Analisis Perilaku Entitas untuk Pendeteksian Serangan Internal Menggunakan Kombinasi Model Prediksi Memori dan Metode PCA
DOI:
https://doi.org/10.25126/jtiik.1067123Abstrak
Tingkat ketahanan siber di Indonesia terhitung rendah dibanding dengan negara lain di dunia, terbukti dengan masih banyaknya kejahatan siber yang terjadi, seperti pencurian data dan identitas, penipuan dan peretasan situs-situs institusi pemerintah maupun swasta yang melibatkan peran internal secara penuh maupun sebagian. Menangkis serangan dari luar jaringan institusi/organisasi relatif lebih mudah dilakukan dibandingkan dengan menangkis serangan kejahatan siber dari dalam jaringan. Serangan dari luar dapat dicegah menggunakan firewall, anti virus dan perangkat lunak khusus untuk pendeteksi penyusupan/malware. Penelitian ini bertujuan untuk membangun suatu model analisis perilaku entitas berazaskan Model Prediksi Memori (MPM) yang dikombinasikan dengan metode seleksi fitur principal component analysis (PCA) yang diimplementasikan untuk mendeteksi serangan/anomali siber yang melibatkan internal. Model prediksi memori yang terdiri dari 6 lapisan hirarki, mengenali masukan dari lapisan hirarki rendah ke lapisan hirarki tinggi kemudian dilakukan proses pencocokan dan menciptakan serangkaian ekspektasi dari lapisan hirarki tinggi ke rendah.. Setiap tingkat hierarki mengingat urutan pola masukan temporal yang sering diamati dan menghasilkan label atau 'nama' untuk urutan ini. Algoritma PCA diterapkan untuk mengurangi jumlah fitur trafik sehingga mempercepat proses deteksi, Data untuk percobaan diambil dari jaringan nyata dengan 150 pengguna dan data serangan flooding dari dataset MACCDC. Hasil eksperimen dalam suatu jaringan testbed menunjukkan hasil akurasi pendeteksian mencapai 94.01%, presisi 95.64%, Sensitivitas 99.28% dan F1-Score 96.08%. Model yang diusulkan (PCA-MPM) menunjukkan kemampuan menjalankan pembelajaran secara on-the-fly yang sangat diperlukan untuk mengenali perubahan fitur pada pola serangan yang sifatnya berevolusi dari waktu ke waktu. Pada gilirannya model ini dapat mendukung sistem pertahanan siber holistik yang sedang dikembangkan. Sistem yang sedang dikembangkan diharapkan dapat memenuhi kebutuhan dalam negeri akan teknologi siber untuk mengurangi ketergantungan dari negara lain karena dikembangkan secara lokal.
Abstract
Compared to other countries in the world, the level of cyber resilience in Indonesia is low as evidenced by the number of cybercrimes that occur, such as data and identity theft, fraud, and hacking of websites of government and private institutions that involve full or partial insider roles. Fending off attacks from outside the institutional or organizational network is relatively easier than fending off cybercrime attacks from within the network. External attacks can be prevented using firewalls, anti-virus software, and special software for intruder and malware detection. This study intention is to build a model for analyzing entity behavior using a memory prediction model and uses the principal component analysis (PCA) as a feature selection method and implement it to detect cyber-attacks and anomalies involving insiders. The memory-prediction model recognizes bottom-up inputs that matched in hierarchy and evokes a series of top-down expectations. Each hierarchy level remembers frequently observed temporal sequences of input patterns and generates labels or 'names' for these sequences. To accelerate the detection process, the PCA algorithm is deployed to reduce the number of significant features of the traffic. Data for the experiment was taken from a real network with 150 users accessing the network. The experimental results in a testbed network show that the detection accuracy reaches 94.01%, the precision is 95.64%, the sensitivity is 99.28%, and the F1-score is 96.08%. The proposed model (PCA-MPM) is also capable of performing on-the-fly learning where this capability is needed to recognize feature changes in attacks that evolve over time. In turn, this model can support a holistic cyber defense system that is being developed. The system being developed is expected to meet the domestic need for cyber technology and reduce dependence on other countries as it is developed locally.
