Text
Analisis Integrasi Security Information and Event Management (SIEM) dan Intrusion Detection System (IDS) dalam Mendeteksi Serangan Berbasis Evasion Technique
Abstrak:
Perkembangan teknologi informasi yang pesat telah membawa dampak signifikan pada tingkat serangan terhadap sistem. Pelaku serangan terus mengembangkan berbagai macam jenis serangan dengan beragam teknik untuk mengelabui sistem keamanan, termasuk penggunaan evasion technique. Evasion technique merupakan serangan yang menyelinap dalam keamanan suatu sistem. Pertahanan yang efektif melawan serangan ini yaitu Intrusion Detection System (IDS) dan Security Information and Event Management (SIEM). IDS berperan dalam mendeteksi dan mencatat aktivitas mencurigakan atau insiden keamanan di lingkup sistem dan jaringan, sedangkan- SIEM bertindak responsif terhadap peristiwa keamanan. Integrasi penggunaan IDS dan SIEM menjadi solusi untuk memberikan pertahanan sistem secara maksimal. Penelitian ini mengkaji lima serangan evasion technique, yaitu Denial of Service (DoS), packet splitting, payload mutation, shellcode mutation, dan duplicate insertion. Dalam penelitian ini, digunakan SIEM tools yaitu ELK Stack, serta tiga IDS tools yaitu Wazuh, Zeek, dan Suricata. Ketiga IDS tersebut diintegrasikan dengan alat SIEM untuk meningkatkan efektivitas sistem keamanan. Hasil penelitian menunjukkan bahwa perangkat rancang bangun integrasi yang telah dikembangkan mampu mendeteksi jenis serangan berbasis evasion technique. Selain itu, data log dari deteksi tersebut berhasil divisualisasikan pada dashboard real time ELK Stack yang memberikan kemudahan bagi pengguna dalam memahami dan menganalisis serangan.
Abstract:
The rapid development of information technology has had a significant impact on the level of attacks on the system. Attackers continue to develop different types of attacks using different techniques to trick security systems, including the use of evasion techniques. An evasion technique is an attack that subverts the security of a system. Effective defences against this attack are Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM). IDS plays a role in detecting and recording suspicious activity or security incidents within the system and network, while SIEM responds to security events. The integrated use of IDS and SIEM provides a solution for maximum system defence. This research examines five attack evasion techniques, namely denial of service (DoS), packet splitting, payload mutation, shellcode mutation, and duplicate insertion. This research uses SIEM tools, namely ELK Stack, and three IDS tools, namely Wazuh, Zeek and Suricata. The three IDSs are integrated with the SIEM tool to increase the effectiveness of the security system. The results show that the developed integration design tool is able to detect attack types based on evasion techniques. In addition, the log data from the detection is successfully visualised on the ELK Stack real-time dashboard, making it easy for users to understand and analyse attacks.
No copy data
No other version available