Sistem Deteksi dan Pencegahan System Attack pada Infrastruktur Jaringan Menggunakan Realtime Honeypot dan Automatic Iptables

Hillman Akhyar Damanik; Merry Anggraeni

doi:10.25126/jtiik.2025126

Penulis

Hillman Akhyar Damanik Universitas Budi Luhur, Jakarta Selatan
Merry Anggraeni Universitas Budi Luhur, Jakarta Selatan

DOI:

https://doi.org/10.25126/jtiik.2025126

Kata Kunci:

Honeypot, IPtables, Firewall IPSet, Firewall Automation, Malware

Abstrak

Seiring meningkatnya kompleksitas jaringan serta tingginya ketergantungan pada perangkat infrastruktur jaringan, serangan siber terhadap sistem yang terhubung langsung ke internet menjadi tantangan utama dalam pengelolaan keamanan infrastruktur. Eksploitasi pada protokol umum layanan publik seperti SSH, Telnet, SMB, dan FTP sering dimanfaatkan oleh aktor siber untuk menyusup ke sistem menggunakan kredensial lemah atau default. Penelitian ini mengusulkan pendekatan proaktif melalui pemanfaatan honeypot sebagai alat pendeteksi serangan dengan mengimplementasikan sistem yang rentan terhadap eksploitasi. Arsitektur pengujian dirancang dalam dua skenario, yaitu farm server pada virtual (vServer) dan perangkat router, yang masing-masing dilengkapi dengan honeypot jenis Cowrie, Dionaea, Honeytrap, Suricata, dan Mailoney. Serangkaian teknik analisis diterapkan, seperti Statistical Traffic Analysis, identifikasi layanan target dan protokol, pemantauan port SSH, deteksi intrusi berbasis jaringan (IDS), serta analisis sampel malware yang berhasil ditangkap. Data log yang dikumpulkan selama dua bulan mencerminkan aktivitas serangan yang cukup tinggi, dengan total catatan sebanyak 2.813.776 entri dari Cowrie, 2.109.900 dari Dionaea, 1.047.814 dari Honeytrap, dan 650.741 dari Suricata. Selain pemantauan serangan, penelitian ini juga mengembangkan mekanisme pertahanan dengan mengintegrasikan pemfilteran otomatis berbasis IPTables. Pendekatan ini terbukti mampu mengurangi beban kerja perangkat jaringan, dengan efisiensi hingga 45% (CPU dan Memory) pada perangkat Router dan sekitar 40% (CPU dan Memory) pada Server Farm. Hasil penelitian ini menunjukkan bahwa penggabungan berbagai jenis honeypot dengan dukungan otomasi mitigasi berbasis filtering firewall iptables mampu meningkatkan deteksi dini dan memperkuat ketahanan jaringan terhadap serangan dari internet.

Abstract

As the complexity of networks increases and the high dependence on network infrastructure devices, cyber attacks on systems directly connected to the internet become a major challenge in managing infrastructure security. Exploits on common public service protocols such as SSH, Telnet, SMB, and FTP are often used by cyber actors to infiltrate systems using weak or default credentials. This study proposes a proactive approach through the use of honeypots as an attack detection tool by implementing a system that is vulnerable to exploitation. The testing architecture is designed in two scenarios, namely a virtual server farm (vServer) and a router device, each equipped with a honeypot type Cowrie, Dionaea, Honeytrap, Suricata, and Mailoney. A series of analysis techniques are applied, such as Statistical Traffic Analysis, identification of target services and protocols, SSH port monitoring, network-based intrusion detection (IDS), and analysis of successfully captured malware samples. The log data collected over two months reflects quite high attack activity, with a total of 2,813,776 entries from Cowrie, 2,109,900 from Dionaea, 1,047,814 from Honeytrap, and 650,741 from Suricata. In addition to monitoring attacks, this study also developed a defense mechanism by integrating IPTables-based automatic filtering. This approach has been proven to be able to reduce the workload of network devices, with an efficiency of up to 45% (CPU and Memory) on Router devices and around 40% (CPU and Memory) on Server Farms. The results of this study indicate that combining various types of honeypots with the support of iptables firewall filtering-based mitigation automation can improve early detection and strengthen network resilience against attacks from the internet.

Downloads

Download data is not yet available.

