Optimasi Deteksi Intrusi Jaringan Menggunakan Hybrid Model Autoencoder dan Random Forest


  • Afri Nanda Universitas Sains dan Teknologi Indonesia, Pekanbaru, Indonesia
  • Torkis Nasution * Mail Universitas Sains dan Teknologi Indonesia, Pekanbaru, Indonesia
    • (*) Corresponding Author
DOI: https://doi.org/10.47065/bits.v7i4.9309
Keywords: Intrusion Detection System; Hybrid Model; Autoencoder; Random Forest; SHAP; Zero-Day Attack

Abstract

Conventional Intrusion Detection Systems often suffer from performance degradation due to their inability to handle the complexity of high-dimensional data and class imbalance in modern network traffic. This study aims to optimize the Network Intrusion Detection System (IDS) by addressing the limitations of the Random Forest algorithm in handling high-dimensional data and its lack of model transparency (black-box). The proposed method is a Hybrid model integrating an Autoencoder as a non-linear feature extractor and Random Forest as a classifier. The Autoencoder is trained using a semi-supervised strategy to generate latent features and Reconstruction Error (MSE), which serves as a robust anomaly indicator. Additionally, the Synthetic Minority Over-sampling Technique (SMOTE) is applied to address class imbalance in the NSL-KDD dataset. To address the challenge of interpretability, SHAP-based Explainable AI (XAI) is strategically implemented to elucidate the complex interactions between the Autoencoder-compressed latent features and the final classification decisions, thereby transforming this hybrid architecture into a transparent system. Evaluation results demonstrate that the Hybrid Autoencoder-Random Forest model outperforms the Random Forest Baseline, achieving an Accuracy increase of 2.54% (to 77.61%) and a Recall increase of 3.96% (to 62.31%). The significant improvement in the Recall metric empirically validates the effectiveness of hybrid features, specifically the Reconstruction Error, in detecting Zero-Day attacks characterized by unknown patterns. Furthermore, SHAP visualization successfully reveals the contribution of latent features, providing crucial transparency for network security forensic analysis.

Downloads

Download data is not yet available.

References

H. Sebestyen and D. E. Popescu, “A Literature Review on Security in the Internet of Things : Identifying and Analysing Critical Categories,” Computers, vol. 14, no. 2, p. 61, 2025, doi: 10.3390/computers14020061.

E. Fazeldehkordi and T. Grønli, “A Survey of Security Architectures for Edge Computing-Based IoT,” IoT, vol. 3, no. 3, pp. 332–365, 2022, doi: 10.3390/iot3030019.

T. R. Hadiningrum, R. Ayu, D. Talasari, and K. F. Ilham, “Survey on Risks Cyber Security in Edge Computing for The Internet of Things Understanding Cyber Attacks Threats and Mitigation,” J. Ilm. Teknol. Inf., vol. 23, no. 1, pp. 29–50, 2025, doi: 10.12962/j24068535.v23i1.a1210.

S. A. Alkadrie, “Keamanan Cloud Computing di Era Industri 4.0 : Systematic Literature Review,” KONSTELASI Konvergensi Teknol. dan Sist. Inf., vol. 4, no. 2, pp. 1–15, 2024, doi: 10.24002/konstelasi.v4i2.10277.

L. Noprizal, “BSSN: Gangguan Pusat Data Nasional Ulah Serangan Siber Ransomware,” CNN Indonesia. Accessed: Jan. 10, 2026. [Online]. Available: https://www.cnnindonesia.com/teknologi/20240624133250-192-1113404/bssn-gangguan-pusat-data-nasional-ulah-serangan-siber-ransomware

BBC News Indonesia, “Pusat Data Nasional Sementara lumpuh akibat ransomware, mengapa instansi pemerintah masih rentan terhadap serangan siber?,” BBC Indonesia. Accessed: Jan. 10, 2026. [Online]. Available: https://www.bbc.com/indonesia/articles/cxee2985jrvo

S. C. Arini, “Geger Data 4,7 Juta ASN Bocor dan Dijual Rp 159 Juta,” detikfinance. Accessed: Feb. 11, 2026. [Online]. Available: https://finance.detik.com/berita-ekonomi-bisnis/d-7484912/geger-data-4-7-juta-asn-bocor-dan-dijual-rp-159-juta

I. Basyari and N. Harbowo, “BKN Diduga Diretas, Peretas Tawarkan Data ASN Rp 160 Juta,” kompas.id. Accessed: Jan. 10, 2026. [Online]. Available: https://www.kompas.id/artikel/bkn-diduga-diretas-peretas-tawarkan-data-asn-rp-160-juta

Tim Redaksi, “6 Juta Data NPWP Diduga Bocor, Ada Punya Jokowi dan Gibran,” CNN Indonesia. Accessed: Jan. 10, 2026. [Online]. Available: https://www.cnnindonesia.com/teknologi/20240918154543-192-1145679/6-juta-data-npwp-diduga-bocor-ada-punya-jokowi-dan-gibran

A. Theodora, “Data Pajak Bocor, DJP dan Kemenkominfo Tak Boleh Lepas Tangan,” kompas.id. Accessed: Jan. 10, 2026. [Online]. Available: https://www.kompas.id/artikel/data-pajak-bocor-djp-dan-kemenkominfo-tidak-boleh-lepas-tangan

Kementerian Pertahanan Republik Indonesia, “Data Ancaman Siber Perbulan TA 2024,” Layanan Data Terbuka Kementerian Pertahanan. Accessed: Jan. 10, 2026. [Online]. Available: https://opendata.kemhan.go.id/lihat-detail?detail=436&keyfiledetil=89ed9b5fe483d21c0b25c748fde2c63e

A. Kumar and J. A. Gutierrez, “Impact of Machine Learning on Intrusion Detection Systems for the Protection of Critical Infrastructure,” Information, vol. 16, no. 7, p. 515, 2025, doi: 10.3390/info16070515.

