DETEKSI MALWARE TROJAN PADA LALU LINTAS JARINGAN REVERSE TCP DENGAN ALGORITMA DECISION TREE

FEBRIANA, RIRIN and Stiawan, Deris and Afifah, Nurul (2025) DETEKSI MALWARE TROJAN PADA LALU LINTAS JARINGAN REVERSE TCP DENGAN ALGORITMA DECISION TREE. Undergraduate thesis, Sriwijaya University.

[thumbnail of RAMA_56201_09011282126051_cover.jpeg] Image
RAMA_56201_09011282126051_cover.jpeg - Cover Image
Available under License Creative Commons Public Domain Dedication.
Download (114kB)
[thumbnail of RAMA_56201_09011282126051.pdf] Text
RAMA_56201_09011282126051.pdf - Accepted Version
Restricted to Repository staff only
Available under License Creative Commons Public Domain Dedication.
Download (3MB) | Request a copy
[thumbnail of RAMA_56201_09011282126051_TURNITIN.pdf] Text
RAMA_56201_09011282126051_TURNITIN.pdf - Accepted Version
Restricted to Repository staff only
Available under License Creative Commons Public Domain Dedication.
Download (8MB) | Request a copy
[thumbnail of RAMA_56201_09011282126051_0003047905_0010119206_01_front_ref.pdf] Text
RAMA_56201_09011282126051_0003047905_0010119206_01_front_ref.pdf - Accepted Version
Available under License Creative Commons Public Domain Dedication.
Download (874kB)
[thumbnail of RAMA_56201_09011282126051_0003047905_0010119206_02.pdf] Text
RAMA_56201_09011282126051_0003047905_0010119206_02.pdf - Accepted Version
Restricted to Repository staff only
Available under License Creative Commons Public Domain Dedication.
Download (564kB) | Request a copy
[thumbnail of RAMA_56201_09011282126051_0003047905_0010119206_03.pdf] Text
RAMA_56201_09011282126051_0003047905_0010119206_03.pdf - Accepted Version
Restricted to Repository staff only
Available under License Creative Commons Public Domain Dedication.
Download (623kB) | Request a copy
[thumbnail of RAMA_56201_09011282126051_0003047905_0010119206_04.pdf] Text
RAMA_56201_09011282126051_0003047905_0010119206_04.pdf - Accepted Version
Restricted to Repository staff only
Available under License Creative Commons Public Domain Dedication.
Download (2MB) | Request a copy
[thumbnail of RAMA_56201_09011282126051_0003047905_0010119206_05.pdf] Text
RAMA_56201_09011282126051_0003047905_0010119206_05.pdf - Accepted Version
Restricted to Repository staff only
Available under License Creative Commons Public Domain Dedication.
Download (209kB) | Request a copy
[thumbnail of RAMA_56201_09011282126051_0003047905_0010119206_06_ref.pdf] Text
RAMA_56201_09011282126051_0003047905_0010119206_06_ref.pdf - Bibliography
Restricted to Repository staff only
Available under License Creative Commons Public Domain Dedication.
Download (343kB) | Request a copy
[thumbnail of RAMA_56201_09011282126051_0003047905_0010119206_07_lamp.pdf] Text
RAMA_56201_09011282126051_0003047905_0010119206_07_lamp.pdf - Accepted Version
Restricted to Repository staff only
Available under License Creative Commons Public Domain Dedication.
Download (347kB) | Request a copy

Abstract

Malware, short for malicious software, is a type of harmful software designed to damage, steal data from, or disrupt computer systems and networks. One of the most common types of malware is the Trojan, which typically disguises itself as a legitimate program but actually has malicious intent. To address this threat, a system is needed that can detect suspicious patterns in network traffic. This study aims to answer three main questions: how data is extracted from PCAP files, how effective the Decision Tree method is in detecting Trojan malware, and how to improve the performance of the detection model. The data extraction process was carried out using CICFlowMeter, which converts PCAP files into CSV format containing flow-based features of network traffic. The resulting data was then analyzed using Machine Learning methods, specifically the Decision Tree algorithm, to classify traffic as either normal or malicious. The results show that the Decision Tree method is effective in identifying malware activity on mobile network devices. The best performance before feature selection was achieved with a 25:25:50 training+validation-to-testing ratio, reaching an accuracy 93,15% and F1-score of 92.89%. After feature selection, the highest performance was obtained with a 40:40:20 ratio, achieving an accuracy 97,89% and F1-score of 97.89%. In addition, the implementation of the Snort intrusion detection system enhanced the detection process by recognizing attack patterns in the network traffic based on predefined rules. Feature selection played a crucial role in improving model performance by reducing overfitting and ensuring better generalization. Furthermore, optimizing the depth of the decision tree helped maintain a balance between bias and variance in the model. Keywords: Malware, Trojan, PCAP, Decision Tree, CICFlowMeter, Snort, Intrusion Detection, Feature Selection, Accuracy, F1-Score

Item Type: Thesis (Undergraduate)
Uncontrolled Keywords: Malware, Trojan, PCAP, Decision Tree, CICFlowMeter, Snort, Deteksi Intrusi, Seleksi Fitur, Akurasi, F1-Score
Subjects: Q Science > Q Science (General) > Q334-342 Computer science. Artificial intelligence. Algorithms. Robotics. Automation.
Divisions: 09-Faculty of Computer Science > 56201-Computer Systems (S1)
Depositing User: Ririn Febriana
Date Deposited: 02 Jul 2025 04:49
Last Modified: 02 Jul 2025 06:04
URI: http://repository.unsri.ac.id/id/eprint/176403

Actions (login required)

View Item View Item