scholarly journals Teler Real-time HTTP Intrusion Detection at Website with Nginx Web Server

2021 ◽  
Vol 5 (3) ◽  
pp. 327
Author(s):  
Agus Tedyyana ◽  
Osman Ghazali
Keyword(s):  
Intrusion Detection ◽  
Real Time ◽  
Intrusion Detection System ◽  
Crime Rate ◽  
Detection System ◽  
Web Server ◽  
The Internet ◽  
Brute Force ◽  
Web Servers ◽  
Web Based

Web servers and web-based applications are now widely used, but in this case, the crime rate in cyberspace has also increased. Crime in cyberspace can occur due to the exploitation of how a system works. For example, the way HTTP works are exploited to weaken the webserver. Various tools for attacking the internet are also starting to be easy to find, but so are the tools to detect these attacks. One of the useful tools for detecting attacks and sending warnings against threats is based on the weblogs on the webserver. Many have not reviewed Teler as an intrusion detection system on HTTP on web servers because the existing tools are relatively new. Teler detecting the weblog and run on the terminal with rule resources collected from the community. So here, the researcher tries to implement the use of Teler in detecting HTTP intrusions on a Nginx-based web server. Intrusion is carried out in attacks commonly used by attackers, for example, port scanning and directory brute force using the Nmap and OWASP ZAP tools. Then the detection results will be sent via the Telegram bot to the server admin. From the results of the experiments conducted, it has been found that Teler is still classified as being able to send warning notifications with a delay between the time of detection and the time when the alert is received, no more than 3 seconds.

scholarly journals Analisis Perbandingan Kinerja Snort Dan Suricata Sebagai Intrusion Detection System Dalam Mendeteksi Serangan Syn Flood Pada Web Server Apache

Respati ◽  
2020 ◽  
Vol 15 (2) ◽  
pp. 6
Author(s):  
Lukman Lukman ◽  
Melati Suci
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Denial Of Service ◽  
Web Server ◽  
Attack Detection ◽  
Web Servers ◽  
Server Software ◽  
The Web

INTISARIKeamanan jaringan pada web server merupakan bagian yang paling penting untuk menjamin integritas dan layanan bagi pengguna. Web server sering kali menjadi target serangan yang mengakibatkan kerusakan data. Salah satunya serangan SYN Flood merupakan jenis serangan Denial of Service (DOS) yang memberikan permintaan SYN secara besar-besaran kepada web server.Untuk memperkuat keamanan jaringan web server penerapan Intrusion Detection System (IDS) digunakan untuk mendeteksi serangan, memantau dan menganalisa serangan pada web server. Software IDS yang sering digunakan yaitu IDS Snort dan IDS Suricata yang memiliki kelebihan dan kekurangannya masing-masing. Tujuan penelitian kali ini untuk membandingkan kedua IDS menggunakan sistem operasi linux dengan pengujian serangan menggunakan SYN Flood yang akan menyerang web server kemudian IDS Snort dan Suricata yang telah terpasang pada web server akan memberikan peringatan jika terjadi serangan. Dalam menentukan hasil perbandingan, digunakan parameter-parameter yang akan menjadi acuan yaitu jumlah serangan yang terdeteksi dan efektivitas deteksi serangan dari kedua IDS tersebut.Kata kunci: Keamanan jaringan, Web Server, IDS, SYN Flood, Snort, Suricata. ABSTRACTNetwork security on the web server is the most important part to guarantee the integrity and service for users. Web servers are often the target of attacks that result in data damage. One of them is the SYN Flood attack which is a type of Denial of Service (DOS) attack that gives a massive SYN request to the web server.To strengthen web server network security, the application of Intrusion Detection System (IDS) is used to detect attacks, monitor and analyze attacks on web servers. IDS software that is often used is IDS Snort and IDS Suricata which have their respective advantages and disadvantages.The purpose of this study is to compare the two IDS using the Linux operating system with testing the attack using SYN Flood which will attack the web server then IDS Snort and Suricata that have been installed on the web server will give a warning if an attack occurs. In determining the results of the comparison, the parameters used will be the reference, namely the number of attacks detected and the effectiveness of attack detection from the two IDS.Keywords: Network Security, Web Server, IDS, SYN Flood, Snort, Suricata.

scholarly journals Realguard: A Lightweight Network Intrusion Detection System for IoT Gateways

Sensors ◽  
2022 ◽  
Vol 22 (2) ◽  
pp. 432
Author(s):  
Xuan-Ha Nguyen ◽  
Xuan-Duong Nguyen ◽  
Hoang-Hai Huynh ◽  
Kim-Hung Le
Keyword(s):  
Deep Learning ◽  
Intrusion Detection ◽  
Real Time ◽  
Intrusion Detection System ◽  
Detection System ◽  
Cyber Attacks ◽  
Network Intrusion Detection ◽  
The Internet ◽  
Network Intrusion ◽  
Network Intrusion Detection System

