Perancangan Dan Implementasi Ai-Based Ids Menggunakan Deep Learning Pada Sistem E-Health

Yudhiputra, TJioe Daniel Evan (2023) Perancangan Dan Implementasi Ai-Based Ids Menggunakan Deep Learning Pada Sistem E-Health. Other thesis, Institut Teknologi Sepuluh Nopember.

Text 05311940000016-Undergraduate_Thesis.pdf - Accepted Version Restricted to Repository staff only until 1 April 2023. Download (7MB) | Request a copy

Abstract

Belakangan ini serangan siber semakin marak terjadi, dan menyerang berbagai sektor, termasuk sektor kesehatan. Sektor kesehatan saat ini telah memanfaatkan teknologi informasi sebagai penunjang layanannya, seperti layanan e-Health, yang ternyata tidak luput dari serangan siber. Hal ini tentu mendorong pengelola sistem untuk mengamankan sistem miliknya, salah satunya dengan menggunakan intrusion detection system (IDS). IDS yang ada saat ini bekerja dengan membandingkan data dari traffic yang ada dengan data normal maupun serangan yang dimilikinya. Jika data dari traffic tersebut memiliki pola-pola serangan, maka IDS akan memberikan peringatan kepada pengelola sistem. Namun, metode ini memiliki kelemahan, yakni data yang dimiliki oleh IDS harus selalu diperbaharui agar IDS dapat mendeteksi serangan terbaru. Apabila pengelola sistem lalai, maka kemungkinan besar IDS tidak akan mampu mendeteksi serangan terbaru. Oleh sebab itu, dalam penelitian ini diajukan sebuah IDS yang dapat mendeteksi serangan menggunakan deep learning. Penggunaan deep learning ini didasari pada kemampuannya untuk menemukan pola-pola dalam sebuah data, sehingga dapat membantu dalam mendeteksi serangan yang belum pernah ditemui sebelumnya. Algoritma yang digunakan dalam IDS ajuan adalah 1D-CNN. Apabila ditinjau dari segi arsitektur, IDS ajuan memiliki dua bagian utama, yakni packet sniffer, dan AI-IDS. Packet sniffer berfungsi untuk menangkap data pada traffic, dan menyimpannya pada database. Kemudian AI-IDS akan membaca data dari database serta melakukan packet reassembly, ekstraksi informasi, prediksi AI, memberikan peringatan ketika terdeteksi adanya serangan, dan membuat log file. Log file yang dihasilkan memiliki format CSV, hal ini untuk memudahkan proses selanjutnya, karena data telah terpartisi. Dalam proses training, model CNN yang diajukan mendapatkan skor akurasi 98,049%; presisi 99,004%; recall 96,987%; dan F1-Score 97,985%. Guna menguji performa dari IDS ajuan, dibuatlah sebuah sistem pengujian yang mengacu pada sistem e-Health ajuan dari penelitian terdahulu. Pada sistem tersebut akan dipasang IDS ajuan dan Snort IDS (pembanding). Dari hasil pengujian dengan serangan obfuscated didapati IDS ajuan mendapatkan skor terbaik dengan akurasi 98,461%, presisi 100%, recall 98,181%, dan F1-Score 99,082%. Sedangkan, dalam pengujian dengan serangan yang tidak melalui obfuscated, didapati bahwa Snort IDS mendapatkan hasil terbaik dengan skor akurasi 100%, 100%, dan 94%. Dalam pengujian lebih lanjut, IDS ajuan terbukti mampu mendeteksi serangan baru, yakni JSON-Based SQL Injection. Didapati pula, bahwa penggunaan mesin dengan spesifikasi lebih tinggi mampu meningkatkan performa IDS ajuan yang menjadikannya mampu menangkap 403 lebih banyak paket, melakukan 699 lebih banyak prediksi, mengekstrak 1.408 lebih banyak informasi, dan meningkatkan kecepatan deteksi dari 0,082 ke 0,069 detik
=====================================================================================================================================
Recently, cyber attacks have become increasingly widespread, and have attacked various sectors, including the health sector. The health sector is currently utilizing information technology to support its services, such as e-Health services, which are not immune from cyber attacks. This certainly encourages system managers to secure their systems, one of which is by using an intrusion detection system (IDS). The current IDS works by comparing data from existing traffic with normal data and attacks it has. If the data from the traffic has attack patterns, the IDS will give a warning to the system manager. However, this method has a weakness, namely the data owned by IDS must always be updated so that IDS can detect the latest attacks. If the system administrator is negligent, it is highly likely that the IDS will not be able to detect the latest attacks. Therefore, this research proposes an IDS that can detect attacks using deep learning. The use of deep learning is based on its ability to find patterns in data, so it can help detect attacks that have never been encountered before. The algorithm used in the proposed IDS is 1D-CNN. When viewed from an architectural perspective, the proposed IDS has two main parts, namely the packet sniffer and AI-IDS. Packet sniffer functions to capture data on traffic, and store it in the database. Then AI-IDS will read data from the database and perform packet reassembly, information extraction, AI predictions, provide warnings when an attack is detected, and create a log file. The resulting log file has a CSV format, this is to facilitate the next process, because the data has been partitioned. In the training process, the proposed CNN model obtained an accuracy score of 98.049%; precision 99.004%; recalls 96.987%; and F1-Score 97.985%. In order to test the performance of the proposed IDS, a test system was created that refers to the proposed e-Health system from previous studies. The proposed IDS and Snort IDS (comparison) will be installed on the system. From the test results with obfuscated attacks, it was found that the proposed IDS got the best score with 98.461% accuracy, 100% precision, 98.181% recall, and 99.082% F1-Score. Meanwhile, in testing with non-obfuscated attacks, it was found that Snort IDS got the best results with accuracy scores of 100%, 100% and 94%. In further testing, the proposed IDS proved capable of detecting a new attack, namely JSON-Based SQL Injection. It was also found that the use of machines with higher specifications was able to improve the performance of the proposed IDS which made it capable of capturing 403 more packets, performing 699 more predictions, extracting 1,408 more information, and increasing the detection speed from 0.082 to 0.069 seconds

Item Type:	Thesis (Other)
Uncontrolled Keywords:	Intrusion Detection System, Convolutional Neural Network, Keamanan Siber, Cyber Security
Subjects:	Q Science > QA Mathematics > QA76.87 Neural networks (Computer Science) Q Science > QA Mathematics > QA76.9.A25 Computer security. Digital forensic. Data encryption (Computer science)
Divisions:	Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Information Technology > 59201-(S1) Undergraduate Thesis
Depositing User:	Tjioe Daniel Evan Yudhiputra
Date Deposited:	30 Jan 2023 07:17
Last Modified:	30 Jan 2023 07:20
URI:	http://repository.its.ac.id/id/eprint/95786

Actions (login required)

View Item