Deteksi Trafik Anomali Berdasarkan Pola Trafik Menggunakan Isolation Forest
DOI:
https://doi.org/10.55537/cosmic.v2i2.1188Kata Kunci:
Deteksi Anomali, Trafik Jaringan, Isolation Forest, LUFlowAbstrak
Peningkatan kompleksitas trafik jaringan di era digital menimbulkan tantangan dalam mendeteksi aktivitas anomali yang berpotensi membahayakan sistem. Penelitian ini mengusulkan pemanfaatan algoritma Isolation Forest sebagai metode deteksi anomali berbasis unsupervised learning untuk mengidentifikasi pola trafik yang menyimpang dari perilaku normal. Dataset yang digunakan adalah LUFlow, yaitu kumpulan data flow-level yang merepresentasikan trafik jaringan nyata yang telah dilabeli sebagai benign, malicious, dan outlier. Tahapan penelitian meliputi preprocessing data, standarisasi fitur, pelatihan model, visualisasi hasil, dan evaluasi performa menggunakan metrik confusion matrix, precision, recall, dan F1-score. Hasil eksperimen menunjukkan bahwa model berhasil mengidentifikasi trafik menyimpang dengan akurasi deteksi terhadap outlier sebesar 49%, namun belum efektif dalam mendeteksi serangan bot secara eksplisit. Visualisasi scatter plot memperkuat bahwa anomali terdistribusi jauh dari klaster trafik normal. Penelitian ini menegaskan potensi Isolation Forest dalam deteksi trafik anomali berbasis statistik, dan membuka peluang integrasi metode lanjutan seperti autoencoder atau graph learning untuk meningkatkan sensitivitas deteksi.
Unduhan
Referensi
[1] Y. Feng et al., “An improved X-means and isolation forest based methodology for network traffic anomaly detection,” PLoS One, vol. 17, no. 1, p. e0263423, Jan. 2022, doi: 10.1371/journal.pone.0263423.
[2] R. Ardiansyah, L. Sunardi, and Martadinata A, “IMPLEMENTASI METODE ISOLATION FOREST UNTUK DETEKSI ANOMALI DALAM DATA JARINGAN,” Universitas Bina Insan Lubuklinggau, vol. 4, pp. 208–216, 2025, Accessed: Jun. 13, 2025. [Online]. Available: https://semnas.univbinainsan.ac.id/index.php/escaf/article/view/851
[3] A. Kharitonov, A. Nahhas, M. Pohl, and K. Turowski, “Comparative analysis of machine learning models for anomaly detection in manufacturing,” in Procedia Computer Science, Elsevier B.V., 2022, pp. 1288–1297. doi: 10.1016/j.procs.2022.01.330.
[4] Milka Wijayanti Sunarto, Dendy Kurniawan, Edy Siswanto, and Haris Ihsanil Huda, “Deteksi Anomali Menggunakan Extended Isolation Forest (Eif),” Teknik: Jurnal Ilmu Teknik dan Informatika, vol. 1, no. 2, pp. 96–111, May 2023, doi: 10.51903/teknik.v1i2.324.
[5] M. V. Mahoney, “Network traffic anomaly detection based on packet bytes,” in Proceedings of the 2003 ACM symposium on Applied computing, New York, NY, USA: ACM, Mar. 2003, pp. 346–350. doi: 10.1145/952532.952601.
[6] M. Mutmainah and W. Yustanti, “Studi Komparasi Local Outlier Factor (LOF) dan Isolation Forest (IF) pada Analisis Anomali Kinerja Dosen,” Journal of Informatics and Computer Science (JINACS), vol. 6, no. 02, pp. 532–540, Jul. 2024, doi: 10.26740/jinacs.v6n02.p532-540.
[7] R. Alsini, A. Almakrab, A. Ibrahim, and X. Ma, “Improving the outlier detection method in concrete mix design by combining the isolation forest and local outlier factor,” Constr Build Mater, vol. 270, p. 121396, Feb. 2021, doi: 10.1016/j.conbuildmat.2020.121396.