Downloads
Referensi
BUDIARTO R., ALQARNI A., ALZAHRANI M.Y., PASHA M.F., FIRDOUS M., STIAWAN D., 2022, User behaviour analytics tool using simplified predictive-memory concept, Materials & Continua (CMC), vol.70, no.2, pp.2679-2698, doi: 10.32604/cmc.2022.019847.
CHAKRAVARTY S., CHEN Y.Y., and CAPLAN J.B., Predicting memory from study-related brain activity, Journal of Neurophysiology, 124:6, 2060-2075, 2020.
CINALLI D.A. Jr, COHEN S.J., Guthrie K. and Stackman R.W. Jr, Object recognition memory: distinct yet complementary roles of the mouse CA1 and perirhinal cortex. Front. Mol. Neurosci. 13:527543, 2020. doi: 10.3389/fnmol.2020.527543
CUI Y., AHMAD S, dan HAWKINS J., 2016, Continuous online sequence learning with an unsupervised neural network model, Neural Computation, vol. 28, no. 11, pp. 2474–2504.
DENG K., XING L., ZHENG L., WU H., XIE P. et al., 2019, A user identification algorithm based on user behavior analysis in social networks, IEEE Access, vol. 7, pp. 47114–47123.
EICHENBAUM H., 2010, Memory systems, WIREs Cognitive Science, vol. 1, no. 4, pp. 478–490.
GU Y. K., XU B., HUANG H., dan QIU G., 2020, A Fuzzy Performance Evaluation Model for a Gearbox System Using Hidden Markov Model, IEEE Access, vol. 8, pp. 30400–30409, 2020, doi: 10.1109/ACCESS.2020.2972810.
HAWKINS J. dan BLAKESLEE S., 2015, On Intelligence, New York, USA: Owl Book.
HAWKINS J., LEWIS M., KLUKAS M., PURDY S. dan AHMAD S., 2019, A framework for intelligence and cortical function based on cells in the neocortex , Frontiers in Neural Circuits, vol. 12, article ID: 121.
SANTHAKUMAR K. and KASAEI H., Lifelong 3D object recognition and grasp synthesis using dual memory recurrent self-organization networks, Neural Networks, vol. 150, 2022, pp. 167-180.
LI G., SHEN Y., ZHAO P., LU X., LIU J. et al., 2019, Detecting cyberattacks in industrial control systems using online learning algorithms, Neurocomputing, vol. 364, pp. 338–348.
LOSING V., HAMMER B. dan WERSING H., 2018, Incremental on-line learning: A review and comparison of state of the art algorithms, Neurocomputing, vol. 275, pp. 1261–1274.
MACCDC 2012 dataset, 2021. [Online]. Tersedia: https://maccdc.org/2012-agenda/ (last accessed: 08/07/2022).
MOHAMAD S. dan BOUCHACHIA A., 2020, Deep online hierarchical dynamic unsupervised learning for pattern mining from utility usage data, Neurocomputing, vol. 390, pp. 359–373.
PASHA M. F., BUDIARTO R., RAMADASS S. dan SYUKUR M., 2018, A sequential hierarchical superset implementation of neocortex memory system and its case study of automated network forensic analysis, International Conference on Artificial Intelligence, Las Vegas, USA, pp. 490–495.
PERICHAPPAN K., 2018, Greedy algorithm based deep learning strategy for user behavior prediction and decision making support, Journal of Computer and Communications, vol. 6, no. 6, pp. 45–53.
SHARIPUDDIN, PURNAMA B., KURNIABUDI, WINANTO E.A, STIAWAN D., DARMAWIJOYO, HANAPI, BUDIARTO R., 2020, Features extraction on IoT intrusion detection system using principal components analysis (PCA), 7th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI), Yogyakarta, October 1-2, 2020, pp. 114-118.
SHARIPUDDIN, E.A. WINANTO, B. PURNAMA, KURNIABUDI, D. STIAWAN, D. HANAPI, M.Y. IDRIS, B. KERIM, R. BUDIARTO, Enhanced Deep Learning Intrusion Detection in IoT Heterogeneous Network with Feature Extraction, Indonesian Journal of Electrical Engineering and Informatics (IJEEI), Vol. 9, No. 3, pp. 747-757, 2021.
