Behind the rapid development of the internet in today’s era, various types of crime are also targeting vital players in the internet industry. With many online crime types rampant, an antidote is also needed to suppress internet crime. Therefore, the researcher proposes a solution in the form of a Keris, namely the hypertext transfer protocol (HTTP) intrusion detection system (IDS) that runs on the server where our website is running. Keris works by detecting rampant intrusions that attack servers or websites. When an intrusion is detected, Keris will notify the system admin using the Keris Telegram chatbot or an alternative Keris mobile application with firebase cloud messaging (FCM) technology. The research was conducted by comparing the results of one-way delay (OWD) between Telegram Webhook and FCM with the help of the open web application security project (OWASP) zed attack proxy (ZAP) test tool. From the results of the tests, OWD against directory brute force attacks on Telegram Webhook for 0.72 seconds and on FCM for 0.44 seconds. In this case, FCM is more suitable for real-time notifications if we need a very responsive notification.
EFFECTIVE MALWARE DETECTION APPROACH BASED ON DEEP LEARNING IN CYBER-PHYSICAL...ijcsit
Cyber-physical Systems based on advanced networks interact with other networks through wireless
communication to enhance interoperability, dynamic mobility, and data supportability. The vast data is
managed through a cloud platform, vulnerable to cyber-attacks. It will threaten the customers in terms of
privacy and security as third-party users should authenticate the network. If it fails, it will create extensive
damage and threat to the established network and makes the hacker malfunction the network services
efficiently. This paper proposes a DL-based CPS approach to identify and mitigate the malware cyberphysical system attack of Denial of Service (DoS) and Distributed Denial of Service (DDoS) as it ensures
adequate decision support. At the same time, the trusted user nodes are connected to the network. It helps
to improve the privacy and authentication of the network by improving the data accuracy and Quality of
Service (QoS) in the network. Here the analysis is determined on the proposed system to improve the
network reliability and security compared to some of the existing SVM-based and Apriori-based detection
approaches.
Cyber-physical Systems based on advanced networks interact with other networks through wireless
communication to enhance interoperability, dynamic mobility, and data supportability. The vast data is
managed through a cloud platform, vulnerable to cyber-attacks. It will threaten the customers in terms of
privacy and security as third-party users should authenticate the network. If it fails, it will create extensive
damage and threat to the established network and makes the hacker malfunction the network services
efficiently. This paper proposes a DL-based CPS approach to identify and mitigate the malware cyber-
physical system attack of Denial of Service (DoS) and Distributed Denial of Service (DDoS) as it ensures
adequate decision support. At the same time, the trusted user nodes are connected to the network. It helps
to improve the privacy and authentication of the network by improving the data accuracy and Quality of
Service (QoS) in the network. Here the analysis is determined on the proposed system to improve the
network reliability and security compared to some of the existing SVM-based and Apriori-based detection
approaches.
Intrusion Detection System using Data MiningIRJET Journal
This document presents a proposed intrusion detection system using data mining techniques. It begins with an abstract that describes how internal intrusions are difficult to detect as internal users know the organization's information. It then discusses how anomaly detection can be used to create behavior profiles for each user and detect anomalous activities. The introduction provides background on intrusion detection systems and the need for more efficient and effective detection methods. It describes the proposed system which will use data mining techniques like k-means clustering to separate normal and abnormal network activities in order to detect internal attacks. It discusses the hardware and software requirements and specifications. Finally, it concludes that the proposed system can better detect anomalies in the network compared to other machine learning approaches.
Pattern Analysis and Signature Extraction for Intrusion Attacks on Web ServicesIJNSA Journal
The increasing popularity of web service technology is attracting hackers and attackers to hack the web services and the servers on which they run. Organizations are therefore facing the challenge of implementing adequate security for Web Services. A major threat is that of intruders which may maliciously try to access the data or services. The automated methods of signature extraction extract the binary pattern blindly resulting in more false positives. In this paper a semi automated approach is proposed to analyze the attacks and generate signatures for web services. For data collection, apart from the conventional SOAP data loggers, honeypots are also used that collect small data which is of high value. To filter out the most suspicious part of the data, SVM based classifier is employed to aid the system administrator. By applying an attack signature algorithm on the filtered data, a more balanced attack signature is extracted that results in fewer false positives and negatives. It helps the Security Administrator to identify the web services that are vulnerable or are attacked more frequently.
This document discusses network intrusion detection systems (NIDS) and their ability to handle high-speed traffic. It introduces NIDS and their role in monitoring network traffic. The document presents an experiment that tests the open-source NIDS Snort under high-volume traffic. The experiment shows that Snort drops more packets as traffic speed and volume increases, demonstrating a weakness of NIDS in high-speed environments. It suggests using a parallel NIDS technique to help NIDS better handle high-speed network traffic and reduce packet dropping.
This document proposes a machine learning approach using the Naive Bayes algorithm to detect distributed denial of service (DDoS) attacks through network intrusion detection. It first discusses the issues with existing intrusion detection systems, including long training times and low accuracy. It then summarizes research on applying various machine learning techniques like neural networks, decision trees, and Naive Bayes to intrusion detection. The proposed system would build a classifier using Naive Bayes, which provides faster training than other methods, to distinguish normal and attack traffic. This approach aims to improve upon the training time and detection accuracy of existing intrusion detection systems.
Defense mechanism for ddos attack through machine learningeSAT Journals
Abstract
There is a huge advancement in Computer networking in the past decade. But with the advancement, the threats to the computer networks are also increased. Today one of the biggest threats to the computer networks is the Distributed Denial of Service (DDoS) flooding attack. This paper emphasizes the application layer DDoS flooding attacks because these (layer seven) attacks are growing rapidly and becoming more severe problem. Many researchers used machine-learning techniques for intrusion detection, but some shows poor detection and some methods take more training time. From a survey, it is found that Naïve Bayes (NB) algorithm provides faster learning/training speed than other machine learning algorithms. Also it has more accuracy in classification and detection of attack. So we are proposing a network intrusion detection system (IDS) which uses a machine learning approach with the help of NB algorithm.
Keywords: DDoS (Distributed Denial of Service) flooding attack, Machine Learning, Naïve Bayes, Network Intrusion Detection
INTRUSION DETECTION SYSTEM USING CUSTOMIZED RULES FOR SNORTIJMIT JOURNAL
This document proposes an intrusion detection system using customized rules for the Snort tool to improve security. The system uses Wireshark to scan network traffic for anomalies, Snort to detect attacks using customized rulesets for faster response times, and Wazuh and Splunk to analyze log files. Rules are created using the Snorpy tool and added to Snort to monitor for specific attacks like ICMP ping impersonation and authentication attempts. When attacks are attempted, the system successfully detects them and logs the alerts. The integration of these tools provides low-cost intrusion detection capabilities with automated threat identification and faster response compared to existing Snort configurations.
EFFECTIVE MALWARE DETECTION APPROACH BASED ON DEEP LEARNING IN CYBER-PHYSICAL...ijcsit
Cyber-physical Systems based on advanced networks interact with other networks through wireless
communication to enhance interoperability, dynamic mobility, and data supportability. The vast data is
managed through a cloud platform, vulnerable to cyber-attacks. It will threaten the customers in terms of
privacy and security as third-party users should authenticate the network. If it fails, it will create extensive
damage and threat to the established network and makes the hacker malfunction the network services
efficiently. This paper proposes a DL-based CPS approach to identify and mitigate the malware cyberphysical system attack of Denial of Service (DoS) and Distributed Denial of Service (DDoS) as it ensures
adequate decision support. At the same time, the trusted user nodes are connected to the network. It helps
to improve the privacy and authentication of the network by improving the data accuracy and Quality of
Service (QoS) in the network. Here the analysis is determined on the proposed system to improve the
network reliability and security compared to some of the existing SVM-based and Apriori-based detection
approaches.
Cyber-physical Systems based on advanced networks interact with other networks through wireless
communication to enhance interoperability, dynamic mobility, and data supportability. The vast data is
managed through a cloud platform, vulnerable to cyber-attacks. It will threaten the customers in terms of
privacy and security as third-party users should authenticate the network. If it fails, it will create extensive
damage and threat to the established network and makes the hacker malfunction the network services
efficiently. This paper proposes a DL-based CPS approach to identify and mitigate the malware cyber-
physical system attack of Denial of Service (DoS) and Distributed Denial of Service (DDoS) as it ensures
adequate decision support. At the same time, the trusted user nodes are connected to the network. It helps
to improve the privacy and authentication of the network by improving the data accuracy and Quality of
Service (QoS) in the network. Here the analysis is determined on the proposed system to improve the
network reliability and security compared to some of the existing SVM-based and Apriori-based detection
approaches.
Intrusion Detection System using Data MiningIRJET Journal
This document presents a proposed intrusion detection system using data mining techniques. It begins with an abstract that describes how internal intrusions are difficult to detect as internal users know the organization's information. It then discusses how anomaly detection can be used to create behavior profiles for each user and detect anomalous activities. The introduction provides background on intrusion detection systems and the need for more efficient and effective detection methods. It describes the proposed system which will use data mining techniques like k-means clustering to separate normal and abnormal network activities in order to detect internal attacks. It discusses the hardware and software requirements and specifications. Finally, it concludes that the proposed system can better detect anomalies in the network compared to other machine learning approaches.
Pattern Analysis and Signature Extraction for Intrusion Attacks on Web ServicesIJNSA Journal
The increasing popularity of web service technology is attracting hackers and attackers to hack the web services and the servers on which they run. Organizations are therefore facing the challenge of implementing adequate security for Web Services. A major threat is that of intruders which may maliciously try to access the data or services. The automated methods of signature extraction extract the binary pattern blindly resulting in more false positives. In this paper a semi automated approach is proposed to analyze the attacks and generate signatures for web services. For data collection, apart from the conventional SOAP data loggers, honeypots are also used that collect small data which is of high value. To filter out the most suspicious part of the data, SVM based classifier is employed to aid the system administrator. By applying an attack signature algorithm on the filtered data, a more balanced attack signature is extracted that results in fewer false positives and negatives. It helps the Security Administrator to identify the web services that are vulnerable or are attacked more frequently.
This document discusses network intrusion detection systems (NIDS) and their ability to handle high-speed traffic. It introduces NIDS and their role in monitoring network traffic. The document presents an experiment that tests the open-source NIDS Snort under high-volume traffic. The experiment shows that Snort drops more packets as traffic speed and volume increases, demonstrating a weakness of NIDS in high-speed environments. It suggests using a parallel NIDS technique to help NIDS better handle high-speed network traffic and reduce packet dropping.
This document proposes a machine learning approach using the Naive Bayes algorithm to detect distributed denial of service (DDoS) attacks through network intrusion detection. It first discusses the issues with existing intrusion detection systems, including long training times and low accuracy. It then summarizes research on applying various machine learning techniques like neural networks, decision trees, and Naive Bayes to intrusion detection. The proposed system would build a classifier using Naive Bayes, which provides faster training than other methods, to distinguish normal and attack traffic. This approach aims to improve upon the training time and detection accuracy of existing intrusion detection systems.
Defense mechanism for ddos attack through machine learningeSAT Journals
Abstract
There is a huge advancement in Computer networking in the past decade. But with the advancement, the threats to the computer networks are also increased. Today one of the biggest threats to the computer networks is the Distributed Denial of Service (DDoS) flooding attack. This paper emphasizes the application layer DDoS flooding attacks because these (layer seven) attacks are growing rapidly and becoming more severe problem. Many researchers used machine-learning techniques for intrusion detection, but some shows poor detection and some methods take more training time. From a survey, it is found that Naïve Bayes (NB) algorithm provides faster learning/training speed than other machine learning algorithms. Also it has more accuracy in classification and detection of attack. So we are proposing a network intrusion detection system (IDS) which uses a machine learning approach with the help of NB algorithm.
