FRAMEWORK UNTUK FORENSIK INTERNET MENGGUNAKAN K-MEANS CLUSTERING DAN HORIZONTAL PARTITIONING
Internet network attacks is complicated and worth to be studied. The attacks include DoS (Denial of Service). DoS attacks exploit vulnerabilities found in operating system, network services and applications. One of Indicators of DoS attacks is attacker spends network resources, so that legitimate us...
Saved in:
Main Authors: | , |
---|---|
Format: | Theses and Dissertations NonPeerReviewed |
Published: |
[Yogyakarta] : Universitas Gadjah Mada
2014
|
Subjects: | |
Online Access: | https://repository.ugm.ac.id/129514/ http://etd.ugm.ac.id/index.php?mod=penelitian_detail&sub=PenelitianDetail&act=view&typ=html&buku_id=69906 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Universitas Gadjah Mada |
id |
id-ugm-repo.129514 |
---|---|
record_format |
dspace |
spelling |
id-ugm-repo.1295142016-03-04T07:57:19Z https://repository.ugm.ac.id/129514/ FRAMEWORK UNTUK FORENSIK INTERNET MENGGUNAKAN K-MEANS CLUSTERING DAN HORIZONTAL PARTITIONING , IMAM RIADI , Prof. Drs. Jazi Eko Istiyanto, M.Sc., Ph.D. ETD Internet network attacks is complicated and worth to be studied. The attacks include DoS (Denial of Service). DoS attacks exploit vulnerabilities found in operating system, network services and applications. One of Indicators of DoS attacks is attacker spends network resources, so that legitimate users cannot access the service even caused network service being down. This study proposes a framework for Internet forensik based logs to assist in the investigation process reveals DoS attacks. Framework in this study consists of several steps, among others : the storage logs into text files and databases and identification of attacks based on the length of the packet header. Normal packet header has a length of between 20 byte - 60 byte while the packet header is not normal if it has a length below 20 byte or above 60 byte. After the identification process done, logs are grouped using k-means clustering algorithm into three levels of attack (dangerous, rather dangerous and not dangerous) based on port numbers and tcpflags of the package. In addition to the improvement of database storage performance and retrieval process was done by using the log database partitions. Database partitioning is done by dividing the data logs horizontally into sections according to the number of months in a year. The framework is implemented in a machine NFAT (Network Forensic Analysis Tools). This research uses tools DoSHTTP to attack port 80 and LOIC (Low Orbit Ion Cannon) to attack the ports 80, 443, 21 and 22. Based on the results of the testing machine NFAT can classify attacks into three levels of attack and find information ASN (Autonomous System Number - a set of IP networks operated by one or more network operators) attackers. Thus, it can be concluded that the framework for the proposed Internet forensics has met the goals set in this study. [Yogyakarta] : Universitas Gadjah Mada 2014 Thesis NonPeerReviewed , IMAM RIADI and , Prof. Drs. Jazi Eko Istiyanto, M.Sc., Ph.D. (2014) FRAMEWORK UNTUK FORENSIK INTERNET MENGGUNAKAN K-MEANS CLUSTERING DAN HORIZONTAL PARTITIONING. UNSPECIFIED thesis, UNSPECIFIED. http://etd.ugm.ac.id/index.php?mod=penelitian_detail&sub=PenelitianDetail&act=view&typ=html&buku_id=69906 |
institution |
Universitas Gadjah Mada |
building |
UGM Library |
country |
Indonesia |
collection |
Repository Civitas UGM |
topic |
ETD |
spellingShingle |
ETD , IMAM RIADI , Prof. Drs. Jazi Eko Istiyanto, M.Sc., Ph.D. FRAMEWORK UNTUK FORENSIK INTERNET MENGGUNAKAN K-MEANS CLUSTERING DAN HORIZONTAL PARTITIONING |
description |
Internet network attacks is complicated and worth to be studied. The
attacks include DoS (Denial of Service). DoS attacks exploit vulnerabilities found
in operating system, network services and applications. One of Indicators of DoS
attacks is attacker spends network resources, so that legitimate users cannot access
the service even caused network service being down.
This study proposes a framework for Internet forensik based logs to assist
in the investigation process reveals DoS attacks. Framework in this study consists
of several steps, among others : the storage logs into text files and databases and
identification of attacks based on the length of the packet header. Normal packet
header has a length of between 20 byte - 60 byte while the packet header is not
normal if it has a length below 20 byte or above 60 byte. After the identification
process done, logs are grouped using k-means clustering algorithm into three
levels of attack (dangerous, rather dangerous and not dangerous) based on port
numbers and tcpflags of the package. In addition to the improvement of database
storage performance and retrieval process was done by using the log database
partitions. Database partitioning is done by dividing the data logs horizontally into
sections according to the number of months in a year. The framework is
implemented in a machine NFAT (Network Forensic Analysis Tools).
This research uses tools DoSHTTP to attack port 80 and LOIC (Low Orbit
Ion Cannon) to attack the ports 80, 443, 21 and 22. Based on the results of the
testing machine NFAT can classify attacks into three levels of attack and find
information ASN (Autonomous System Number - a set of IP networks operated
by one or more network operators) attackers. Thus, it can be concluded that the
framework for the proposed Internet forensics has met the goals set in this study. |
format |
Theses and Dissertations NonPeerReviewed |
author |
, IMAM RIADI , Prof. Drs. Jazi Eko Istiyanto, M.Sc., Ph.D. |
author_facet |
, IMAM RIADI , Prof. Drs. Jazi Eko Istiyanto, M.Sc., Ph.D. |
author_sort |
, IMAM RIADI |
title |
FRAMEWORK UNTUK FORENSIK INTERNET MENGGUNAKAN K-MEANS CLUSTERING DAN
HORIZONTAL PARTITIONING |
title_short |
FRAMEWORK UNTUK FORENSIK INTERNET MENGGUNAKAN K-MEANS CLUSTERING DAN
HORIZONTAL PARTITIONING |
title_full |
FRAMEWORK UNTUK FORENSIK INTERNET MENGGUNAKAN K-MEANS CLUSTERING DAN
HORIZONTAL PARTITIONING |
title_fullStr |
FRAMEWORK UNTUK FORENSIK INTERNET MENGGUNAKAN K-MEANS CLUSTERING DAN
HORIZONTAL PARTITIONING |
title_full_unstemmed |
FRAMEWORK UNTUK FORENSIK INTERNET MENGGUNAKAN K-MEANS CLUSTERING DAN
HORIZONTAL PARTITIONING |
title_sort |
framework untuk forensik internet menggunakan k-means clustering dan
horizontal partitioning |
publisher |
[Yogyakarta] : Universitas Gadjah Mada |
publishDate |
2014 |
url |
https://repository.ugm.ac.id/129514/ http://etd.ugm.ac.id/index.php?mod=penelitian_detail&sub=PenelitianDetail&act=view&typ=html&buku_id=69906 |
_version_ |
1681232986570227712 |