Clustering K-Means Using SNORT Application For Denial Of Service Attacks

Authors

  • Rifki Indra Perwira Universitas Pembangunan Nasional Veteran Yogyakarta
  • Bagus Muhammad Akbar Universitas Pembangunan Nasional Veteran Yogyakarta
  • Hari Prapcoyo Universitas Pembangunan Nasional Veteran Yogyakarta

DOI:

https://doi.org/10.31098/ess.v1i1.107

Keywords:

Clustering, K-Means, Snort, DOS

Abstract

Data quality and transparency are of the utmost importance for organizations. Collecting original data from the source without any indication of interruption or interception is an indicator of an attack on the server. The most common attack is Denial of Service (DoS), which is a type of pattern that will crash, shutdown, reboot, or not respond to services of a host on the network. One technique for this attack is the use of the k-means clustering method with a snort. This study aims to design a SNORT-Intrusion Detection System (IDS) application with a k-means algorithm that can categorize attacks into high, medium, and low attacks and is accurate on DoS attacks. Snort accuracy testing functions to measure the packet size detected by snort using an attack application, then the number of packets caught can be categorized using clustering techniques. From the measurement results, the increase was 73.18%. The contribution of this research is a survey and analysis of anomalous packets contained in a network. It can identify the level of types of attacks and take preventive measures from these attacks.

References

Alfiansyah, B. (2018). Pengelompokan Notifikasi Alert Intrusion Detection System Snort Pada Bot Telegram Menggunakan Algoritma K-Means. University of Muhammadiyah Malang.

Anand Sukumar, J. V., Pranav, I., Neetish, M. M., & Narayanan, J. (2018). Network Intrusion Detection Using Improved Genetic k-means Algorithm. 2018 International Conference on Advances in Computing, Communications, and Informatics, ICACCI 2018, 2441–2446. https://doi.org/10.1109/ICACCI.2018.8554710

Ananta, A. Y. P. N. M. (2017). Seleksi Notifikasi Serangan Berbasis IDS Snort. SMARTICS Journal, 3(2), 31–38.

Christine, E. J., Hadi, M. Z. S., & Kusumaningtyas, E. M. (2011). Aplikasi hierarchical clustering pada intrusion detection system berbasis snort. ITS.

Effendy, D. A., Kusrini, K., & Sudarmawan, S. (2018). Classification of the intrusion detection system (IDS) based on the computer network. Proceedings - 2017 2nd International Conferences on Information Technology, Information Systems, and Electrical Engineering, ICITISEE 2017, 2018–January, 90–94. https://doi.org/10.1109/ICITISEE.2017.8285566

Elsa Kusuma, Jefri, H. A. (2019). Aplikasi Perhitungan Dan Visualisasi Jarak Terpendek Berdasarkan Data Coordinate Dengan Algoritma Dijkstra Dalam Kasus Pengantaran Barang Di Kawasan Jabodetabek. Jurnal SISFOKOM, 8(1).

Gondohanindijo, J. (2011). Sistem Untuk Mendeteksi Adanya Penyusup ( IDS : Intrusion Detection System ). 2, 46–54.

Heryanto, A., Stiawan, D., & N. (2016). Visualisasi Serangan Denial Of Service Dengan Clustering Menggunakan K-Means Algorithm. ANNUAL RESEARCH SEMINAR 2(1), 348–354.

Israelsson, P. (2005). A quick overview of Snort.

Juwita, S. (2013). Analysis Explotasi Keamanan Web Denial Of Service Attack. ComTech Computer Science Department, School of Computer Science, Binus University, 4(2), 1199–1205.

Maliki, I. (2016). Penilaian Tingkat Kematangan Manajemen Kualitas Informasi dengan Metode Caldea dan Evamecal,. Jurnal Imliah UNIKOM, 8(2).

Qiao, Y., & Yu, R. (2016). Software-Defined Networking (SDN) and Distributed Denial of Services (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges. On IEEE Communications Survey & Tutorials, Vol. 18.

