Implementasi dan Analisa Snort dan Suricata Sebagai IDS dan IPS Untuk Mencegah Serangan DOS dan DDOS

Authors

  • Darryl Santoso Program Studi Teknik Informatika, Universitas Kristen Petra Surabaya
  • Agustinus Noertjahyana Program Studi Teknik Informatika, Universitas Kristen Petra Surabaya
  • Justinus Andjarwirawan Program Studi Teknik Informatika, Universitas Kristen Petra Surabaya

Abstract

DOS and DDOS is one of the most widely used attacks by hackers. DDOS is an attack with multiple attackers to deplete the resources of the target until the target cannot handle the request. To prevent the above attacks can use a firewall, the function of the firewall is the first defense of the computer that filters incoming or outgoing packets with rules on the network. Firewalls filter data based on IP addresses, protocols, and ports, so if you use a firewall, you can't analyze further attacks. In this study, to prevent this attack using a system namely Intrusion Detection System (IDS) and Intrusion Prevention System (IPS). The function of IDS is to detect unwanted traffic on a network or device, while IPS can detect and immediately fix the problem. By using IDS and IPS attacks can be analyzed more, IDS and IPS are more reliable tools than firewalls. The test was carried out in several DOS and DDOS scenarios using the Hping3 and Slowloris tools, the test results showed that from 10 attack scenarios and not attacks, snort and suricata were balanced in issuing True Positive alerts with 3 win scenarios each, for CPU usage Suricata excelled in 7 scenarios , and in HTTP Flood attacks suricata eliminate attacks faster.

References

[1] Gandotra, N. and Sharma, L. S. 2020. Exploring the use of iptables as an application layer firewall. Journal of The Institution of Engineers (india): Series B, (October. 2019), 707–715. DOI=https://doi.org/10.1007/s40031-020-00497-y.

[2] Garg, A. and Maheswari, P. 2016. Performance analysis of snort-based intrusion detection system. In International Conference on Advanced Computing and Communications Systems (Coimbatore, India, January 22-23, 2016), 1-5. DOI=https:doi.org/10.1109/ICACCS.2016.7586351.

[3] Matthews, J, A., George, G, P., and Dhanalakshmi, M, P. 2020. Analysis of virtual machine in digital forensics. International Research Journal of Engineering and Technology(IRJET).7,3 (Maret. 2020), 3663-3668. URI=https://www.academia.edu/44168423/IRJET_Analysis_of_Virtual_Machine_in_Digital_Forensics?from=cover_page.

[4] Mukkamala, P, P. and Rajendran, S. 2020. A survey of the different firewall technologies. International Journal of Engineering Applied Sciences and Technology.5,1 (May. 2020), 363-365. URI=https://ijeast.com/papers/363-365,Tesma501,IJEAST.pdf.

[5] Othman, S, M., Alsohybe, N, T., Alwi, F, M, B., & Zahary, A, T. 2018. Survey on intrusion detection system types. International Journal of Cyber-Security and Digital Forensics. 7,4 (December. 2018), 444-462. URI=https://www.researchgate.net/profile/Ammar-Zahary/publication/329360916_Survey_on_Intrusion_Detection_System_Types.

[6] Pratama, R, F., Suwastika, N, A., and Nugroho, M, A. 2018. Design and implementation adaptive intrusion prevention system (ips) for attack prevention in software-defined network (sdn) architecture. In International Conference on Information and Communication Technology (Bandung, Indonesia, May 3-5, 2018), 299-304. DOI=https://doi.org/10.1109/ICoICT.2018.8528735.

[7] Sharafaldin, I., Lashkari, A, H., Hakak, S., and Ghorbani, A, A. 2019. Developing realistic distributed denial of service (DDOS) attack dataset and taxonomy. In International Carnahan Conference on Security Technology (Chennai, India, October 1-3 2019), 1-8. DOI=https://doi.org/10.1109/CCST.2019.8888419.

[8] Weisman, S. 2020. What is a distributed denial of service attack (ddos) and what can you do about them?. Norton. URI=https://us.norton.com/internetsecurity-emerging-threats-what-is-a-ddos-attack-30sectech-by-norton.html.

Downloads

Published

2022-01-28

Issue

Section

Articles