Keywords: DDoS (Distributed Denial of Service) flooding attack, Machine Learning, Naïve Bayes, Network Intrusion Detection
INTRUSION DETECTION SYSTEM USING CUSTOMIZED RULES FOR SNORTIJMIT JOURNAL
This document proposes an intrusion detection system using customized rules for the Snort tool to improve security. The system uses Wireshark to scan network traffic for anomalies, Snort to detect attacks using customized rulesets for faster response times, and Wazuh and Splunk to analyze log files. Rules are created using the Snorpy tool and added to Snort to monitor for specific attacks like ICMP ping impersonation and authentication attempts. When attacks are attempted, the system successfully detects them and logs the alerts. The integration of these tools provides low-cost intrusion detection capabilities with automated threat identification and faster response compared to existing Snort configurations.
INTRUSION DETECTION IN MULTITIER WEB APPLICATIONS USING DOUBLEGUARDIJCI JOURNAL
Today, the use of distinct internet services and their applications by people are increase in very large amount. Due to its usage, it results the increase in data complexity. So, web services turn their focus on multi-tier design where web server acts as front-end and database server acts as back-end. Attackers try to hack personal data by targeting database server, hence it need to provide more security to both web server and database server. In this paper, the doubleguard system proposes an efficient intrusion detection and prevention system which detects and prevents various attacks in multi-tier web applications. This IDS system keeps track of all user sessions across both web server and database server. For this, it allocates the dedicated web container to each user’s session. Each user is associated with unique session ID which enhances more security. The system built well correlated model for website and detects and prevents various type of attacks. The system is implemented by using Apache webserver with MySQL.
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET Journal
The document discusses various security mechanisms for cloud computing including encryption, hashing, digital signatures, public key infrastructure, identity and access management, single sign-on, cloud-based security groups, hardened security server images, user behavior profiling, and decoy technology. It focuses on how user behavior profiling and decoy technology can play an important role in detecting unauthorized access by monitoring a user's behavior and sending fake data to verify genuine user information. The document concludes that while most security mechanisms provide a level of protection, user behavior profiling and decoy technology are particularly effective for enhancing cloud computing security.
Intrusion Detection System (IDS) is meant to be a software application which monitors the network or system activities and finds if any malicious operations take place. Tremendous growth and practice of internet raises concerns about how to protect and communicate the digital data in a safe manner. Nowadays, hackers use different types of attacks for getting the valuable information. Many intrusion detection techniques, methods and algorithms assist to identify these attacks. This main objective of this paper is to provide a complete study about the description of intrusion detection, history, life cycle, types of intrusion detection methods, types of attacks, different tools and techniques, research needs, tasks and applications
Intrusion Detection System (IDS) is meant to be a software application which monitors the network or system activities and finds if any malicious operations take place. Tremendous growth and practice of internet raises concerns about how to protect and communicate the digital data in a safe manner. Nowadays, hackers use different types of attacks for getting the valuable information. Many intrusion detection techniques, methods and algorithms assist to identify these attacks. This main objective of this paper is to provide a complete study about the description of intrusion detection, history, life cycle, types of intrusion detection methods, types of attacks, different tools and techniques, research needs, tasks and applications
A REVIEW ON INTRUSION DETECTION SYSTEMLaurie Smith
The document provides a review of intrusion detection systems (IDS). It discusses that IDS are used to monitor network traffic and system activities to identify potential threats. There are two main types of IDS - host-based IDS that monitor individual systems, and network-based IDS that monitor entire networks. The document also outlines the common functions of IDS, which include collecting information, analyzing for threats, responding with alerts or blocks, and notifying administrators. Intrusion detection is important for network security as it acts as an additional layer of protection and can help identify intrusions and vulnerabilities.
This document summarizes various soft computing techniques that can be used for intrusion detection, including fuzzy logic, graph-based approaches, and neural networks. Fuzzy logic can be used to classify parameters and detect anomalies by comparing normal and new fuzzy association rule sets. Graph-based approaches model network traffic as graphs of nodes and edges and use clustering algorithms to detect anomalies. Neural networks can be trained on audit log data to recognize normal behavior and detect deviations that may indicate attacks. These soft computing methods aim to improve on signature-based detection by learning patterns of normal network activity and detecting anomalies.
Intrusion detection architecture for different network attackseSAT Journals
Abstract Now these days most of the work is carried out by internet. So web application becomes important part of today’s life, such as online banking, social networking, online shopping, enabling communication and management of personal information. So web services now have shifted to multi-tier design to accommodate this increase in web application and data complexity. Due to this high use of web application networks attacks increased with malicious purpose. DoubleGuard is an Intrusion Detection System helps to detect and prevent the networks attacks. DoubleGuard is able to find out attacks after checking web and database requests. Along with this, in this paper adding one more level that is admin, it is responsible for the training to the system, log generation, blacklist and employee entry. This IDS system provides security to prevent both the web server and database server. Key Words: DoubleGuard; Web Application; Multitier; IDS; Attacks.
Intrusion Detection System using AI and Machine Learning AlgorithmIRJET Journal
This document discusses using artificial intelligence and machine learning algorithms to develop an intrusion detection system (IDS). It begins with an abstract that outlines using AI to act as a virtual analyst to concurrently monitor network traffic and defend against threats. It then provides background on IDS and the need for more effective automated threat detection. The document discusses classifying attacks, different types of IDS (host-based and network-based), and detection methods like signature-based and anomaly-based. It aims to develop an IDS using machine learning algorithms that can learn patterns to provide automatic intrusion detection without extensive manual maintenance.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IJNSA Journal
With the ever increasing number and diverse type of attacks, including new and previously unseen attacks, the effectiveness of an Intrusion Detection System is very important. Hence there is high demand to reduce the threat level in networks to ensure the data and services offered by them to be more secure. In this paper we developed an effective test suite for improving the efficiency and accuracy of an intrusion detection system using the layered CRFs. We set up different types of checks at multiple levels in each layer. Our framework examines various attributes at every layer in order to effectively identify any breach of security. Once the attack is detected, it is intimated through mobile phone to the system administrator for safeguarding the server system. We established experimentally that the layered CRFs can thus be more effective in detecting intrusions when compared with the other previously known techniques.
A CAPTCHA – BASED INTRUSION DETECTION MODELijseajournal
Intrusion Detection systems (IDS) are an essential element for Network Security Infrastructure and play an
important role in detecting large number of attacks. Intrusion Prevention System (IPS) is a tool that is used
to prevent spywares from getting intrusion into a system and one of the techniques used in IPS is
Completely Automated Public Turning test to tell Computers and Human Apart (CAPTCHA). In order to
detect illegal access of the web from the intruder, IDS, IPS can be implemented with the use of honeypot to
track the IP address, location and country or region of the attacker in order to block the attacker from
accessing the system. Different techniques have been adopted by different researchers using IDS, IPS and
honeypot to protect their system against illegal attacks. As discovered in the existing systems CAPTCHA
was not employed in IDS to detect spywares capable of breaking and having access to the system. To
increase and maintain the security in a Network the combination of IDS with CAPTCHA, IPS and a dummy Honeypot can be employed. This work proposes a CAPTCHA –based Intrusion Detection Model with a redirector in order to identify the intelligent spywares that are capable of breaking CAPTCHA in IPS. Also using a dummy honeypot with circular hyperlinks so as to lewd the software that infiltrated the system in order to capture its IP address and other important information about the spywares such as the country or region it’s coming from, web browser used and date and time of intrusion so as to block and prevent illegal access by intruders. This paper focuses on capturing the intelligent spywares capable to break through the new CAPTCHA trap IDS so as to gather information about it and necessary action can be taken against it. A security model was designed having having CAPTCHA IDS with a redirector, IPS and a honeypot cable of detecting intrusion by intelligent spyware With this model the network will be more secured against intrusion by spywares
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
A method and a system for the detection of an intrusion in a computer network compare the network traffic of the computer network at multiple different points in the network. In an uncompromised network the network traffic monitored at these two different points in the network should be identical. A network intrusion detection system is mostly place at strategic points in a network, so that it can monitor the traffic traveling to or from different devices on that network. The existing Software Defined Network SDN proposes the separation of forward and control planes by introducing a new independent plane called network controller. Machine learning is an artificial intelligence approach that focuses on acquiring knowledge from raw data and, based at least in part on the identified flow, selectively causing the packet, or a packet descriptor associated with the packet. The performance is evaluated using the network analysis metrics such as key generation delay, key sharing delay and the hash code generation time for both SDN and the proposed machine learning SDN. Prof P. Damodharan | K. Veena | Dr N. Suguna "Optimized Intrusion Detection System using Deep Learning Algorithm" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-2 , February 2019, URL: https://www.ijtsrd.com/papers/ijtsrd21447.pdf
Paper URL: https://www.ijtsrd.com/engineering/other/21447/optimized-intrusion-detection-system-using-deep-learning-algorithm/prof-p-damodharan
Malicious activities (malcodes) are self replicating
malware and a major security threat in a network environment.
Timely detection and system alert flags are very essential to
prevent rapid malcodes spreading in the network. The difficulty
in detecting malcodes is that they evolve over time. Despite the fact
that signature-based tools, are generally used to secure systems,
signature-based malcode detectors neglect to recognize muddled
and beforehand concealed malcode executables. Automatic signature
generation systems has likewise been use to address the issue
of malcodes, yet there are many works required for good detection.
Base on the behavior way of malcodes, a behavior approach is
required for such detection. Specifically, we require a dynamic
investigation and behavior Rule Base system that distinguishes
malcodes without erroneously block legitimate traffic or increase
false alarms. This paper proposed and discussed the approach
using Machine learning and Indicators of Compromise (IOC) to
analyze intrusion in a network, to identify the cause of the attack
and to provide future detection. This paper proposed the use of
behaviour malware analysis framework to analyze intrusion data,
apply clustering algorithm on the analyzed data and generate IOC
from the clustered data for IOCRule, which will be implemented
into Snort Intrusion Detection System (IDS) for malicious code
detection.
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...Editor IJCATR
Among the various forms of malware attacks such as Denial of service, Sniffer, Buffer overflows are the most dreaded threats to computer networks. These attacks are known as botnet attacks and self-propagating in nature and act as an agent or user interface to control the computers which they attack. In the process of controlling a malware, Bot header(s) use a program to control remote systems through internet with the help of zombie systems. Botnets are collection of compromised computers (Bots) which are remotely controlled by its originator (Bot-Master) under a common Command-and-Control (C&C) structure. A server commands to the bot and botnet and receives the reports from the bot. The bots use Trojan horses and subsequently communicate with a central server using IRC. Botnet employs different techniques like Honeypot, communication protocols (e.g. HTTP and DNS) to intrude in new systems in different stages of their lifecycle. Therefore, identifying the botnets has become very challenging; because the botnets are upgrading their methods periodically for affecting the networks. Here, the focus on addressing the botnet detection problem in an Enterprise Network
This research introduces novel Solution to mitigate the malicious activities of Botnet attacks through the Principle of component analysis of each traffic data, measurement and countermeasure selection mechanism called Malware Hunter. This system is built on attack graph-based analytical models based on classification process and reconfigurable through update solutions to virtual network-based countermeasures.
The Practical Data Mining Model for Efficient IDS through Relational DatabasesIJRES Journal
Enterprise network information system is not only the platform for information sharing and information exchanging, but also the platform for enterprise production automation system and enterprise management system working together. As a result, the security defense of enterprise network information system does not only include information system network security and data security, but also include the security of network business running on information system network, which is the confidentiality, integrity, continuity and real-time of network business. Network security technology has become crucial in protecting government and industry computing infrastructure. Modern intrusion detection applications face complex requirements – they need to be reliable, extensible, easy to manage, and have low maintenance cost. In recent years, data mining-based intrusion detection systems (IDSs) have demonstrated high accuracy, good generalization to novel types of intrusion, and robust behavior in a changing environment. Still, significant challenges exist in the design and implementation of production quality IDSs. Incrementing components such as data transformations, model deployment, and cooperative distributed detection remain a labor intensive and complex engineering endeavor. This paper describes DAID, a database-centric architecture that leverages data mining within the Relational RDBMS to address these challenges. DAID also offers numerous advantages in terms of scheduling capabilities, alert infrastructure, data analysis tools, security, scalability, and reliability. DAID is illustrated with an Intrusion Detection Center application prototype that leverages existing functionality in Relational Database 10g. Intrusion detection system work at many levels in the network fabric and are taking the concept of security to a whole new sphere by incorporating intelligence as a tool to protect networks against un-authorized intrusions and newer forms of attack. We have described formal model for the construction of network security situation measurement based on d-s evidence theory, frequent mode, and sequence model extracted from the data on network security situation based on the knowledge found method and convert the pattern on the related rules of the network security situation, and automatic generation of network security situation.
