Analisis dan Mitigasi Kerentanan DDoS pada Infrastuktur Jaringan dengan Teknik Hierarchical Clustering dan Firewall IPTables

Abstract

Network Security infrastructure including routers and server devices, which are connected directly to the global internet has become an important issue along with the increase in internet communications in maintaining the confidentiality, integrity and availability of digital communications. The most challenging problem is the network infrastructure for exploiting a monoculture of routers and servers and detecting Distributed Denial-of-Service (DDoS) attacks. This research aims to combine analysis and mitigation techniques with Hierarchical Clustering single linkage, complete linkage, average linkage and ward linkage as well as IPTables firewall filtering mitigation measures, to analyze DDoS logging data on NIDS suricata, with low, medium and high severity levels exploited from the network public. Clusteirng single linkage deployments produces cluster 3 with a DDoS logging intensity level of high severity, on the TCP Sync Flood protocol type. Cluster 3 shows high severity for the source IP address. The complete linkage clustering technique also provides significant results with a large number of potential DDoS logging, found in cluster 1 and cluster 2. The results of the average linkage distribution show a group with a low average severity level for DDoS. The Ward linkage clustering produces a more uniform group of attributes for each n_clusters 1 to cluster 6. Implementation of mitigation techniques with IPSet and firewall scripting IP Tables provides positive results in reducing the workload of router and vServer devices when facing DDoS attacks. After convergence, the running status resulted in the workload of vCPU resources experiencing a decrease in the percentage of vCPU vR1 by 10%, vCPU vR2 by 9% and memory by 11%.Keamanan infrastruktur jaringan termasuk perangkat router dan server, yang terhubung langsung ke global internet telah menjadi masalah penting seiring dengan meningkatnya komunikasi internet dalam menjaga kerahasiaan, integritas dan ketersediaan komunikasi digital. Masalah paling krusial merupakan infrastruktur jaringan untuk monokultur perangkat router dan server yang diekspolitasi dan mendeteksi serangan Distributed Denial-of-Service (DDoS). Penelitian ini bertujuan menggabungkan teknik analisis dan mitigasi dengan Hierarchical Clustering single linkage, complete linkage, average linkage dan ward linkage serta tindakan mitigasi filtering firewall IPTables, untuk menganalisis data logging DDoS pada suricata NIDS, dengan severity level low, medium dan high yang dieksploitasi dari jaringan public. Pengelompokan penyebaran single linkage menghasilkan cluster 3 dengan tingkat intensitas logging DDoS dengan severity high, pada tipe protocol TCP Sync Flood. Cluster 3 menghasilkan severity high source IP address. Clustering complete linkage menghasilkan potensi high logging DDoS, terdapat pada cluster 1 dan cluster 2. Hasil penyebaran average linkage menunjukkan kelompok dengan severity level average low untuk DDoS. Teknik Ward linkage menghasilkan kelompok yang lebih seragam pada atribut pada setiap n_clusters 1 sampai cluster 6. Implementasi teknik mitigasi dengan IPSet dan firewall scripting IP Tables memberikan hasil positif dalam mengurangi beban kerja perangkat router dan vServer saat menghadapi serangan DDoS. Setelah konvergensi status running menghasilkan beban kerja dari sumber daya vCPU mengalami penuruan persentasi vCPU vR1 10%, vCPU vR2 9% dan memory 11%.