scholarly journals Perancangan dan Implementasi Instrusion Detection System di Jaringan Universitas Diponegoro

2015 ◽  
Vol 3 (2) ◽  
pp. 171
Author(s):  
Dyakso Anindito Nugroho ◽  
Adian Fatchur Rochim ◽  
Eko Didik Widianto
Keyword(s):  
Operating System ◽  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Web Application ◽  
Detection System ◽  
Monitoring Network ◽  
Final Project ◽  
Security Device ◽  
The Web

The use of information technology gives the advantage of open access for its users, but a new problem arises that there is a threat from unauthorized users. Intrusion Detection System (IDS) is applied to assist administrator to monitoring network security. IDS displays illegal access information in a raw form which is require more time to read the detected threats. This final project aims to design an IDS with web application which is made for pulling information on IDS sensor database, then processing and representing them in tables and graphs that are easy to understand. The web application also has IpTables firewall module to block attacker's IP address. The hardware used is Cisco IPS 4240, two computers Compaq Presario 4010F as client and gateway, and Cisco Catalyst 2960 switch. The software used is Ubuntu 12.0 LTS Precise operating system, BackTrack 5 R1 operating system, PHP 5.4 programming language, MySQL 5 database, and web-based system configuration tool Webmin. Testing is done using several BackTrack applications with the aim of Cisco IPS 4240 is capable of detecting accordance with the applicable rules. Each events of any attack attempt or threat was obtained from IDS sensor database in XML form. XML file is sent using Security Device Event Exchange (SDEE) protocol. The web application is tested by looking at the output tables and graphs that displays the appropriate results of sensor detection. This study generated an intrusion detection system that is easier to monitor. Network packets copied by the Cisco 2960 switch and then forwarded to the sensor. Intruder detection is done by Cisco IPS 4240 sensor. Log detection processed by the web application into tables and graphs. Intrusion detection systems are intended to improve network security.

scholarly journals An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications

2014 ◽  
Vol 5 (1) ◽  
pp. 19-38
Author(s):  
Romaric Ludinard ◽  
Éric Totel ◽  
Frédéric Tronel ◽  
Vincent Nicomette ◽  
Mohamed Kaâniche ◽  
...  
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Web Application ◽  
Web Applications ◽  
Detection System ◽  
Source Code ◽  
Web Attacks ◽  
Application Profile ◽  
The Web ◽  
Ruby On Rails

RRABIDS (Ruby on Rails Anomaly Based Intrusion Detection System) is an application level intrusion detection system (IDS) for applications implemented with the Ruby on Rails framework. The goal of this intrusion detection system is to detect attacks against data in the context of web applications. This anomaly based IDS focuses on the modelling of the normal application profile using invariants. These invariants are discovered during a learning phase. Then, they are used to instrument the web application at source code level, so that a deviation from the normal profile can be detected at run-time. This paper illustrates on simple examples how the approach detects well-known categories of web attacks that involve a state violation of the application, such as SQL injections. Finally, an assessment phase is performed to evaluate the accuracy of the detection provided by the proposed approach.

scholarly journals Analisis Perbandingan Kinerja Snort Dan Suricata Sebagai Intrusion Detection System Dalam Mendeteksi Serangan Syn Flood Pada Web Server Apache

Respati ◽  
2020 ◽  
Vol 15 (2) ◽  
pp. 6
Author(s):  
Lukman Lukman ◽  
Melati Suci
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Denial Of Service ◽  
Web Server ◽  
Attack Detection ◽  
Web Servers ◽  
Server Software ◽  
The Web

