Electronic Theses and Dissertation

Serangan Low-and-slow Denial-of-Service (LDoS) merupakan jenis serangan yang dirancang untuk mengganggu ketersediaan layanan dengan memanfaatkan lalu lintas berintensitas rendah, namun berlangsung dalam durasi panjang. Berbeda dengan serangan volumetrik konvensional yang menghasilkan lonjakan trafik, LDoS memanipulasi durasi sesi dan interval antar-kedatangan paket (Inter-Arrival Time - IAT) sehingga menyerupai trafik normal serta sulit dideteksi oleh sistem Intrusion Detection System (IDS) berbasis ambang batas atau volume paket. Penelitian ini bertujuan untuk mengekstraksi enam fitur statistik orde tinggi IAT, yaitu mean, varians, skewness, kurtosis, entropi, dan coefficient of variation (CV) menggunakan pendekatan rolling window pada dataset UTSA-2021. Fitur tersebut digunakan untuk membedakan trafik normal dan serangan LDoS yang bersifat tersembunyi secara temporal. Model yang diuji meliputi XGBoost, Isolation Forest, LSTM, dan Attention LSTM. Selain itu, dikembangkan sistem Temporal Statistical Anomaly Detection (TSAD) yang mengintegrasikan Isolation Forest sebagai tahap penyaringan awal dan Attention LSTM Autoencoder untuk rekonstruksi temporal serta agregasi skor anomali pada level flow. Hasil evaluasi menunjukkan bahwa pendekatan deep learning berbasis sekuensial terbukti lebih efektif dalam menangkap pola temporal serangan LDoS dibandingkan metode machine learning konvensional. Attention LSTM mencapai akurasi 97,85%, precision 97,01%, dan recall 99,61%. Sementara itu, sistem TSAD berhasil memperoleh recall yang hampir sempurna 99,99%, membuktikan kemampuannya mendeteksi seluruh serangan tanpa terlewat dan menjadikannya efektif sebagai sistem peringatan dini.

Low-and-slow Denial-of-Service (LDoS) attacks are designed to disrupt service availability by generating low-intensity traffic over extended periods. Unlike conventional volumetric attacks that produce significant traffic spikes, LDoS manipulates session duration and packet Inter-Arrival Time (IAT) to resemble legitimate traffic patterns, making it difficult to detect using threshold-based or volume-based Intrusion Detection Systems (IDS). This study aims to extract six higher-order statistical features of IAT, mean, variance, skewness, kurtosis, entropy, and coefficient of variation (CV) using a rolling window approach on the UTSA-2021 dataset. These features are employed to distinguish normal traffic from temporally subtle LDoS attacks. The evaluated models include XGBoost, Isolation Forest, LSTM, and Attention-based LSTM. In addition, a Temporal Statistical Anomaly Detection (TSAD) framework is proposed, integrating Isolation Forest for preliminary filtering and an Attention LSTM Autoencoder for temporal reconstruction and anomaly score aggregation at the flow level. The evaluation results demonstrate that sequential deep learning approaches are more effective in capturing the temporal patterns of LDoS attacks compared to conventional machine learning methods. The Attention LSTM achieved an accuracy of 97.85%, precision of 97.01%, and recall of 99.61%. Furthermore, the TSAD framework attained almost perfect recall 99.99%, successfully detecting all attack instances without omission, highlighting its effectiveness as an early warning system for enhanced network security.