Forensic the word which indicate the detective work, which searches for and attempting to discover information. Mainly search is carried out for collecting evidence for investigation which is useful in criminal, civil or corporate investigations. Investigation is applicable in presence of some legal rules.
As criminals are getting smarter to perform crime that is, using data hiding techniques such as encryption and steganography, so forensic department has become alert has introduced a new concept called as Digital Forensic, which handles sensitive data which is responsible and confidential.
A study on securing cloud environment from d do s attack to preserve data ava...Manimaran A
This document discusses security techniques to protect cloud environments from DDoS attacks. It begins by introducing the importance of securing cloud resources and data availability. It then describes several common security attacks on cloud computing including cookie poisoning, SQL injection, man-in-the-middle attacks, and cloud malware injection. The document also examines intrusion detection methods like installing detection systems on cloud servers. Finally, it provides details on specific DDoS attacks like SYN flooding and IP spoofing, and the challenges they pose to cloud availability.
Designing Security Assessment of Client Server System using Attack Tree Modelingijtsrd
Information security has grown as a prominent issue in our digital life. The network security is becoming more significant as the volume of data being exchanged over net increases day by day. Attack trees AT technique play an important role to investigate the threat analysis problem to known cyber attacks for risk assessment. The technique is especially effective in assessing and managing the risks from hostile, intelligent adversaries. It is useful for analyzing threats against assets ranging from information systems to physical infrastructure. By using attack tree modeling analysis an organization can understand the ways in which they will be attacked, determine the likelihood and impact damage of these attacks and decide what action to take where the risks are unacceptable. This paper describes the attack tree model for organization based on Client Server Network. It provides the ways for defending and preventing sensitive information from attackers. Attack tree modeling provides for effective security solutions, cost effective security solutions and defensible risk mitigation decisions. Sandar Pa Pa Thein | Phyu Phyu | Thin Thin Swe "Designing Security Assessment of Client- Server System using Attack Tree Modeling" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26727.pdf Paper URL: https://www.ijtsrd.com/engineering/computer-engineering/26727/designing-security-assessment-of-client--server-system-using-attack-tree-modeling/sandar-pa-pa-thein
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...ijsptm
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to
rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus
or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection
System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data
created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for
anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack
signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with
the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System
called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in
detecting abnormal content in the traffic data during information passing from one node to another and
also detects known attack signature and unknown attack. This approach is tested by running the artificial
network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
Network Intrusion Detection And Countermeasure Selection In Virtual Network (...ClaraZara1
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in detecting abnormal content in the traffic data during information passing from one node to another and also detects known attack signature and unknown attack. This approach is tested by running the artificial network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
Amazon products reviews classification based on machine learning, deep learni...TELKOMNIKA JOURNAL
In recent times, the trend of online shopping through e-commerce stores and websites has grown to a huge extent. Whenever a product is purchased on an e-commerce platform, people leave their reviews about the product. These reviews are very helpful for the store owners and the product’s manufacturers for the betterment of their work process as well as product quality. An automated system is proposed in this work that operates on two datasets D1 and D2 obtained from Amazon. After certain preprocessing steps, N-gram and word embedding-based features are extracted using term frequency-inverse document frequency (TF-IDF), bag of words (BoW) and global vectors (GloVe), and Word2vec, respectively. Four machine learning (ML) models support vector machines (SVM), logistic regression (RF), logistic regression (LR), multinomial Naïve Bayes (MNB), two deep learning (DL) models convolutional neural network (CNN), long-short term memory (LSTM), and standalone bidirectional encoder representations (BERT) are used to classify reviews as either positive or negative. The results obtained by the standard ML, DL models and BERT are evaluated using certain performance evaluation measures. BERT turns out to be the best-performing model in the case of D1 with an accuracy of 90% on features derived by word embedding models while the CNN provides the best accuracy of 97% upon word embedding features in the case of D2. The proposed model shows better overall performance on D2 as compared to D1.
Design, simulation, and analysis of microstrip patch antenna for wireless app...TELKOMNIKA JOURNAL
In this study, a microstrip patch antenna that works at 3.6 GHz was built and tested to see how well it works. In this work, Rogers RT/Duroid 5880 has been used as the substrate material, with a dielectric permittivity of 2.2 and a thickness of 0.3451 mm; it serves as the base for the examined antenna. The computer simulation technology (CST) studio suite is utilized to show the recommended antenna design. The goal of this study was to get a more extensive transmission capacity, a lower voltage standing wave ratio (VSWR), and a lower return loss, but the main goal was to get a higher gain, directivity, and efficiency. After simulation, the return loss, gain, directivity, bandwidth, and efficiency of the supplied antenna are found to be -17.626 dB, 9.671 dBi, 9.924 dBi, 0.2 GHz, and 97.45%, respectively. Besides, the recreation uncovered that the transfer speed side-lobe level at phi was much better than those of the earlier works, at -28.8 dB, respectively. Thus, it makes a solid contender for remote innovation and more robust communication.
More Related Content
Similar to A real-time hypertext transfer protocol intrusion detection system on web server
INTRUSION DETECTION IN MULTITIER WEB APPLICATIONS USING DOUBLEGUARDIJCI JOURNAL
Today, the use of distinct internet services and their applications by people are increase in very large amount. Due to its usage, it results the increase in data complexity. So, web services turn their focus on multi-tier design where web server acts as front-end and database server acts as back-end. Attackers try to hack personal data by targeting database server, hence it need to provide more security to both web server and database server. In this paper, the doubleguard system proposes an efficient intrusion detection and prevention system which detects and prevents various attacks in multi-tier web applications. This IDS system keeps track of all user sessions across both web server and database server. For this, it allocates the dedicated web container to each user’s session. Each user is associated with unique session ID which enhances more security. The system built well correlated model for website and detects and prevents various type of attacks. The system is implemented by using Apache webserver with MySQL.
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET Journal
The document discusses various security mechanisms for cloud computing including encryption, hashing, digital signatures, public key infrastructure, identity and access management, single sign-on, cloud-based security groups, hardened security server images, user behavior profiling, and decoy technology. It focuses on how user behavior profiling and decoy technology can play an important role in detecting unauthorized access by monitoring a user's behavior and sending fake data to verify genuine user information. The document concludes that while most security mechanisms provide a level of protection, user behavior profiling and decoy technology are particularly effective for enhancing cloud computing security.
Intrusion Detection System (IDS) is meant to be a software application which monitors the network or system activities and finds if any malicious operations take place. Tremendous growth and practice of internet raises concerns about how to protect and communicate the digital data in a safe manner. Nowadays, hackers use different types of attacks for getting the valuable information. Many intrusion detection techniques, methods and algorithms assist to identify these attacks. This main objective of this paper is to provide a complete study about the description of intrusion detection, history, life cycle, types of intrusion detection methods, types of attacks, different tools and techniques, research needs, tasks and applications
Intrusion Detection System (IDS) is meant to be a software application which monitors the network or system activities and finds if any malicious operations take place. Tremendous growth and practice of internet raises concerns about how to protect and communicate the digital data in a safe manner. Nowadays, hackers use different types of attacks for getting the valuable information. Many intrusion detection techniques, methods and algorithms assist to identify these attacks. This main objective of this paper is to provide a complete study about the description of intrusion detection, history, life cycle, types of intrusion detection methods, types of attacks, different tools and techniques, research needs, tasks and applications
A REVIEW ON INTRUSION DETECTION SYSTEMLaurie Smith
The document provides a review of intrusion detection systems (IDS). It discusses that IDS are used to monitor network traffic and system activities to identify potential threats. There are two main types of IDS - host-based IDS that monitor individual systems, and network-based IDS that monitor entire networks. The document also outlines the common functions of IDS, which include collecting information, analyzing for threats, responding with alerts or blocks, and notifying administrators. Intrusion detection is important for network security as it acts as an additional layer of protection and can help identify intrusions and vulnerabilities.
This document summarizes various soft computing techniques that can be used for intrusion detection, including fuzzy logic, graph-based approaches, and neural networks. Fuzzy logic can be used to classify parameters and detect anomalies by comparing normal and new fuzzy association rule sets. Graph-based approaches model network traffic as graphs of nodes and edges and use clustering algorithms to detect anomalies. Neural networks can be trained on audit log data to recognize normal behavior and detect deviations that may indicate attacks. These soft computing methods aim to improve on signature-based detection by learning patterns of normal network activity and detecting anomalies.
Intrusion detection architecture for different network attackseSAT Journals
Abstract Now these days most of the work is carried out by internet. So web application becomes important part of today’s life, such as online banking, social networking, online shopping, enabling communication and management of personal information. So web services now have shifted to multi-tier design to accommodate this increase in web application and data complexity. Due to this high use of web application networks attacks increased with malicious purpose. DoubleGuard is an Intrusion Detection System helps to detect and prevent the networks attacks. DoubleGuard is able to find out attacks after checking web and database requests. Along with this, in this paper adding one more level that is admin, it is responsible for the training to the system, log generation, blacklist and employee entry. This IDS system provides security to prevent both the web server and database server. Key Words: DoubleGuard; Web Application; Multitier; IDS; Attacks.
Intrusion Detection System using AI and Machine Learning AlgorithmIRJET Journal
This document discusses using artificial intelligence and machine learning algorithms to develop an intrusion detection system (IDS). It begins with an abstract that outlines using AI to act as a virtual analyst to concurrently monitor network traffic and defend against threats. It then provides background on IDS and the need for more effective automated threat detection. The document discusses classifying attacks, different types of IDS (host-based and network-based), and detection methods like signature-based and anomaly-based. It aims to develop an IDS using machine learning algorithms that can learn patterns to provide automatic intrusion detection without extensive manual maintenance.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IJNSA Journal
With the ever increasing number and diverse type of attacks, including new and previously unseen attacks, the effectiveness of an Intrusion Detection System is very important. Hence there is high demand to reduce the threat level in networks to ensure the data and services offered by them to be more secure. In this paper we developed an effective test suite for improving the efficiency and accuracy of an intrusion detection system using the layered CRFs. We set up different types of checks at multiple levels in each layer. Our framework examines various attributes at every layer in order to effectively identify any breach of security. Once the attack is detected, it is intimated through mobile phone to the system administrator for safeguarding the server system. We established experimentally that the layered CRFs can thus be more effective in detecting intrusions when compared with the other previously known techniques.
