scholarly journals TCP SYN Flood (DoS) Attack Prevention Using SPI Method on CSF: A PoC

2020 ◽  
Vol 1 (2) ◽  
pp. 63-72
Author(s):  
I Putu Agus Eka Pratama
Keyword(s):  
Operating System ◽  
Network Security ◽  
Denial Of Service ◽  
Security Mechanism ◽  
Proof Of Concept ◽  
Dos Attack ◽  
Ip Address ◽  
Data Packets ◽  
Packet Inspection

TCP SYN Flood as one kind of Denial of Service (DoS) attack, still popular to flood the server connection, by sending SYN packets to the target. Because of the risk caused by this attack, there is a need for a network security mechanism. In this paper, one of the security mechanisms proposed is using Stateful Packet Inspection (SPI) method on Configserver Security and Firewall (CSF). By using SPI method, CSF has capabilities to responsible for separating packets of data, that may be entered with data packets that should not be entered into the server. For example: port to be opened, port closed, and IP Address that may access the server for anywhere. This paper combines both of CSF and SPI method to prevent TCP SYN Flood (DoS) with Proof of Concept (PoC) at the Linux operating system. The security process is done in 3 ways: configuring a maximum connection from an IP Address to a server, securing an incoming SYN packet per second, and counting how many times an IP Address violates the minimum SYN packet rule per second before being blocked by a firewall.

scholarly journals PERANCANGAN SISTEM KEAMANAN JARINGAN PADA UNIVERSITAS BINA INSAN LUBUKLINGGAU MENGGUNAKAN TEKNIK DEMILITARIZED ZONE (DMZ)

2019 ◽  
Vol 4 (1) ◽  
pp. 19-24
Author(s):  
M. Agus Syamsul Arifin ◽  
Antoni Zulius
Keyword(s):  
Operating System ◽  
Network Security ◽  
Data Encryption ◽  
Traffic Data ◽  
Data Traffic ◽  
Layer System ◽  
Ip Address ◽  
Demilitarized Zone ◽  
Using Data ◽  
The University

Abstrak Pengamanan Jaringan merupakan salah satu tindakan untuk menjaga data yang terdapat di server selain menggunakan metode enskripsi data terdapat juga salah satu Teknik yang di gunakan untuk mengamankan jaringan yaitu dengan menggunakan Teknik DMZ (Demilitarized Zone). DMZ merupakan sebuah area dalam jaringan yang di bangun untuk melindungi sistem internal dengan cara memisahkan lalulintas Data yang ada pada jaringan. Lalulintas data pada Jaringan Universitas Bina Insan Lubuklinggau tidak terfilter sehingga sistem internal yang ada  dalam hal ini adalah perangkat server tidak memiliki pengamanan selain sistem keamanan built in yang ada pada sistem operasi yang di gunakan oleh server Universitas (Firewall Sistem Operasi) pengguna yang mengakses jaringan Internet menggunakan IP Address yang biasa di gunakan mahasiswa dapat juga memasuki jaringan yang di gunakan oleh server secara langsung tanpa terfilter, dengan menggunakan Teknik DMZ lalulintas data Server yang ada akan dipisah dari Jaringan yang di gunakan oleh mahasiswa dan Jaringan Luar, sehingga mahasiswa dan pengguna hanya akan dapat mengakses port yang sudah di tentukan saja. Penggunaan Teknik DMZ nantinya akan menjadi sistem lapis pengamanan pertama dari server yang ada di Universitas Bina Insan Lubuklinggau agar beberapa port dapat terlindungi dari pengguna yang berusaha mengakses lebih dalam ke dalam Server. Kata kunci : Demilitarized Zone (DMZ), Keamanan Jaringan, Server Abstract  Network Security is one of the ways to maintain the data contained on the server besides using data encryption methods, there is also one of the techniques used to secure the network by using the DMZ (Demilitarized Zone) technique. DMZ is an area in a network that is built to protect internal systems by separating traffic data on the network. Data traffic on the Bina University Network Lubuklinggau Staff is not filtered so that the internal system in this case is that the server device has no security other than the built-in security system that is on the operating system used by the University server (Firewall Operating System) users accessing the Internet network using an IP address that is commonly used by students can also enter the network that is used directly by the server without filtering, using the DMZ technique data traffic Existing servers will be separated from the network used by students and the outside network, so students and users will only can only access the specified port. The use of the DMZ Technique will later become the first security layer system from the server at Bina University, Lubuklinggau, so that several ports can be protected from users trying to access deeper into the Server.  Keywords : Demilitarized Zone (DMZ), Network Security, Server

scholarly journals DoS Attack Prevention Using Rule-Based Sniffing Technique and Firewall in Cloud Computing