Referensi

ALI, P.D. AND GIREESH KUMAR, T., 2017. Malware capturing and detection in dionaea honeypot. 2017 Innovations in Power and Advanced Computing Technologies, i-PACT 2017, 2017-Janua, pp.1–5. https://doi.org/10.1109/IPACT.2017.8245158.

CERON, M. AND SCHOLTEN, C., 2020. MikroTik Devices Landscape, Realistic Honeypots, and Automated Attack Classification. NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium. https://doi.org/10.1109/NOMS47738.2020.9110336.

DAMANIK, H.A., 2022. Securing Data Network for Growing Business VPN Architectures Cellular Network Connectivity. Acta Informatica Malaysia, 6(1), pp.01–06. https://doi.org/10.26480/aim.01.2022.01.06.

DAMANIK, H.A. AND ANGGRAENI, M., 2024. Pola Pengelompokan dan Pencegahan Public Honeypot menggunakan Teknik K-Means dan Automation Shell-Script. 12(1), pp.65–79.

DAMANIK, H.A., ANGGRAENI, M. AND NUSANTARI, F.A.A., 2023. Konsep dan Penerapan Switching dan Routing Implementasi Jaringan Komputer Berbasis Cisco. Jawa Barat: CV. Mega Press Nusantara.

FAVALE, T., GIORDANO, D., DRAGO, I. AND MELLIA, M., 2022. What Scanners do at L7? Exploring Horizontal Honeypots for Security Monitoring. Proceedings - 7th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2022, (September 2024),

pp.307–313. https://doi.org/10.1109/EuroSPW55150.2022.00037.

FRAUNHOLZ, D., ZIMMERMANN, M., ANTÓN, S.D., Schneider, J. and Dieter Schotten, H., 2017. Distributed and highly-scalable WAN network attack sensing and sophisticated analysing framework based on Honeypot technology. Proceedings of the 7th International Conference Confluence 2017 on Cloud Computing, Data Science and Engineering, (11), pp.416–421. https://doi.org/10.1109/CONFLUENCE.2017.7943186.

NWACHUKWU, V., MACGREGOR JOHN-OTUMU, A., C, N. V, O, I.C. AND M, J.-O.A., 2021. An Enhanced Model for Mitigating DDoS Attacks on Linux Servers using IPTables and Bash scripts. International Journal of Advanced Trends in Computer Applications (IJATCA), [online] 8(2), pp.68–74.

POLYAKOV, V. V. AND LAPIN, S.A., 2018. Architecture of the Honeypot System for Studying Targeted Attacks. 2018 14th International Scientific-Technical Conference on Actual Problems of Electronic Instrument Engineering, APEIE 2018 - Proceedings, pp.202–205. https://doi.org/10.1109/APEIE.2018.8545323.

SAIKAWA, K. AND KLYUEV, V., 2019. Detection and Classification of Malicious Access using a Dionaea Honeypot. Proceedings of the 2019 10th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, IDAACS 2019, 2, pp.844–848. https://doi.org/10.1109/IDAACS.2019.8924340.

SAMU, F., 2016. Design and Implementation of a Real-Time Honeypot System for the Detection and Prevention of Systems Attacks. pp.1–129.

SETHIA, V. AND JEYASEKAR, A., 2019. Malware capturing and analysis using dionaea honeypot. Proceedings - International Carnahan Conference on Security Technology, 2019-Octob, pp.0–3. https://doi.org/10.1109/CCST.2019.8888409.

SOKOL, P., HUSÁK, M. AND LIPTÁK, F., 2015. Deploying honeypots and honeynets: Issue of privacy. Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015, pp.397–403. https://doi.org/10.1109/ARES.2015.91.

WAFI, H., FIADE, A., HAKIEM, N. AND BAHAWERES, R.B., 2017. Implementation of a modern security systems honeypot Honey Network on wireless networks. Proceedings - 2017 International Young Engineers Forum, YEF-ECE 2017, pp.91–96. https://doi.org/10.1109/YEF-ECE.2017.7935647.

Sistem Deteksi dan Pencegahan System Attack pada Infrastruktur Jaringan Menggunakan Realtime Honeypot dan Automatic Iptables

Penulis

DOI:

Kata Kunci:

Abstrak

Downloads

Referensi

Unduhan

Diterbitkan

Terbitan

Bagian

Lisensi

Cara Mengutip

Kirim Naskah

side menu

sertifikat akreditasi

pengindeks

Mendeley

Citations & Reference Manager

pengunjung

Keywords

Information

Supported by

Technical Support

Laboratorium

Direktori UB