Showing papers by "Imam Riadi published in 2017"

Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Network Forensics

Abstract: Di s tributed Denial of Service (DDoS) is a type of attack using the volume, intensity, and m ore costs m itigation to increase in this era . A ttack ers used many zombie computers to exhaust the resources available to a network, application or service so that authorize users cannot gain access or the network service is down, and it is a great loss for Internet users in computer networks affected by DDoS attacks. In the Network Forensic, a crime that occurs in the system network services can be sued in the court and the attackers will be punished in accordance with law. This research has the goal to develop a new approach to detect DDoS attacks based on network traffic activity were statistically analyzed using Naive Bayes method. Data were taken from the training and testing of network traffic in a core router in Master of Information Technology Research Laboratory University of Ahmad Dahlan Yogyakarta. The new approach in detecting DDoS attacks is expected to be a relation with Intrusion Detection System (IDS) to predict the existence of DDoS attacks.

A Comparative Study of Forensic Tools for WhatsApp Analysis using NIST Measurements

Abstract: One of the popularly used features on Android smartphone is WhatsApp. WhatsApp can be misused, such as for criminal purposes. To conduct investigation involving smartphone devices, the investigators need to use forensic tools. Nonetheless, the development of the existing forensic tool technology is not as fast as the development of mobile technology and WhatsApp. The latest version of smartphones and WhatsApp always comes up. Therefore, a research on the performance of the current forensic tools in order to handle a case involving Android smartphones and WhatsApp in particular need to be done. This research evaluated existing forensic tools for performing forensic analysis on WhatsApp using parameters from NIST and WhatsApp artifacts. The outcome shows that Belkasoft Evidence has the highest index number, WhatsApp Key/DB Extractor has superiority in terms of costs, and Oxygen Forensic has superiority in obtaining WhatsApp artifact.

Forensic Investigation Technique on Android’s Blackberry Messenger using NISTFramework

Abstract: In the past few years, there has been a rapid increase in the number of smartphone users. this can be seen with various brands and platforms of smartphones that sold almost every week. One of smartphone platform with a huge amount of users is Android. The rapid development of Android smartphone technology has an impact on the growing number of applications developed for Android platform, including instant messaging applications. Blackberry Messenger (BBM) is one of the multi-platform instant messaging applications with the amount of users that increase significantly each year, causing the possibility of digital crimes that occured by digital crime perpetrator is also significantly increased. In the process of investigating digital crime cases, digital evidences are required to solve these cases. To obtain digital evidences, a technique of forensic investigation on physical evidence has been conducted. This paper studies three widely used mobile forensics tools namely, Oxygen Forensic Suite, Andriller, and Belkasoft Evidence Center in extracting data from BBM application that installed on an Android based smartphone using a framework developed by NIST. The results of this research were presented in the form of recorded conversations, BBM Personal Identification Number (BBM PIN), pictures, and conversation timestamp.

Analisis Investigasi Forensik WhatsApp Messanger Smartphone Terhadap WhatsApp Berbasis Web

Abstract: Perkembangan telekomunikasi meningkat sangat pesat semenjak layanan pesan instan berbasis internet merambat cepat ke Indonesia. WhatsApp adalah aplikasi pesan instan paling populer dibanding layanan pesan instan lain, menurut situs website statista pengguna per Januari 2017 sebanyak 1,2 miliar orang secara aktif menggunakan aplikasi ini. Seiring pembaruan WhatsApp berbagai fitur disematkan dalam aplikasi ini diantaranya Whatsapp Berbasis Web untuk Komputer, fitur ini mempermudah pengguna dalam berbagi file tertentu serta dapat tersinkronisasi terhadap smartphone maupun komputer penggunanya. Disamping sisi positif yang didapati aplikasi, WhatsApp juga memberikan celah keamanan akan privasi penggunanya salah satunya yaitu penyadapan percakapan yang melibatkan kedua devices ; smartphone dan komputer. Penanganan tindak kejahatan yang melibatkan piranti digital perlu ditekankan sehingga dapat membantu proses peradilan akan efek yang ditimbulkannya. Investigasi Forensika Digital turut berperan serta terhadap penindakan penyalahgunaan fitur layanan pesan instan WhatsApp diantaranya langkah investigasi penanganan kasus penyadapan percakapan WhatsApp melalui serangkaian tahapan baku sesuai prosedur forensika digital. Eksplorasi barang bukti (digital evidence) percakapan WhatsApp akan menjadi acuan akan tindak kejahatan penyadapan telekomunikasi yang selanjutnya akan dilakukan report investigation forensics yang melibatkan barang bukti smartphone dan komputer korban.