2019 ◽  
Vol 125 ◽  
pp. 21004
Author(s):  
Kagiraneza Alexis Fidele ◽  
Agus Hartanto
Keyword(s):  
Denial Of Service ◽  
The Internet ◽  
Data Service ◽  
Distributed Denial Of Service ◽  
Dos Attack ◽  
Ip Address ◽  
Attack Pattern ◽  
Main Target ◽  
Cloud Servers ◽  
Sniffing Technique

Nowadays, we are entering an era where the internet has become a necessary infrastructure and support that can be applied as a means of regular communication and data service. In these services, cloud-based on servers has an essential role as it can serve numerous types of devices that are interconnected with several protocols. Unfortunately, internet cloud servers become the main target of attacks such as Denial of Service (DoS), Distributed Denial of Service (DDoS). These attacks have illegal access that could interfere in service functions. Sniffing techniques are typically practiced by hackers and crackers to tap data that passes through the internet network. In this paper, sniffing technique aims to identify packets that are moving across the network. This technique will distinguish packet on the routers or bridges through a sniffer tool known as snort connected to a database containing the attack pattern. If the sniffing system encounters strange patterns and recognizes them as attacks, it will notify to the firewall to separate the attacker's original Internet Protocol (IP) address. Then, communication from the attacker's host to the target will be discontinued. Consequently, the identified attack activity will stop working, and the service will proceed to run.

Sistem Keamanan Jaringan Local Area Network Menggunakan Teknik De-Militarized Zone

2018 ◽  
Vol 5 (2) ◽  
pp. 91-106
Author(s):  
Ino Anugrah ◽  
Raden Hengki Rahmanto
Keyword(s):  
Network Security ◽  
Computer Network ◽  
Local Area Network ◽  
Denial Of Service ◽  
Local Area ◽  
Area Network ◽  
Dos Attack ◽  
Security Systems ◽  
Flooding Attack ◽  
Well Data

ABSTRACT   Islamic University”45” computer network needs a safe network to strengthen the network security systems to protect servers from attacks such as Port Scanning and DoS attack (Denial of Service). One of the network security techniques is De-Militarized Zone (DMZ) that is a mechanism to protect the internal system from hacker attacks or other parties who want to enter the system with no access. The purpose of this Project is to implement LAN network security system using De-Militarized Zone (DMZ) technique, with a single firewall that supports the internal and external networks. The results of the DMZ technique implementation at the Islamic University's "45", it is found that filter DoS attack can be implemented well.  Data analysis results show DoS attack with the type of ICMP Flooding attack, and UDP Flooding attack can be blocked with Percentage of success is 98%.   Keywords : attack, network security,  de-militarized zone     ABSTRAK   Jaringan komputer Universitas Islam “45” memerlukan keamanan jaringan untuk dapat memperkuat sistem keamanan jaringan pada server dari serangan seperti Port Scanning dan DoS (Denial of Service). Salah satu teknik keamanan jaringan yaitu De-Militarized Zone (DMZ) yang merupakan mekanisme untuk melindungi sistem internal dari serangan hacker atau pihak-pihak lain yang ingin memasuki sistem tanpa mempunyai hak akses. Tujuan Tugas Akhir ini adalah untuk mengimplementasikan sistem keamanan jaringan LAN menggunakan teknik De-Militarized Zone (DMZ). metode dasar adalah dengan menggunakan firewall tunggal yang menjadi penyangga jaringan internal dan external. Hasil penelitian implementasi teknik DMZ pada layanan server jaringan komputer Universitas Islam “45” dapat melakukan filter DoS attack dengan baik, data hasil analisa  menunjukan DoS attack dengan jenis ICMP Flooding attack, dan UDP Flooding attack dapat di-block dengan Persentase keberhasilan sebesar 98%.   Kata kunci : Serangan,  Keamanan jaringan,  De-Militarized Zone

scholarly journals Network Security Using Honeypot and Attack Detection with Android Application