A CAPTCHA – BASED INTRUSION DETECTION MODELijseajournal
Intrusion Detection systems (IDS) are an essential element for Network Security Infrastructure and play an
important role in detecting large number of attacks. Intrusion Prevention System (IPS) is a tool that is used
to prevent spywares from getting intrusion into a system and one of the techniques used in IPS is
Completely Automated Public Turning test to tell Computers and Human Apart (CAPTCHA). In order to
detect illegal access of the web from the intruder, IDS, IPS can be implemented with the use of honeypot to
track the IP address, location and country or region of the attacker in order to block the attacker from
accessing the system. Different techniques have been adopted by different researchers using IDS, IPS and
honeypot to protect their system against illegal attacks. As discovered in the existing systems CAPTCHA
was not employed in IDS to detect spywares capable of breaking and having access to the system. To
increase and maintain the security in a Network the combination of IDS with CAPTCHA, IPS and a dummy Honeypot can be employed. This work proposes a CAPTCHA –based Intrusion Detection Model with a redirector in order to identify the intelligent spywares that are capable of breaking CAPTCHA in IPS. Also using a dummy honeypot with circular hyperlinks so as to lewd the software that infiltrated the system in order to capture its IP address and other important information about the spywares such as the country or region it’s coming from, web browser used and date and time of intrusion so as to block and prevent illegal access by intruders. This paper focuses on capturing the intelligent spywares capable to break through the new CAPTCHA trap IDS so as to gather information about it and necessary action can be taken against it. A security model was designed having having CAPTCHA IDS with a redirector, IPS and a honeypot cable of detecting intrusion by intelligent spyware With this model the network will be more secured against intrusion by spywares
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
A method and a system for the detection of an intrusion in a computer network compare the network traffic of the computer network at multiple different points in the network. In an uncompromised network the network traffic monitored at these two different points in the network should be identical. A network intrusion detection system is mostly place at strategic points in a network, so that it can monitor the traffic traveling to or from different devices on that network. The existing Software Defined Network SDN proposes the separation of forward and control planes by introducing a new independent plane called network controller. Machine learning is an artificial intelligence approach that focuses on acquiring knowledge from raw data and, based at least in part on the identified flow, selectively causing the packet, or a packet descriptor associated with the packet. The performance is evaluated using the network analysis metrics such as key generation delay, key sharing delay and the hash code generation time for both SDN and the proposed machine learning SDN. Prof P. Damodharan | K. Veena | Dr N. Suguna "Optimized Intrusion Detection System using Deep Learning Algorithm" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-2 , February 2019, URL: https://www.ijtsrd.com/papers/ijtsrd21447.pdf
Paper URL: https://www.ijtsrd.com/engineering/other/21447/optimized-intrusion-detection-system-using-deep-learning-algorithm/prof-p-damodharan
Malicious activities (malcodes) are self replicating
malware and a major security threat in a network environment.
Timely detection and system alert flags are very essential to
prevent rapid malcodes spreading in the network. The difficulty
in detecting malcodes is that they evolve over time. Despite the fact
that signature-based tools, are generally used to secure systems,
signature-based malcode detectors neglect to recognize muddled
and beforehand concealed malcode executables. Automatic signature
generation systems has likewise been use to address the issue
of malcodes, yet there are many works required for good detection.
Base on the behavior way of malcodes, a behavior approach is
required for such detection. Specifically, we require a dynamic
investigation and behavior Rule Base system that distinguishes
malcodes without erroneously block legitimate traffic or increase
false alarms. This paper proposed and discussed the approach
using Machine learning and Indicators of Compromise (IOC) to
analyze intrusion in a network, to identify the cause of the attack
and to provide future detection. This paper proposed the use of
behaviour malware analysis framework to analyze intrusion data,
apply clustering algorithm on the analyzed data and generate IOC
from the clustered data for IOCRule, which will be implemented
into Snort Intrusion Detection System (IDS) for malicious code
detection.
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...Editor IJCATR
Among the various forms of malware attacks such as Denial of service, Sniffer, Buffer overflows are the most dreaded threats to computer networks. These attacks are known as botnet attacks and self-propagating in nature and act as an agent or user interface to control the computers which they attack. In the process of controlling a malware, Bot header(s) use a program to control remote systems through internet with the help of zombie systems. Botnets are collection of compromised computers (Bots) which are remotely controlled by its originator (Bot-Master) under a common Command-and-Control (C&C) structure. A server commands to the bot and botnet and receives the reports from the bot. The bots use Trojan horses and subsequently communicate with a central server using IRC. Botnet employs different techniques like Honeypot, communication protocols (e.g. HTTP and DNS) to intrude in new systems in different stages of their lifecycle. Therefore, identifying the botnets has become very challenging; because the botnets are upgrading their methods periodically for affecting the networks. Here, the focus on addressing the botnet detection problem in an Enterprise Network
This research introduces novel Solution to mitigate the malicious activities of Botnet attacks through the Principle of component analysis of each traffic data, measurement and countermeasure selection mechanism called Malware Hunter. This system is built on attack graph-based analytical models based on classification process and reconfigurable through update solutions to virtual network-based countermeasures.
The Practical Data Mining Model for Efficient IDS through Relational DatabasesIJRES Journal
Enterprise network information system is not only the platform for information sharing and information exchanging, but also the platform for enterprise production automation system and enterprise management system working together. As a result, the security defense of enterprise network information system does not only include information system network security and data security, but also include the security of network business running on information system network, which is the confidentiality, integrity, continuity and real-time of network business. Network security technology has become crucial in protecting government and industry computing infrastructure. Modern intrusion detection applications face complex requirements – they need to be reliable, extensible, easy to manage, and have low maintenance cost. In recent years, data mining-based intrusion detection systems (IDSs) have demonstrated high accuracy, good generalization to novel types of intrusion, and robust behavior in a changing environment. Still, significant challenges exist in the design and implementation of production quality IDSs. Incrementing components such as data transformations, model deployment, and cooperative distributed detection remain a labor intensive and complex engineering endeavor. This paper describes DAID, a database-centric architecture that leverages data mining within the Relational RDBMS to address these challenges. DAID also offers numerous advantages in terms of scheduling capabilities, alert infrastructure, data analysis tools, security, scalability, and reliability. DAID is illustrated with an Intrusion Detection Center application prototype that leverages existing functionality in Relational Database 10g. Intrusion detection system work at many levels in the network fabric and are taking the concept of security to a whole new sphere by incorporating intelligence as a tool to protect networks against un-authorized intrusions and newer forms of attack. We have described formal model for the construction of network security situation measurement based on d-s evidence theory, frequent mode, and sequence model extracted from the data on network security situation based on the knowledge found method and convert the pattern on the related rules of the network security situation, and automatic generation of network security situation.
Forensic the word which indicate the detective work, which searches for and attempting to discover information. Mainly search is carried out for collecting evidence for investigation which is useful in criminal, civil or corporate investigations. Investigation is applicable in presence of some legal rules.
As criminals are getting smarter to perform crime that is, using data hiding techniques such as encryption and steganography, so forensic department has become alert has introduced a new concept called as Digital Forensic, which handles sensitive data which is responsible and confidential.
A study on securing cloud environment from d do s attack to preserve data ava...Manimaran A
This document discusses security techniques to protect cloud environments from DDoS attacks. It begins by introducing the importance of securing cloud resources and data availability. It then describes several common security attacks on cloud computing including cookie poisoning, SQL injection, man-in-the-middle attacks, and cloud malware injection. The document also examines intrusion detection methods like installing detection systems on cloud servers. Finally, it provides details on specific DDoS attacks like SYN flooding and IP spoofing, and the challenges they pose to cloud availability.
Designing Security Assessment of Client Server System using Attack Tree Modelingijtsrd
Information security has grown as a prominent issue in our digital life. The network security is becoming more significant as the volume of data being exchanged over net increases day by day. Attack trees AT technique play an important role to investigate the threat analysis problem to known cyber attacks for risk assessment. The technique is especially effective in assessing and managing the risks from hostile, intelligent adversaries. It is useful for analyzing threats against assets ranging from information systems to physical infrastructure. By using attack tree modeling analysis an organization can understand the ways in which they will be attacked, determine the likelihood and impact damage of these attacks and decide what action to take where the risks are unacceptable. This paper describes the attack tree model for organization based on Client Server Network. It provides the ways for defending and preventing sensitive information from attackers. Attack tree modeling provides for effective security solutions, cost effective security solutions and defensible risk mitigation decisions. Sandar Pa Pa Thein | Phyu Phyu | Thin Thin Swe "Designing Security Assessment of Client- Server System using Attack Tree Modeling" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26727.pdf Paper URL: https://www.ijtsrd.com/engineering/computer-engineering/26727/designing-security-assessment-of-client--server-system-using-attack-tree-modeling/sandar-pa-pa-thein
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...ijsptm
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to
rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus
or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection
System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data
created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for
anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack
signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with
the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System
called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in
detecting abnormal content in the traffic data during information passing from one node to another and
also detects known attack signature and unknown attack. This approach is tested by running the artificial
network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
Network Intrusion Detection And Countermeasure Selection In Virtual Network (...ClaraZara1
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in detecting abnormal content in the traffic data during information passing from one node to another and also detects known attack signature and unknown attack. This approach is tested by running the artificial network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
Similar to A real-time hypertext transfer protocol intrusion detection system on web server (20)
Amazon products reviews classification based on machine learning, deep learni...TELKOMNIKA JOURNAL
In recent times, the trend of online shopping through e-commerce stores and websites has grown to a huge extent. Whenever a product is purchased on an e-commerce platform, people leave their reviews about the product. These reviews are very helpful for the store owners and the product’s manufacturers for the betterment of their work process as well as product quality. An automated system is proposed in this work that operates on two datasets D1 and D2 obtained from Amazon. After certain preprocessing steps, N-gram and word embedding-based features are extracted using term frequency-inverse document frequency (TF-IDF), bag of words (BoW) and global vectors (GloVe), and Word2vec, respectively. Four machine learning (ML) models support vector machines (SVM), logistic regression (RF), logistic regression (LR), multinomial Naïve Bayes (MNB), two deep learning (DL) models convolutional neural network (CNN), long-short term memory (LSTM), and standalone bidirectional encoder representations (BERT) are used to classify reviews as either positive or negative. The results obtained by the standard ML, DL models and BERT are evaluated using certain performance evaluation measures. BERT turns out to be the best-performing model in the case of D1 with an accuracy of 90% on features derived by word embedding models while the CNN provides the best accuracy of 97% upon word embedding features in the case of D2. The proposed model shows better overall performance on D2 as compared to D1.
Design, simulation, and analysis of microstrip patch antenna for wireless app...TELKOMNIKA JOURNAL
In this study, a microstrip patch antenna that works at 3.6 GHz was built and tested to see how well it works. In this work, Rogers RT/Duroid 5880 has been used as the substrate material, with a dielectric permittivity of 2.2 and a thickness of 0.3451 mm; it serves as the base for the examined antenna. The computer simulation technology (CST) studio suite is utilized to show the recommended antenna design. The goal of this study was to get a more extensive transmission capacity, a lower voltage standing wave ratio (VSWR), and a lower return loss, but the main goal was to get a higher gain, directivity, and efficiency. After simulation, the return loss, gain, directivity, bandwidth, and efficiency of the supplied antenna are found to be -17.626 dB, 9.671 dBi, 9.924 dBi, 0.2 GHz, and 97.45%, respectively. Besides, the recreation uncovered that the transfer speed side-lobe level at phi was much better than those of the earlier works, at -28.8 dB, respectively. Thus, it makes a solid contender for remote innovation and more robust communication.
Design and simulation an optimal enhanced PI controller for congestion avoida...TELKOMNIKA JOURNAL
This document describes using a snake optimization algorithm to tune the gains of an enhanced proportional-integral controller for congestion avoidance in a TCP/AQM system. The controller aims to maintain a stable and desired queue size without noise or transmission problems. A linearized model of the TCP/AQM system is presented. An enhanced PI controller combining nonlinear gain and original PI gains is proposed. The snake optimization algorithm is then used to tune the parameters of the enhanced PI controller to achieve optimal system performance and response. Simulation results are discussed showing the proposed controller provides a stable and robust behavior for congestion control.
Improving the detection of intrusion in vehicular ad-hoc networks with modifi...TELKOMNIKA JOURNAL
Vehicular ad-hoc networks (VANETs) are wireless-equipped vehicles that form networks along the road. The security of this network has been a major challenge. The identity-based cryptosystem (IBC) previously used to secure the networks suffers from membership authentication security features. This paper focuses on improving the detection of intruders in VANETs with a modified identity-based cryptosystem (MIBC). The MIBC is developed using a non-singular elliptic curve with Lagrange interpolation. The public key of vehicles and roadside units on the network are derived from number plates and location identification numbers, respectively. Pseudo-identities are used to mask the real identity of users to preserve their privacy. The membership authentication mechanism ensures that only valid and authenticated members of the network are allowed to join the network. The performance of the MIBC is evaluated using intrusion detection ratio (IDR) and computation time (CT) and then validated with the existing IBC. The result obtained shows that the MIBC recorded an IDR of 99.3% against 94.3% obtained for the existing identity-based cryptosystem (EIBC) for 140 unregistered vehicles attempting to intrude on the network. The MIBC shows lower CT values of 1.17 ms against 1.70 ms for EIBC. The MIBC can be used to improve the security of VANETs.
