Budi Rahardjo

Traffic anomaly detection in DDos flooding attack

Researches have been conducted to overcome Distributed Denial of Service (DDoS) flooding attack. Beside the use of signature based detection, anomaly based detection is also used to detect the attack. Several methods such as statistic, information theory, data mining and forecasting have been proposed. In several researches, they just focused to detect the traffic anomaly, but not to recognize the types of anomaly that were detected such as flashcrowd, types of botnet, types of DDoS, and prevention action. In this paper we categorize anomaly traffic detection system based on process and capability focus. Anomaly detection system process including traffic features, preprocessing, and detection process. Capability focus based on each main research problem to be solved, there are detectingonly anomaly, types of anomaly, and prevention system that include process to overcome the attack. At the end of paper, we provide overview of research direction and opportunities that may be done in future research.

Composite field multiplier based on look-up table for elliptic curve cryptography implementation

In this work we propose the use of composite field to implement finite field multiplication, which will be use in ECC implementation. We use 299-bit keylength and GF((213)23) is used instead of GF(2299). Composite field multiplier can be implemented using conventional multiplication operation or using LUT (Look-Up Table). In this paper, LUT is used for multiplication in ground field and Karatsuba Offman Algorithm for the extension field multiplication. A generic architecture for the multiplier is presented. Implementation is done with VHDL with the target device Altera DE -2.

Designing an agile enterprise architecture for mining company by using TOGAF framework

The role of ICT in the organization will continue to experience growth in line with business growth. However, in reality, there is a gap between ICT initiatives with the development (needs) of company business that is caused by yet inadequate of ICT strategic alignment. Therefore this study was conducted with the aim to create an agile enterprise architecture model rules, particularly in mining company, by using TOGAF framework. The results from the design development phase of the mining enterprise architecture meta model represents the domain of business, applications, data, and technology. The results of the design as a whole were analyzed from four perspectives, namely the perspective of contextual, conceptual, logical and physical. In the end, the quality assessment of the mining enterprise architecture is conducted to assess the suitability of the design standards and architectural principles.

Time based anomaly detection using residual polynomial fitting on aggregate traffic statistic

Flashcrowd and Distributed Denial of Service (DDoS) almost has similar symptom across network and server. But security element such Intrusion Detection System (IDS) must handle both differently. If IDS cannot differentiate flashcrowd and DDoS attack, Quality of Service of legal user traffic in flashcrowd will degraded. So it is important for IDS to differentiate between flashcrowd and DDoS. Many earlier comparison method could sense the anomalous event, but not pay much attention to identify which flow was the anomaly. We presented residual calculation between windowed aggregate traffic statistical value combination. With residual calculation among statistical percentile 10th and mean, a high accuracy of flashcrowd and DDoS differentiation of synthetic anomalous event gained. This method could directly identify the anomalous flow and perform visual analysis to detect the start to end of both event.

Web application for Jigsaw-based cooperative learning

This paper describes an applications for supporting the cooperative learning by applying the Jigsaw method. Cooperative learning is the process which people gather in groups to teach each other what they know and understand. One of the famous method of cooperative learning is Jigsaw. But, using Jigsaw method need much time, hard to divide students into some groups and evaluation the learning process is not easy. We build a system that allows to help teachers support the cooperative learning process. In this paper we propose the cooperative learning tool that can help the teacher to grouping the students automatically, and help the teacher to evaluate the learning process.

On applicability of chaos game method for block cipher randomness analysis

Block cipher can be considered as a random permutation function which maps a set of plaintext character P to a set of ciphertext character C. Block cipher is designed in a way that the effort to distinguish it from a random permutation function will be very difficult or computationally infeasible. It this paper, block cipher randomness analysis is performed by using chaos game method. The method treats block cipher as a mapping function of a discrete time dynamical system. The system is used to generate a random sequence. Next, chaos game method analyzes the sequesnce in order to reveal its characteristics or regularities. The applicability of the method to reveal some characteristics of a block cipher is verified by using it for comparing the randomness of three-round and four-round SPN-network and distinguishing them from each other. So, the method can role as a distinguisher.

Attribute Selection Based on Information Gain for Automatic Grouping Student System

Cooperative learning is an approach of learning process together in small groups to solve problems together. Cooperative learning can enhance students’ ability higher than individual learning. One of the key that can affect the success of cooperative learning is formation. Heterogeneity in cooperative learning can improve cognitive performance. The problem is hard and need long time to determine students into an appropriate group. A student has many attributes that defined their characteristics from academic factor and non - academic factor, such as motivation in learning, self-interest, learning styles, friends, gender, age, educational background of parents, and other explanation of the uniqueness. The purpose of this study is to determine what is the most influential attribute in grouping process by calculate the information gain of each attributes. Then, we can reduce some attributes. The result of the experiment that the most influential and relevant attribute in the process of formating a group is learning style.

Implementation of Pollard Rho attack on elliptic curve cryptography over binary fields

Elliptic Curve Cryptography (ECC) is a public key cryptosystem with a security level determined by discrete logarithm problem called Elliptic Curve Discrete Logarithm Problem (ECDLP). John M. Pollard proposed an algorithm for discrete logarithm problem based on Monte Carlo method and known as Pollard Rho algorithm. The best current brute-force attack for ECC is Pollard Rho algorithm. In this research we implement modified Pollard Rho algorithm on ECC over GF (241). As the result, the runtime of Pollard Rho algorithm increases exponentially with the increase of the ECC key length. This work also presents the estimated runtime of Pollard Rho attack on ECC over longer bits.

Information Concealment Through Noise Addition

Abstract A novel method of concealing information is proposed. Encrypted data is mixed with noise to add the security. The cost of an attack increases linearly with the size of the added noise. Since generating noise is cheap, the size of noise can be as large as possible. However, there are issues in automatically detecting and separating noise in the intended recipient end. This stegocrypto method also provides protection from traffic analysis attack.

Distributed intrusion detection system using cooperative agent based on ant colony clustering

Intrusion detection system (IDS) is another layer of protection as an important technology in information security. There are two major problems in the development of IDS, the algorithmic aspect of detection (computational), and aspects of the communication between components of detection (architectural). Computational problems including the ability of the novel-attack detection using ant colony clustering (ACC) is still lacking, large data traffic and computation overload. Architectural problems including the difficulty to overcome distributed and coordinated attacks, because it requires large amounts of distributed information, thus requiring synchronization between detection components of scattered information anyway. This paper proposes the multiagent architecture that implements distributed IDS based on ACC to recognize a new and coordinated attack, and the movement of large data handling, synchronization capabilities, the ability of cooperation between components without the presence of centralized computing components, good detection performance in real-time to turn on warning alarm.