DDoS Attacks Classification using Numeric Attribute-based Gaussian Naive Bayes

Abstract: Cyber attacks by sending large data packets that deplete computer network service resources by using multiple computers when attacking are called Distributed Denial of Service (DDoS) attacks. Total Data Packet and important information in the form of log files sent by the attacker can be observed and captured through the port mirroring of the computer network service. The classification system is required to distinguish network traffic into two conditions, first normal condition, and second attack condition. The Gaussian Naive Bayes classification is one of the methods that can be used to process numeric attribute as input and determine two decisions of access that occur on the computer network service that is “normal” access or access under “attack” by DDoS as output. This research was conducted in Ahmad Dahlan University Networking Laboratory (ADUNL) for 60 minutes with the result of classification of 8 IP Address with normal access and 6 IP Address with DDoS attack access.

Network Packet Classification using Neural Network based on Training Function and Hidden Layer Neuron Number Variation

Abstract: Distributed denial of service (DDoS) is a structured network attack coming from various sources and fused to form a large packet stream. DDoS packet stream pattern behaves as normal packet stream pattern and very difficult to distinguish between DDoS and normal packet stream. Network packet classification is one of the network defense system in order to avoid DDoS attacks. Artificial Neural Network (ANN) can be used as an effective tool for network packet classification with the appropriate combination of numbers hidden layer neuron and training functions. This study found the best classification accuracy, 99.6% was given by ANN with hidden layer neuron numbers stated by half of input neuron numbers and twice of input neuron numbers but the number of hidden layers neuron by twice of input neuron numbers gives stable accuracy on all training function. ANN with Quasi-Newton training function doesn’t much affected by variation on hidden layer neuron numbers otherwise ANN with Scaled-Conjugate and Resilient-Propagation training function.

Live Forensics for Anti-Forensics Analysis on Private Portable Web Browser

Abstract: Almost all aspects of life already use the internet, to be able to access the Internet one of them using a web browser. For security, some web browser features to develop private mode. Unfortunately, from this feature, by some unscrupulous used for criminal activities by the anti-forensics. An anti-forensics process such as by using a portable web browser and delete registry. Motivation use of anti-forensics is to minimize or inhibit the discovery of digital evidence in criminal cases. So that, be an obstacle for investigators to uncover internet crimes that have been carried out. This paper proposes a framework for analysis phases of the web browser in private mode and anti-forensics. The purpose of this study is to provide solutions in forensic investigations effectively and efficiently using live forensics. This study uses a live forensics to get more detailed 3 evidence information on the computer with the condition is still on. So this method is suitable to be applied to the handling of incidents more quickly and allows getting the data in RAM. General Terms Browser Security, Digital Forensic.

Evaluation of Integrated Digital Forensics Investigation Framework for the Investigation of Smartphones Using Soft System Methodology

Abstract: The handling of digital evidence can become an evidence of a determination that crimes have been committed or may give links between crime and its victims or crime and the culprit. Soft System Methodology (SSM) is a method of evaluation to compare a conceptual model with a process in the real world, so deficiencies of the conceptual model can be revealed thus it can perform corrective action against the conceptual model, thus there is no difference between the conceptual model and the real activity. Evaluation on the IDFIF stage is only done on a reactive and proactive process stages in the process so that the IDFIF model can be more flexible and can be applied on the investigation process of a smartphone.

Forensik Mobile Pada Smartwatch Berbasis Android

Abstract: Perkembangan teknologi pada saat ini berkembang sangat pesat. Salah satu contoh berkembangnya alat telekomunikasi yang dipadukan dengan jam tangan yang dikenal sebagai smartwatch. Perkembangan smartwatch telah menyamai kemampuaan yang ada di smatphone, sehingga tidak menutup kemungkinan smartwatch dapat digunakan sebagai alat tindak kejahatan. Hal ini merupakan tantangan bagi IT forensik dan penegak hukum untuk melakukan penyelidikan terhadap smartwatch dari seseorang yang melakukan kejahatan dijadikan tersangka dari sebuah kasus. Caranya adalah dengan menerapkan pengembangan metode-metode forensic yang ada, sehingga dari hasil yang didapatkan dari metode forensic yang dilakukan diharapakan menjadi hasil yang berguna bagi IT forensic dan penegak hukum.

