Identifikasi Anomali Lalu Lintas Jaringan melalui Kombinasi Local Outlier Factor (LOF) dan Rule-Based System

Abstract

This research aims to develop a network attack early detection system by combining the Local Outlier Factor (LOF) algorithm and Rule-Based System. LOF is used to detect anomalies based on local data density, enabling high-accuracy identification of outliers in dynamic and unlabeled network data. This algorithm is able to recognize attack patterns that are difficult to detect by conventional methods. Meanwhile, the Rule-based System complements LOF with an “if-then” rule-based approach to recognize specific attack patterns, improving the accuracy and validation of detection results. The combination of these two methods aims to minimize false positives and false negatives, improve response to attacks, and enable automatic mitigation actions. The developed system was tested using network attack data which includes DoS, Probing, TCP Flood, and UDP Flood, taken from publicly available datasets. The testing process involves analyzing the accuracy of the system in detecting and classifying attacks. The results show that the integration of LOF and Rule-Based System can detect various types of attacks with good accuracy, minimize detection errors, and provide real-time network traffic information to users. However, the system still relies on pre-defined rules, which means that the detection capability of new, unidentified attack patterns may be limited. The system is also not equipped with an automatic mechanism to prevent attacks once detected, so it only serves as a monitoring and early detection tool. Therefore, this research suggests further development by integrating more adaptive machine learning technologies such as deep learning, as well as the implementation of automated prevention mechanisms to improve the effectiveness of detection and response to network threats.