Publication Search

ARP spoofing attacks are a serious threat to network security, particularly in vulnerable Internet of Things (IoT) environments. This final project aims to detect ARP spoofing attacks on IoT net-works using a combination of Random Forest (RF) and Robust PCA methods. RF is chosen for its classification capabilities and handling of non-linear data, while Robust PCA is used for di-mensionality reduction and handling outliers in the data. The dataset used is "MITMArpSpoof-ing.pcap.csv," which contains network traffic data. The data is processed by performing prepro-cessing, feature scaling, and converting labels to binary (0 for benign, 1 for ARP spoofing). Subsequently, Robust PCA is applied to reduce data dimensions, and then the data is trained using the RF model. The test results show that the RF model with Robust PCA achieves an accu-racy of 96.02% in detecting ARP spoofing attacks. This method has proven effective in identify-ing and classifying ARP spoofing attacks on IoT networks.

The digital era has transformed the financial sector through the integration of FinTech, making it more susceptible to increasingly complex cyber threats. As these risks rise, there has been a significant increase in academic research to better understand the cybersecurity challenges within the financial sector. This study aims to explore the development of cybersecurity research globally within this field. By utilizing bibliometrics, the research analyzes literature data collected from the Scopus database over the last five years. The analysis was conducted using VOSviewer and RStudio to identify dominant clusters, with cybersecurity and network security as the central themes linking various sub-fields, including artificial intelligence, cyberattacks, and phishing. The findings reveal areas of extensive research and highlight gaps that require further exploration. This study provides valuable insights for researchers and professionals in the cybersecurity field, offering a roadmap for future investigations and the identification of underexplored areas that need attention. Ultimately, this research contributes to advancing knowledge in the financial sector’s cybersecurity landscape and assists in shaping future research directions.

Information system security faces serious challenges due to increasingly complex cyber attacks. Intrusion Detection Systems (IDS) require efficient approaches to handle high-dimensional data such as the NSL-KDD dataset with 41 features. This study aims to implement the Genetic Algorithm (GA) for feature selection on the NSL-KDD dataset to improve the efficiency and accuracy of network attack detection. The method used is computational experimental research, involving data preprocessing, GA implementation for feature selection, building a classification model using Random Forest, and performance evaluation based on accuracy, precision, recall, F1-score, and computation time. The results show that GA successfully reduced features from 41 to 12 features (70.7% reduction), significantly improving computational efficiency. However, model accuracy slightly decreased from 0.4973 to 0.4951, indicating that while GA is effective for feature selection, the elimination of certain features may reduce classification capability. The implication of this study is that GA can be used as a tool to simplify intrusion detection models, but it should be combined with parameter optimization and data imbalance handling to achieve more optimal performance.  

The development of the internet in Indonesia has opened up numerous opportunities, including in the field of online commerce. One widely used feature in online transactions is the "Paylater" system, as implemented by Shopee through its Shopee Paylater service. This feature allows users to purchase goods now and pay for them later, with relatively low interest rates. This study aims to examine the regulations and implementation of Shopee Paylater, as well as the legal protection available to consumers in cases of default or issues with the service. The study refers to the Indonesian Civil Code, Law No. 8 of 1999 on Consumer Protection, and the Financial Services Authority Regulation (POJK) No. 77/POJK.01/2016 on Information Technology-Based Lending Services. The research findings indicate that Shopee Paylater users are bound by a standard agreement with PT. Commerce Finance during the purchasing process. Shopee is responsible for protecting consumers in accordance with applicable regulations, but breaches related to network security can pose risks to consumers. In addition, while the service facilitates easier access to goods and services for users, it is crucial that consumers fully understand the terms and conditions of the service, including the consequences of late payments. The study also emphasizes the need for clearer and more comprehensive consumer protection regulations, especially in light of the rapid growth of digital financial services. This research highlights the importance of adequate legal protection for users of Paylater services to ensure their rights are safeguarded in the evolving digital economy.

The increasing vulnerabilities of modern enterprise network security systems highlight the necessity of adopting a more comprehensive and adaptive security approach than traditional VPN infrastructures. This study explores the design and implementation of Zero Trust Network Access (ZTNA) using the Cloudflare platform at PT FHI, focusing on addressing the weaknesses caused by uncontrolled remote access and legacy security models. The research adopts an experimental methodology based on the Network Development Life Cycle (NDLC), which includes systematic phases such as needs analysis, architectural design, system implementation, testing, and performance evaluation. Data were collected through structured interviews with IT managers and security specialists, direct observation of network logs, and comprehensive testing involving three different categories of end users. The findings demonstrate significant improvements in role-based access control, granular authentication, and the elimination of unrestricted access to internal resources. Additionally, real-time monitoring and alerting features available through the Cloudflare dashboard enhance visibility and responsiveness to potential threats. The implemented system successfully applies the “never trust, always verify” principle by blocking unauthorized access attempts, enforcing continuous validation, and producing detailed audit logs. Performance evaluation results confirm stable connections, acceptable latency for critical business applications, and an overall improvement in network security posture while maintaining operational productivity across departments..

