MODELING INTRUSION DETECTION AND PREVENTION SYSTEM TO DETECT AND PREVENT NETWORK ATTACKS USING WAZUH
Abstract
The rapid development of technology has a positive impact on society. The internet can be easily accessed anytime and anywhere, but with the advancement of internet technology, there are many threats lurking in the security of its users. Criminal activities in the digital world are referred to as cybercrime. Numerous cases of cybercrime have occurred worldwide, ranging from attacks that can disable servers to data theft and illegal access. It is noted that more than 50% of companies do not have a plan to respond to these cybercrimes. This is due to various factors, one of which is the limited availability of freely accessible and easily configurable network security platforms for all users. Therefore, this research aims to provide a solution in the form of an open-source-based Intrusion Detection and Prevention System (IDPS) that can be freely distributed and easily configured, one of which is Wazuh. The study uses the Cisco PPDIOO approach in developing a virtual lab with various scenarios for testing and measuring the Quality of Services (QoS) of Wazuh's performance. From the created test scenarios, Wazuh can detect attacks from both inside and outside the network. Wazuh has proven to be capable of detecting and preventing various types of network attacks and features that can facilitate users in responding to cybercrime, making it a potential solution for organizations that have not planned to respond to cybercrime.
Downloads
References
Z. Tie, “A mobile agent-based system for server resource monitoring,” Cybernetics and Information Technologies, vol. 13, no. 4, pp. 104–117, 2013, doi: 10.2478/cait-2013-0057.
A. Raharjo, R. W. Bintoro, N. A. Tri Utami, and M. Suzuki, “The Legal Policy of Criminal Justice Bureaucracy Cybercrime,” BESTUUR, vol. 10, no. 2, p. 105, Dec. 2022, doi: 10.20961/bestuur.v10i2.64498.
C. Sirois, “New McAfee Report Estimates Global Cybercrime Losses to Exceed $1 Trillion.” [Online]. Available: https://bit.ly/3imW1jv
Iskandar, “Situs Pemantauan Virus Corona DKI Jakarta Sempat Kena Serangan DDoS, Warganet Murka.” [Online]. Available: https://bit.ly/3GV5qbh
W. K. Pertiwi, “BPJS Kesehatan Akui Ada Kemungkinan Peretasan Data 279 Juta Warga RI.” [Online]. Available: https://bit.ly/3VZVdPg
P. Stavroulakis and M. Stamp, Handbook of Information and Communication Security. Berlin, Heidelberg: Springer Berlin Heidelberg, 2010. doi: 10.1007/978-3-642-04117-4.
A. L. Imoize, T. Oyedare, M. E. Otuokere, and S. Shetty, “Software Intrusion Detection Evaluation System: A Cost-Based Evaluation of Intrusion Detection Capability,” Communications and Network, vol. 10, no. 04, pp. 211–229, 2018, doi: 10.4236/cn.2018.104017.
H. Sjölinder and O. Carlsson, “Open Source Software Licenses Impact on Businesses,” 2023. [Online]. Available: www.bth.se
S. N. Kumar, “Review on Network Security and Cryptography,” International Transaction of Electrical and Computer Engineers System, vol. 3, no. 1, pp. 1–11, 2015, doi: 10.12691/iteces-3-1-1.
M. Syafrizal, “ISO 17799: Standar Sistem Manajemen Keamanan Informasi,” 2007.
R. Ali, A. Ali, F. Iqbal, M. Hussain, and F. Ullah, “Deep Learning Methods for Malware and Intrusion Detection: A Systematic Literature Review,” Security and Communication Networks, vol. 2022. Hindawi Limited, 2022. doi: 10.1155/2022/2959222.
P. Maniriho, A. N. Mahmood, and M. J. M. Chowdhury, “A systematic literature review on Windows malware detection: Techniques, research issues, and future directions,” Journal of Systems and Software, vol. 209, p. 111921, Mar. 2024, doi: 10.1016/j.jss.2023.111921.
N. N. Abdulla and R. K. Hasoun, “Review of Detection Denial of Service Attacks using Machine Learning through Ensemble Learning,” Iraqi Journal for Computers and Informatics, vol. 48, no. 1, pp. 13–20, 2022.
A. Cheema, M. Tariq, A. Hafiz, M. M. Khan, F. Ahmad, and M. Anwar, “Prevention Techniques against Distributed Denial of Service Attacks in Heterogeneous Networks: A Systematic Review,” Security and Communication Networks, vol. 2022. Hindawi Limited, 2022. doi: 10.1155/2022/8379532.
A. Alazzawi, “SQL INJECTION DETECTION USING RNN DEEP LEARNING MODEL,” Journal of Applied Engineering and Technological Science, vol. 5, no. 1, pp. 531–541, 2023.
