Deteksi dan Respon Insiden Terotomatisasi Menggunakan Kerangka Kerja NIST dengan Metode Robust Random Cut Forest dan Random Forest Regressor

Rorim Irvano Prahara; Budi Prasetya; Rudi Rusdiah

doi:10.51454/decode.v5i3.1348

Authors

Rorim Irvano Prahara Magister Ilmu Komputer Universitas Budi Luhur
Budi Prasetya Magister Ilmu Komputer Universitas Budi Luhur
Rudi Rusdiah Magister Ilmu Komputer Universitas Budi Luhur

DOI:

https://doi.org/10.51454/decode.v5i3.1348

Keywords:

Deteksi anomali, Pembelajaran mesin, Hutan acak, Kerangka NIST

Abstract

Meningkatnya ancaman serangan siber dan kebocoran data menuntut organisasi menerapkan pendekatan keamanan yang lebih canggih dan proaktif. Sistem deteksi berbasis tanda tangan dinilai tidak lagi memadai karena kurang mampu mengenali serangan baru maupun varian modifikasi. Di sisi lain, implementasi Undang-Undang Nomor 27 Tahun 2022 tentang Perlindungan Data Pribadi (UU PDP) mempertegas kewajiban organisasi untuk melindungi data melalui sistem deteksi dan respons insiden yang cepat serta andal. Penelitian ini bertujuan merancang sistem deteksi dan respons insiden siber terotomatisasi dengan memadukan machine learning untuk deteksi anomali dan klasifikasi serangan. Metode yang digunakan menggabungkan Robust Random Cut Forest (RRCF) untuk deteksi anomali unsupervised pada data streaming dan Random Forest Regressor (RFR) untuk pemodelan prediktif, menciptakan pendekatan hybrid yang lebih akurat. Untuk klasifikasi serangan digunakan Random Forest Classifier (RFC). Seluruh rancangan mengacu pada kerangka kerja NIST Cybersecurity Framework dan diintegrasikan dengan platform SIEM Wazuh guna memungkinkan peringatan dini dan respons otomatis. Hasil pengujian menunjukkan RFC mencapai kinerja optimal pada dataset UNSW-NB15, CIC-IDS-2017, dan data nyata, bahkan memperoleh skor sempurna dalam beberapa skenario. Sementara itu, kombinasi RRCF dan RFR terbukti efektif mendeteksi anomali real-time tanpa false positive. Kesimpulannya, sistem yang dibangun responsif, adaptif, akurat, serta mendukung kepatuhan regulasi UU PDP, sehingga berkontribusi nyata bagi penguatan keamanan siber organisasi di era digital.

References

Agustina, T., Masrizal, M., & Irmayanti, I. (2024). Performance Analysis of Random Forest Algorithm for Network Anomaly Detection using Feature Selection. Sinkron, 8(2), 1116–1124. https://doi.org/10.33395/sinkron.v8i2.13625

Avcı, İ., & Koca, M. (2023). Cybersecurity Attack Detection Model, Using Machine Learning Techniques. Acta Polytechnica Hungarica, 20(7), 29–44. https://doi.org/10.12700/APH.20.7.2023.7.2

Azugo, P., Venter, H., & Nkongolo, M. W. (2024). Ransomware Detection and Classification Using Random Forest: A Case Study with the UGRansome2024 Dataset. https://arxiv.org/abs/2404.12855v1

Bassey, C., Chinda, E. T., & Idowu, S. (2024). Building a Scalable Security Operations Center: A Focus on Open-source Tools. Journal of Engineering Research and Reports, 26(7), 196–209. https://doi.org/10.9734/jerr/2024/v26i71203

Bharadiya, J. (2023). Machine Learning in Cybersecurity: Techniques and Challenges. European Journal of Technology, 7(2), 1–14. https://doi.org/10.47672/ejt.1486

BSSN. (2023). Lanskap Keamanan Siber 2023. https://csirt.kemenpora.go.id/wp-content/uploads/2025/02/keamanan.pdf

Budiman, S., Sunyoto, A., & Nasiri, A. (2021). Analisa Performa Penggunaan Feature Selection untuk Mendeteksi Intrusion Detection Systems dengan Algoritma Random Forest Classifier. Sistemasi, 10(3), 753. https://doi.org/10.32520/stmsi.v10i3.1550

CIC. (2017). CIC - IDS2017. https://www.unb.ca/cic/datasets/ids-2017.html

Divekar, A., Parekh, M., Savla, V., Mishra, R., & Shirole, M. (2018). Benchmarking datasets for Anomaly-based Network Intrusion Detection: KDD CUP 99 alternatives. Proceedings on 2018 IEEE 3rd International Conference on Computing, Communication and Security, ICCCS 2018, 1–8. https://doi.org/10.1109/CCCS.2018.8586840

Gruginskie, L. A. dos S., & Vaccaro, G. L. R. (2018). Lawsuit lead time prediction: Comparison of data mining techniques based on categorical response variable. PLoS ONE, 13(6), 1–26. https://doi.org/10.1371/journal.pone.0198122

Guha, S., Mishra, N., Roy, G., & Schrijvers, O. (2016). Robust random cut forest based anomaly detection on streams. 33rd International Conference on Machine Learning, ICML 2016, 6, 3987–3999.

