Network Forensics Against Ryuk Ransomware Using Trigger, Acquire, Analysis, Report, and Action (TAARA) Method

This study aims to reconstruct an attack event and analyze the source of viral infection based on network traffic logs so that the information obtained can be used for a new reference in the security system. Recent attacks on computer network systems cannot be easily detected, as cybercrime has used a variant of the Ryuk Ransomware virus to penetrate security systems, encrypt drives, and computer network resources. This virus is very destructive and has an effective design with a file size of about 200,487 Bytes so it does not look suspicious. The research steps are done through Trigger, Acquire, Analysis, Report, and Action (TAARA). The forensic tools used to obtain log data are Wireshark, NetworkMiner, and TCPDUMP. Based on the results of forensic data obtained include a timestamp, source of the attack, IP address, MAC address, hash signature sha256, internet protocol, and the process of infection. Based on the data obtained in this study has been by the expected objectives.

Download Full-text

Analysis and Implementation of Honeyd as a Low-Interaction Honeypot in Enhancing Security Systems

Randwick International of Social Science Journal ◽

10.47175/rissj.v2i1.209 ◽

2021 ◽

Vol 2 (1) ◽

pp. 124-135

Author(s):

Abdul Muin Nasution ◽

Muhammad Zarlis ◽

Suherman Suherman

Keyword(s):

Large Scale ◽

Computer Network ◽

Network Systems ◽

Security Systems ◽

Important Data ◽

Log Files ◽

Computer Network Security ◽

Computer Based ◽

A Company ◽

Direct Attack

Every computer connected to a wide computer network is vulnerable to the occurrence of data, information, resources and services that exist in the system from actions such as intrusion, wiretapping, theft and misuse of important data to damage to network systems, which are carried out by irresponsible intruders, wiretapping, theft and misuse of important data by individuals, groups, within a company/government agency or private sector, even damage to computer network systems may occur. in a company, which is done by an intruder or attacker who is not responsible. Honeypot honeyd is a method that can be applied, implemented in medium to large scale companies, especially those that have implemented computer-based systems and technology, to prevent, anticipate bad actions before they occur and take quick action when bad impacts occur. Honeypot honeyd with low-interaction, which is to interact indirectly with the attacker, because honeyd positions itself as a bait or a shadow server that is deliberately attacked so that the results of the attack can be known and analyzed. In this research, honeyd honeypot is a shadow server that resembles a real server, which has several services along with ports that are deliberately opened for attack. The results of this research can be seen that there is an infiltration or direct attack, seen from the increase in network traffic above normal on the monitor system, and also can be seen log files from Honeyd in detail what the attackers have done or are currently doing to be analyzed and then take precautions, anticipation, socialization of security in carrying out activities that are directly related to the outside world through the network, improving both servers, network systems and existing services. Thus the honeyd honeypot can help save important data, resources and can improve computer network security systems.

Download Full-text

Keamanan Jaringan dengan Cowrie Honeypot dan Snort Inline-Mode sebagai Intrusion Prevention System

Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi) ◽

10.29207/resti.v5i1.2825 ◽

2021 ◽

Vol 5 (1) ◽

pp. 180-186

Author(s):

Tati Ernawati ◽

Fikri Faiz Fadhlur Rachmat

Keyword(s):

Network Security ◽

Computer Network ◽

Security System ◽

Network Resources ◽

Process Data ◽

Network Systems ◽

Intrusion Prevention ◽

Prevention System ◽

Intrusion Prevention System ◽

Resources Sharing

Computer network systems have been designing to share resources. Sharing resources process, data security, and confidentiality are main issues in anticipating misuse of the access to information by unauthorized parties. The solution to anticipating these problems is the availability of a security system capable of handling various intruders who threaten the system and protect network resources. This study builds and analyzes the performance of computer network security using cowrie honeypot and snort inline-mode as an Intrusion Prevention System (IPS). The development process goes through the stages of analysis, design, implementation, and monitoring. The content analysis method has been using to explore the problems and requirements of the system built. The security system was build by configuring the IP address and network system devices (server, remote admin, client attacker). The test has been carrying out on 3 test parameters (confidentiality, availability, and integrity), comparison testing method has been using to test the integrity parameters. The test results indicate that the system functionality test for user needs have fulfilled, the results of the confidentiality test (83.3%), availability (93.3%), and the integrity of the inline-mode snort show faster response time (0.069 seconds on average) and more CPU resource usage efficient (0.04% average) than the cowrie honeypot. IPS snort inline-mode overall integrity parameter testing is more recommended for used network security systems than cowrie honeypots.