INTISARIKeamanan jaringan pada web server merupakan bagian yang paling penting untuk menjamin integritas dan layanan bagi pengguna. Web server sering kali menjadi target serangan yang mengakibatkan kerusakan data. Salah satunya serangan SYN Flood merupakan jenis serangan Denial of Service (DOS) yang memberikan permintaan SYN secara besar-besaran kepada web server.Untuk memperkuat keamanan jaringan web server penerapan Intrusion Detection System (IDS) digunakan untuk mendeteksi serangan, memantau dan menganalisa serangan pada web server. Software IDS yang sering digunakan yaitu IDS Snort dan IDS Suricata yang memiliki kelebihan dan kekurangannya masing-masing. Tujuan penelitian kali ini untuk membandingkan kedua IDS menggunakan sistem operasi linux dengan pengujian serangan menggunakan SYN Flood yang akan menyerang web server kemudian IDS Snort dan Suricata yang telah terpasang pada web server akan memberikan peringatan jika terjadi serangan. Dalam menentukan hasil perbandingan, digunakan parameter-parameter yang akan menjadi acuan yaitu jumlah serangan yang terdeteksi dan efektivitas deteksi serangan dari kedua IDS tersebut.Kata kunci: Keamanan jaringan, Web Server, IDS, SYN Flood, Snort, Suricata. ABSTRACTNetwork security on the web server is the most important part to guarantee the integrity and service for users. Web servers are often the target of attacks that result in data damage. One of them is the SYN Flood attack which is a type of Denial of Service (DOS) attack that gives a massive SYN request to the web server.To strengthen web server network security, the application of Intrusion Detection System (IDS) is used to detect attacks, monitor and analyze attacks on web servers. IDS software that is often used is IDS Snort and IDS Suricata which have their respective advantages and disadvantages.The purpose of this study is to compare the two IDS using the Linux operating system with testing the attack using SYN Flood which will attack the web server then IDS Snort and Suricata that have been installed on the web server will give a warning if an attack occurs. In determining the results of the comparison, the parameters used will be the reference, namely the number of attacks detected and the effectiveness of attack detection from the two IDS.Keywords: Network Security, Web Server, IDS, SYN Flood, Snort, Suricata.

scholarly journals An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications

2018 ◽  
pp. 1073-1094
Author(s):  
Romaric Ludinard ◽  
Éric Totel ◽  
Frédéric Tronel ◽  
Vincent Nicomette ◽  
Mohamed Kaâniche ◽  
...  
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Web Application ◽  
Web Applications ◽  
Detection System ◽  
Source Code ◽  
Web Attacks ◽  
Application Profile ◽  
The Web ◽  
Ruby On Rails

RRABIDS (Ruby on Rails Anomaly Based Intrusion Detection System) is an application level intrusion detection system (IDS) for applications implemented with the Ruby on Rails framework. The goal of this intrusion detection system is to detect attacks against data in the context of web applications. This anomaly based IDS focuses on the modelling of the normal application profile using invariants. These invariants are discovered during a learning phase. Then, they are used to instrument the web application at source code level, so that a deviation from the normal profile can be detected at run-time. This paper illustrates on simple examples how the approach detects well-known categories of web attacks that involve a state violation of the application, such as SQL injections. Finally, an assessment phase is performed to evaluate the accuracy of the detection provided by the proposed approach.

scholarly journals Online Database Intrusion Detection System Based on Query Signatures

2017 ◽  
Vol 3 (1) ◽  
pp. 282
Author(s):  
Alaa Khalil Alhadithy ◽  
Awezan Aso Omar
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Web Application ◽  
High Efficiency ◽  
Detection System ◽  
Major Type ◽  
Before And After ◽  
Web Application System ◽  
The Web ◽  
Database Intrusion Detection

SQL injection (SQLI) is a major type of attack that threatens the integrity, confidentiality and authenticity or functionality of any database driven web application. It allows the attacker to gain unauthorized access to the back-end database by exploiting the vulnerabilities within the system in order to commit an attack and access resources. Database Intrusion Detection System (DIDS) is the defense against SQLI that is used as a detection and prevention technique to protect any database driven web application. In this paper a proposed system is presented to protect the web application from SQLI. This proposed system uses a new technique of signature- based detection. It depends on secure hash algorithm (SHA-1), which is used to check the signature for the submitted queries and to decide whether these queries are valid, or not. The proposed system can distinguish and prevent hacking attempts by detecting the attacker, blocking his/her request, and preventing him/her from accessing the web application again. The proposed system was tested using Sqlmapproject attacking tool. Sqlmapproject was used to attack the web application (built using PHP and MySQL server) before and after protection. The results show that the proposed system works correctly and it can protect the web application system with good performance and high efficiency.  

scholarly journals Intrusion Detection Based on Big Data Fuzzy Analytics

2021 ◽  
Author(s):  
Farah Jemili ◽  
Hajer Bouras
Keyword(s):  
Big Data ◽  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
High Performance ◽  
Detection System ◽  
Training Dataset ◽  
False Alarms ◽  
Massive Datasets ◽  
Detection Rates

In today’s world, Intrusion Detection System (IDS) is one of the significant tools used to the improvement of network security, by detecting attacks or abnormal data accesses. Most of existing IDS have many disadvantages such as high false alarm rates and low detection rates. For the IDS, dealing with distributed and massive data constitutes a challenge. Besides, dealing with imprecise data is another challenge. This paper proposes an Intrusion Detection System based on big data fuzzy analytics; Fuzzy C-Means (FCM) method is used to cluster and classify the pre-processed training dataset. The CTU-13 and the UNSW-NB15 are used as distributed and massive datasets to prove the feasibility of the method. The proposed system shows high performance in terms of accuracy, precision, detection rates, and false alarms.

