Deteksi Anomali Trafik Jaringan dan Aktivitas Pengguna Menggunakan Isolation Forest untuk Meningkatkan Keamanan Jaringan

Authors

  • Khabib Adi Nugroho Magister Ilmu Komputer, Universitas Amikom Purwokerto

DOI:

https://doi.org/10.52436/1.jpti.790

Keywords:

Deteksi Anomali, Intrusion Detection System (IDS), Isolation Forest, Keamanan Siber, Machine Learning

Abstract

Peningkatan kompleksitas serangan siber menuntut pengembangan metode deteksi anomali yang lebih adaptif dan efisien. Sistem deteksi intrusi berbasis tanda tangan (signature-based IDS) memiliki keterbatasan dalam mengenali serangan baru atau serangan zero-day, sehingga dibutuhkan pendekatan berbasis pembelajaran mesin untuk mengidentifikasi anomali tanpa bergantung pada pola serangan yang telah terdokumentasi sebelumnya. Tujuan dari penelitian ini adalah untuk mengembangkan sistem deteksi intrusi menggunakan algoritma Isolation Forest yang efektif dalam mendeteksi anomali dalam lalu lintas jaringan. Penelitian ini mengimplementasikan Isolation Forest untuk menganalisis dataset lalu lintas jaringan CICIDS 2017, yang sebelumnya diproses melalui langkah-langkah preprocessing, termasuk pemilihan fitur, normalisasi data, dan penanganan nilai yang hilang. Model ini dilatih menggunakan hanya data normal traffic untuk membangun baseline perilaku jaringan, yang kemudian digunakan untuk mendeteksi anomali pada seluruh dataset. Evaluasi dilakukan dengan metrik akurasi, presisi, recall, F1-score, dan False Positive Rate (FPR), yang menunjukkan hasil yang menggembirakan. Model mencapai akurasi 86,50%, dengan presisi 83,86%, yang mengindikasikan bahwa sebagian besar prediksi anomali adalah benar. Pengaturan ambang batas deteksi anomali pada persentil 5% menghasilkan FPR yang rendah 0,97%, yang berperan penting dalam mengurangi alarm palsu dan meningkatkan efisiensi analisis keamanan. Penelitian ini menunjukkan bahwa Isolation Forest efektif dalam mendeteksi anomali dalam lalu lintas jaringan, dengan tingkat false positives yang rendah, menjadikannya solusi yang menjanjikan dalam meningkatkan sistem deteksi intrusi berbasis perilaku. Dampak dari penelitian ini memberikan kontribusi signifikan dalam pengembangan sistem deteksi intrusi berbasis pembelajaran mesin, yang dapat lebih responsif terhadap ancaman siber yang terus berkembang.

Downloads

Download data is not yet available.

References

E. Vasilomanolakis, S. Karuppayah, P. Kikiras, and M. Mühlhäuser, “A Honeypot-Driven Cyber Incident Monitor,” pp. 158–164, 2015, doi: 10.1145/2799979.2799999.

A. A. Abdulhameed, S. A. Alazawi, and G. M. Hassan, “An Optimized Model for Network Intrusion Detection in the Network Operating System Environment,” Mesopotamian Journal of CyberSecurity, vol. 4, no. 3, pp. 75–85, 2024, doi: 10.58496/mjcs/2024/017.

S. Alsudani and A. Ghazikhani, “Enhancing Intrusion Detection With LSTM Recurrent Neural Network Optimized by Emperor Penguin Algorithm,” Wasit Journal of Computer and Mathematics Science, vol. 2, no. 3, pp. 69–80, 2023, doi: 10.31185/wjcms.166.

A. A. Awad, A. F. Ali, and T. Gaber, “An Improved Long Short Term Memory Network for Intrusion Detection,” Plos One, vol. 18, no. 8, p. e0284795, 2023, doi: 10.1371/journal.pone.0284795.

S. H. Oh, J. Kim, J. H. Nah, and J. Park, “Employing Deep Reinforcement Learning to Cyber-Attack Simulation for Enhancing Cybersecurity,” Electronics, vol. 13, no. 3, p. 555, 2024, doi: 10.3390/electronics13030555.