Download Full-text

APLIKASI PENCARI INFORMASI PERMINTAAN LAYANAN WEB YANG ERROR MENGGUNAKAN ALGORITMA BOYER-MOORE

Unes journal of Information System ◽

10.31933/ujis.1.1.001-010.2016 ◽

2016 ◽

Vol 1 (1) ◽

pp. 001

Author(s):

Harry Setya Hadi

Keyword(s):

Data Storage ◽

Computer Network ◽

Web Server ◽

Access Methods ◽

Ip Address ◽

String Searching ◽

Common Process ◽

Web Server Logs ◽

Different Parts ◽

The Web

String searching is a common process in the processes that made the computer because the text is the main form of data storage. Boyer-Moore is the search string from right to left is considered the most efficient methods in practice, and matching string from the specified direction specifically an algorithm that has the best results theoretically. A system that is connected to a computer network that literally pick a web server that is accessed by multiple users in different parts of both good and bad aim. Any activity performed by the user, will be stored in Web server logs. With a log report contained in the web server can help a web server administrator to search the web request error. Web server log is a record of the activities of a web site that contains the data associated with the IP address, time of access, the page is opened, activities, and access methods. The amount of data contained in the resulting log is a log shed useful information.

Download Full-text

Computer network forensics research workshop 2005 "defining network forensics"

Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005. ◽

10.1109/seccmw.2005.1588286 ◽

2005 ◽

Keyword(s):

Computer Network ◽

Network Forensics ◽

Research Workshop

Download Full-text

COMPUTER NETWORK SYSTEMS: THE IMPACT OF TECHNOLOGY ON CO‐OPERATIVE INTERLENDING IN THE USA

Interlending Review ◽

10.1108/eb017676 ◽

1981 ◽

Vol 9 (2) ◽

pp. 39-43 ◽

Cited By ~ 3

Author(s):

Richard De Gennaro

Keyword(s):

Computer Network ◽

Network Systems ◽

The Usa ◽

Impact Of Technology ◽

The Impact

Download Full-text

A MULTI-PLATFORM ASSESSMENT AUTOMATION APPLICATION FOR PRACTICAL OUTCOMES IN COMPUTER NETWORK SYSTEMS

EDULEARN21 Proceedings ◽

10.21125/edulearn.2021.0405 ◽

2021 ◽

Author(s):

Neville Palmer

Keyword(s):

Computer Network ◽

Network Systems

Download Full-text

Policy Perspectives and Strategy for Communication Data and Network Security Projects and Tools

Governometrics and Technological Innovation for Public Policy Design and Precision ◽

10.4018/978-1-4666-5146-3.ch018 ◽

2014 ◽

pp. 386-399

Author(s):

Inderjeet Singh Sodhi

Keyword(s):

Developing Countries ◽

Network Security ◽

Computer Network ◽

The Internet ◽

Network Systems ◽

Constant Increase ◽

Policy And Strategy ◽

Effective Policy ◽

The Government ◽

Increasing Demand

This chapter highlights the constant increase in the number of attacks on computer network systems, which has pushed governments, researchers, and experts to devise better security policies and strategies. However, the rapid growth of systems, components, and services offered has increased the difficulty of administering them. In many organizations in developed and developing countries, more emphasis is being given on use of Automatic Computing for proper network security. The chapter clarifies how various projects and tools could be relevant for network security. The chapter provides insights about what steps have been taken for network security in a developing country like India. It looks into various strategies adopted for communication data and network security in India. It emphasizes that, with increasing demand for basic/citizen services over the Internet, it has become important to protect data and ensure efficient backup and data recovery. The chapter proposes a need for better and effective policy and strategy for communication data and network security to make the government citizen-oriented in developing countries.