Campus Network Security Program Based on Snort Network Security Intrusion Detection System

2012 ◽  
Vol 433-440 ◽  
pp. 3235-3240
Author(s):  
Ling Jia
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Collocation Methods ◽  
Campus Network ◽  
Security Risks ◽  
Network Layer ◽  
Defense Strategies

This paper studies the security problems of campus network and summarizes the current on the current security risks and threats that campus network faces, focusing on analysis of attack-defense strategies on DOS network layer, proposing the security program of campus network which uses firewall as well as network security intrusion detection system snort. This paper analyzes the functional advantages of the program and presents in details the setup deployment and collocation methods of network security intrusion detection system based on snort in the campus network, and its application results are also summarized.

ANALISIS NETWORK SECURITY SNORT METODE INTRUSION DETECTION SYSTEM UNTUK OPTIMASI KEAMANAN JARINGAN KOMPUTER

Jursima ◽  
2018 ◽  
Vol 6 (1) ◽  
pp. 1
Author(s):  
Parningotan Panggabean
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Denial Of Service

<p><em>Perkembangan teknologi informasi, khususnya jaringan komputer memungkinkan terjadinya pertukaran informasi yang mudah, cepat dan semakin kompleks. Keamanan jaringan komputer harus diperhatikan guna menjaga validitas dan integritas data serta informasi yang berada dalam jaringan tersebut. Masalah yang dihadapi adalah adanya Log Bug yang didapatkan pada komputer server Dinas Lingkungan Hidup Kota Batam yang diindikasikan adanya serangan Denial of Service (DoS) pada komputer tersebut. Berdasarkan masalah diatas maka penulis mencoba membuat sebuah penelitian yang berjudul “Analisis Network Security Snort menggunakan metode  Intrusion Detection System (IDS) untuk Optimasi  Keamanan Jaringan Komputer” dan diharapkan dapat mendeteksi serangan Denial of Service (DoS). Intrusion Detection System (IDS)  adalah sebuah tool, metode, sumber daya yang memberikan bantuan untuk melakukan identifikasi, memberikan laporan terhadap aktivitas jaringan komputer. Aplikasi yang digunakan untuk mendeteksi serangan menggunakan Snort. Snort dapat mendeteksi serangan DoS. Serangan DoS dilakukan dengan menggunakan aplikasi Loic.</em></p>

Using response action with intelligent intrusion detection and prevention system against web application malware

2014 ◽  
Vol 22 (5) ◽  
pp. 431-449 ◽  
Author(s):  
Ammar Alazab ◽  
Michael Hobbs ◽  
Jemal Abawajy ◽  
Ansam Khraisat ◽  
Mamoun Alazab
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Web Application ◽  
Web Applications ◽  
Detection Efficiency ◽  
Detection System ◽  
Content Type ◽  
Novel Approach ◽  
Prevention System ◽  
Intrusion Detection And Prevention

Purpose – The purpose of this paper is to mitigate vulnerabilities in web applications, security detection and prevention are the most important mechanisms for security. However, most existing research focuses on how to prevent an attack at the web application layer, with less work dedicated to setting up a response action if a possible attack happened. Design/methodology/approach – A combination of a Signature-based Intrusion Detection System (SIDS) and an Anomaly-based Intrusion Detection System (AIDS), namely, the Intelligent Intrusion Detection and Prevention System (IIDPS). Findings – After evaluating the new system, a better result was generated in line with detection efficiency and the false alarm rate. This demonstrates the value of direct response action in an intrusion detection system. Research limitations/implications – Data limitation. Originality/value – The contributions of this paper are to first address the problem of web application vulnerabilities. Second, to propose a combination of an SIDS and an AIDS, namely, the IIDPS. Third, this paper presents a novel approach by connecting the IIDPS with a response action using fuzzy logic. Fourth, use the risk assessment to determine an appropriate response action against each attack event. Combining the system provides a better performance for the Intrusion Detection System, and makes the detection and prevention more effective.

Sign in / Sign up

Export Citation Format

Share Document