[8] N. Al Khater and R. E. Overill, “Network traffic classification techniques and challenges,” in 2015 Tenth International Conference on Digital Information Management (ICDIM), IEEE, Oct. 2015, pp. 43–48. doi: 10.1109/ICDIM.2015.7381869.
[9] G. Nychis, V. Sekar, D. G. Andersen, H. Kim, and H. Zhang, “An empirical evaluation of entropy-based traffic anomaly detection,” in Proceedings of the 8th ACM SIGCOMM conference on Internet measurement, New York, NY, USA: ACM, Oct. 2008, pp. 151–156. doi: 10.1145/1452520.1452539.
[10] A. S. Shukla and R. Maurya, “Entropy-Based Anomaly Detection in a Network,” Wirel Pers Commun, vol. 99, no. 4, pp. 1487–1501, Apr. 2018, doi: 10.1007/s11277-018-5288-2.
[11] S. A. Elsaid and A. Binbusayyis, “An optimized isolation forest based intrusion detection system for heterogeneous and streaming data in the industrial Internet of Things (IIoT) networks,” Discover Applied Sciences, vol. 6, no. 9, p. 483, Sep. 2024, doi: 10.1007/s42452-024-06165-w.
[12] Z. Ding and M. Fei, “An Anomaly Detection Approach Based on Isolation Forest Algorithm for Streaming Data using Sliding Window,” IFAC Proceedings Volumes, vol. 46, no. 20, pp. 12–17, 2013, doi: 10.3182/20130902-3-CN-3020.00044.
[13] D. Kwon, H. Kim, J. Kim, S. C. Suh, I. Kim, and K. J. Kim, “A survey of deep learning-based network anomaly detection,” Cluster Comput, vol. 22, no. S1, pp. 949–961, Jan. 2019, doi: 10.1007/s10586-017-1117-8.
[14] H. Xu, G. Pang, Y. Wang, and Y. Wang, “Deep Isolation Forest for Anomaly Detection,” IEEE Trans Knowl Data Eng, vol. 35, no. 12, pp. 12591–12604, Dec. 2023, doi: 10.1109/TKDE.2023.3270293.
[15] X. Chun-Hui, S. Chen, B. Cong-Xiao, and L. Xing, “Anomaly Detection in Network Management System Based on Isolation Forest,” in 2018 4th Annual International Conference on Network and Information Systems for Computers (ICNISC), IEEE, Apr. 2018, pp. 56–60. doi: 10.1109/ICNISC.2018.00019.
[16] M. U. Togbe et al., “Anomaly Detection for Data Streams Based on Isolation Forest Using Scikit-Multiflow,” 2020, pp. 15–30. doi: 10.1007/978-3-030-58811-3_2.
[17] Z. Yang et al., “A systematic literature review of methods and datasets for anomaly-based network intrusion detection,” Comput Secur, vol. 116, p. 102675, May 2022, doi: 10.1016/j.cose.2022.102675.
[18] W. Wu, J. Alvarez, C. Liu, and H.-M. Sun, “Bot detection using unsupervised machine learning,” Microsystem Technologies, vol. 24, no. 1, pp. 209–217, Jan. 2018, doi: 10.1007/s00542-016-3237-0.
[19] LUFlow Network Intrusion Detection Data Set, https://www.kaggle.com/datasets/mryanm/luflow-network-intrusion-detection-data-set?resource=download&select=2022
Unduhan
Diterbitkan
Cara Mengutip
Terbitan
Bagian
Lisensi
Hak Cipta (c) 2025 Muhammad 'Azam Al-Akbar, Ardan Pratama Yuliano, Agil Naufal Al Habib Gurning; Hesmi Aria Yanti
Artikel ini berlisensiCreative Commons Attribution-ShareAlike 4.0 International License.
