DATA MINING IMPLEMENTATION FOR DETECTION OF ANOMALIES IN NETWORK TRAFFIC PACKETS USING OUTLIER DETECTION APPROACH

Kurnia Setiawan, Arief Wibowo

Abstract


The large number of data packet records of network traffic can be used to evaluate the quality of a network as well as to analyze the occurrence of anomalies in the network, both related to network security and network performance. Based on the data obtained, the occurrence of anomalies in computer networks can not be detected specifically on which traffic packets. Meanwhile, to monitor network traffic packets manually will require a lot of time and resources, making it difficult to detect potential anomaly events more specifically. This study analyzes network packet traffic data to see records that include anomalies with an outlier detection approach, using the Isolation Forest algorithm to detect outliers on network traffic packet data, with the result that minority data are of the outliers type of 1,643 records (4.86%), while inliers are 32,098 records (95.13%). Then check and filter the expert attributes that contain expert information. The outlier detection results were classified using 5 algorithms as comparison, namely Random Forest Classifier, Support Vector Machine, Decision Tree Classifier, K-Nearest Neighbor, and Bernoulli Naive Bayes. The Random Forest algorithm has the highest score for accuracy, macro average precision, and macro average f1-score, namely 0.9962067330488383; 0.78; and 0.82. The classification model can be used to classify samples with labels "inliers", "outliers", "Error", and "warning & outliers". There are labels that have scores for precision, recall, and f1-scrore that are not too high, namely the labels “error†(0.50; 1.00; and 0.67) and “warning & outlier†(0.64; 0 .70; 0.67). The resulting classification model is used for prototype development that facilitates the process of investigating potential network traffic packet anomalies more specifically.

Full Text:

PDF

References


Bhuyan MH, Bhattacharyya DK, Kalita JK. Network Traffic Anomaly Detection Techniques and Systems. Springer; 2017. 115-169 p.

Jyothsna V, Prasad KM. Anomaly-Based Intrusion Detection System. Intechopen. 2019;1–15.

Mohan L, Jain S, Suyal P, Kumar A. Data mining Classification Techniques for Intrusion Detection System. Proc - 2020 12th Int Conf Comput Intell Commun Networks, CICN 2020. 2020;351–5.

Chun-Hui X, Chen S, Cong-Xiao B, Xing L. Anomaly Detection in Network Management System Based on Isolation Forest. Proc - 2018 4th Annu Int Conf Netw Inf Syst Comput ICNISC 2018. 2018;56–60.

Sadaf K, Sultana J. Intrusion detection based on autoencoder and isolation forest in fog computing. IEEE Access. 2020;8:167059–68.

Shaaban AR, Abd-Elwanis E, Hussein M. DDoS attack detection and classification via Convolutional Neural Network (CNN). Proc - 2019 IEEE 9th Int Conf Intell Comput Inf Syst ICICIS 2019. 2019;233–8.

Budiarto EH, Erna Permanasari A, Fauziati S. Unsupervised anomaly detection using K-Means, local outlier factor and one class SVM. Proc - 2019 5th Int Conf Sci Technol ICST 2019. 2019;

Kaur P. Outlier Detection Using Kmeans and Fuzzy Min Max Neural Network in Network Data. Proc - 2016 8th Int Conf Comput Intell Commun Networks, CICN 2016. 2017;693–6.

Liu FT, Ting KM, Zhou ZH. Isolation-based anomaly detection. ACM Trans Knowl Discov Data. 2012;6(1):1–44.

Narayan D, Malony A, Louella C. Intrusion Detection System Using Data Mining Techniques. 2017;7(5):450–2.

Gurulakshmi K, Nesarani A. Analysis of IoT Bots against DDOS attack using Machine learning algorithm. 2018 2nd Int Conf Trends Electron Informatics. 2018;(Icoei):1052–7.

Hafid H. Investigasi Log Jaringan Untuk Deteksi Serangan Distributed Denial of Service ( Ddos ) Dengan Menggunakan Metode General Regression Neural Network. 2019.

Miah MO, Khan SS, Shatabda S, Farid DM. Improving Detection Accuracy for Imbalanced Network Intrusion Classification using Cluster-based Under-sampling with Random Forests. 1st Int Conf Adv Sci Eng Robot Technol 2019, ICASERT 2019. 2019;2019(Icasert):1–5.

Rastri Prathivi, Vensy Vydia. Analisa Pendeteksian Worm dan Trojan pada Jaringan Internet Universitas Semarang menggunakan Metode Klasifikasi pada Data Mining. J Transform. 2017;14(2):77–81.

Fibrianda MF, Bhawiyuga A. Analisis Perbandingan Akurasi Deteksi Serangan Pada Jaringan Komputer Dengan Metode Naïve Bayes Dan Support Vector Machine (SVM). J Pengemb Teknol Inf dan Ilmu Komput. 2018;II(9):3112–23.

Anwar S, Septian F, Septiana RD. Klasifikasi Anomali Intrusion Detection System (IDS) Menggunakan Algoritma Naïve Bayes Classifier dan Correlation-Based Feature Selection. J Teknol Sist Inf dan Apl. 2019;2(4):135.

Nivaashini M, Thangaraj P. A framework of novel feature set extraction based intrusion detection system for internet of things using hybrid machine learning algorithms. 2018 Int Conf Comput Power Commun Technol GUCON 2018. 2019;44–9.

Imam RM, Sukarno P, Nugroho MA. Deteksi Anomali Jaringan Menggunakan Hybrid Algorithm. e-Proceeding Eng. 2019;6(2):8766–87.

Larose DT and, Larose CD. Data Mining and Predictive Analytics. JohnWiley &Sons,Inc.; 2015.

Wireshark. Expert Information, Chapter 7. Advanced Topics [Internet]. [cited 2022 Jun 24]. Available from: https://www.wireshark.org/docs/wsug_html_chunked/ChAdvExpert.html




DOI: https://doi.org/10.33387/jiko.v6i2.6092

Refbacks

  • There are currently no refbacks.