| Summary: | Data stored in the agencies is very potential to be infected with the threats.
Department of Electrical Engineering and Information Technology (JTETI) is an
institution which has a local area network, with a wired or wireless medium.
Security systems have been built, but it does not rule out the possibility that the
network at JTETI will resistant to the threats. Given the importance of data in the
network in JTETI, conducted research related to the monitoring of existing network
security system.
This research is engaged as a networks security field, implementing Bayesian
Belief Network (BBN) as the method. BBN accommodate quantitative and
qualitative calculations that can be used to improve the accuracy of the assessment
of probability value (or possibility) of an IP address is a threat to the network. Input
from the calculation are the results of monitoring by Network Intrusion Detection
System (NIDS) installed at the back-end network and conducted in a period of time.
As for the qualitative part will be modeled using Directed Acyclic Graph (DAG).
After monitoring, it was found that the incoming attack can divided into four
categories, namely: TCP attacks, UDP attacks, ICMP attacks, and Portscanning.
For modeling using BBN, Eight supporting variables are made as a results given
by the attack monitoring categories. These variables consist of 7 predictor
variables and 1 response variables. Threshold determined that an IP address is a
threat positive that its generate ThreatPositive values above 0.6. After doing
modeling and calculations, it was found that the variable Portscanning and Ping
are the most influential variable on the status of threats of an IP Address. When
Portscanning or Ping is not enabled (or their evidence on the variable state is not
observed) the probability value of a ThreatPositive state of IP addresses is below
the threat�s threshold (0.6).
Keywords: Network Security, threats, NIDS, Bayesian Belief Network
|
|---|