Implementasi Intrusion Prevention System (IPS) OSSEC dan Honeypot Cowrie

Authors

  • Risa Eri Susanti Institut Teknologi Telkom Purwokerto
  • Arif Wirawan Muhammad Institut Teknologi Telkom Purwokerto
  • Wahyu Adi Prabowo Institut Teknologi Telkom Purwokerto https://orcid.org/0000-0003-4403-0263

DOI:

https://doi.org/10.32736/sisfokom.v11i1.1246

Keywords:

Intrusion Prevention System (IPS), Open Source Security (OSSEC), Honeypot Cowri

Abstract

Perkembangan teknologi yang semakin canggih ini banyak digunakan sebagai tindak kejahatan, seperti pencurian data, pemalsuan data hingga merusak sistem maupun jaringan. Dengan adanya permasalahan tersebut, dibutuhkan sistem pengamanan berlapis untuk menjaga integritas data maupun sistem agar tetap utuh. Pengamanan sistem OSSEC yang diintegrasikan dengan honeypot cowrie ini bertujuan untuk menekan waktu penyerangan, dimana pada sistem ini saling bekerja sama untuk memberikan log untuk melakukan tindakan terhadap penyerang. OSSEC bekerja layaknya firewall yang dapat melakukan allow maupun block. Sedangkan honeypot cowrie ini bekerja layaknya server asli untuk menjebak penyerang seolah-olah berhasil melakukan penyerangan. Dalam penelitian ini, sistem yang telah dirancang agar dapat menangani adanya serangan seperti Port Scanning, SSH brute force, Man in The Middle (MITM) attack, dan Distributed Denial of Service (DDoS). Dari hasil perbandingan serangan dengan confusion matrix ini OSSEC yang diintegrasikan dengan honeypot cowrie memiliki tingkat akurasi yang besar terhadap serangan DDoS, Berdasarkan log, akurasi deteksi dapat mencapai persentase 100%.

References

M. Warkentin and C. Orgeron, “Using the security triad to assess blockchain technology in public sector applications,” International Journal of Information Management, vol. 52, 2020, doi: 10.1016/j.ijinfomgt.2020.102090.

N. Ahmad and M. Habib, “Analysis of Network Security Threats and Vulnerabilities: by Development & Implementation of a Security Network Monitoring Solution,” Researchgate, no. January 2010, p. 93, 2010.

M. Zuzčák and M. Zenka, “Expert system assessing threat level of attacks on a hybrid SSH honeynet,” Computers and Security, vol. 92, p. 101784, 2020, doi: 10.1016/j.cose.2020.101784.

D. P. Sharma et al., “Dynamic Security Metrics for Software-Defined Network-based Moving Target Defense,” Journal of Network and Computer Applications, vol. 170, no. April, p. 102805, 2020, doi: 10.1016/j.jnca.2020.102805.

H. Wang et al., “DDoS Attack in Software Defined Networks: A Survey,” Neural Regeneration Research, vol. 7, no. 14, 2017.

T. Ray, “DDoS defence: new tactics for a rising shadow industry,” Network Security, vol. 2020, no. 4, pp. 6–7, 2020, doi: 10.1016/S1353-4858(20)30041-6.

C. Cai, S. Mei, and W. Zhong, “Configuration of intrusion prevention systems based on a legal user: the case for using intrusion prevention systems instead of intrusion detection systems,” Information Technology and Management, vol. 20, no. 2, pp. 55–71, 2019, doi: 10.1007/s10799-018-0291-6.

Y. Arta, A. Syukur, and R. Kharisma, “Simulasi Implementasi Intrusion Prevention System (IPS) Pada Router Mikrotik,” IT JOURNAL RESEARCH AND DEVELOPMENT, vol. 3, no. 1, pp. 104–114, 2018, doi: 10.25299/itjrd.2018.vol3(1).1346.

A. Guezzaz, A. Asimi, and Y. Asimi, “A hybrid NIPS based on pcapsocks sniffer and neural MLP,” in Advances in Intelligent Systems and Computing, 2018, vol. 640, pp. 253–266. doi: 10.1007/978-3-319-64719-7_22.

“Instant OSSEC Host-based Intrusion Detection,” Network Security, vol. 2013, no. 9, p. 4, 2013, doi: 10.1016/s1353-4858(13)70099-0.

C. Gayathri Harshitha, M. Kameswara Rao, and P. Neelesh Kumar, “A novel mechanism for host-based intrusion detection system,” in Advances in Intelligent Systems and Computing, 2020, vol. 1045, pp. 527–536. doi: 10.1007/978-981-15-0029-9_42.

M. A. Jabbar and R. Aluvalu, “A Signature-based Intrusion Detection System for the Internet of Things,” in Smart Cities Symposium 2018, 2018, vol. 2018, no. CP747, pp. 51 (6 pp.)-51 (6 pp.).

A. Khraisat, I. Gondal, P. Vamplew, J. Kamruzzaman, and A. Alazab, “A novel ensemble of hybrid intrusion detection system for detecting internet of things attacks,” Electronics (Switzerland), vol. 8, no. 11, 2019, doi: 10.3390/electronics8111210.

M. Baykara and R. Das, “A novel honeypot based security approach for real-time intrusion detection and prevention systems,” Journal of Information Security and Applications, vol. 41, pp. 103–116, 2018, doi: 10.1016/j.jisa.2018.06.004.

D. A. P. Putri and A. Rachmawati, “Honeypot cowrie implementation to protect ssh protocol in ubuntu server with visualisation using kippo-graph,” International Journal of Advanced Trends in Computer Science and Engineering, vol. 8, no. 6, pp. 3200–3207, 2019, doi: 10.30534/ijatcse/2019/86862019.

I. Barak, “Critical infrastructure under attack: lessons from a honeypot,” Network Security, vol. 2020, no. 9, pp. 16–17, 2020, doi: 10.1016/S1353-4858(20)30106-9.

Downloads

Published

2022-04-05

Issue

Vol. 11 No. 1 (2022): MARET

Section

Articles

License

The copyright of the article that accepted for publication shall be assigned to Jurnal Sisfokom (Sistem Informasi dan Komputer) and LPPM ISB Atma Luhur as the publisher of the journal. Copyright includes the right to reproduce and deliver the article in all form and media, including reprints, photographs, microfilms, and any other similar reproductions, as well as translations.

Jurnal Sisfokom (Sistem Informasi dan Komputer), LPPM ISB Atma Luhur, and the Editors make every effort to ensure that no wrong or misleading data, opinions or statements be published in the journal. In any way, the contents of the articles and advertisements published in Jurnal Sisfokom (Sistem Informasi dan Komputer) are the sole and exclusive responsibility of their respective authors.

Jurnal Sisfokom (Sistem Informasi dan Komputer) has full publishing rights to the published articles. Authors are allowed to distribute articles that have been published by sharing the link or DOI of the article. Authors are allowed to use their articles for legal purposes deemed necessary without the written permission of the journal with the initial publication notification from the Jurnal Sisfokom (Sistem Informasi dan Komputer).

The Copyright Transfer Form can be downloaded [Copyright Transfer Form Jurnal Sisfokom (Sistem Informasi dan Komputer).

This agreement is to be signed by at least one of the authors who have obtained the assent of the co-author(s). After submission of this agreement signed by the corresponding author, changes of authorship or in the order of the authors listed will not be accepted. The copyright form should be signed originally, and send it to the Editorial in the form of scanned document to sisfokom@atmaluhur.ac.id.