Analisis Data Log IDS Snort dengan Algoritma Clustering Fuzzy C-Means

Abstract

Snort is one of open source IDS to detect intrusion or potentially malicious activity on network traffic. Snort will give alert for every detected intrusion and write the alerts in log. Log data in IDS Snort will help network administrator to analyze the vulnerability of network security system. Clustering algorithm such as FCM can be used to analyze the log data of IDS Snort. Implementation of the algorithm is based on Python 3 and aims to cluster alerts in log data into 4 risk categories, such as low, medium, high, and critical. The outcome of this analysis is to show cluster results of FCM and to visualize the types of attacks that IDS Snort has successfully detected. Evaluation process is done by using Modified Partition Coefficient (MPC) to determine the validity of FCM.