Mobile Forensics Development of Mobile Banking Application using Static Forensic

Abstract: Modern society often conducts transactions through the banking system in many purposes. Suppose transfers between accounts or between banks, monthly subscription payments, and so forth. To facilitate such transactions, many banks provide a service to customers in the form of mobile banking applications. But the increasingly sophisticated technology used in providing the service, the greater the threat of cybercrime in the world around customers. By way of forensic analysis forensic data with the static method expected to obtain important information or data that can be used as digital evidence. Suppose the access log, transaction records, customer profiles, and so on. Because the important information that can be misused as a security loophole to carry out illegal access. This study focused on the analysis of the log data mobile banking application, expected results reached 80%. After testing and analysis of the mobile banking application, there is no important information that can be used for unauthorized access. And the security level applied modern enough to secure from unauthorized access action.

Network Forensics Framework Development using Interactive Planning Approach

Abstract: Integrated Digital Forensics Investigation Framework (IDFIF) is a method of investigation of a general nature. IDFIF evolved into IDFIF version 2 that is a method of treatment focuses on smartphones. IDFIF v2 can not be applied to network investigation it is necessary to develop a version 3 IDFIF focused on network forensics. This research is the development of network forensics framework using interactive planning.

Pengembangan Sistem Pengaman Jaringan Komputer Berdasarkan Analisis Forensik Jaringan

Abstract: Ilmu pengetahuan tentang keamanan komputer yang terkait dengan penyelidikan untuk menentukan sumber serangan jaringan berdasarkan data log bukti, identifikasi, analisis, dan rekonstruksi kejadian adalah Forensik Jaringan yang merupakan cabang dari Forensik Digital. Sedangkan jenis serangan terhadap suatu komputer atau server di dalam jaringan dengan cara menghabiskan sumber daya (resources) yang dimiliki oleh komputer sampai komputer tersebut tidak dapat menjalankan fungsinya dengan benar, sehingga secara tidak langsung mencegah pengguna lain untuk memperoleh akses dari layanan jaringan yang diserang disebut dengan serangan Distributed Denial of Service (DDoS). Riset Forensik Jaringan dilakukan dalam Laboratorium Riset Magister Teknik Informatika Universitas Ahmad Dahlan Yogyakarta. Deteksi serangan dilakukan oleh Winbox RouterOS v3,7 dimana software tersebut menunjukan resources, data penyerang (IP Address), jumlah paket data, dan kapan terjadi serangan. Sedangkan simulasi serangan dilakukan dengan software LOIC untuk mengetahui kinerja sistem pengaman jaringan komputer. Sedangkan sistem pengaman jaringan komputer berupa antisipasi terhadap bentuk serangan DDoS.

Investigasi Live Forensik Dari Sisi Pengguna Untuk Menganalisa Serangan Man in the Middle Attack Berbasis Evil Twin

Abstract: MITM based Evil twin menjadi suatu ancaman yang berbahaya bagi para pengguna jaringan Wifi Pelaku penyerangan ini memanfaatkan AP ( Access Point ) palsu dengan konfigurasi gateway yang berbeda dengan legitimate AP, sehingga jenis serangan ini menjadi cukup sulit untuk dideteksi, disisi lain proses pengungkapan kasus serangan MITM based Evil Twin hanya sebatas mendeteksi aktivitas serangan dan belum ada pembahasan lebih lanjut terkait digital forensik Penelitian ini dilakukan dengan menerapkan pendekatan metode Live forensik dan pendekatan dari sisi user , untuk mendeteksi aktivitas ilegal yang terjadi di dalam jaringan Wifi , Proses investigasi MITM Based Evil dibagi menjadi empat tahapan, dimulai dari proses collection, examination, analysis dan reporting dan analisa Forensik, selain itu penelitian ini difokuskan pada dua proses penelitian yaitu proses analisa Wifi scanning dan analisa network trafik untuk proses penemuan barang bukti digital berupa informasi traffik data dari serangan mitm based evil twin

Analisis Keamanan Webserver Menggunakan Metode Penetrasi Testing ( PENTEST )