SHAUKAT K., LUO S., CHEN S. dan LIU D., 2020, Cyber threat detection using machine learning techniques: A performance evaluation perspective, 2020 International Conference on Cyber Warfare and Security (ICCWS), Islamabad, Pakistan, pp. 1–6.
SHAUKAT K, LUO S., VARADHARAJAN V., HAMEED I. A. dan XU M., "A survey on machine learning techniques for cyber security in the last decade," IEEE Access, vol. 8, pp. 222310–222354, 2020.
SHAUKAT K., ALAM T.M., LUO S., SHABBIR S., HAMEED I. A, et al., A Review of time-series anomaly detection techniques: A step to future perspectives,” In: Arai K. (eds) Advances in Information and Communication (FICC 2021). Advances in Intelligent Systems and Computing, Springer, Cham, vol. 1363, pp. 865–877, 2021.
STIAWAN D., ABDULLAH A. H. dan IDRIS M. Y., 2010, Classification of habitual activities in behavior-based network detection, Journal of Computing, vol. 2, no. 8, pp. 1–7.
D. STIAWAN, A. HERYANTO, A. BERDADI, D.P. RINI, I.M.I SUBROTO, KURNIABUDI, M.Y. IDRIS, A.H. ABDULLAH, B. KERIM, R. BUDIARTO, An approach for optimizing ensemble intrusion detection systems, IEEE Access, vol. 9, pp. 6930-6947, 2021. doi: 10.1109/ACCESS.2020.3046246.
D. STIAWAN, SUSANTO, A. BIMANTARA, M.Y. IDRIS, AND R. BUDIARTO, IoT botnet attack detection using deep autoencoder and artificial neural network, KSII Transactions on Internet and Information Systems, vol. 17, no. 5, May 2023, pp. 1310-1338, 2023.
STIAWAN D., BARDADI A., AFIFAH N., MELINDA L., HERYANTO A., SEPTIAN T.W., IDRIS M.Y. , SUBROTO I.M.I, LUKMAN dan BUDIARTO, R., An improved LSTM-PCA ensemble classifier for SQL injection and XSS attacks detection, Computer Systems Science and Engineering,Vol. 46, No. 2, pp. 1759-1774, 2023.
SUN Z., WANG Y., ZHOU H., JIAO J. dan OVERSTREET R.E., 2019, Travel behaviours, user characteristics, and social-economic impacts of shared transportation: a comprehensive review, International Journal of Logistics Research and Applications, vol. 24, no. 1, pp. 51–78.
Yan N. and Au O.T-S., Online learning behavior analysis based on machine learning, Asian Association of Open Universities Journal, vol. 14, no. 2, pp. 97-106, 2019.
ZHANG H., WANG M., YANG L. dan ZHU H., 2019, A novel user behavior analysis and prediction algorithm based on mobile social environment, Wireless Network, vol. 25, no. 2, pp. 791–803.
Unduhan
Diterbitkan
Terbitan
Bagian
Lisensi
Hak Cipta (c) 2023 Jurnal Teknologi Informasi dan Ilmu Komputer
Artikel ini berlisensiCreative Commons Attribution-ShareAlike 4.0 International License.
Artikel ini berlisensi Creative Common Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)
Penulis yang menerbitkan di jurnal ini menyetujui ketentuan berikut:
- Penulis menyimpan hak cipta dan memberikan jurnal hak penerbitan pertama naskah secara simultan dengan lisensi di bawah Creative Common Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) yang mengizinkan orang lain untuk berbagi pekerjaan dengan sebuah pernyataan kepenulisan pekerjaan dan penerbitan awal di jurnal ini.
- Penulis bisa memasukkan ke dalam penyusunan kontraktual tambahan terpisah untuk distribusi non ekslusif versi kaya terbitan jurnal (contoh: mempostingnya ke repositori institusional atau menerbitkannya dalam sebuah buku), dengan pengakuan penerbitan awalnya di jurnal ini.
- Penulis diizinkan dan didorong untuk mem-posting karya mereka online (contoh: di repositori institusional atau di website mereka) sebelum dan selama proses penyerahan, karena dapat mengarahkan ke pertukaran produktif, seperti halnya sitiran yang lebih awal dan lebih hebat dari karya yang diterbitkan. (Lihat Efek Akses Terbuka).
