Yudha Purwanto

Traffic anomaly detection in DDos flooding attack

Researches have been conducted to overcome Distributed Denial of Service (DDoS) flooding attack. Beside the use of signature based detection, anomaly based detection is also used to detect the attack. Several methods such as statistic, information theory, data mining and forecasting have been proposed. In several researches, they just focused to detect the traffic anomaly, but not to recognize the types of anomaly that were detected such as flashcrowd, types of botnet, types of DDoS, and prevention action. In this paper we categorize anomaly traffic detection system based on process and capability focus. Anomaly detection system process including traffic features, preprocessing, and detection process. Capability focus based on each main research problem to be solved, there are detectingonly anomaly, types of anomaly, and prevention system that include process to overcome the attack. At the end of paper, we provide overview of research direction and opportunities that may be done in future research.

Modified kleptodata for spying soft-input keystroke and location based on Android mobile device

Soft keyboard is perhaps the most common human input device on smartphone. This study designed and implemented a proof-of-concept soft keyboard keylogger in Android. The soft keyboard app was designed to have the capability to capture keystrokes from user and save it. It also can record the GPS location of user at the time of typing and sent it to a remote server. From our testing, the app was capable of recording the keystroke from user and their location. Since a keyboard app is normally used for typing message and email, filling confidential information, filling username and password, and so on, a soft keyboard application has the potential to be used for malicious activities.

Modified K-means algorithm using timestamp initialization in sliding window to detect anomaly traffic

Traffic anomalies that occur on the network usually make authorized users cannot access properly. That because by an increased number of users at a time or due to the attack of botnet to the network. This research purpose a method to detect there is anomaly traffic or not. This research used K-Means algorithm as the detection algorithm that modified on determination of the centroid and the cluster initialization, where the cluster initialization was used Timestamp Initialization as applied which in the determination of the centroid and the cluster based on the incoming data point. Expected modified K-Means using Timestamp Initialization can eliminate the determination of K-cluster that affect detection rate and false positive rate when using different K-cluster. This research also used windowing technique to obtain a better efficient process to detect anomaly traffic.

DDoS detection using modified K-means clustering with chain initialization over landmark window

Denial-of-service is a common form of network attack that affect user access right by preventing legitimate user from accessing certain information, thus giving great, disadvantage to the user and service provider. This paper present a method of denial-of-service detection using clustering technique with k-means algorithm which available to be modified and developed in many possible way. K-means algorithm used in this paper is modified using chain initialization over landmark window approach to process large amount of data and the result evaluated with detection rate, accuracy, and false positive rate. This method has been proven effective in detecting denial-of-service traffic using DARPA 98 dataset with satisfying result.

Integration of kleptoware as keyboard keylogger for input recorder using teensy USB development board

Operating a computer to perform everyday tasks is sure to require input devices. The common human interface devices for operating a computer are mouse and keyboard. It means that modifying input devices can be alternative way to do monitoring and logging activity from a user. A keylogger is able to do such functions, but various hardware and software keylogger on the market are easily detectable either physically or by antivirus software. Those limitations can be avoided by hiding a keylogger directly into the keyboard. This key logger is implemented using Teensy 2.0 USB development board, which differs between the PS/2 and USB variant. Results of analysis shows that the keylogger in undetectable physically and works correctly just like any normal keyboard. The drawbacks are reduced performance as in increasing delay between held keystrokes, key ghosting and key jamming.

Integration of autonomous sender for hidden log data on kleptoware for supporting physical penetration testing

Keylogger is a dangerous device that can capture all word that typed on the keyboard. There are two kinds of keylogger, it is hardware and software keylogger. It is very easy to detect them because both of them already listed as a malware. There are a lot of antivirus application that can detect software keylogger and for the hardware keylogger, it is easily can be seen if there is a strange thing that attached to our computer. Kleptoware is one of the solutions to hardware keylogger main problem. Another problem comes when we want to take all data had been capture on the device, we must take the keylogger first. This paper discuss about how to gain data from a kleptoware autonomously with client-server design on a local area network. Result in this paper shows that data must be send at least had same file size with the buffer that already determine first.

DDoS detection using CURE clustering algorithm with outlier removal clustering for handling outliers

DoS (Denial of Service) and DDoS (Distributed Denial of Service) is an anomalous traffic phenomena that is need serious attention. In the previous research has already been discussed on traffic anomaly detection based on clustering, with a hierarchical clustering algorithm method. In this paper, we introduce a method of network traffic anomaly (DDoS) detection using modernization of the traditional hierarchical clustering algorithm that is CURE clustering algorithm. CURE has advantages in the case of outliers. We modify the algorithm using outlier removal clustering (ORC) in terms of dealing with outliers. We apply the mechanism to detect and remove outliers from the specified clusters. We perform the outlier elimination scheme in two phase and do the removal at the point which detected as outlier. We also give an analysis and results of the proposed method.

A sliding window technique for covariance matrix to detect anomalies on stream traffic

Along with the development of technology at this era, the need of Internet access service as a media of communication is increasing. This increasing led to anomalies in network traffic. These anomalies, can occur because of a Distributed Denial of Service (DDoS) that deliberately. The impact of an anomaly is to make the user cannot access the Internet service. If left alone, these anomalies can be detrimental to a more parties, both in terms of users and providers of internet access services. Therefore, further research is needed to detect anomalies. The anomalies can be detected by using a covariance matrix. The amount of data that is tested by covariance matrix is often a bottleneck in time, to the use of sliding window to be able to cope with the large number of data. Upon obtainment covariance matrix, then the next step for anomaly detection method is using decision tree to determine the types of anomalies. The test results obtained by using homogeneous test and heterogeneous test is the obtainment of output types of anomalies, and the output can be calculated from the value of the accuracy in detecting (detection rate) and the value of detection errors (false positive rate). A great anomaly detection method able to detect anomalies with parameter values with a high detection rate and low false positive rate.