Implementation of K-Nearest Neighbor in Intrusion Detection and Network Security using Open-Source Snort
Rifki Indra Perwira (a*), Ahmad Dzakiyyul Fuad (a), Aldila Putri Linanzha (a), Simon Pulung Nugroho (a), Oliver Samuel Simanjuntak (a)

a) UPN ^Veteran^ Yogyakarta

Abstract

Vulnerability and cybersecurity issues need special attention. In the current era, online-based information system services are implemented in almost all UPN ^Veteran^ Yogyakarta environments, so the internet connection must be smooth without problems such as timeouts, heavy traffic, or other obstacles that cause unstable connections and user inconvenience.

To ensure this, a security system is needed that can detect unauthorized or suspicious activity on devices or packets that traverse network traffic. IDS (Intrusion Detection System) is an intrusion detection system that analyzes traffic patterns both generally and specifically to and from the server. When a certain pattern change occurs, the IDS will alert the user. SNORT is an open-source model that can be used to detect anomalous traffic. SNORT can analyze network traffic in real time and detect various threat attacks such as port scanning, DoS, buffer overflow, and others.

IDS can be combined with other classification methods in machine learning to classify anomalous traffic and identify attack categories. One popular machine learning method for classification is K-Nearest Neighbor (KNN). The KNN method was chosen because this method is quite simple and easy to implement.

The dataset used in this research is secondary data, namely NSL-KDD, which was obtained from an online platform for sharing research data, namely Kaggle. NSL-KDD can be used to evaluate intrusion detection models created using the KNN method. In this research, different k values were tested to obtain the most optimal results. Classification of network attack types using the KNN method is best at k=1, achieving 91% accuracy.

Keywords: IDS, Snort, KNN

Topic: Engineering