Talasari, Resky Ayu Dewi (2025) Identifikasi Normality Shift dalam Deteksi Anomali dengan Pendekatan Uji Distribusi. Masters thesis, Institut Teknologi Sepuluh Nopember.
![[thumbnail of 6025231019-Master_Thesis.pdf]](http://repository.its.ac.id/style/images/fileicons/text.png) |
Text
6025231019-Master_Thesis.pdf Restricted to Repository staff only until 1 April 2027. Download (3MB) | Request a copy |
Abstract
Seiring dengan pesatnya perkembangan teknologi jaringan dan internet, serta meningkatnya ancaman yang beragam dan sulit dideteksi, deteksi anomali menjadi sangat penting, event logs dapat digunakan untuk mencatat setiap aktivitas yang terjadi dan digunakan untuk mendeteksi anomali. Salah satu pendekatan untuk mendeteksi anomali pada event logs adalah berbasis rekonstruksi menggunakan deep learning dengan mempelajari pola normal data, namun tantangannya terletak pada normality shift, yaitu perubahan pola normal data yang dipelajari model. Penelitian ini berfokus pada deteksi normality shift dalam data Windows Event Logs dan Sysmon, menggunakan uji distribusi Jensen Shannon Divergence (JSD) dan Hellinger Distance (HD), hasil penelitian menunjukkan bahwa HD mampu mendeteksi distribution shift dengan baik pada skenario distribution shift kecil dan besar. Proses filtering data dapat mempengaruhi kinerja model deteksi anomali pada skenario distribution shift kecil dengan peningkatan 66% pada precision, 63% pada recall, 40% pada f1-Score dan AUC Score. Namun, model deteksi anomali tidak mampu menghadapi skenario distribution shift besar dengan penurunan performa pada precision, recall, f1-score, dan AUC score. Karena proses filtering data yaitu proses mengidentifikasi data treatment yang berada dalam rentang batas atas dan bawah data control sebagai normal sehingga membuat model deteksi anomali bergantung pada pola normalitas awal pada data control (data training).
=================================================================================================================================
Along with the rapid development of network and internet technology, as well as the increase in diverse and difficult-to-detect threats, anomaly detection is very important, event logs can be used to record every activity that occurs and used to detect anomalies. One approach to detect anomalies in event logs is reconstruction-based using deep learning by learning the normal pattern of the data, but the challenge lies in normality shift, which is the change in the normal pattern of the data that the model learns. This research focuses on normality shift detection in Windows Event Logs and Sysmon data, using Jensen Shannon Divergence (JSD) and Hellinger Distance (HD) distribution tests, the results show that HD is able to detect distribution shifts well in small and large distribution shift scenarios. The data filtering process can affect the performance of the anomaly detection model in the small distribution shift scenario with an increase of 66% in precision, 63% in recall, 40% in f1-Score and AUC Score.
However, the anomaly detection model is not able to deal with large distribution shift scenarios with decreased performance in precision, recall, f1-score, and AUC score. Due to the data filtering process, which is the process of identifying treatment data that is within the upper and lower limits of the control data as normal, the anomaly detection model depends on the initial normality pattern in the control data (training data).
| Item Type: | Thesis (Masters) |
|---|---|
| Uncontrolled Keywords: | Anomaly detection, Hellinger Distance, Jensen Shannon Divergence, Kullback Leibler Divergence, Network security, Normality shift,Deteksi anomali, Hellinger Distance, Jensen Shannon Divergence, Keamanan jaringan, Kullback Leibler Divergence, Normality shift. |
| Subjects: | T Technology > T Technology (General) > T57.5 Data Processing T Technology > T Technology (General) > T57.62 Simulation T Technology > T Technology (General) > T57.8 Nonlinear programming. Support vector machine. Wavelets. Hidden Markov models. |
| Divisions: | Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Informatics Engineering > 55001-(S3) PhD Thesis (Comp Science) |
| Depositing User: | Resky Ayu Dewi Talasari |
| Date Deposited: | 23 Jan 2025 06:10 |
| Last Modified: | 23 Jan 2025 06:10 |
| URI: | http://repository.its.ac.id/id/eprint/116720 |
Actions (login required)
 |
View Item |