Conceptual model of internet banking adoption with perceived risk and trust f...TELKOMNIKA JOURNAL
Understanding the primary factors of internet banking (IB) acceptance is critical for both banks and users; nevertheless, our knowledge of the role of users’ perceived risk and trust in IB adoption is limited. As a result, we develop a conceptual model by incorporating perceived risk and trust into the technology acceptance model (TAM) theory toward the IB. The proper research emphasized that the most essential component in explaining IB adoption behavior is behavioral intention to use IB adoption. TAM is helpful for figuring out how elements that affect IB adoption are connected to one another. According to previous literature on IB and the use of such technology in Iraq, one has to choose a theoretical foundation that may justify the acceptance of IB from the customer’s perspective. The conceptual model was therefore constructed using the TAM as a foundation. Furthermore, perceived risk and trust were added to the TAM dimensions as external factors. The key objective of this work was to extend the TAM to construct a conceptual model for IB adoption and to get sufficient theoretical support from the existing literature for the essential elements and their relationships in order to unearth new insights about factors responsible for IB adoption.
Efficient combined fuzzy logic and LMS algorithm for smart antennaTELKOMNIKA JOURNAL
The smart antennas are broadly used in wireless communication. The least mean square (LMS) algorithm is a procedure that is concerned in controlling the smart antenna pattern to accommodate specified requirements such as steering the beam toward the desired signal, in addition to placing the deep nulls in the direction of unwanted signals. The conventional LMS (C-LMS) has some drawbacks like slow convergence speed besides high steady state fluctuation error. To overcome these shortcomings, the present paper adopts an adaptive fuzzy control step size least mean square (FC-LMS) algorithm to adjust its step size. Computer simulation outcomes illustrate that the given model has fast convergence rate as well as low mean square error steady state.
Design and implementation of a LoRa-based system for warning of forest fireTELKOMNIKA JOURNAL
This paper presents the design and implementation of a forest fire monitoring and warning system based on long range (LoRa) technology, a novel ultra-low power consumption and long-range wireless communication technology for remote sensing applications. The proposed system includes a wireless sensor network that records environmental parameters such as temperature, humidity, wind speed, and carbon dioxide (CO2) concentration in the air, as well as taking infrared photos.The data collected at each sensor node will be transmitted to the gateway via LoRa wireless transmission. Data will be collected, processed, and uploaded to a cloud database at the gateway. An Android smartphone application that allows anyone to easily view the recorded data has been developed. When a fire is detected, the system will sound a siren and send a warning message to the responsible personnel, instructing them to take appropriate action. Experiments in Tram Chim Park, Vietnam, have been conducted to verify and evaluate the operation of the system.
Wavelet-based sensing technique in cognitive radio networkTELKOMNIKA JOURNAL
Cognitive radio is a smart radio that can change its transmitter parameter based on interaction with the environment in which it operates. The demand for frequency spectrum is growing due to a big data issue as many Internet of Things (IoT) devices are in the network. Based on previous research, most frequency spectrum was used, but some spectrums were not used, called spectrum hole. Energy detection is one of the spectrum sensing methods that has been frequently used since it is easy to use and does not require license users to have any prior signal understanding. But this technique is incapable of detecting at low signal-to-noise ratio (SNR) levels. Therefore, the wavelet-based sensing is proposed to overcome this issue and detect spectrum holes. The main objective of this work is to evaluate the performance of wavelet-based sensing and compare it with the energy detection technique. The findings show that the percentage of detection in wavelet-based sensing is 83% higher than energy detection performance. This result indicates that the wavelet-based sensing has higher precision in detection and the interference towards primary user can be decreased.
A novel compact dual-band bandstop filter with enhanced rejection bandsTELKOMNIKA JOURNAL
In this paper, we present the design of a new wide dual-band bandstop filter (DBBSF) using nonuniform transmission lines. The method used to design this filter is to replace conventional uniform transmission lines with nonuniform lines governed by a truncated Fourier series. Based on how impedances are profiled in the proposed DBBSF structure, the fractional bandwidths of the two 10 dB-down rejection bands are widened to 39.72% and 52.63%, respectively, and the physical size has been reduced compared to that of the filter with the uniform transmission lines. The results of the electromagnetic (EM) simulation support the obtained analytical response and show an improved frequency behavior.
Deep learning approach to DDoS attack with imbalanced data at the application...TELKOMNIKA JOURNAL
A distributed denial of service (DDoS) attack is where one or more computers attack or target a server computer, by flooding internet traffic to the server. As a result, the server cannot be accessed by legitimate users. A result of this attack causes enormous losses for a company because it can reduce the level of user trust, and reduce the company’s reputation to lose customers due to downtime. One of the services at the application layer that can be accessed by users is a web-based lightweight directory access protocol (LDAP) service that can provide safe and easy services to access directory applications. We used a deep learning approach to detect DDoS attacks on the CICDDoS 2019 dataset on a complex computer network at the application layer to get fast and accurate results for dealing with unbalanced data. Based on the results obtained, it is observed that DDoS attack detection using a deep learning approach on imbalanced data performs better when implemented using synthetic minority oversampling technique (SMOTE) method for binary classes. On the other hand, the proposed deep learning approach performs better for detecting DDoS attacks in multiclass when implemented using the adaptive synthetic (ADASYN) method.
The appearance of uncertainties and disturbances often effects the characteristics of either linear or nonlinear systems. Plus, the stabilization process may be deteriorated thus incurring a catastrophic effect to the system performance. As such, this manuscript addresses the concept of matching condition for the systems that are suffering from miss-match uncertainties and exogeneous disturbances. The perturbation towards the system at hand is assumed to be known and unbounded. To reach this outcome, uncertainties and their classifications are reviewed thoroughly. The structural matching condition is proposed and tabulated in the proposition 1. Two types of mathematical expressions are presented to distinguish the system with matched uncertainty and the system with miss-matched uncertainty. Lastly, two-dimensional numerical expressions are provided to practice the proposed proposition. The outcome shows that matching condition has the ability to change the system to a design-friendly model for asymptotic stabilization.
Implementation of FinFET technology based low power 4×4 Wallace tree multipli...TELKOMNIKA JOURNAL
Many systems, including digital signal processors, finite impulse response (FIR) filters, application-specific integrated circuits, and microprocessors, use multipliers. The demand for low power multipliers is gradually rising day by day in the current technological trend. In this study, we describe a 4×4 Wallace multiplier based on a carry select adder (CSA) that uses less power and has a better power delay product than existing multipliers. HSPICE tool at 16 nm technology is used to simulate the results. In comparison to the traditional CSA-based multiplier, which has a power consumption of 1.7 µW and power delay product (PDP) of 57.3 fJ, the results demonstrate that the Wallace multiplier design employing CSA with first zero finding logic (FZF) logic has the lowest power consumption of 1.4 µW and PDP of 27.5 fJ.
Evaluation of the weighted-overlap add model with massive MIMO in a 5G systemTELKOMNIKA JOURNAL
The flaw in 5G orthogonal frequency division multiplexing (OFDM) becomes apparent in high-speed situations. Because the doppler effect causes frequency shifts, the orthogonality of OFDM subcarriers is broken, lowering both their bit error rate (BER) and throughput output. As part of this research, we use a novel design that combines massive multiple input multiple output (MIMO) and weighted overlap and add (WOLA) to improve the performance of 5G systems. To determine which design is superior, throughput and BER are calculated for both the proposed design and OFDM. The results of the improved system show a massive improvement in performance ver the conventional system and significant improvements with massive MIMO, including the best throughput and BER. When compared to conventional systems, the improved system has a throughput that is around 22% higher and the best performance in terms of BER, but it still has around 25% less error than OFDM.
Reflector antenna design in different frequencies using frequency selective s...TELKOMNIKA JOURNAL
In this study, it is aimed to obtain two different asymmetric radiation patterns obtained from antennas in the shape of the cross-section of a parabolic reflector (fan blade type antennas) and antennas with cosecant-square radiation characteristics at two different frequencies from a single antenna. For this purpose, firstly, a fan blade type antenna design will be made, and then the reflective surface of this antenna will be completed to the shape of the reflective surface of the antenna with the cosecant-square radiation characteristic with the frequency selective surface designed to provide the characteristics suitable for the purpose. The frequency selective surface designed and it provides the perfect transmission as possible at 4 GHz operating frequency, while it will act as a band-quenching filter for electromagnetic waves at 5 GHz operating frequency and will be a reflective surface. Thanks to this frequency selective surface to be used as a reflective surface in the antenna, a fan blade type radiation characteristic at 4 GHz operating frequency will be obtained, while a cosecant-square radiation characteristic at 5 GHz operating frequency will be obtained.
Reagentless iron detection in water based on unclad fiber optical sensorTELKOMNIKA JOURNAL
A simple and low-cost fiber based optical sensor for iron detection is demonstrated in this paper. The sensor head consist of an unclad optical fiber with the unclad length of 1 cm and it has a straight structure. Results obtained shows a linear relationship between the output light intensity and iron concentration, illustrating the functionality of this iron optical sensor. Based on the experimental results, the sensitivity and linearity are achieved at 0.0328/ppm and 0.9824 respectively at the wavelength of 690 nm. With the same wavelength, other performance parameters are also studied. Resolution and limit of detection (LOD) are found to be 0.3049 ppm and 0.0755 ppm correspondingly. This iron sensor is advantageous in that it does not require any reagent for detection, enabling it to be simpler and cost-effective in the implementation of the iron sensing.
Impact of CuS counter electrode calcination temperature on quantum dot sensit...TELKOMNIKA JOURNAL
In place of the commercial Pt electrode used in quantum sensitized solar cells, the low-cost CuS cathode is created using electrophoresis. High resolution scanning electron microscopy and X-ray diffraction were used to analyze the structure and morphology of structural cubic samples with diameters ranging from 40 nm to 200 nm. The conversion efficiency of solar cells is significantly impacted by the calcination temperatures of cathodes at 100 °C, 120 °C, 150 °C, and 180 °C under vacuum. The fluorine doped tin oxide (FTO)/CuS cathode electrode reached a maximum efficiency of 3.89% when it was calcined at 120 °C. Compared to other temperature combinations, CuS nanoparticles crystallize at 120 °C, which lowers resistance while increasing electron lifetime.
In place of the commercial Pt electrode used in quantum sensitized solar cells, the low-cost CuS cathode is created using electrophoresis. High resolution scanning electron microscopy and X-ray diffraction were used to analyze the structure and morphology of structural cubic samples with diameters ranging from 40 nm to 200 nm. The conversion efficiency of solar cells is significantly impacted by the calcination temperatures of cathodes at 100 °C, 120 °C, 150 °C, and 180 °C under vacuum. The fluorine doped tin oxide (FTO)/CuS cathode electrode reached a maximum efficiency of 3.89% when it was calcined at 120 °C. Compared to other temperature combinations, CuS nanoparticles crystallize at 120 °C, which lowers resistance while increasing electron lifetime.
A progressive learning for structural tolerance online sequential extreme lea...TELKOMNIKA JOURNAL
This article discusses the progressive learning for structural tolerance online sequential extreme learning machine (PSTOS-ELM). PSTOS-ELM can save robust accuracy while updating the new data and the new class data on the online training situation. The robustness accuracy arises from using the householder block exact QR decomposition recursive least squares (HBQRD-RLS) of the PSTOS-ELM. This method is suitable for applications that have data streaming and often have new class data. Our experiment compares the PSTOS-ELM accuracy and accuracy robustness while data is updating with the batch-extreme learning machine (ELM) and structural tolerance online sequential extreme learning machine (STOS-ELM) that both must retrain the data in a new class data case. The experimental results show that PSTOS-ELM has accuracy and robustness comparable to ELM and STOS-ELM while also can update new class data immediately.
