses on the requirements for and the creation of an intrusion detection system (IDS) dataset for an Internet of Things (IoT) network domain. A minimal requirements Internet of Things (IoT) network system was built to produce a dataset according to IDS testing needs for IoT security. Testing was performed with 12 scenarios and resulted in 24 datasets which consisted of normal, attack and combined normal-attack traffic data. Testing focused on three denial of service (DoS) and distributed denial of service (DDoS) attacks—“finish” (FIN) flood, User Datagram Protocol (UDP) flood, and Zbassocflood/association flood—using two communication protocols, IEEE 802.11 (WiFi) and IEEE 802.15.4 (ZigBee). A preprocessing test result obtained 95 attributes for the WiFi datasets and 64 attributes for the Xbee datasets . <strong>TCP FIN Flood Attack Pattern Recognition on Internet of Things with Rule Based Signature Analysis</strong> Abstract-Focus of this research is TCP FIN flood attack pattern recognition in Internet of Things (IoT) network using rule based signature analysis method. Dataset is taken based on three scenarios normal, attack and normal-attack. The process of identification and recognition of TCP FIN flood attack pattern is done based on observation and analysis of packet attribute from raw data (pcap) using a feature extraction and feature selection method. Further testing was conducted using snort as an IDS. The results of the confusion matrix detection rate evaluation against the snort as IDS show the average percentage of the precision level. Citing<br> Citation data : "TCP FIN Flood Attack Pattern Recognition on Internet of Things with Rule Based Signature Analysis" - https://online-journals.org/index.php/i-joe/article/view/9848 <pre><code>@article{article, author = {Stiawan, Deris and Wahyudi, Dimas and Heryanto, Ahmad and Sahmin, Samsuryadi and Idris, Yazid and Muchtar, Farkhana and Alzahrani, Mohammed and Budiarto, Rahmat}, year = {2019}, month = {04}, pages = {124}, title = {TCP FIN Flood Attack Pattern Recognition on Internet of Things with Rule Based Signature Analysis}, volume = {15}, journal = {International Journal of Online and Biomedical Engineering (iJOE)}, doi = {10.3991/ijoe.v15i07.9848} }</code></pre> <strong>Features Extraction on IoT Intrusion Detection System Using Principal Components Analysis (PCA)</strong> Feature extraction solves the problem of finding the most efficient and comprehensive set of features. A Principle Component Analysis (PCA) feature extraction algorithm is applied to optimize the effectiveness of feature extraction to build an effective intrusion detection method. This paper uses the Principal Components Analysis (PCA) for features extraction on intrusion detection system with the aim to improve the accuracy and precision of the detection. The impact of features extraction to attack detection was examined. Experiments on a network traffic dataset created from an Internet of Thing (IoT) testbed network topology were conducted and the results show that the accuracy of the detection reaches 100 percent. Citing<br> Citation data : "Features Extraction on IoT Intrusion Detection System Using Principal Components Analysis (PCA)" - https://ieeexplore.ieee.org/document/9251292 <pre><code>@inproceedings{inproceedings, author = {Sharipuddin, and Purnama, Benni and Kurniabudi, Kurniabudi and Winanto, Eko and Stiawan, Deris and Hanapi, Darmawiiovo and Idris, Mohd and Budiarto, Rahmat}, year = {2020}, month = {10}, pages = {114-118}, title = {Features Extraction on IoT Intrusion Detection System Using Principal Components Analysis (PCA)}, doi = {10.23919/EECSI50503.2020.9251292} }</code></pre>
<strong>Ping Flood Attack Pattern Recognition using K-Means Algorithm in Internet of Things (IoT) Network</strong> <br> <em>status: on repository</em> Abstract — This work investigates ping flood attack pattern recognition on Internet of Things (IoT) network. Experiments are conducted on WiFi communication with three different scenarios: normal traffic, attack traffic, and normal-attack combination traffic to create normal dataset, attack dataset, and normal attack (combined) dataset. The datasets are grouped into two clusters i.e.: (i) normal cluster and (ii) attack cluster. Clustering results using implemented K-Means algorithm show the average number of packets on the cluster of attack in total is 95,931 packets, and the average packets on normal cluster in total is 4,068 packets. Accuracy level of the clustering results then is calculated using confusion matrix equation. Based on the confusion matrix calculation, accuracy of clustering using implemented K-Means algorithm was 99.94%. The true negative rate reaches up to 98.62%, true positive rate is 100%, the false negative rate is 0%, and the false positive rate reaches 1.38%.
In the context of the current digital era, Virtual Private Networks (VPNs) serve a critical function in ensuring the confidentiality and integrity of data transmitted across public networks, particularly within corporate environments. This study presents a comprehensive analysis of VPN security and performance, with a specific focus on the Point-to-Point Tunneling Protocol (PPTP) and the implementation of encryption algorithms such as AES-128 and AES-256. Despite the widespread adoption of PPTP due to its simplicity and broad compatibility, it exhibits significant security vulnerabilities, primarily stemming from its reliance on the outdated RC4-based Microsoft Point-to-Point Encryption (MPPE) and the susceptible MS-CHAP authentication protocol, which is highly vulnerable to brute-force and dictionary attacks. Empirical findings indicate that, although AES-128 and AES-256 introduce minor performance trade-offs compared to unencrypted configurations, AES-256 demonstrates markedly enhanced security, achieving a 98.9% authentication success rate and a threat detection time of 122 milliseconds. Nevertheless, increased user load adversely impacts network performance, with throughput declining from 95 Mbps to 40 Mbps as the user count rises from 5 to 50, accompanied by elevated latency and packet loss. Comparative analysis across three encryption scenarios AES-128, AES-256, and MPPE-PPTP reveals a consistent degradation in network performance as user load increases, with AES-256 offering the strongest security at the cost of slightly reduced throughput and increased latency under high-load conditions. MPPE-PPTP, while providing better throughput, lacks adequate security, making it unsuitable for high-risk environments. Based on these observations, this study recommends the implementation of AES-256 encryption in enterprise networks requiring high security, supported by continuous performance monitoring and strategic capacity planning. Furthermore, the adoption of a secure site-to-site VPN architecture is proposed to facilitate reliable and secure communication between geographically distributed office locations.
Cloud Computing is a major paradigm in modern computing services that enables the on-demand provision of resources such as servers, storage…
Hello, I am Leena and currently doing master from USC in Computer Science (Artificial Intelligence), I have keen interest in research showc…
Dear All, I’m absolutely thrilled to share that I’ve officially been accepted to begin my PhD, titled “Advanced Design and Optimization of…