Wijaya, Apta Rasendriya (2025) Pelatihan Kontinu Model Deteksi Intrusi Berbasis Jaringan Menggunakan Recurrent Neural Network (RNN). Other thesis, Institut Teknologi Sepuluh Nopember.
![[thumbnail of 5025211139-Undergraduate_Thesis.pdf]](http://repository.its.ac.id/style/images/fileicons/text.png) |
Text
5025211139-Undergraduate_Thesis.pdf Restricted to Repository staff only Download (8MB) | Request a copy |
Abstract
Peningkatan konektivitas jaringan diera digital membawa tantangan besar dalam bidang keamanan siber, terutama terkait serangan intrusi yang semakin kompleks dan dinamis. Salah satu tantangan utama dalam mendeteksi intrusi jaringan adalah concept drift, yaitu perubahan distribusi data seiring waktu yang dapat menurunkan akurasi model deteksi. Penelitian ini mengkaji penerapan model Long Short-Term Memory (LSTM), salah satu varian RNN, dalam mendeteksi anomali pada protokol jaringan FTP, HTTP, dan SMTP, dengan pendekatan unsupervised learning berbasis analisis payload. Eksperimen dilakukan dengan menggunakan dua dataset yaitu, UNSW-NB15 sebagai control dan CIC-IDS2017 sebagai treatment, melalui empat skenario pelatihan, termasuk skenario pelatihan gabungan dan continuous retraining berbasis deteksi perubahan distribusi data dengan uji Kolmogorov–Smirnov (KS-Test). Hasil penelitian menunjukkan bahwa model LSTM sangat kesulitan dalam menjaga konsistensi performa model terhadap perubahan distribusi data yang berlangsung secara dinamis, khususnya pada protokol HTTP, dengan penurunan detection rate dari 0.98 menjadi 0.055, F2-score dari 0.98 menjadi 0.065, serta peningkatan false positive rate dari 2% menjadi 100%. Sementara pada protokol FTP, performa relatif lebih stabil dengan F2-score berkisar antara 0.3 hingga 0.5. Selain itu, metode deteksi distribusi menggunakan KS-Test (p-value ≤ 0.05) terbukti tidak selaras dengan penurunan performa model, sehingga kurang efektif untuk menjaga kinerja jangka panjang tanpa mempertimbangkan kualitas dan konsistensi data retraining.
==================================================================================================================================
The increasing network connectivity in the digital era presents significant challenges in the field of cybersecurity, particularly with the growing complexity and dynamism of intrusion attacks. One of the key challenges in network intrusion detection is concept drift, which refers to the shift in data distribution over time that can degrade the accuracy of detection models. This study investigates the application of the Long Short-Term Memory (LSTM) model, a variant of RNN, for detecting anomalies in FTP, HTTP, and SMTP network protocols, using an unsupervised learning approach based on payload analysis. Experiments were conducted using two datasets: UNSW-NB15 as the control and CIC-IDS2017 as the treatment, across four training scenarios, including combined training and continuous retraining based on detecting data distribution shifts using the Kolmogorov–Smirnov (KS) test. The results show that the LSTM model experienced significant difficulty in maintaining consistent performance in response to evolving data distributions, particularly on the HTTP protocol, with a drop in detection rate from 0.98 to 0.055, F2-score from 0.98 to 0.065, and an increase in false positive rate from 2% to 100%. Meanwhile, the FTP protocol demonstrated relatively better stability, with F2-scores ranging from 0.3 to 0.5. Moreover, distribution shift detection using the KS test (p-value ≤ 0.05) proved misaligned with the actual model performance degradation, indicating it is not sufficiently effective for maintaining long-term performance without considering the quality and consistency of retraining data.
| Item Type: | Thesis (Other) |
|---|---|
| Uncontrolled Keywords: | NIDS, Deep Learning, RNN, Distribution Shift, Retraining |
| Subjects: | Q Science > Q Science (General) > Q325.5 Machine learning. Support vector machines. Q Science > Q Science (General) > Q337.5 Pattern recognition systems T Technology > T Technology (General) > T57.5 Data Processing |
| Divisions: | Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Informatics Engineering > 55201-(S1) Undergraduate Thesis |
| Depositing User: | Apta Rasendriya Wijaya |
| Date Deposited: | 18 Jul 2025 03:01 |
| Last Modified: | 18 Jul 2025 03:02 |
| URI: | http://repository.its.ac.id/id/eprint/119979 |
Actions (login required)
 |
View Item |