Electroencephalography-based brain-computer interface using neural networksTELKOMNIKA JOURNAL
This study aimed to develop a brain-computer interface that can control an electric wheelchair using electroencephalography (EEG) signals. First, we used the Mind Wave Mobile 2 device to capture raw EEG signals from the surface of the scalp. The signals were transformed into the frequency domain using fast Fourier transform (FFT) and filtered to monitor changes in attention and relaxation. Next, we performed time and frequency domain analyses to identify features for five eye gestures: opened, closed, blink per second, double blink, and lookup. The base state was the opened-eyes gesture, and we compared the features of the remaining four action gestures to the base state to identify potential gestures. We then built a multilayer neural network to classify these features into five signals that control the wheelchair’s movement. Finally, we designed an experimental wheelchair system to test the effectiveness of the proposed approach. The results demonstrate that the EEG classification was highly accurate and computationally efficient. Moreover, the average performance of the brain-controlled wheelchair system was over 75% across different individuals, which suggests the feasibility of this approach.
Adaptive segmentation algorithm based on level set model in medical imagingTELKOMNIKA JOURNAL
For image segmentation, level set models are frequently employed. It offer best solution to overcome the main limitations of deformable parametric models. However, the challenge when applying those models in medical images stills deal with removing blurs in image edges which directly affects the edge indicator function, leads to not adaptively segmenting images and causes a wrong analysis of pathologies wich prevents to conclude a correct diagnosis. To overcome such issues, an effective process is suggested by simultaneously modelling and solving systems’ two-dimensional partial differential equations (PDE). The first PDE equation allows restoration using Euler’s equation similar to an anisotropic smoothing based on a regularized Perona and Malik filter that eliminates noise while preserving edge information in accordance with detected contours in the second equation that segments the image based on the first equation solutions. This approach allows developing a new algorithm which overcome the studied model drawbacks. Results of the proposed method give clear segments that can be applied to any application. Experiments on many medical images in particular blurry images with high information losses, demonstrate that the developed approach produces superior segmentation results in terms of quantity and quality compared to other models already presented in previeous works.
Automatic channel selection using shuffled frog leaping algorithm for EEG bas...TELKOMNIKA JOURNAL
Drug addiction is a complex neurobiological disorder that necessitates comprehensive treatment of both the body and mind. It is categorized as a brain disorder due to its impact on the brain. Various methods such as electroencephalography (EEG), functional magnetic resonance imaging (FMRI), and magnetoencephalography (MEG) can capture brain activities and structures. EEG signals provide valuable insights into neurological disorders, including drug addiction. Accurate classification of drug addiction from EEG signals relies on appropriate features and channel selection. Choosing the right EEG channels is essential to reduce computational costs and mitigate the risk of overfitting associated with using all available channels. To address the challenge of optimal channel selection in addiction detection from EEG signals, this work employs the shuffled frog leaping algorithm (SFLA). SFLA facilitates the selection of appropriate channels, leading to improved accuracy. Wavelet features extracted from the selected input channel signals are then analyzed using various machine learning classifiers to detect addiction. Experimental results indicate that after selecting features from the appropriate channels, classification accuracy significantly increased across all classifiers. Particularly, the multi-layer perceptron (MLP) classifier combined with SFLA demonstrated a remarkable accuracy improvement of 15.78% while reducing time complexity.
Home security is of paramount importance in today's world, where we rely more on technology, home
security is crucial. Using technology to make homes safer and easier to control from anywhere is
important. Home security is important for the occupant’s safety. In this paper, we came up with a low cost,
AI based model home security system. The system has a user-friendly interface, allowing users to start
model training and face detection with simple keyboard commands. Our goal is to introduce an innovative
home security system using facial recognition technology. Unlike traditional systems, this system trains
and saves images of friends and family members. The system scans this folder to recognize familiar faces
and provides real-time monitoring. If an unfamiliar face is detected, it promptly sends an email alert,
ensuring a proactive response to potential security threats.
Open Channel Flow: fluid flow with a free surfaceIndrajeet sahu
Open Channel Flow: This topic focuses on fluid flow with a free surface, such as in rivers, canals, and drainage ditches. Key concepts include the classification of flow types (steady vs. unsteady, uniform vs. non-uniform), hydraulic radius, flow resistance, Manning's equation, critical flow conditions, and energy and momentum principles. It also covers flow measurement techniques, gradually varied flow analysis, and the design of open channels. Understanding these principles is vital for effective water resource management and engineering applications.
Software Engineering and Project Management - Software Testing + Agile Method...Prakhyath Rai
Software Testing: A Strategic Approach to Software Testing, Strategic Issues, Test Strategies for Conventional Software, Test Strategies for Object -Oriented Software, Validation Testing, System Testing, The Art of Debugging.
Agile Methodology: Before Agile – Waterfall, Agile Development.
Mechatronics is a multidisciplinary field that refers to the skill sets needed in the contemporary, advanced automated manufacturing industry. At the intersection of mechanics, electronics, and computing, mechatronics specialists create simpler, smarter systems. Mechatronics is an essential foundation for the expected growth in automation and manufacturing.
Mechatronics deals with robotics, control systems, and electro-mechanical systems.
Software Engineering and Project Management - Introduction, Modeling Concepts...Prakhyath Rai
Introduction, Modeling Concepts and Class Modeling: What is Object orientation? What is OO development? OO Themes; Evidence for usefulness of OO development; OO modeling history. Modeling
as Design technique: Modeling, abstraction, The Three models. Class Modeling: Object and Class Concept, Link and associations concepts, Generalization and Inheritance, A sample class model, Navigation of class models, and UML diagrams
Building the Analysis Models: Requirement Analysis, Analysis Model Approaches, Data modeling Concepts, Object Oriented Analysis, Scenario-Based Modeling, Flow-Oriented Modeling, class Based Modeling, Creating a Behavioral Model.
Digital Twins Computer Networking Paper Presentation.pptxaryanpankaj78
A Digital Twin in computer networking is a virtual representation of a physical network, used to simulate, analyze, and optimize network performance and reliability. It leverages real-time data to enhance network management, predict issues, and improve decision-making processes.
Applications of artificial Intelligence in Mechanical Engineering.pdfAtif Razi
Historically, mechanical engineering has relied heavily on human expertise and empirical methods to solve complex problems. With the introduction of computer-aided design (CAD) and finite element analysis (FEA), the field took its first steps towards digitization. These tools allowed engineers to simulate and analyze mechanical systems with greater accuracy and efficiency. However, the sheer volume of data generated by modern engineering systems and the increasing complexity of these systems have necessitated more advanced analytical tools, paving the way for AI.
AI offers the capability to process vast amounts of data, identify patterns, and make predictions with a level of speed and accuracy unattainable by traditional methods. This has profound implications for mechanical engineering, enabling more efficient design processes, predictive maintenance strategies, and optimized manufacturing operations. AI-driven tools can learn from historical data, adapt to new information, and continuously improve their performance, making them invaluable in tackling the multifaceted challenges of modern mechanical engineering.
Build the Next Generation of Apps with the Einstein 1 Platform.
Rejoignez Philippe Ozil pour une session de workshops qui vous guidera à travers les détails de la plateforme Einstein 1, l'importance des données pour la création d'applications d'intelligence artificielle et les différents outils et technologies que Salesforce propose pour vous apporter tous les bénéfices de l'IA.
2. protection of river banks and bed erosion protection works.ppt
A real-time hypertext transfer protocol intrusion detection system on web server
1. TELKOMNIKA Telecommunication Computing Electronics and Control
Vol. 21, No. 3, June 2023, pp. 566~573
ISSN: 1693-6930, DOI: 10.12928/TELKOMNIKA.v21i3.24938 566
Journal homepage: http://telkomnika.uad.ac.id
A real-time hypertext transfer protocol intrusion detection
system on web server
Agus Tedyyana1
, Osman Ghazali2
, Onno W. Purbo3
1
Department of Informatic Engineering, Politeknik Negeri Bengkalis, Riau, Indonesia
2
School of Computing, University Utara Malaysia, Sintok, Kedah, Malaysia
3
Department of Informatic, Institute Technology Tangerang Selatan, Tangerang Selatan, Indonesia
Article Info ABSTRACT
Article history:
Received Jun 05, 2021
Revised Mar 31, 2022
Accepted Jun 01, 2022
Behind the rapid development of the internet in today’s era, various types of
crime are also targeting vital players in the internet industry. With many
online crime types rampant, an antidote is also needed to suppress internet
crime. Therefore, the researcher proposes a solution in the form of a Keris,
namely the hypertext transfer protocol (HTTP) intrusion detection system
(IDS) that runs on the server where our website is running. Keris works by
detecting rampant intrusions that attack servers or websites. When an
intrusion is detected, Keris will notify the system admin using the Keris
Telegram chatbot or an alternative Keris mobile application with firebase
cloud messaging (FCM) technology. The research was conducted by
comparing the results of one-way delay (OWD) between Telegram
Webhook and FCM with the help of the open web application security
project (OWASP) zed attack proxy (ZAP) test tool. From the results of the
tests, OWD against directory brute force attacks on Telegram Webhook for
0.72 seconds and on FCM for 0.44 seconds. In this case, FCM is more
suitable for real-time notifications if we need a very responsive notification.
Keywords:
Cyber attack
HTTP IDS
Intrusion
OWASP ZAP
Telegram Bot
This is an open access article under the CC BY-SA license.
Corresponding Author:
Agus Tedyyana
Department of Informatics Engineering, Politeknik Negeri Bengkalis
Bengkalis, Riau, Indonesia
Email: agustedyyana@polbeng.ac.id
1. INTRODUCTION
With the rapid growth of the internet lately, the internet has become a much-needed thing and shifts
old habits to be fast and easy. As time goes on, it is not only a communication tool or research tool, but now
the government is also using the internet in e-government to provide services to its citizens, and this trend is
running smoothly. Governments continue to use the internet to become more transparent about governance
data. Then educational institutions and researchers also use the internet as a tool for solving problems and as
a platform to collaborate and disseminate their findings and research with others. Meanwhile, companies use
the internet to exchange information with business units, partners, suppliers, and customers efficiently and
seamlessly. With such adoption, it is becoming clear that many elements are increasingly dependent on the
internet and network-based information systems [1].
Various types of attacks are used as tools to commit cybercrime. These attacks may be classified
into several categories, such as:
a) Common web attack is a criminal attack that is generally done against web-based applications. The most
common are path/directory traversal [2], cross-site scripting (XSS) [3], local file inclusion (LFI) [4], SQL
injection (SQLi) [5], and distributed denial of service (DDoS) [6].
2. TELKOMNIKA Telecommun Comput El Control
A real-time hypertext transfer protocol intrusion detection system on web server (Agus Tedyyana)
567
b) Common vulnerabilities and exposures (CVE) is a system that gives many reference methods for commonly
known vulnerabilities and exposure information in the form of data sets. This system can be used as a
reference to protecting existing systems but can also be a reference for attackers to attack systems [7].
c) Bad crawler is a bot used for criminal acts, such as illegally collecting (memo/crawler) website content
or taking email addresses listed on websites to send spam to victims. In addition, there are also types of
bots used to perform DDoS actions, which use up bandwidth and hurt website owners.
d) Directory brute force is a frequent attack on web servers and websites.
A system that can detect suspicious activity in a system or network is known as intrusion detection [8].
Intrusion detection systems (IDS) are security tools that use sophisticated techniques to secure computer
networks from illegal access or ongoing intrusions that have already occurred. Therefore, cybersecurity requires
a robust IDS design, which can overcome ethical testing in real-time and large-scale hacking [9]. IDS consists
of various types, such as network-based IDS (NIDS), WirelessIDS, and host-based IDS (HIDS), and there is
also a hybrid IDS that combines various IDS [10].