G. Kostopoulos, Cyberspace and Cybersecurity, vol. Second edition. Boca Raton, Florida: Auerbach Publications, 2017. [Online]. Available: http://e-resources.perpusnas.go.id:2048/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=nlebk&AN=1620732&site=eds-live
Wazuh Documentation, “Getting Started.” Accessed: Jan. 09, 2024. [Online]. Available: https://documentation.wazuh.com/4.2/getting-started/index.html
Wazuh Documentation, “Wazuh Components.” Accessed: Jan. 09, 2024. [Online]. Available: https://documentation.wazuh.com/4.3/getting-started/components/index.html
T. Ernawati and F. Rachmat, “Keamanan Jaringan dengan Cowrie Honeypot dan Snort Inline-Mode sebagai Intrusion Prevention System,” Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi), vol. 5, no. 1, pp. 180–186, Feb. 2021, doi: 10.29207/resti.v5i1.2825.
Harahap A and Hutrianto, “INTRUSION DETECTION AND ANOMALY MENGGUNAKAN WAZUH PADA UNIVERSITAS MUHAMMADIYAH PALEMBANG,” Bina Darma Conference on Computer Science, pp. 324–328, Nov. 2021.
M. S. S. Husain, L. Fid Aksara, and N. Ransi, “IMPLEMENTASI KEAMANAN SERVER PADA JARINGAN WIRELESS MENGGUNAKAN METODE INTRUSION DETECTION AND PREVENTION SYSTEM (IDPS) (STUDI KASUS : TECHNO’S STUDIO),” semanTIK, vol. 4, no. 2, pp. 11–20, 2018, doi: 10.5281/zenodo.1407864.
N. S. S. Yomo, A. Z. Mardiansyah, and I. W. A. Arimbawa, “Deteksi Serangan SQL Injection Menggunakan Security Information and Event Management (SIEM) Wazuh (Sudi Kasus: Sistem Informasi Akademik Universitas Mataram),” 2023.
M. D. Pratama, F. Nova, and D. Prayama, “Wazuh sebagai Log Event Management dan Deteksi Celah Keamanan pada Server dari Serangan Dos,” JITSI : Jurnal Ilmiah Teknologi Sistem Informasi, vol. 3, no. 1, pp. 1–7, Mar. 2022, doi: 10.30630/jitsi.3.1.59.
Verawati, “Merancang dan Membangun Jaringan VLAN Dengan Metode RIP pada Dinas Sosial dan Tenaga Kerja Menggunakan Cisco Router,” Jurnal Cendikia, vol. 12, no. 1, pp. 23–30, Apr. 2016.
StatCounter, “Desktop Operating System Market Share Worldwide 2021 - 2023.” Accessed: Jan. 25, 2024. [Online]. Available: https://gs.statcounter.com/os-market-share/desktop/worldwide/#yearly-2021-2023-bar
F. I. Tampati, F. G. Setyawan, W. W. Sejati, and A. R. Kardian, “Analisis Perbandingan Performa CPU pada Sistem Operasi FreeBSD 64-bit dan RedHat Linux 64-bit terhadap Serangan Denial of Service (DoS) Menggunakan Hping3,” CESS (Journal of Computing Engineering, System and Science), vol. 8, no. 1, pp. 209–219, 2023, [Online]. Available: www.jurnal.unimed.ac.id
Y. Singh, P. Singh, G. Sinha, and G. Sinha, “Footprinting Using Nmap,” Journal of Informatics Electrical and Electronics Engineer-ing, vol. 03, pp. 1–15, 2022, doi: 10.54060/JIEEE/003.
P. Wulandari, S. Soim, and M. Rose, “MONITORING DAN ANALISIS QOS (QUALITY OF SERVICE) JARINGAN INTERNET PADA GEDUNG KPA POLITEKNIK NEGERI SRIWIJAYA DENGAN METODE DRIVE TEST,” Prosiding SNATIF Ke-4 Tahun 2017, 2017.
ETSI, “Telecommunications and Internet Protocol Harmonization Over Networks (TIPHON); General aspects of Quality of Service (QoS),” 1999. [Online]. Available: http://www.etsi.org
W. Graniszewski and A. Arciszewski, “Performance analysis of selected hypervisors (Virtual Machine Monitors-VMMs),” International Journal of Electronics and Telecommunications, vol. 62, no. 3, pp. 231–236, Sep. 2016, doi: 10.1515/eletel-2016-0031.
Copyright (c) 2025 Otniel Dewangga Divan Pramudya, Puspanda Hatta, Cucuk Wawan Budiyanto
This work is licensed under a Creative Commons Attribution 4.0 International License.