2021 ◽  
Vol 2 (2) ◽  
pp. 53-60
Author(s):  
Farizqi Panduardi ◽  
Herman Yuliandoko ◽  
Agus Priyo Utomo
Keyword(s):  
Network Security ◽  
Virtual Environment ◽  
Industrial Revolution ◽  
Computer Network ◽  
Attack Detection ◽  
Android Application ◽  
Ip Address ◽  
Data Packets ◽  
Rest Api

Network security is now increasingly needed in the era of the industrial revolution 4.0. As technology grows, cybercrimes are becoming more and more common, including attacks on a resource. At this time, honeypots are also widely used by large industries for network security, besides that honeypots are also useful for them in developing intrusion and preventing systems. Honeypots are usually used in a virtual environment, they will stimulate a fake system to capture data packets on the network and be analysed offline later for all threats and attacks. This propose of this paper is to detect and prevent building attacks from computer network attackers using an android application. This application can monitor an attack on the server by installing a honeypot tool into the server as an attack detector, then the honeypot log is used as a Rest API using Django framework with MongoDB database. this application can find out if there is an attack on the server, and can block the attacker's IP address.

scholarly journals Improving Network Security - A Comparison of Open Source DPI Software

2017 ◽  
Vol 2 (2) ◽  
pp. 11
Author(s):  
Gandeva Bayu Satrya ◽  
Faiizal Eko Nugroho ◽  
Tri Brotoharsono
Keyword(s):  
Network Security ◽  
Open Source ◽  
Traffic Control ◽  
Deep Packet Inspection ◽  
Data Traffic ◽  
Next Generation ◽  
Internet Applications ◽  
Ip Address ◽  
Packet Inspection ◽  
Network Administrators

<p>The classification of data traffic in a firewall using parameters such as port number, IP address, and MAC address is not sufficient. For example, currently, many applications can be used without a port number meaning they can easily circumvent a firewall. Firewalls inspecting up to only layer four could allow malicious data to pass. Next-generation deep packet inspection (DPI) is a method that can be used for firewalls as a method of classification up to layer seven in data traffic control.</p><p>This research recommends the use of nDPI and L7-filter by network administrators on existing open source firewalls. Eleven internet applications were used to test and analyze nDPI and L7-filter which are capable of detecting traffic based on the data signature. nDPI and L7-filter were tested for accuracy and speed. We conclude that the development of next-generation deep packet inspection is important for the future of system and network security.</p>

A Review of Defense Against Slow HTTP Attack

2017 ◽  
Vol 1 (4) ◽  
pp. 127 ◽  
Author(s):  
Suroto Suroto
Keyword(s):  
Network Security ◽  
Incomplete Data ◽  
Transfer Rate ◽  
Denial Of Service ◽  
Web Server ◽  
Attack Detection ◽  
Security Threats ◽  
Public Network ◽  
Data Packets ◽  
Internet Users

Every web server poses a risk to network security threats. One of them is a threat of Slow HTTP Attack. Slow HTTP Attack exploits the working methods of the HTTP protocol, where it requires that every request from the client be fully accepted by the server before it is processed. If the HTTP request is incomplete, or if the transfer rate is very low, the server remains busy waiting for the rest of the data. If the server is storing too many busy resources, there is a denial of service. Internet users can exploit such vulnerabilities,  send incomplete data packets deliberately and requests repeatedly. When a web server is in a public network or the Internet, then protecting computer and network security is an important issue. After identifying and analyzing how the Slow HTTP attack works, as well as its attack detection, this paper describes portfolio of the work system , how to detect and how to defence against the Slow HTTP attack. Keywords— Slow HTTP Attack, Web Server Exploit, Denial of Service, DoS

Deteksi Serangan Denial of Service di Situs Web dengan Wireshark Menggunakan Metode IDS Berbasis Anomali

