Sistem Deteksi Botnet Terdistribusi pada Jaringan Komputer

Putra, M. Aidiel Rachman (2025) Sistem Deteksi Botnet Terdistribusi pada Jaringan Komputer. Doctoral thesis, Institute Teknologi Sepuluh Nopember.

Text 7025222007-Doctoral.pdf - Accepted Version Restricted to Repository staff only Download (7MB) | Request a copy

Abstract

Botnet merupakan sekumpulan perangkat yang telah terinfeksi malware sehingga dapat dikendalikan secara jarak jauh dan membentuk jaringan yang saling terhubung. Keberadaan botnet menjadi ancaman serius bagi keamanan jaringan komputer karena kemampuannya untuk menyamarkan aktivitas berbahaya di balik lalu lintas jaringan yang tampak sah, serta perkembangannya yang semakin kompleks. Secara arsitektur komunikasi, botnet berkembang dari struktur centralized menjadi decentralized. Dari sisi karakteristik serangan, pola serangan botnet turut berubah dari serangan sporadis dan periodik menjadi serangan simultan yang dilakukan secara bersamaan melalui banyak perangkat terinfeksi. Pola ini menyebabkan serangan menjadi lebih sulit dideteksi dan dilacak. Berbagai penelitian sebelumnya telah mengusulkan model deteksi botnet dengan fokus utama pada identifikasi aktivitas serangan. Sementara itu deteksi aktivitas serangan belum menyelesaikan masalah karena akar dari masalah serangan masih dapat menginfeksi dan memanfaatkan bot lain untuk menyerang. Oleh karena itu, dibutuhkan pendekatan yang mampu menelusuri dan mengidentifikasi hubungan antara perangkat-perangkat penyerang dalam jaringan yang sama, serta menemukan hubungan antara serangan tersebut. Penelitian ini bertujuan untuk mengembangkan model deteksi botnet terdistribusi yang tidak hanya mendeteksi aktivitas serangan, tetapi juga menganalisis hubungan antar serangan untuk menemukan akar permasalahan. Pendekatan yang digunakan melibatkan sequential pattern mining untuk mengekstraksi pola sekuensial dari aktivitas serangan botnet, serta alert correlation untuk menghubungkan dan mengelompokkan peringatan serangan yang berasal dari sumber jaringan yang sama. Selain meningkatkan ketepatan deteksi serangan botnet simultan dan terdistribusi, pendekatan alert correlation juga mampu mengurangi tingkat false alarm dan alert spamming akibat deteksi berulang tanpa analisis hubungan antar serangan. Model dengan alert correlation dan sequential pattern mining dinilai dapat menyelesaikan banyak masalah, di antaranya dapat mendeteksi aktivitas botnet simultan yang menyerang secara terdistribusi, menemukan rantai serangan, hingga akar dari serangan. Hasil pengujian menunjukkan bahwa pendekatan sequential pattern mining memberikan performa yang optimal dalam mendeteksi pelaku serangan serta mengidentifikasi serangan botnet. Melalui pendekatan ini, inisiator serangan botnet juga berhasil diidentifikasi. Di sisi lain, pendekatan alert correlation terbukti mampu menurunkan tingkat false alarm tanpa mengorbankan sensitivitas model deteksi. Lebih lanjut kombinasi dua pendekatan tersebut memungkinkan analisis hubungan antara serangan secara menyeluruh, sehingga tidak hanya mendeteksi pelaku dan akar masalah serangan, tetapi juga mencegah terjadinya alert spamming. Temuan ini menegaskan bahwa integrasi kedua pendekatan tersebut mampu meningkatkan efektivitas sistem deteksi botnet secara signifikan. Selain itu dengan penerapan konsep alert correlation, network administrator dapat terbantu dalam menghadapi dan mengantisipasi serangan botnet yang terjadi.
==================================================================================================================================
A botnet refers to a group of devices that have been compromised by malware, allowing for remote control and the formation of an interconnected network. The presence of botnets represents a significant threat to computer network security because they can mask harmful activities within seemingly legitimate network traffic while continuing to grow. In their communication architecture, botnets have transformed from a centralized model to a decentralized one. Additionally, the patterns of botnet attacks have transformed from sporadic and periodic to simultaneous actions executed by numerous infected devices. This transformation complicates the detection and tracking of attacks. Previous research has focused largely on models for detecting attack activities within botnets. However, only focus in detecting these activities does not address the underlying issue, as the root causes of attacks can continue to infect additional devices and facilitate further malicious actions. Consequently, there is a need for an approach that traces and identifies the relationships among attacking devices within the same network while also revealing connections between various attacks. The aim of this research is to develop a botnet detection model that goes beyond merely detecting attack activities and focuses on analyzing the relationships between attacks to identify the root causes. The methodology involves the use of sequential pattern mining to extract patterns from botnet attack activities, alongside alert correlation to connect and group alerts that originate from the same source. This combination is designed to enhance the performance of detecting simultaneous and distributed botnet attacks while also reducing false alarms and alert spamming that arise from repeated detections without an analysis of attack relationships. Experiment results demonstrate that the sequential pattern mining approach offers optimal performance in identifying attackers and detecting botnet activities. Additionally, this method successfully identifies the initiators of botnet attacks. The alert correlation strategy has been effective in lowering false alarm rates without diminishing the detection model's sensitivity. Moreover, integrating these two approaches facilitates a comprehensive analysis of the relationships between attacks, enabling not only the detection of attackers and the identification of root causes but also the prevention of alert spamming. These findings confirm that the combination of sequential pattern mining and alert correlation significantly improves the efficacy of botnet detection systems. By implementing the concept of alert correlation, network administrators can be better equipped to address and anticipate botnet attacks.

Item Type:	Thesis (Doctoral)
Uncontrolled Keywords:	deteksi botnet, sistem deteksin intrusi, infrastruktur jaringan, keamanan jaringan; alert correlation, sequential pattern mining, botnet detection, intrusion detection system, network infrastructure, network security, alert correlation, sequential pattern mining
Subjects:	Q Science > Q Science (General) > Q337.5 Pattern recognition systems
Divisions:	Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Informatics Engineering > 55001-(S3) PhD Thesis (Comp Science)
Depositing User:	M. Aidiel Rachman Putra
Date Deposited:	05 Aug 2025 06:06
Last Modified:	11 Aug 2025 03:19
URI:	http://repository.its.ac.id/id/eprint/126708

Actions (login required)

View Item