D. J. Musliner, J. M. Rye, and T. Marble, “Using Concolic Testing to Refine Vulnerability Profiles in FUZZBUSTER,” 2012, doi: 10.1109/sasow.2012.12.

R. Malviya and B. K. Umrao, “Comparison of NBTree and VFI Machine Learning Algorithms for Network Intrusion Detection Using Feature Selection,” International Journal of Computer Applications, vol. 108, no. 2, pp. 35–38, 2014, doi: 10.5120/18886-0165.

C. Chen, G. Wang, B. Yang, L. Yang, and X. Ye, “Build Intrusion Detection Model Based on CNN and Ensemble Learning,” p. 4, 2022, doi: 10.1117/12.2655173.

Y. Deng and S. K. Shukla, “A Distributed Real-Time Event Correlation Architecture for SCADA Security,” pp. 81–93, 2013, doi: 10.1007/978-3-642-45330-4_6.

S. O. Amin, M. S. Siddiqui, C. S. Hong, and S. Lee, “Implementing Signature Based IDS in IP-Based Sensor Networks With the Help of Signature-Codes,” Ieice Transactions on Communications, vol. E93-B, no. 2, pp. 389–391, 2010, doi: 10.1587/transcom.e93.b.389.

A. Chetouane and K. Karoui, “Risk Based Intrusion Detection System in Software Defined Networking,” Concurrency and Computation Practice and Experience, vol. 36, no. 9, 2023, doi: 10.1002/cpe.7988.

A. Hussain and P. K. Sharma, “Efficient Working of Signature Based Intrusion Detection Technique in Computer Networks,” International Journal of Scientific Research in Computer Science Engineering and Information Technology, pp. 60–64, 2019, doi: 10.32628/cseit195215.

J. M. Beaver, C. T. Symons, and R. Gillen, “A Learning System for Discriminating Variants of Malicious Network Traffic,” 2013, doi: 10.1145/2459976.2460003.

E. S. Babu, M. S. Rao, R. Pemula, S. R. Nayak, and A. Shankar, “A Hybrid Intrusion Detection System Against Botnet Attack in IoT Using Light Weight Signature and Ensemble Learning Technique,” 2022, doi: 10.21203/rs.3.rs-905197/v1.

X. Tao, Y. Peng, F. Zhao, P. Zhao, and Y. Wang, “A Parallel Algorithm for Network Traffic Anomaly Detection Based on Isolation Forest,” International Journal of Distributed Sensor Networks, vol. 14, no. 11, p. 155014771881447, 2018, doi: 10.1177/1550147718814471.

H. Xu, G. Pang, Y. Wang, and Y. Wang, “Deep Isolation Forest for Anomaly Detection,” IEEE Trans. Knowl. Data Eng., vol. 35, no. 12, pp. 12591–12604, Dec. 2023, doi: 10.1109/TKDE.2023.3270293.

Y. Wang, J. Wang, X. Fan, and Y. Song, “Network Traffic Anomaly Detection Algorithm Based on Intuitionistic Fuzzy Time Series Graph Mining,” Ieee Access, vol. 8, pp. 63381–63389, 2020, doi: 10.1109/access.2020.2983986.

M. R. Aditya and C. Dewi, “Optimisasi pengecekan anomali pada proses job: analisis waktu dan data untuk identifikasi anomali yang efisien,” Jurnal Indonesia?: Manajemen Informatika Dan Komunikasi, vol. 5, no. 2, pp. 1819–1832, 2024, doi: 10.35870/jimik.v5i2.737.

D. R. K. Saputra, Y. V. Via, and A. N. Sihananto, “Deteksi anomali menggunakan ensemble learning dan random oversampling pada penipuan transaksi keuangan,” Jurnal Informatika Dan Teknik Elektro Terapan, vol. 12, no. 3, 2024, doi: 10.23960/jitet.v12i3.4910.