Halder, S., & Ozdemir, S. (2018). Hands-On Machine Learning for Cybersecurity.

Hariyanti, E., Hostiadi, D. P., Anggreni, Yohanes Priyo Atmojo, I Made Darma Susila, & Tangkawarow, I. (2024). Analisis Perbandingan Metode Seleksi Fitur pada Model Klasifikasi Decission Tree untuk Deteksi Serangan di Jaringan Komputer. Jurnal Sistem Dan Informatika (JSI), 18(2), 208–217. https://doi.org/10.30864/jsi.v18i2.615

Kostas, K. (2023). Anomaly infiltration detection in networks using machine learning. International Journal of Mechanical Engineering, 8(August). https://doi.org/10.56452/7-2-552

Li, Y., & Liu, Q. (2021). A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 7, 8176–8186. https://doi.org/10.1016/j.egyr.2021.08.126

Lutrianto, I., & Riswaldi, R. (2025). Legal Problems of Personal Data Protection in The Digital Era in Personal Data Protection Law in Indonesia. Greenation International Journal of Law and Social Sciences, 3(2), 345–350. https://doi.org/10.38035/gijlss.v3i2.429.

Moustafa, N., & Slay, J. (2016). The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Information Security Journal, 25(1–3), 18–31. https://doi.org/10.1080/19393555.2015.1125974

Nugroho, S., & Rochmadi, T. (2024). Analysis of Information Security Readiness Using the Index KAMI. Decode: Jurnal Pendidikan Teknologi Informasi, 4(3), 881–886. https://doi.org/10.51454/decode.v4i3.602

Pemerintah Republik Indonesia. (2022). Undang Undang Perlindungan Data Pribadi. 016999, 457–483.

Rafrastaraa, F. A., Pramunendar, R. A., Prabowo, D. P., Kartikadarma, E., & Sudibyo, U. (2023). Optimasi Algoritma Random Forest menggunakan Principal Component Analysis untuk Deteksi Malware. Jurnal Teknologi Dan Sistem Informasi Bisnis, 5(3), 217–223. https://doi.org/10.47233/jteksis.v5i3.854

Sahingoz, O. K., Buber, E., Demir, O., & Diri, B. (2019). Machine learning based phishing detection from URLs. Expert Systems with Applications, 117(January 2019), 345–357. https://doi.org/10.1016/j.eswa.2018.09.029

Sharafaldin, I., Habibi Lashkari, A., & Ghorbani, A. A. (2019). A Detailed Analysis of the CICIDS2017 Data Set. In Communications in Computer and Information Science (Vol. 977, Issue Cic). Springer International Publishing. https://doi.org/10.1007/978-3-030-25109-3_9

Sunarto, S. A., Maulidina, C. P., & Wijaya, W. V. (2024). Kajian Literatur: Penerapan Big Data dan Artificial Intelligence untuk Perkembangan Bidang Edukasi dan Bisnis. Kinesik, 11(3), 300–312. https://doi.org/10.22487/ejk.v11i3.1366

Torino, P. D. I., & Mennuni, A. M. (2023). Master Degree Thesis An Analysis of SOC Monitoring Systems.

UNSW. (2021). UNSW NB15. https://research.unsw.edu.au/projects/unsw-nb15-dataset

Vourganas, I. J., & Michala, A. L. (2024). Applications of Machine Learning in Cyber Security: A Review. Journal of Cybersecurity and Privacy, 4(4), 972–992. https://doi.org/10.3390/jcp4040045

Widyatono, D. P., & Sulistyo, W. (2023). Pemodelan Instrusion Prevention System Untuk Pendeteksi Dan Pencegahan Penyebaran Malware Menggunakan Wazuh. Journal of Information Technology Ampera, 4(1), 113–127. https://journal-computing.org/index.php/journal-ita/index

Xuan, C., Do, Thanh, H., & Lam, N. T. (2021). Optimization of network traffic anomaly detection using machine learning. International Journal of Electrical and Computer Engineering, 11(3), 2360–2370. https://doi.org/10.11591/ijece.v11i3.pp2360-2370