Cyber security has become increasingly challenging due to the proliferation of the Internet of things (IoT), where a massive number of tiny, smart devices push trillion bytes of data to the Internet. However, these devices possess various security flaws resulting from the lack of defense mechanisms and hardware security support, therefore making them vulnerable to cyber attacks. In addition, IoT gateways provide very limited security features to detect such threats, especially the absence of intrusion detection methods powered by deep learning. Indeed, deep learning models require high computational power that exceeds the capacity of these gateways. In this paper, we introduce Realguard, an DNN-based network intrusion detection system (NIDS) directly operated on local gateways to protect IoT devices within the network. The superiority of our proposal is that it can accurately detect multiple cyber attacks in real time with a small computational footprint. This is achieved by a lightweight feature extraction mechanism and an efficient attack detection model powered by deep neural networks. Our evaluations on practical datasets indicate that Realguard could detect ten types of attacks (e.g., port scan, Botnet, and FTP-Patator) in real time with an average accuracy of 99.57%, whereas the best of our competitors is 98.85%. Furthermore, our proposal effectively operates on resource-constraint gateways (Raspberry PI) at a high packet processing rate reported about 10.600 packets per second.

The Role of Data Mining in Intrusion Detection Technology

2008 ◽  
pp. 463-473 ◽  
Author(s):  
Amalia Agathou ◽  
Theodoros Tzouramanis
Keyword(s):  
Data Mining ◽  
Intrusion Detection ◽  
Real Time ◽  
Computer System ◽  
Intrusion Detection System ◽  
Detection System ◽  
The Internet ◽  
The Past ◽  
Detection Technology

Over the past few years, the Internet has changed computing as we know it. The more possibilities and opportunities develop, the more systems are subject to attack by intruders. Thus, the big question is about how to recognize and handle subversion attempts. One answer is to undertake the prevention of subversion itself by building a completely secure system. However, the complete prevention of breaches of security does not yet appear to be possible to achieve. Therefore these intrusion attempts need to be detected as soon as possible (preferably in real time) so that appropriate action might be taken to repair the damage. This is what an intrusion detection system (IDS) does. IDSs monitor and analyze the events occurring in a computer system in order to detect signs of security problems. However, intrusion detection technology has not yet reached perfection. This fact has provided data mining with the opportunity to make several important contributions and improvements to the field of IDS technology (Julisch, 2002).

scholarly journals THE ANALYSIS OF WEB SERVER SECURITY FOR MULTIPLE ATTACKS IN THE TIC TIMOR IP NETWORK

2020 ◽  
Vol 14 (1) ◽  
pp. 103
Author(s):  
Lilia Ervina Jeronimo Guterres ◽  
Ahmad Ashari
Keyword(s):  
Intrusion Detection System ◽  
Detection System ◽  
Research Result ◽  
Web Server ◽  
Traffic Monitoring ◽  
Internet Technology ◽  
The Internet ◽  
It Professionals ◽  
Ip Network ◽  
Network Traffic Monitoring

The current technology is changing rapidly, with the significant growth of the internet technology, cyber threats are becoming challenging for IT professionals in the companies and organisations to guard their system. Especially when all the hacking tools and instructions are freely available on the Internet for beginners to learn how to hack such as stealing data and information. Tic Timor IP is one of the organisations involved and engaged in the data center operation. It often gets attacks from the outside networks. A network traffic monitoring system is fundamental to detect any unknown activities happening within a network. Port scanning is one of the first methods commonly used to attack a network by utilizing several free applications such as Angry IP Scan, Nmap and Low Orbit Ion Cannon (LOIC).  On the other hand, the snort-based Intrusion Detection System (IDS) can be used to detect such attacks that occur within the network perimeter including on the web server. Based on the research result, snort has the ability to detect various types of attack including port scanning attacks and multiple snort rules can be accurately set to protect the network from any unknown threats.  

SwiftIDS: Real-time intrusion detection system based on LightGBM and parallel intrusion detection mechanism

2020 ◽  
Vol 97 ◽  
pp. 101984 ◽  
Author(s):  
Dongzi Jin ◽  
Yiqin Lu ◽  
Jiancheng Qin ◽  
Zhe Cheng ◽  
Zhongshu Mao
Keyword(s):  
Intrusion Detection ◽  
Real Time ◽  
Intrusion Detection System ◽  
Detection System ◽  
Detection Mechanism
Sign in / Sign up

Export Citation Format

Share Document