Dandy Pramana Hostiadi, Roy Rudolf Huizen, Lilis Yuningsih, Ni Luh Putri Srinadi, I. Made Darma Susila
{"title":"Port Session Communication Analysis Using Density-Based Clustering For Host Anomaly and Risk Activity Analysis","authors":"Dandy Pramana Hostiadi, Roy Rudolf Huizen, Lilis Yuningsih, Ni Luh Putri Srinadi, I. Made Darma Susila","doi":"10.1109/ICoSTA48221.2020.1570613749","DOIUrl":null,"url":null,"abstract":"Supervision of anomaly activities is very important to do in the network because it could be indicated as malicious activities. Network communication sessions are described in the form of port addressing communication or referred to as port address. In some digital crime events, they are using the port address to do dangerous actions on the network such as DDoS, Probing, R2L, and U2L activities. The grouping model of host activities on the network can utilize clustering theory, namely the neighborhood approach, or refer to as density based. By measuring the proximity of the two activities will be able to group the communication session data distribution from the host and map communication activities based on port access into normal or abnormal activities state. In this research, a new model to analyze port session communication using a density measurement approach to detect anomalous activities was proposed. The result shown that the proposed model can detect a cluster of the status an anomaly, which has more than eighty percent indicates high-risk activity. The proposed model is expected to be able to help network administrators to make decisions or actions from activities that are anomaly and dangerous.","PeriodicalId":375166,"journal":{"name":"2020 International Conference on Smart Technology and Applications (ICoSTA)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 International Conference on Smart Technology and Applications (ICoSTA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICoSTA48221.2020.1570613749","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Supervision of anomaly activities is very important to do in the network because it could be indicated as malicious activities. Network communication sessions are described in the form of port addressing communication or referred to as port address. In some digital crime events, they are using the port address to do dangerous actions on the network such as DDoS, Probing, R2L, and U2L activities. The grouping model of host activities on the network can utilize clustering theory, namely the neighborhood approach, or refer to as density based. By measuring the proximity of the two activities will be able to group the communication session data distribution from the host and map communication activities based on port access into normal or abnormal activities state. In this research, a new model to analyze port session communication using a density measurement approach to detect anomalous activities was proposed. The result shown that the proposed model can detect a cluster of the status an anomaly, which has more than eighty percent indicates high-risk activity. The proposed model is expected to be able to help network administrators to make decisions or actions from activities that are anomaly and dangerous.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