R. I. Perwira, Y. Fauziah, I. P. R. Mahendra, D. B. P. and O. S. S. (2019). Anomaly-based Intrusion Detection and Prevention Using Adaptive Boosting in Software-defined Network. 5th International Conference on Science in Information Technology (ICSITech), Yogyakarta, Indonesia, 188–192.

Singh, A., Rana, A., & Pradesh, U. (2013). K-means with Three different Distance Metrics, 67(10), 13–17. International Journal of Computer Applications, 67(10).

Stiawan., D. (2009). Network Development Life Cycle," Fundamental Internetworking Development & Design Life Cycle.

Suyanto, A. H. (2004). PENGENALAN JARINGAN KOMPUTER.

Tanenbaum, A., S., D. J. W. (2013). Computers Network (5th ed.). Pearson Education India.

Xiaofeng, Z., & Xiaohong, H. (2018). Research on intrusion detection based on an improved combination of K-means and multi-level SVM. International Conference on Communication Technology Proceedings, ICCT, 2017–October 2042–2045. https://doi.org/10.1109/ICCT.2017.8359987

Yang, W. (2017). Efficient K-means Algorithm in Intrusion Detection. 132(Msam), 193–195. https://doi.org/10.2991/msam-17.2017.43

Downloads

Published

2020-10-27

Issue

Vol. 1 No. 1 (1): October 2020

Section

Articles

License

Copyright Notice 

1. Author and Manuscript

  • The author whose name appear in the above statement is declaring that he/she is the author of the stated manuscript
  • All of the authors, if any, has already aware of this agreement and give consent for the mentioned name to act on their behalf


2. Validity

  • The author stated that the manuscript is original and has never been published elsewhere.
  • The author has obtained permissions from other contributors, if any
  • The author has specifically mentioned and cited all external materials properly
  • Note: External materials refers to any material, writings, figures, tables, illustrations, or any other materials which is not being produced, made, or patented by the author
  • The author holds the sole responsible should there are any mistyping; unclear citation and holds responsible should there are any inappropriate manners such as unlawful, breaches, obscene, or any other reasons which are not aligned with the law and norm.

3. Deliverable of Manuscript and Other Materials

  • The Contributor/Author shall deliver their manuscript using the provided and acceptable format (doc. Or docx) in the assigned date as well as author copyright document signed.
  • Inability delivering the manuscript in the stated date and format will affecting the publication process thus, The Publisher have the rights to reject the manuscript and terminate the letter of acceptance or letter of offerings
  • Author is responsible to deliver the manuscript using the provided format. Note: All of the figures, tables, illustrations, or any other materials that will be inserted in the manuscript need to be in high quality
  • Should the author decided to alter the manuscript format, the fee will be charged and bore by authors

The Author give “Yayasan Sinergi Riset dan Edukasi” (here forth known as RSF Press) the unlimited right to publish the contribution identified above, without any restraints, in any form, at any time, directly or through others, to reproduce, transmit, archive, lease/lend, sell and distribute the contribution or parts thereof individually or together with other works in any language, revision and version (digital and hard), including reprints, translations, photographic reproductions, microform, audiograms, videograms, electronic form (offline, online), or any other reproductions of similar nature, including publication in the aforementioned book or any other book, as well as, the usage for advertising purposes. RSF Press will ensure that the Author’s name(s) is/are always clearly associated with the manuscript, and the publishers will not make any substantial change to the manuscript without consulting the author and ask for their consent. RSF Press is also entitled to carry out editorial changes in the contribution with the sole purpose of enhancing the overall organization and form of the contribution.

The Author retains the rights to publish the contribution in his/her own web site and thesis, in his/her employer’s web site and to publish a similar or revised version elsewhere, as long as it is clearly stated that the contribution was presented first RSF Press and the corresponding DOI is associated with the contribution.