Download Full-text

Game Theory for Wireless Network Resource Management

Game Theory ◽

10.4018/978-1-5225-2594-3.ch015 ◽

2017 ◽

pp. 383-399

Author(s):

Sungwook Kim

Keyword(s):

Game Theory ◽

Computer Network ◽

Limited Resource ◽

Shared Resources ◽

Network Resources ◽

Network Resource ◽

Network Bandwidth ◽

Competitive Game ◽

Network Usage ◽

Fair Sharing

Computer network bandwidth can be viewed as a limited resource. The users on the network compete for that resource. Their competition can be simulated using game theory models. No centralized regulation of network usage is possible because of the diverse ownership of network resources. Therefore, the problem is of ensuring the fair sharing of network resources. If a centralized system could be developed which would govern the use of the shared resources, each user would get an assigned network usage time or bandwidth, thereby limiting each person's usage of network resources to his or her fair share. As of yet, however, such a system remains an impossibility, making the situation of sharing network resources a competitive game between the users of the network and decreasing everyone's utility. This chapter explores this competitive game.

Download Full-text

Artificial Intelligence-Based Solutions for Cyber Security Problems

Advances in Systems Analysis, Software Engineering, and High Performance Computing - Artificial Intelligence Paradigms for Smart Cyber-Physical Systems ◽

10.4018/978-1-7998-5101-1.ch004 ◽

2021 ◽

pp. 68-86

Author(s):

Merve Yildirim

Keyword(s):

Artificial Intelligence ◽

Cyber Security ◽

Cyber Attacks ◽

Network Systems ◽

Security Systems ◽

Artificial Intelligence Techniques ◽

Security Issues ◽

Security Applications ◽

Cyber Threats ◽

Legal Risks

Due to its nature, cyber security is one of the fields that can benefit most from the techniques of artificial intelligence (AI). Under normal circumstances, it is difficult to write software to defend against cyber-attacks that are constantly developing and strengthening in network systems. By applying artificial intelligence techniques, software that can detect attacks and take precautions can be developed. In cases where traditional security systems are inadequate and slow, security applications developed with artificial intelligence techniques can provide better security against many complex cyber threats. Apart from being a good solution for cyber security problems, it also brings usage problems, legal risks, and concerns. This study focuses on how AI can help solve cyber security issues while discussing artificial intelligence threats and risks. This study also aims to present several AI-based techniques and to explain what these techniques can provide to solve problems in the field of cyber security.

Download Full-text

Controlling Attacks of Rogue Dynamic Host Configuration Protocol (DHCP) to Improve Pedagogical Activities in Mobile Collaborative Learning (MCL) Environment

Journal of Communications and Computer Engineering ◽

10.20454/jcce.2013.426 ◽

2012 ◽

Vol 3 (1) ◽

pp. 15 ◽

Cited By ~ 1

Author(s):

Abdul Razaque ◽

Khaled Elleithy

Keyword(s):

Collaborative Learning ◽

Mobile Applications ◽

Intrusion Detection System ◽

Detection System ◽

Social Activity ◽

Educational Institutions ◽

Network Resources ◽

Ip Address ◽

Dynamic Host Configuration ◽

Mutual Communication

Mobile collaborative learning (MCL) is extremely recognized as focusing archetype in educational institutions. It demonstrates cerebral synergy of assorted collective minds. It handles several problems in order to motivate social activity for mutual communication. To advance and promote baseline for MCL; several supporting frameworks, architectures including number of different mobile applications have been introduced. But, no one has mainly focused to augment the security of those architectures. The paper handles issues of rogue DHCP server that highly affects network resources during MCL. The rogue DHCP is illegal server that issues the fake IP address to users for sniffing the legal traffic. This contribution specially targets the malicuius attacks that weaken the security of mobile supported collaborative framework (MSCF). The paper introduces multi-frame signature-cum anomaly-based intrusion detection system (MSAIDS) that blocks an unlawful behavior of rogue DHCP server. This novel security method emphasize confidence of users and secures also network from illegitimate interference of rogue DHCP server. Finally, paper confirms scheme through simulations. The simulations comrises of testbed, ns2 and discrete simulation.

Download Full-text