Distributed denial-of-service (DDoS) merupakan jenis serangan dengan volume dan intensitas DDoS terus meningkat dengan biaya mitigasi yang terus meningkat seiring berkembangnya skala organisasi. Penelitian ini memiliki tujuan untuk mengembangkan sebuah pendekatan baru untuk mendeteksi dan membentuk cluster jenis serangan DDoS, berdasarkan pada karakteristik aktivitas jaringan dengan mengintegrasikan metode Normalized Relative Network Entropy (NRNE) sebagai estimator awal terhadap anomali aktivitas jaringan, dan metode Neural Network Backpropagation (BP) sebagai fungsi supervised learning terhadap pola anomali berdasarkan output dari NRNE. Data training yang digunakan dalam adalah log file dari KDD Cup 1999 yang diterbitkan oleh DARPA. Untuk pengujian real-world attack, digunakan data yang diterbitkan oleh CAIDA 2007. Pengujian simulation attack digunakan software DDoS Generator. Pengujian normal traffic digunakan data CAIDA 2011. Adanya pendekatan baru dalam mendeteksi serangan DDoS, diharapkan bisa menjadi sebuah komplemen terhadap sistem IDS dalam meramalkan terjadinya serangan DDoS.

Hackmageddon. Intranets: I know with what weapons World War III will be fought. [Online]. Available: http://hackmageddon.com/page/4

Bloomberg BussinessWeek. Intranets: You Don’t have to be an Evil Hacker Genius to bring Down PlayStation. [Online]. Available: http://www.businessweek.com/articles/2014-08-26/ddos-attacks-aresoaring

R. Heady, G. Luger, A. Maccabe, M. Servilla, 1990. The architecture of a Network Level Intrusion Detection System, Technical Report CS90-20, University of New Mexico, August.

eSecurity Planet. Intranet: DDoS attack growing but how much. [Online]. Available: http://www.esecurityplanet.com/networksecurity/ddosattacks-growing-but-how-much.html

A. Tajbakhsh, M. Rahmati, and A. Mirzaei. 2009 “Intrusion Detection Using Fuzzy Association Rules”, Applied Soft Computing, vol. 9, no. 2, pp. 462-469.

Yu, H. Lee, M.S. Kim, and D. Park. 2008. “Traffic flooding attack detection with SNMP MIB using SVM”, Computer Communications, vol. 31, no. 17, pp. 4212-4219.

G. Thatte, U. Mitra, and J. Heidemann. 2011. “Parametric Methods for Anomaly Detection in Aggregate Traffic”, IEEE/ACM Trans. Networking, vol. 19, no. 2, pp. 512-525, April.

S. Lee, G. Kim and S. Kim. 2011 “Self-adaptive and dynamic clustering for online anomaly detection”, Expert Systems with Applications, vol. 38, no. 12, pp. 14891-14898.

Yu Gu, A.McCallum and D.Towsley. “Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation” Tech. rep., Department of Computer Science, UMASS, Amherst, 2005. In https://www.usenix.org/events/imc05/tech/full_papers/gu/gu.pdf

Qian Quan, Che Hong-Yi, Zhang Rui. 2009. “Entropy Based Method for

Network Anomaly Detection“. 15th IEEE Pacific Rim International Symposium on Dependable Computing, vol. 978-0-7695-3849-5, no. 09, pp.189-191.

MIT: Mit lincoln laboratory-darpa intrusion detection evaluation.

http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/index.html (1999)

The CAIDA UCSD "DDoS Attack 2007" Dataset

http://www.caida.org/data/passive/ddos-20070804_dataset.xml

The CAIDA UCSD Anonymized Internet Traces 2011 - http://www.caida.org/data/passive/passive_2011_dataset.xml

https://www.usenix.org/legacy/event/deter07/tech/full_papers/mirkovic/mirkovic_html/DeterPerfs.html

G. Nychis V. Sekar, D. G. Anderson, etc. 2008. “An Empirical Evaluation of Entropy-based Anomaly Detection” Proceedings of the 8th ACM SIGCOMM conference on Internet measurement,, ACM Press, pp151-156.

D.Brauckhoff, B. Tellenbach, A. Wagner, etc. 2006. “Impact of traffic sampling on anomaly detection metrics.” Proceedings of the 6th ACM SIGCOMM conference on Internet measurement. ACM Press, pp159-164.

A.Lakhina, M. Crovella, and C. Diot. 2005. “Mining anomalies using traffic feature distributions”. Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications.ACM Press, pp217-218

S.A. Mirheidari, S. Arshad, and R. Jalili, 2013 “Alert Correlation Algorithms: A Survey and Taxonomy”, In Cyberspace Safety and Security, pp. 183197, Springer International Publishing.

J. Viinikka, H. Debar, L. Mé, and R. Séguier.2006. “Time series modeling for IDS alert management”, In Proceedings of the 2006 ACM Symposium on

Information, computer and communications security, pp. 102-113, March.

R. Smith, N. Japkowicz, M. Dondo, and P. Mason. 2008. “Using unsupervised learning for network alert correlation”, In Advances in Artificial Intelligence, pp. 308-319, Springer Berlin Heidelberg.

D. Bolzoni, S. Etalle, and P.H. Hartel. 2009. “Panacea: Automating attack classification for anomaly-based network intrusion detection systems”, In Recent Advances in Intrusion Detection, pp. 1-20, Springer Berlin Heidelberg, January, 2009