Pengembangan Kebijakan Keamanan Adaptif Berbasis Machine Learning pada Firewall SDN

Nurhadi Surojudin; Ahmad  Turmudi Zy; Donny Maulana; Abdul  Halim Anshor

doi:10.55382/jurnalpustakaai.v5i1.919

Penulis

Nurhadi Surojudin Universitas Pelita Bangsa
Turmudi Universitas Pelita Bangsa
Donny Universitas Pelita Bangsa
Anshor Universitas Pelita Bangsa

DOI:

https://doi.org/10.55382/jurnalpustakaai.v5i1.919

Kata Kunci:

Keamanan Adaptif, firewall SDN, machine learning, serangan DDoS, Random Forest

Abstrak

Dalam era digital yang semakin kompleks, serangan siber seperti Distributed Denial of Service (DDoS) menjadi tantangan besar dalam pengelolaan keamanan jaringan. Penelitian ini mengusulkan pengembangan kebijakan keamanan adaptif berbasis machine learning untuk firewall pada arsitektur Software-Defined Networking (SDN). Dengan menggunakan algoritma Random Forest dan dataset CICIDS2017, sistem mampu mendeteksi serangan DDoS secara otomatis dan akurat. Data diuji melalui metode stratified split agar proporsi label tetap seimbang, serta dilakukan pembersihan nilai tak valid. Model menunjukkan performa sangat tinggi dengan akurasi 99,9978%, precision dan recall 99,996%, serta f1-score 99,996%. Evaluasi melalui confusion matrix mengindikasikan hanya dua kesalahan klasifikasi dari total 45.149 data uji. Hasil ini membuktikan bahwa integrasi machine learning dalam firewall SDN dapat memperkuat deteksi ancaman dan menghasilkan kebijakan keamanan yang dinamis, efisien, serta dapat beradaptasi terhadap serangan baru. Rencana pengembangan ke depan mencakup penerapan pada data real-time dan perluasan cakupan deteksi terhadap jenis serangan lainnya. Temuan ini memberikan kontribusi signifikan dalam pengembangan solusi keamanan jaringan berbasis SDN yang cerdas.

Unduhan

Data unduhan belum tersedia.

Referensi

T. Yuliswar, I. Elfitri, and O. W Purbo, “Optimization of Intrusion Detection System with Machine Learning for Detecting Distributed Attacks on Server,” ISI, vol. 10, no. 1, pp. 367–376, Feb. 2025, doi: 10.35314/vem9da98.

Dr. A.Shaji George, Dr. T.Baskar, and Dr. P.Balaji Srikaanth, “Cyber Threats to Critical Infrastructure: Assessing Vulnerabilities Across Key Sectors,” Feb. 2024, doi: 10.5281/ZENODO.10639463.

E. Kaljic, A. Maric, P. Njemcevic, and M. Hadzialic, “A Survey on Data Plane Flexibility and Programmability in Software-Defined Networking,” IEEE Access, vol. 7, pp. 47804–47840, 2019, doi: 10.1109/ACCESS.2019.2910140.

Ahmad Turmudi Zy, Isarianto, A. M. Rifa’i, A. Nugroho, and A. Ghofir, “Enhancing Network Security: Evaluating SDN-Enabled Firewall Solutions and Clustering Analysis Using K-Means through Data-Driven Insights,” J. RESTI (Rekayasa Sist. Teknol. Inf.), vol. 9, no. 1, pp. 69–76, Jan. 2025, doi: 10.29207/resti.v9i1.6056.

I. Sharafaldin, A. Habibi Lashkari, and A. A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization:,” in Proceedings of the 4th International Conference on Information Systems Security and Privacy, Funchal, Madeira, Portugal: SCITEPRESS - Science and Technology Publications, 2018, pp. 108–116. doi: 10.5220/0006639801080116.

A. T. Zy, Amali, A. M. Rifa’i, A. Z. Kamalia, and A. A. Sulaeman, “Detecting DDoS Attacks Through Decision Tree Analysis: An EDA Approach with the CIC DDoS 2019 Dataset,” in 2024 8th International Conference on Information Technology, Information Systems and Electrical Engineering (ICITISEE), Yogyakarta, Indonesia: IEEE, Aug. 2024, pp. 202–207. doi: 10.1109/ICITISEE63424.2024.10730435.

Ram Chandra Sachan, Rishit Lakhani, and Sanjay Poddar, “AI-enabled security mechanisms for WLANs: ensuring robust and adaptive protection in wireless networks,” World J. Adv. Res. Rev., vol. 25, no. 3, pp. 2085–2095, Mar. 2025, doi: 10.30574/wjarr.2025.25.3.0960.

N. S. Musa, N. M. Mirza, S. H. Rafique, A. M. Abdallah, and T. Murugan, “Machine Learning and Deep Learning Techniques for Distributed Denial of Service Anomaly Detection in Software Defined Networks—Current Research Solutions,” IEEE Access, vol. 12, pp. 17982–18011, 2024, doi: 10.1109/ACCESS.2024.3360868.

Md. R. Ahmed, S. Islam, S. Shatabda, A. K. M. M. Islam, and Md. T. I. Robin, “Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey,” Nov. 21, 2022. doi: 10.36227/techrxiv.17153213.v2.

J. Faria, Y. Wang, and M. Lai, “Designing Network Security Tools for Home Users”.

M. Driss Laanaoui, M. Lachgar, H. Mohamed, H. Hamid, S. Gracia Villar, and I. Ashraf, “Enhancing Urban Traffic Management Through Real-Time Anomaly Detection and Load Balancing,” IEEE Access, vol. 12, pp. 63683–63700, 2024, doi: 10.1109/ACCESS.2024.3393981.

A. Aljuhani, “Machine Learning Approaches for Combating Distributed Denial of Service Attacks in Modern Networking Environments,” IEEE Access, vol. 9, pp. 42236–42264, 2021, doi: 10.1109/ACCESS.2021.3062909.

T. E. Ali, Y.-W. Chong, and S. Manickam, “Machine Learning Techniques to Detect a DDoS Attack in SDN: A Systematic Review,” Applied Sciences, vol. 13, no. 5, p. 3183, Mar. 2023, doi: 10.3390/app13053183.

A. A. Barakabitze, A. Ahmad, R. Mijumbi, and A. Hines, “5G network slicing using SDN and NFV: A survey of taxonomy, architectures and future challenges,” Computer Networks, vol. 167, p. 106984, Feb. 2020, doi: 10.1016/j.comnet.2019.106984.

T. G. Nguyen, T. V. Phan, B. T. Nguyen, C. So-In, Z. A. Baig, and S. Sanguanpong, “SeArch: A Collaborative and Intelligent NIDS Architecture for SDN-Based Cloud IoT Networks,” IEEE Access, vol. 7, pp. 107678–107694, 2019, doi: 10.1109/ACCESS.2019.2932438.

Kurniabudi, D. Stiawan, Darmawijoyo, M. Y. Bin Idris, A. M. Bamhdi, and R. Budiarto, “CICIDS-2017 Dataset Feature Analysis With Information Gain for Anomaly Detection,” IEEE Access, vol. 8, pp. 132911–132921, 2020, doi: 10.1109/ACCESS.2020.3009843.