Your search keyword '"Rahardjo, Budi"' showing total 2 results

1. Minimal Triangle Area Mahalanobis Distance for Stream Homogeneous Group-based DDoS Classification.

Author

Purwanto, Yudha, Kuspriyanto, Hendrawan, and Rahardjo, Budi

Subjects

DENIAL of service attacks, INTRUSION detection systems (Computer security), HOMOGENEOUS catalysis, DATA analysis, DECISION trees

Abstract

An Intrusion Detection System (IDS) which implement a group-based classification algorithm, theoretically has the benefit of higher accuracy. Unfortunately, higher accuracy only achieved if the observed group is homogeneous from a certain distribution. Recently, a distributed denial of service (DDoS) attack consists of multiple botnets which produce multi types of traffic in one attack session. It makes the IDS suffers from decreasing accuracy as the increasing heterogeneity within the observed group. To address the problem, we propose homogeneous grouping algorithm based on triangle area Mahalanobis distance to support IDS which implement group-based data analysis. First, the Mahalanobis distance measurement was used to construct homogeneous groups. Then, the covariance matrix of each homogeneous group was classified using a decision tree classifier. Classification performance was evaluated using known KDDCup 99 dataset. The results pointed out that the used of homogeneous grouping algorithm improve the classification performance for natural and mixed random DDoS traffic. [ABSTRACT FROM AUTHOR]

Published

2018

2. DIDS Using Cooperative Agents Based on Ant Colony Clustering.

Author

Abdurrazaq, Muhammad N., Trilaksono, Bambang Riyanto, and Rahardjo, Budi

Subjects

INTRUSION detection systems (Computer security), ANT algorithms, INFORMATION technology security, COMPUTATIONAL complexity, SYNCHRONIZATION

Abstract

Intrusion detection systems (IDS) play an important role in information security. Two major problems in the development of IDSs are the computational aspect and the architectural aspect. The computational or algorithmic problems include lacking ability of novel-attack detection and computation overload caused by large data traffic. The architectural problems are related to the communication between components of detection, including difficulties to overcome distributed and coordinated attacks because of the need of large amounts of distributed information and synchronization between detection components. This paper proposes a multi-agent architecture for a distributed intrusion detection system (DIDS) based on ant-colony clustering (ACC), for recognizing new and coordinated attacks, handling large data traffic, synchronization, co-operation between components without the presence of centralized computation, and good detection performance in real-time with immediate alarm notification. Feature selection based on principal component analysis (PCA) is used for dimensional reduction of NSL-KDD. Initial features are transformed to new features in smaller dimensions, where probing attacks (Ra-Probe) have a characteristic sign in their average value that is different from that of normal activity. Selection is based on the characteristics of these factors, resulting in a two-dimensional subset of the 75% data reduction. [ABSTRACT FROM AUTHOR]

Published

2015