NETWORK SECURITY MONITORING WITH INTRUSION DETECTION SYSTEM

Muhammad Anis  Al Hilmi; Emah  Khujaemah

doi:10.20884/1.jutif.2022.3.2.117

Muhammad Anis Al Hilmi Prodi Teknik Infromatika, Jurusan Teknik Informatika, Politeknik Negeri Indramayu, Indonesia
Emah Khujaemah Prodi Rekayasa Perangkat Lunak, Jurusan Teknik Informatika, Politeknik Negeri Indramayu, Indonesia

DOI: https://doi.org/10.20884/1.jutif.2022.3.2.117

Keywords: Intrusion Detection System, Maltrail, Network Security, Nmap, Port Scanning

Abstract

Computer network security is an issue that needs attention, along with the valuable and confidential information that passes through the network. The increasing use of networked computer systems has also led to an increase in cybercrimes worldwide, including Indonesia. The types of attacks carried out vary and go through several phases. Among the initial phases of the attack is the port scanning process. The process uses specific programs, such as Nmap (Network Mapper), to check on the target/victim side which ports are open and can be exploited for further attacks. IDS (Intrusion Detection System) is here to anticipate external attacks; IDS is used to detect suspicious activity in the system or network. This study aims to create a computer network security system that is lightweight, based on open-source, easy to set up, and can be analyzed by administrators by using Maltrail. Maltrail itself is a monitoring service used to detect dangerous traffic/traffic in a computer network, by utilizing a blacklist containing a list of dangerous or suspicious elements/sources. This study describes the stages of Maltrail installation and how Maltrail can detect the suspicious network, in this case, the port scanning business using Nmap. As a result, Maltrail can be relied on to log and notify network administrators of illegal system entry attempts/intrusions when there is a port scanning process from outside. Thus, it is hoped that with the existence of IDS, handling of an attack can be carried out earlier and prevent fatal consequences.

Downloads

Download data is not yet available.

References

K. A. CAHYANTO, M. A. AL HILMI, and M. MUSTAMIIN, ‘Pengujian Rule-Based pada Dataset Log Server Menggunakan Support Vector Machine Berbasis Linear Discriminat Analysis untuk Deteksi Malicious Activity’, Jurnal Teknologi Informasi dan Ilmu Komputer, vol. 9, no. 2, 2021.

J. Gondohanindijo, ‘Sistem Untuk Mendeteksi Adanya Penyusup (IDS: Intrusion Detection System)’, Majalah Ilmiah INFORMATIKA, vol. 2, no. 2, 2011.

M. Stampar, M. Kasimov, ‘Maltrail; Malicious traffic detection system’, 2016. https://github.com/stamparm/maltrail.

V. Siahaan and R. H. Sianipar, Konsep dan Implementasi Pemrograman Python. SPARTA PUBLISHING|, 2019.

J. M. Ortega, Mastering Python for Networking and Security. Packt Publishing, 2018.

G. A. Sandag, J. Leopold, and V. F. Ong, ‘Klasifikasi Malicious Websites Menggunakan Algoritma K-NN Berdasarkan Application Layers dan Network Characteristics’, CogITo Smart Journal, vol. 4, no. 1, pp. 37–45, 2018.

E. Mulyana and O. W. Purbo, ‘Firewall: Sekuriti Internet’, Computer Network Research Group, ITB, Bandung, 2000.

H. Hudzaifah, A. Sularsa, and D. R. Suchendra, ‘Membangun Sistem Monitoring Malicious Traffic Di Jaringan Dengan Maltrail’, eProceedings of Applied Science, vol. 4, no. 3, 2018.

M. A. A. Hilmi, Superlab cybersecurity : pengantar keamanan komputer dengan praktikum. Manggu Makmur Tanjung Lestari, 2021.

M. Shah, S. Ahmed, K. Saeed, M. Junaid, H. Khan and Ata-ur-rehman, "Penetration Testing Active Reconnaissance Phase – Optimized Port Scanning With Nmap Tool," 2019 2nd International Conference on Computing, Mathematics and Engineering Technologies (iCoMET), 2019, pp. 1-6, doi: 10.1109/ICOMET.2019.8673520.

S. K. Patel and A. Sonker, "Internet Protocol Identification Number Based Ideal Stealth Port Scan Detection Using Snort," 2016 8th International Conference on Computational Intelligence and Communication Networks (CICN), 2016, pp. 422-427, doi: 10.1109/CICN.2016.89.

R. R. Rohrmann, V. J. Ercolani and M. W. Patton, "Large scale port scanning through tor using parallel Nmap scans to scan large portions of the IPv4 range," 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), 2017, pp. 185-187, doi: 10.1109/ISI.2017.8004906.

A. Borkar, A. Donode and A. Kumari, "A survey on Intrusion Detection System (IDS) and Internal Intrusion Detection and protection system (IIDPS)," 2017 International Conference on Inventive Computing and Informatics (ICICI), 2017, pp. 949-953, doi: 10.1109/ICICI.2017.8365277.

K. A. Cahyanto, M. A. A. Hilmi, M. Mustamiin, and N. Qonita, Deteksi Intrusi Menggunakan Python: Implementasi Machine Learning untuk Analisis Keamanan Server. Penerbit Manggu Makmur Tanjung Lestari, 2020.

A. Katkar, S. Shukla, D. Shaikh and P. Dange, "Malware Intrusion Detection For System Security," 2021 International Conference on Communication information and Computing Technology (ICCICT), 2021, pp. 1-5, doi: 10.1109/ICCICT50803.2021.9510161.