To securely access servers remotely, an important protocol in the modern era is Secure Shell (SSH). However, brute force attacks, which are automated attempts to guess repeated username and password combinations, are often the main target of this service. The purpose of this research is to evaluate the vulnerability of SSH services to brute force attacks and evaluate how effective Fail2Ban is as a mitigation tool. This method uses simulated experiments with two virtual machines; Kali Linux is used as the attacker with the Hydra tool and Ubuntu Server is used as the target. The results show that SSH is highly vulnerable to brute force attacks if not protected. Hundreds of login failures from the same IP without restrictions show this. After using Fail2Ban, the system can automatically find and block the attacker IP after three unsuccessful logins. With easy configuration and fast threat detection, Fail2Ban has been proven to improve the security of SSH services. This study suggests using Fail2Ban to improve the defense of SSH services against cyberattacks, especially brute force attacks.

This study aims to identify evidence of Address Resolution Protocol (ARP) Spoofing attacks in the form of the attacker's and victim's Media Access Control (MAC) addresses, as well as the time of the attack. With the increasing use of computer networks, ARP Spoofing attacks have become a serious threat that can lead to data theft, communication interception, and service disruption. ARP Spoofing can serve as a means to launch more complex attacks, such as Denial of Service (DoS) and Man in the Middle (MITM), which can cripple network systems and steal sensitive information. This study utilizes the Wireshark tool to monitor network traffic, specifically ARP, and applies the National Institute of Justice (NIJ) method as a framework for forensic investigation. The NIJ method was chosen because it provides a systematic approach to identifying, collecting, analyzing, and reporting digital evidence, enabling enhanced attack mitigation and supporting legal aspects in network security investigations. The specific approaches used in this forensic analysis include log analysis, packet capture and analysis using Wireshark, and traffic correlation to identify attack patterns based on time and involved devices. The attack simulation was conducted on Personal Computer (PC) 1 and a routerboard, where communication between these two devices was redirected through the attacker. Based on the test results, it was found that every device in the network experienced ARP Spoofing attacks, which could be detected and analyzed using the NIJ method. The contribution of this study is to provide a more systematic approach to forensic network investigations using the NIJ method, which not only aids in attack detection but also establishes a strong foundation for mitigation actions and legal enforcement in computer network security.

Cybersecurity is continuously challenged by increasingly sophisticated and dynamic cyber-attacks, necessitating advanced adaptive defense mechanisms. Deep Reinforcement Learning (DRL) has emerged as a promising approach, offering significant advantages over traditional intrusion detection methods through real-time adaptability and self-learning capabilities. This paper presents an advanced adaptive cybersecurity framework utilizing five prominent DRL algorithms: Deep Q-Network (DQN), Proximal Policy Optimization (PPO), Twin Delayed DDPG (TD3), Soft Actor-Critic (SAC), and Asynchronous Advantage Actor-Critic (A3C). The effectiveness of these algorithms is evaluated within complex, realistic simulation environments using live-streaming data, emphasizing key metrics such as accuracy (AUC-ROC), response latency, and network throughput. Experimental results demonstrate that the SAC algorithm consistently achieves superior detection accuracy (95% AUC-ROC) and minimal disruption to network performance compared to other approaches. Additionally, A3C provides the fastest response times suitable for real-time defense scenarios. This comprehensive comparative analysis addresses critical research gaps by integrating both traditional and novel DRL techniques and validates their potential to substantially improve cybersecurity defense strategies in realistic operational settings.

The proliferation of Internet of Things (IoT) devices has introduced significant security challenges, necessitating robust attack detection mechanisms. This study presents a comprehensive comparative analysis of ten supervised learning algorithms for IoT attack detection and classification, addressing the critical challenge of balancing detection accuracy with practical deployment constraints. Using the CICIoT2023 dataset, encompassing data from 105 IoT devices and 33 attack types, we evaluate Naive Bayes, Artificial Neural Networks (ANN), Logistic Regression (LR), k-NN, XGBoost, Random Forest (RF), LightGBM, GRU, LSTM, and CNN algorithms based on some performance metrics. The comparative test results show superior performance to the traditional ensemble approach, with RF achieving 99.29% accuracy and leading precision (82.30%), followed closely by XGBoost with 99.26% accuracy and 79.60% precision. Deep learning approaches also demonstrate strong capabilities, with CNN achieving 98.33% accuracy and 71.18% precision, though these metrics indicate ongoing challenges with class imbalance. The analysis of confusion matrices reveals varying success across different attack types, with some algorithms showing perfect detection rates for certain attacks while struggling with others. The study highlights a crucial distinction in IoT security: while high precision remains important, the potentially catastrophic impact of missed attacks necessitates equal attention to recall metrics, as evidenced by the varying recall rates across algorithms (RF: 72.19%, XGBoost: 71.69%, CNN: 64.72%). These findings provide vital insights for developing balanced, context-aware intrusion detection systems for IoT environments, emphasizing the need to consider performance metrics and practical deployment constraints.

This research proposes a time-based dynamic port knocking technique on Mikrotik routers to enhance SSH access security. The system uses an algorithm for port calculation that changes according to the server’s time, requiring a different knocking sequence for each access session. The technique involves three consecutive knocking stages, where each stage must be passed in order for SSH access to be granted. The results show that this method is effective as a two-factor authentication mechanism, limiting access only to clients who understand the port calculation algorithm. Moreover, this system helps prevent brute-force attacks more efficiently by changing the port every minute, making it more difficult for unauthorized parties to launch an attack. Therefore, this method offers a more dynamic, adaptive, and flexible SSH security solution that can effectively address modern cybersecurity threats.