Abstract: Pengujian penetrasi adalah serangkaian kegiatan yang di lakukan untuk mengidentifikasi dan mengeksploitasi kerentanan keamanan. Ini akan membantu mengkonfirmasi efektivitas atau ketidakefektifan dari langkah-langkah keamananyang telah dilaksanakan. Memberikan gambaran tentang pengujian Penetrasi. Pembahasan ini membahas mamfaat, strategi dan metodologi melakukan pengujian penetrasi.Metodologi pengujian Penetrasi mencakup tiga fase: persiapan ujian, tes dan analisis tes. Tahap uji coba melibatkan langkah-langkah berikut: pengumpulan informasi, analisis kerentanan, dan kerentanan mengeksploitasi.Penulisan ini lebih menggambarkan bagaimana menerapkan metodologi ini untuk melakukan pengujian Penetrasi pada dua aplikasi contoh website dan webserver

Development and evaluation of android based notification system to determine patient's medicine for pharmaceutical clinic

Abstract: The development of science in the field of health clinical pharmacy grows rapidly in recent years. Based on the data from information was obtained that needs to be done a reparation a learning process in clinical pharmacy to produce them who as requested by users pharmaceutical graduates. According to the results of the information there is a problem that in conducting the process of determining the pharmacys drug it can be made a mistake, especially in patients who have complications disease. The process of checking conducted repeatedly to make sure a medicine that is concocted in accordance with a list of the acts of treat a patient, while patient data not yet integrated into a system that could help them in analysis and determine a drug that in accordance. Notification system that developed using android platform this, the hope can become the tools in the form of a system that can give notification to the farmasis easily accessible at any time through gadgets. Based on the results of testing with the methods alpha test can be concluded the number of feasibility this system reached 88.75%. Thus notification system in the determination of medicine patients rule based as a medium learn students pharmaceutical clinic worthy to used.

Deteksi Serangan DDoS Menggunakan Neural Network dengan Fungsi Fixed Moving Average Window

Abstract: Distributed denial-of-service (DDoS) merupakan jenis serangan dengan volume, intensitas, dan biaya mitigasi yang terus meningkat seiring berkembangnya skala organisasi. Penelitian ini memiliki tujuan untuk mengembangkan sebuah pendekatan baru untuk mendeteksi serangan DDoS, berdasarkan pada karakteristik aktivitas jaringan menggunakan neural network dengan fungsi fixed moving average window (FMAW) sebagai metode deteksi. Data pelatihan dan pengujian diambil dari CAIDA DDoS Attack 2007 dan simulasi mandiri. Pengujian terhadap metode neural network dengan fungsi fixed moving average window (FMAW) menghasilkan prosentase rata-rata pengenalan terhadap tiga kondisi jaringan (normal, slow DDoS, Dan DDoS) sebesar 90,52%. Adanya pendekatan baru dalam mendeteksi serangan DDoS, diharapkan bisa menjadi sebuah komplemen terhadap sistem IDS dalam meramalkan terjadinya serangan DDoS.

Wi-Fi Security Level Analysis for Minimizing Cybercrime

Abstract: The increasing human need for Internet access requires Internet access service that is easy to do as the availability of Wi-Fi hotspot. Among the many Wi-Fi hotspots in public service locations in Yogyakarta is still very little attention to the security of data communications on the wireless network. This makes the hacker be interested to discover his ability to perform various activities of cybercrime. This study aims to analyze and test the Wi-Fi network security contained in locations of public services in Yogyakarta. The method used in this study is a qualitative method that consists of five main steps, namely the study of literature, the issue of criteria Wi-Fi, research instruments, data collection, and analysis. The location of public services, Wi-Fi hotspot providers selected in three categories: hotel, restaurant / cafe, and educational institutions. Each public service category taken sample 5 different locations. Testing is done with action that leads to crime by type of action such as sniffing, DNS spoofing and hijacking. The results showed that the majority of Wi-Fi located at the location of public service vulnerable to criminal attack. Wi-Fi throughout the studied (100%) are not secure against sniffing activities, 80% are not secure against DNS spoofing activities, and 66.6% are not

Image Forensic for detecting Splicing Image with Distance Function

Abstract: In the era of digital image, good editing software allows users to process digital images in an easy way. It is inevitable, which, unfortunately leads to the widespread of image forgery. Hence, an image fraud detection tool is essential to verify the authenticity of a digital image. The rapid growth of digital image manipulation has prompted writers on forensic image to reveal their authenticity. Manipulations are commonly found in image formats such as Joint Photographic Experts Group (JPEG). JPEG is the most common format supported by devices and apps. Therefore, the researchers will analyze measurement of forensic image similarity using distance function method, while image manipulation is used specially on image splicing. The results of this study show that distance function can be 2 different images. General Terms Digital Forensics