S. Hariri, M. C. Kind, and R. J. Brunner, “Extended Isolation Forest,” Ieee Transactions on Knowledge and Data Engineering, vol. 33, no. 4, pp. 1479–1489, 2021, doi: 10.1109/tkde.2019.2947676.

Y. Xu, H. Dong, M. Zhou, J. Xing, X. Li, and Y. Jian, “Improved Isolation Forest Algorithm for Anomaly Test Data Detection,” Journal of Computer and Communications, vol. 09, no. 08, pp. 48–60, 2021, doi: 10.4236/jcc.2021.98004.

O. Bulut, G. Gorgun, and S. He, “Unsupervised Anomaly Detection in Sequential Process Data,” Zeitschrift Für Psychologie, vol. 232, no. 2, pp. 74–94, 2024, doi: 10.1027/2151-2604/a000558.

M. K. M. Almansoori and M. Telek, “Anomaly Detection Using Combination of Autoencoder and Isolation Forest,” pp. 25–30, 2023, doi: 10.3311/wins2023-005.

S. Bhuvaneswar, B. Avyay, K. Tejith, and Ms. S. Kavitha, “A Supervised Ml Algorithm for Detecting and Predicting Fraud Credit Card Transactions,” Int Res J Adv Engg Hub, vol. 2, no. 10, pp. 2546–2551, 2024, doi: 10.47392/irjaeh.2024.0349.

D. Danuri and M. M. Pozi, “Machine Learning Approaches for Fish Pond Water Quality Classification: Random Forest, Gaussian Naive Bayes, and Decision Tree Comparison,” 2024, doi: 10.4108/eai.21-9-2023.2342964.

B. R. Senapati, S. Swain, R. R. Swain, and P. M. Khilar, “A Heterogeneous Fault Diagnosis Approach to Enhance Performance of Connected Vehicles,” International Journal of Communication Systems, vol. 36, no. 4, 2022, doi: 10.1002/dac.5414.

J. J. Stephan and M. Mohammed, “Using Hybrid Deep Learning Approach to Enhanced Network Intrusion Detection With Spatial-Temporal Feature Integration,” Ingénierie Des Systèmes D Information, vol. 29, no. 4, pp. 1619–1628, 2024, doi: 10.18280/isi.290435.

K. Mardani, N. Vretos, and P. Daras, “Transformer-Based Fire Detection in Videos,” Sensors, vol. 23, no. 6, p. 3035, 2023, doi: 10.3390/s23063035.

L. Su et al., “Toward Optimal Heparin Dosing by Comparing Multiple Machine Learning Methods: Retrospective Study,” Jmir Medical Informatics, vol. 8, no. 6, p. e17648, 2020, doi: 10.2196/17648.

Md. S. Mahmud et al., “Enhancing Industrial Control System Security: An Isolation Forest-Based Anomaly Detection Model for Mitigating Cyber Threats,” Journal of Engineering Research and Reports, vol. 26, no. 3, pp. 161–173, 2024, doi: 10.9734/jerr/2024/v26i31102.

G. Hannák, G. Horväth, A. Kádár, and M. D. Szalai, “Bilateral?WeightedOnline Adaptive Isolation Forest For anomaly Detection in Streaming Data,” Statistical Analysis and Data Mining the Asa Data Science Journal, vol. 16, no. 3, pp. 215–223, 2023, doi: 10.1002/sam.11612.

R. N. Calheiros, K. Ramamohanarao, R. Buyya, C. Leckie, and S. Versteeg, “On the Effectiveness of Isolation?based Anomaly Detection in Cloud Data Centers,” Concurrency and Computation Practice and Experience, vol. 29, no. 18, 2017, doi: 10.1002/cpe.4169.

Downloads

Published

2025-05-20

How to Cite

Nugroho, K. A. (2025). Deteksi Anomali Trafik Jaringan dan Aktivitas Pengguna Menggunakan Isolation Forest untuk Meningkatkan Keamanan Jaringan. Jurnal Pendidikan Dan Teknologi Indonesia, 5(5), 1365-1376. https://doi.org/10.52436/1.jpti.790

Issue

Vol. 5 No. 5 (2025): JPTI - Mei 2025

Section

Artikel

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.