D. P. Amanda and E. D. Absharina, “Implementasi AI-Powered Intrusion Detection System Untuk Mendeteksi Ancaman Keamanan Pada Big Data,” J. Sist. Inf. DAN Tek. Komput., vol. 10, no. 1, pp. 29–33, 2025, doi: 10.51876/simtek.v10i1.1381.

A. Pinto, L. C. Herrera, Y. Donoso, and J. A. Gutierrez, “Survey on Intrusion Detection Systems Based on Machine Learning Techniques for the Protection of Critical Infrastructure,” Sensors, vol. 23, no. 5, pp. 1–18, 2023, doi: 10.3390/s23052415.

A. Nanda, H. Wahyu, R. Rahmaddeni, S. Sutisna, and R. Rinaldi, “Perbandingan Efektivitas Random Forest, SVM, dan Logistic Regression dalam Deteksi Intrusi Jaringan,” JATISI (Jurnal Tek. Inform. dan Sist. Informasi), vol. 12, no. 2, pp. 129–139, 2025, doi: 10.35957/jatisi.v12i2.10908.

K. Inayah and K. Ramli, “Analisis Kinerja Intrusion Detection System Berbasis Algoritma Random Forest Menggunakan Dataset Unbalanced Honeynet BSSN,” J. Teknol. Inf. dan Ilmu Komput., vol. 11, no. 4, pp. 867–876, 2024, doi: 10.25126/jtiik.1148911.

L. Mhamdi and M. M. Isa, “Securing SDN: Hybrid autoencoder-random forest for intrusion detection and attack mitigation,” J. Netw. Comput. Appl., vol. 225, p. 103868, 2024, doi: 10.1016/j.jnca.2024.103868.

C. Wang, Y. Sun, W. Wang, H. Liu, and B. Wang, “Hybrid Intrusion Detection System Based on Combination of Random Forest and Autoencoder,” Symmetry (Basel)., vol. 15, no. 3, pp. 1–16, 2023, doi: 10.3390/sym15030568.

V. Hassija et al., “Interpreting Black-Box Models: A Review on Explainable Artificial Intelligence,” Cognit. Comput., vol. 16, no. 1, pp. 45–74, 2024, doi: 10.1007/s12559-023-10179-8.

A. I. Udofot, O. M. Oluseyi, and E. Bassey, “Explainable AI for cyber security. Improving transparency and trust in intrusion detection systems,” Int. J. Adv. Eng. Manag., vol. 6, no. 12, pp. 229–240, 2024, doi: 10.35629/5252-0612229240.

F. H. Saputra et al., “Enhancing Intrusion Detection Using Random Forest and SMOTE on the NSL‑KDD Dataset,” J. Syst. Comput. Eng., vol. 6, no. 3, pp. 240–247, 2025, doi: 10.61628/jsce.v6i3.2056.

Y. Song and S. Hyun, “Analysis of Autoencoders for Network Intrusion Detection,” Sensors, vol. 21, no. 13, p. 4294, 2021, doi: 10.3390/s21134294.

A. Fadhil and H. Alharan, “Enhancing Intrusion Detection with Autoencoder Based Classifier and Statistical Feature Selection,” Wasit J. Pure Sci., vol. 2, no. 4, pp. 97–105, 2023, doi: 10.31185/wjps.257.

S. H. Abbas, W. A. K. Naser, and A. A. Kadhim, “Subject review: Intrusion Detection System (IDS) and Intrusion Prevention System (IPS),” Glob. J. Eng. Technol. Adv., vol. 14, no. 2, pp. 155–158, 2023, doi: 10.30574/gjeta.2023.14.2.0031.

Z. Umari and J. Supardi, “Deteksi Anomali Sinyal Vibrasi pada Mesin Industri Menggunakan Autoencoder di PT. Pusri Palembang,” J. Pendidik. dan Teknol. Indones., vol. 4, no. 12, pp. 737–746, 2024, doi: 10.52436/1.jpti.553.

C. Molnar, Interpretable Machine Learning A Guide for Making Black Box Models Explainable, 2nd ed. Munich: Leanpub, 2020. [Online]. Available: https://christophm.github.io/interpretable-ml-book/

R. Genuer and J.-M. Poggi, Use R ! Random Forests with R. Cham: Springer, 2020. doi: 10.1007/978-3-030-56485-8.


Bila bermanfaat silahkan share artikel ini

Berikan Komentar Anda terhadap artikel Optimasi Deteksi Intrusi Jaringan Menggunakan Hybrid Model Autoencoder dan Random Forest

Dimensions Badge
Article History
Submitted: 2026-01-29
Published: 2026-03-06
Abstract View: 93 times
PDF Download: 85 times
How to Cite
Nanda, A., & Nasution, T. (2026). Optimasi Deteksi Intrusi Jaringan Menggunakan Hybrid Model Autoencoder dan Random Forest. Building of Informatics, Technology and Science (BITS), 7(4), 2349−2360. https://doi.org/10.47065/bits.v7i4.9309
Issue
Vol 7 No 4 (2026): March 2026
Pages: 2349−2360
Section
Articles

Copyright (c) 2026 Afri Nanda, Torkis Nasution

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under Creative Commons Attribution 4.0 International License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (Refer to The Effect of Open Access).