In intrusion detection, web-based applications typically use weblogs from a web server to detect
intrusion. In the research by Tanaka et al. [11], they created a model to detect bots that enter the website by
utilizing the user-agent and user behavior recorded in the web server log. From the results of this web log
analysis, admins can have insight into potential attack patterns that will occur in the future [12].
There are some significant challenges in building an IDS that runs on a web server. Intrusion
detection methodologies are still immature in the web application security domain [13]. Tracking systems are
mainly used as network security tools. However, IDS web design requires a different approach from
traditional network IDS to address the complexities associated with web-based applications.
In this research, the researcher proposes an IDS in the form of hypertext transfer protocol (HTTP)
IDS, namely Keris. Keris is a web log-based alerts IDS that runs on the terminal with resources collected and
detects intrusion, and, as soon, returns the alert to server admin using notification. Analyzing the ongoing
weblog will alert the admin in real time if any suspicious activity is recorded in the weblog. The researchers
in this study hope to get the results of intrusion notifications that can be sent in real-time with the shortest
available delay time. This IDS was built using the Go programming language. One of the advantages when
using the go language in programming is that it does not use a lot of random access memory (RAM) [14].
In this research, Keris still uses external resources to detect intrusions into the system. For example, for types
of attacks such as common web attack using PHP-IDS [15] resources, CVE uses nuclei templates [16].
Wrong IP address and bad referrer is obtained from the Nginx Ultimate Bad Bot Blocker [17] collection, and
bad crawler takes from project resources from crawler detect [18]. The last one is directory bruteforce,
leveraging resources from dirsearch [19].
2. METHOD
As described in the previous section, HTTP-IDS processes logs to detect intrusions into the system.
HTTP-IDS collects logs from web servers and analyzes them using algorithms that can detect patterns that
are abnormal or do not comply with specified standards. If the pattern found matches the signs of an attack,
the system will give a warning. This section will explain how logs on the web server are used in the process
of infiltrating the system, how the Keris system works, and how the Keris system uses external resources to
help detect whether intrusion has occurred or not.
2.1. Proposed mechanism design
The output obtained from this stage is the design of the workings of the IDS Keris to identify the
types of threats and malicious activities to be detected. Once a threat or unwanted activity is detected,
the IDS system will notify the admin or take automatic action such as blocking access. It then tests the IDS to
ensure that it is functioning properly and is effective in detecting the type of threat of concern. Figure 1
shows the following flowchart which will explain how the intrusion process is detected and reported to the
system admin.
The flow chart illustrates how the Keris HTTP IDS workflow developed in this study. The request
from the user will go to the web server that is used as the hosting of the web application. When the HTPP
request comes in, information on the activity carried out by the client will be recorded in the web-server log.
The logs will then be matched with external resources to check whether the incoming request was classified
as an intrusion. Suppose an incoming HTTP request is declared suspicious by IDS based on these resources.
In that case, the system will send a warning notification to the system admin about an intrusion attempt on
the web server.
3. ISSN: 1693-6930
TELKOMNIKA Telecommun Comput El Control, Vol. 21, No. 3, June 2023: 566-573
568
Figure 1. Flowchart of the Keris HTTP IDS
2.2. Use of web server logs on the intrusion process
Web servers include several parts that control how web users access hosted files. The minimum is
an HTTP server. An HTTP server understands URLs (web addresses) and HTTP (protocols used by your
browser to view web pages) [20], and a web server log file is written as an activity generated by a web
server. Log files collect various data about information requests to a web server. This web server log data
will then be analyzed using the Keris-IDS program with the help of resources used from outside, such as
PHP-IDS, nuclei templates, and others.
2.3. Rule method used in the HTTP-IDS Keris
As explained in the previous section, getting system scripts to run by analyzing web server access
log files. By examining past data, it is important to regularly review and analyze log files from IDS to ensure
that systems are secure and to identify potential threats or vulnerabilities. Information security policies for
web applications can be created and implemented properly [21]. In addition, further exploitation can be
prevented in advance.
The proposed method can be described as a rule-based system. Unlike detection based on anomalies,
the rules are static, i.e., using a blacklist and whitelist approach. A rule-based system is a detection based on a
database of known intrusion or attack alerts crafted by humans based on their expert knowledge [22].
The database used here is an outside resource explained in the previous section. If IDS detects an intrusion,
then according to the data from the database, immediate detection is categorized as an intrusion.
2.4. Intrusion warning mechanism
There are various ways to warn users if an intrusion is detected in the IDS. They were starting from
short message service (SMS) gateway, email, or chatbot. Chatbots can be developed in any programming
language. The backend receives the message, figures out what to answer, and returns a response to the user
using a web application programming interface (API) from the chatbot service provider. In this case, the API
is provided to developers in the public domain [23].
The use of chatbots as an intrusion warning medium is now widely used as its implementation is
easy, as it is spoiled with documentation from existing developers and communities. For example, a
Telegram Bot uses long polling and webhook to run a Telegram Bot. However, the long polling method has a
higher (slower) response time than the webhook method [24].
In addition to the Telegram chatbot, there is another alternative as a delivery mechanism for
intrusion detection, namely using, firebase cloud messaging (FCM) technology. The FCM architecture is
presented in Figure 2. FCM supports notification and data messages [25]. The picture shows that FCM is the
center that sends notification messages from application servers in the form of HTTP and extensible
messaging and presence protocol (XMPP) and several functions that run in the cloud to client applications.
4. TELKOMNIKA Telecommun Comput El Control
A real-time hypertext transfer protocol intrusion detection system on web server (Agus Tedyyana)
569
Figure 2. The FCM architecture of the Keris HTTP IDS
3. RESULTS AND DISCUSSION
The results of an IDS can vary depending on the type of IDS and the specific threats it is designed to
detect. When the IDS detects a potential threat or malicious activity, it can issue an alert to the system
administrator. The alert will typically include information about the nature of the threat and the actions taken
by the IDS to mitigate it. This section describes the results of the research conducted along with the results of
the application test analysis which are divided into three sub-sections.
3.1. Keris
The result of the Keris application is an HTTP-IDS built using the go programming language. Keris
is installed on a server which is the base of the website. Keris is an application built without a graphical user
interface, so to run it, the user has to use commands in the terminal. Keris can handle websites that are
deployed on Apache and Nginx web servers. Figure 3 displays how Keris runs and reads the logs on the
webserver to determine whether there is an intrusion.
Figure 3. Keris running on Nginx webserver
Figure 3 explains how the Keris looks when it is run through the terminal. When the user runs it for
the first time, Keris will present the user with a logo of the application, and the contact user can address it.
The below shows the analysis process done by Keris by reading the logs from the web server. The results of
the analysis data look like the format in the figure, namely the date and time of the log are written, in this
case, the time the intrusion occurred along with the time zone. Then there is the IP address of the client who
intruded. Next is the type of intrusion carried out by the client. Moreover lastly, the data is a description of
the information about the intrusion. For example, the bad IP address will undoubtedly display the bad IP
address, and the bad crawler will display the type of crawler used for the intrusion.
In this study, researchers used the Nginx web server as test material. Other web-server options can
be used, such as Apache. We only need to change the configuration file according to the web-server used.
Configuration needs to be done, considering the format of the logs for each web-server is different. For
example, Nginx uses the following format $ remote_addr $ remote_user - [$ time_local] “$ request_method $
request_uri $ request_protocol” $ status $ body_bytes_sent “$ http_referer” “$ http_user_agent” while
Apache has a slight difference in the use of “-”, for example, $ remote_addr - $ remote_user [$ time_local]
“$ request_method $ request_uri $ request_protocol” $ status $ body_bytes_sent “$ http_referer”
“$ http_user_agent”. So we need a configuration according to the web-server before running the Keris
application on the server.
5. ISSN: 1693-6930
TELKOMNIKA Telecommun Comput El Control, Vol. 21, No. 3, June 2023: 566-573
570
3.2. Keris Telegram Bot
Not always web admins or system admins work in front of their computers to monitor intrusions from
outside. Therefore, we also developed a Telegram Bot to meet the needs of monitoring for 24 hours with its
real-time notification feature. First, we provide a template to present information that is easy to understand for
the web admin. Then enter the token from the Telegram Bot that Telegram Bot created and the chat id from our
account into the existing configuration file. Figure 4 shows how Keris Telegram Bot displays the information.
Figure 4. Keris Telegram Bot
This image illustrates how a bot will notify a web admin via an informative notification. Bots can send
push notifications through the application or platform used by the admin, so that the admin can find out if there
is a notification from the IDS system. The information sent includes the incoming intrusion type, HTTP request
type, attacker’s IP address, user-agent used, HTTP status response code from server to client, and bytes sent
from server to client. The admin must plan the work logic of the bot, such as what conditions will cause the bot
to send notifications, the message format to be received, and who will receive the notification.
3.3. Keris client app
Apart from using the Telegram chatbot, researchers also use FCM to examine which delay rate is
lower between FCM and Telegram Webhooks. FCM is a messaging solution developed by Google that is
used to send real-time messages to mobile and web applications. FCM allows developers to send messages to
apps installed on a user’s device without using an internet connection or mobile network as a notification
recipient from FCM. FCM also allows sending messages to a single device, group of devices, or the entire
application user base. An Android application is built that is useful as a client to display the contents of
intrusion detection messages, as shown in Figure 5.
An IDS can generate reports that provide a summary of the detected threats and the actions taken to
mitigate them. These reports are useful for monitoring the system’s security over time and identifying trends
or patterns in malicious activity. Figure 5 displays the application interface, which shows basic information
such as the type of intrusion and the time of the intrusion down to the second format.
Figure 5. Keris client app
6. TELKOMNIKA Telecommun Comput El Control
A real-time hypertext transfer protocol intrusion detection system on web server (Agus Tedyyana)
571
3.4. Performance metric
In order to analyze the real-time performance of the HTTP IDS used, the researcher uses the one-way
delay (OWD) metric for the two types of intrusion-sending mechanisms used, namely Telegram Webhook and
FCM. OWD is based on the time taken for a packet to be transmitted across a network from the source, which
means the HTTP IDS to the destination, in this case, is the client. In testing the application in this research,
the researcher used the open web application security project (OWASP) zed attack proxy (ZAP) tool to launch
attacks on the website. The researcher chose OWASP ZAP because it has proven reliable in intrusion testing [26].
From the test results, the researcher then compares the time between attacks detected by Keris and the time the
warning notification appears on the Telegram Bot to determine whether Keris could generate real-time alerts when
attacking using the OWASP ZAP tool, as in Table 1.
Table 1. Results of OWD using Telegram Webhook
No Attack type Time of detect Time of alert Time difference(s)
1 Directory bruteforce 00:24:55 00:24:55 0
2 Directory bruteforce 00:24:55 00:24:55 0
3 Directory bruteforce 00:25:03 00:25:04 1
4 Directory bruteforce 00:25:11 00:25:11 0
5 Directory bruteforce 00:25:11 00:25:12 1
6 Directory bruteforce 00:25:12 00:25:12 0
7 Directory bruteforce 00:25:12 00:25:12 0
8 Directory bruteforce 00:25:12 00:25:13 1
9 Directory bruteforce 00:25:14 00:25:15 1
10 Directory bruteforce 00:25:14 00:25:15 1
11 Directory bruteforce 00:40:35 00:40:36 1
12 Directory bruteforce 00:40:42 00:40:43 1
13 Directory bruteforce 00:40:42 00:40:43 1
14 Directory bruteforce 00:40:43 00:40:44 1
15 Directory bruteforce 00:40:43 00:40:44 1
16 Directory bruteforce 00:40:43 00:40:44 1
17 Directory bruteforce 00:40:45 00:40:46 1
18 Directory bruteforce 00:40:45 00:40:46 1
The difference in time average 0.72
From the results in the previous table, it is found that of the last 18 attacks detected using OWASP ZAP,
there is an average time difference of 0.72 seconds. From the results in the previous table, it was found that in the
last 18 attacks detected using OWASP ZAP, the average time difference was 0.72 seconds. It can be interpreted
that there is a delay of 0.72 to 1 second to send a notification message to Telegram since Keris detects an attack.