2020 ◽  
Vol 8 (4) ◽  
pp. 375
Author(s):  
Finandito Adhana ◽  
I Ketut Gede Suhartana
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Intrusion Detection System ◽  
Detection System ◽  
Denial Of Service ◽  
Dos Attack ◽  
Dos Attacks ◽  
Data Packets ◽  
Anomaly Pattern ◽  
Suspicious Activity

Denial of Service (DoS) attacks are increasingly dangerous. This DoS attack works by sending data packets continuously so that the target being attacked cannot be operated anymore. DoS attacks attack the most websites, thus making the website inaccessible. An anomaly based intrusion detection system (IDS) is a method used to detect suspicious activity in a system or network on the basis of anomaly pattern arising from such interference. Wireshark is software used to analyze network traffic packets that have various kinds of tools for network professionals.

scholarly journals Implementasi untuk Meningkatkan Keamanan Jaringan Menggunakan Deep Packet Inspection pada Software Defined Networks

2019 ◽  
Vol 4 (1) ◽  
pp. 133
Author(s):  
Danaswara Prawira Harja ◽  
Andrian Rakhmatsyah ◽  
Muhammad Arief Nugroho
Keyword(s):  
Network Architecture ◽  
Network Performance ◽  
Detection System ◽  
New Technology ◽  
Denial Of Service ◽  
Deep Packet Inspection ◽  
Dos Attack ◽  
Inspection Method ◽  
Packet Inspection ◽  
Direct Attack

<p><strong>Abstract</strong></p><p>Today, Software Defined Network (SDN) has been globally recognized as a new technology for network architecture. But, there is still lack in security. Many studies use methods such as the Intrusion Prevention System (IPS) and Intrusion Detection System (IDS) to deal with social problems. But there is still a lack of security in terms of network performance. To solve the problem, can be used Deep Packet Inspection method (DPII) which make administrators can directly know what happens to traffic in real time. In this research, DPI will be implemented as security method and tested with Denial of Service (DoS) attack with Direct Attack. The results of testing on SDN networks that have been added DPI can perform packet detection such as IDS and blocking such as IPS with good performance time in overcoming attack.</p><p><strong>Keywords: </strong>SDN, DPI, DoS attack, Direct Attack, performance</p>

scholarly journals Entropy Based Features Distribution for Anti-DDoS Model in SDN

2021 ◽  
Vol 13 (3) ◽  
pp. 1522
Author(s):  
Raja Majid Ali Ujjan ◽  
Zeeshan Pervez ◽  
Keshav Dahal ◽  
Wajahat Ali Khan ◽  
Asad Masood Khattak ◽  
...  
Keyword(s):  
Network Security ◽  
False Positive ◽  
Denial Of Service ◽  
Network Services ◽  
Detection Accuracy ◽  
Data Sets ◽  
Traffic Patterns ◽  
Average Accuracy ◽  
Ddos Detection ◽  
Quantitative Results

In modern network infrastructure, Distributed Denial of Service (DDoS) attacks are considered as severe network security threats. For conventional network security tools it is extremely difficult to distinguish between the higher traffic volume of a DDoS attack and large number of legitimate users accessing a targeted network service or a resource. Although these attacks have been widely studied, there are few works which collect and analyse truly representative characteristics of DDoS traffic. The current research mostly focuses on DDoS detection and mitigation with predefined DDoS data-sets which are often hard to generalise for various network services and legitimate users’ traffic patterns. In order to deal with considerably large DDoS traffic flow in a Software Defined Networking (SDN), in this work we proposed a fast and an effective entropy-based DDoS detection. We deployed generalised entropy calculation by combining Shannon and Renyi entropy to identify distributed features of DDoS traffic—it also helped SDN controller to effectively deal with heavy malicious traffic. To lower down the network traffic overhead, we collected data-plane traffic with signature-based Snort detection. We then analysed the collected traffic for entropy-based features to improve the detection accuracy of deep learning models: Stacked Auto Encoder (SAE) and Convolutional Neural Network (CNN). This work also investigated the trade-off between SAE and CNN classifiers by using accuracy and false-positive results. Quantitative results demonstrated SAE achieved relatively higher detection accuracy of 94% with only 6% of false-positive alerts, whereas the CNN classifier achieved an average accuracy of 93%.

Sign in / Sign up

Export Citation Format

Share Document