After testing on the Telegram Webhook, the next researcher investigated using FCM. The results of OWD data on
FCM are shown in Table 2, which shows that the delay rate on FCM is lower than on Telegram Webhook. Sama
amount of data with the Telegram hook, the FCM has an average time difference of 0.44 seconds.
Table 2. Results of OWD using FCM
No Attack type Time of detect Time of alert Time difference(s)
1 Directory bruteforce 02:16:24 02:16:24 0
2 Directory bruteforce 02:17:31 02:17:32 1
3 Directory bruteforce 02:17:31 02:17:32 1
4 Directory bruteforce 02:17:32 02:17:32 0
5 Directory bruteforce 02:17:32 02:17:32 0
6 Directory bruteforce 02:18:53 02:18:54 1
7 Bad IP address 02:20:55 02:20:56 1
8 Directory bruteforce 02:24:43 02:24:43 0
9 Directory bruteforce 02:24:43 02:24:43 0
10 Directory bruteforce 02:24:43 02:24:43 0
11 Directory bruteforce 02:24:43 02:24:43 0
12 Directory bruteforce 02:26:40 02:26:41 1
13 Directory bruteforce 02:26:41 02:26:41 0
14 Directory bruteforce 02:26:41 02:26:41 0
15 Directory bruteforce 02:26:41 02:26:41 0
16 Directory bruteforce 02:28:15 02:28:16 1
17 Directory bruteforce 02:28:15 02:28:16 1
18 Directory bruteforce 02:28:15 02:28:16 1
The difference in time average 0.44
7. ISSN: 1693-6930
TELKOMNIKA Telecommun Comput El Control, Vol. 21, No. 3, June 2023: 566-573
572
4. CONCLUSION
From the results and analysis of the application testing that has been carried out, it is found that the
proposed HTTP-IDS Keris has successfully detected intrusions carried out by OWASP ZAP by utilizing
external resources to detect the types of incoming attacks. From the OWASP ZAP test, the type of intrusion was
directory bruteforce. Keris can also alert the system admin about the dangers of intrusion in real-time with a
delay of 0.72 seconds using the Telegram Webhook and 0.44 seconds when using the FCM. This show that
FCM is more suitable than Telegram Webhook when we want to use real-time notification. For future research,
it is hoped that other technologies can be used as warning mechanisms to overcome the causes of delays and
then reduce delay times. Using ensemble techniques can strengthen the performance of the detection system,
by combining two or more detection methods, for example signature-based and anomaly-based methods. IDS is
capable of regularly updating models and reviewing logs for potential problems detectionIn addition. Research
can also be carried out by utilizing the latest knowledge, to maximize the capabilities of IDS.
REFERENCES
[1] S. Q. Mir, I. A. Mir, and B. M. Beiigh, “Investigating the denial of service attack : A major threat to internet and the security of
information,” JK Research Journal in Mathematics and Computer Sciences, vol. 1, no. 1, pp. 121–131, 2018. [Online]. Available:
https://www.jkhighereducation.nic.in/jkrjmcs/issue1/17.pdf
[2] I. -C. Potinteu and R. Varga, “Detecting Injection Attacks using Long Short Term Memory,” 2020 IEEE 16th International Conference on
Intelligent Computer Communication and Processing (ICCP), 2020, pp. 163-169, doi: 10.1109/ICCP51029.2020.9266177.
[3] S. Rathore, P. K. Sharma, and J. H. Park, “XSSClassifier: An efficient XSS attack detection approach based on machine learning
classifier on SNSs,” Journal of Information Processing Systems, vol. 13, no. 4, pp. 1014–1028, 2017, doi: 10.3745/JIPS.03.0079.
[4] M. A. Rahman, M. Amjad, B. Ahmed, and M. S. Siddik, “Analyzing web application vulnerabilities: An empirical study on e-commerce
sector in Bangladesh,” ICCA 2020: Proceedings of the International Conference on Computing Advancements, pp. 1–6, 2020,
doi: 10.1145/3377049.3377107.
[5] B. A. Pham and V. H. Subburaj, “An Experimental setup for Detecting SQLI Attacks using Machine Learning Algorithms,”
Journal of The Colloquium for Information Systems Security Education, vol. 8, no. 1, 2020, [Online] Available:
https://cisse.info/journal/index.php/cisse/article/view/124/124
[6] S. Haider et al., “A Deep CNN Ensemble Framework for Efficient DDoS Attack Detection in Software Defined Networks,” in
IEEE Access, vol. 8, pp. 53972-53983, 2020, doi: 10.1109/ACCESS.2020.2976908.
[7] J. Fan, Y. Li, S. Wang, and T. N. Nguyen, “A C/C++ Code Vulnerability Dataset with Code Changes and CVE Summaries,” MSR '20:
Proceedings of the 17th International Conference on Mining Software Repositories, pp. 508–512, 2020, doi: 10.1145/3379597.3387501.
[8] B. B. Zarpelão, R. S. Miani, C. T. Kawakani, and S. C. de Alvarenga, “A survey of intrusion detection in Internet of Things,”
Journal of Network and Computer Applications, vol. 84, pp. 25–37, 2017, doi: 10.1016/j.jnca.2017.02.009.
[9] A. S. Sohal, R. Sandhu, S. K. Sood, and V. Chang, “A cybersecurity framework to identify malicious edge device in fog computing
and cloud-of-things environments,” Computers & Security, vol. 74, pp. 340–354, 2018, doi: 10.1016/j.cose.2017.08.016.
[10] S. Jose, D. Malathi, B. Reddy, and D. Jayaseeli, “A Survey on Anomaly Based Host Intrusion Detection System,” Journal of
Physics: Conference Series, 2018, vol. 1000, doi: 10.1088/1742-6596/1000/1/012049.
[11] T. Tanaka, H. Niibori, S. Li, S. Nomura, H. Kawashima, and K. Tsuda, “Bot detection model using user agent and user behavior
for web log analysis,” Procedia Computer Science, vol. 176, pp. 1621–1625, 2020, doi: 10.1016/j.procs.2020.09.185.
[12] K. Ma, R. Jiang, M. Dong, Y. Jia, and A. Li, “Neural Network Based Web Log Analysis for Web Intrusion Detection,”
International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage, 2017, pp. 194–204,
doi: 10.1007/978-3-319-72395-2_19.
[13] N. Agarwal and S. Z. Hussain, “A Closer Look at Intrusion Detection System for Web Applications,” Hindawi: Security and
Communication Networks, vol. 2018, pp. 1–27, 2018, doi: 10.1155/2018/9601357.
[14] P. Dymora and A. Paszkiewicz, “Performance analysis of selected programming languages in the context of supporting decision-
making processes for industry 4.0,” Applied Sciences, vol. 10, no. 23, 2020, doi: 10.3390/app10238521.
[15] M. Chora and R. Kozik, “Machine Learning Techniques for Threat Modeling and Detection,” Security and Resilience in
Intelligent Data-Centric Systems and Communication Networks, Academic Press, pp. 179–192, 2018, doi: 10.1016/B978-0-12-
811373-8.00008-2.
[16] “Nuclei - Community Powered Vulnerability Scanner.” Nuclei Project. https://nuclei.projectdiscovery.io/templating-guide/
(accessed May 05, 2021).
[17] M. Krogza. “Nginx Ultimate Bad Bot and User-Agent Blocker.” GitHub. https://github.com/mitchellkrogza/nginx-ultimate-bad-
bot-blocker (accessed May 05, 2021).
[18] J. Bizzle. “Crawler Detect.” GitHub. https://github.com/JayBizzle/Crawler-Detect (accessed May 06, 2021).
[19] M. Soria. “Dirsearch.” GitHub. https://github.com/maurosoria/dirsearch (accessed May 06, 2021).
[20] G. Suchacka, A. Cabri, S. Rovetta, and F. Masulli, “Efficient on-the-fly Web bot detection,” Knowledge-Based Systems, vol. 223,
2021, doi: 10.1016/j.knosys.2021.107074.
[21] M. B. Seyyar, F. Ö. Çatak, and E. Gül, “Detection of attack-targeted scans from the Apache HTTP Server access logs,” Applied
Computing and Informatics, vol. 14, no. 1, pp. 28–36, 2018, doi: 10.1016/j.aci.2017.04.002.
[22] F. Sadikin, T. V. Deursen, and S. Kumar, “A ZigBee Intrusion Detection System for IoT using Secure and Efficient Data
Collection,” Internet of Things, vol. 12, 2020, doi: 10.1016/j.iot.2020.100306.
[23] Kozhevnikov V. A., Sabinin O. Y., and Shats J. E., “Library development for creating bots on slack, telegram and facebook
messengers,” International scientific journal : Theoretical & Applied Science, vol. 50, no. 06, pp. 59–62, 2017,
doi: 10.15863/TAS.2017.06.50.4.
[24] H. Candra, Rino, and Riki, “Designing a Chatbot Application for Student Information Centers on Telegram Messenger Using
Fulltext Search Boolean Mode,” Journal Bit-Tech, vol. 2, no. 2, pp. 71–80, 2020, doi: 10.32877/bt.v2i2.106.
[25] G. Albertengo, F. G. Debele, W. Hassan, and D. Stramandino, “On the performance of web services, google cloud messaging and firebase
cloud messaging,” Digital Communications and Networks, vol. 6, no. 1, pp. 31–37, 2020, doi: 10.1016/j.dcan.2019.02.002.
[26] K. Kritikos, K. Magoutis, M. Papoutsakis, and S. Ioannidis, “A survey on vulnerability assessment tools and databases for cloud-based
web applications,” Array, vol. 3–4, 2019, doi: 10.1016/j.array.2019.100011.
8. TELKOMNIKA Telecommun Comput El Control
A real-time hypertext transfer protocol intrusion detection system on web server (Agus Tedyyana)
573
BIOGRAPHIES OF AUTHORS
Agus Tedyyana is a senior lecturer at the Politeknik Negeri Bengkalis, Bengkalis,
Riau, Indonesia. He has an educational background in computer science. He has worked in
education as a lecturer since 2014. He has been continuing his Doctoral (Ph.D.) studies at the
Universiti Utara Malaysia (UUM) Campus in Kedah Darul Aman, Malaysia, since early 2020.
His research interests are in computer security. He can be contacted at email:
agustedyyana@polbeng.ac.id.
Osman Ghazali Dr. Osman Ghazali is an Associate Professor and the Deputy
Dean of the School of Computing, Universiti Utara Malaysia. Osman holds a Ph.D. in
Information Technology (Networking) from Awang Had Salleh Graduate School, Universiti
Utara Malaysia (AHSGS). He was a visiting research fellow at the School of Engineering &
Applied Science, Aston University (EAS), in 2012. In 2011, Osman was the Head of the
Computer Science Department School of Computing, Universiti Utara Malaysia. Before that,
from 2009 to 2011, he was the Technical Chairperson at the University Teaching and Learning
Center, Universiti Utara Malaysia. Dr. Osman’s research interest is Internetworking, Cloud
Computing, and Information Security. He has more than 100 publications as refereed book
chapters and refereed technical papers in journals and conferences. He is a senior member of
the Internetworks Research Laboratory (IRL). He is also a member of the IEEE and the ACM.
He can be contacted at email: osman@uum.edu.my.
Onno W. Purbo Onno W. Purbo graduated from the Department of Electrical
Engineering, Bandung Institute of Technology, in 1987. In 1989, he completed his
postgraduate education at McMaster University, Canada, in the field of Semi-Conductor Laser.
Five years later, he received his Ph.D. from the University of Waterloo. Canada, in the field of
Integrated Circuit Technology for satellites, In November 2020, he received the Postel Service
Award from the Internet Society. Postel Service Award was given to Onno for his outstanding
contribution to the development of Internet technology in Indonesia. He can be contacted at
email: onno@indo.net.id.