Analisis Performa Network Intrusion Detection System (Nids) Menggunakan Metode Signature Based dalam Mendeteksi Serangan Denial Of Service (Dos) Berbasis Udp Flooding

Cloud computing telah menjadi tren teknologi yang digunakan oleh berbagai kalangan terutama para pelaku startup dan Perusahaan besar. Beberapa kelebihan yang ditawarkan cloud computing seperti kemudahan untuk membuat layanan cloud sendiri, hemat biaya infrastruktur dan fleksibel dalam menambah atau mengurangi kapasitas layanan sesuai dengan kebutuhan. Terlepas dari kelebihan-kelebihan tersebut, aspek keamanan cloud computing menjadi salah satu faktor yang harus diperhatikan oleh Perusahaan. Penggunaan antivirus dan firewall belum menjamin sistem cloud sepenuhnya aman. Selain itu keterbatasan administrator dalam memonitor traffic dan serangan di seluruh bagian jaringan cloud menjadi kendala dalam pengelolaan cloud computing. Salah satu solusi untuk meningkatkan keamanan jaringan, memonitor serta mengawasi traffic serangan pada cloud computing adalah Network-based Intrusion Detection System (NIDS). NIDS merupakan salah satu jenis Intrusion Detection System (IDS) yang dapat melakukan pemantauan terhadap serangan serta traffic pada seluruh bagian jaringan. Signature based adalah salah satu metode yang dapat digunakan NIDS dalam mengidentifikasi setiap paket data yang keluar dan masuk ke jaringan. Pada penelitian ini, penulis melakukan uji performa NIDS dengan metode Signature Based dalam mendeteksi serangan DoS berbasis UDP Flooding. Penelitian ini juga melakukan analisis terhadap hasil dan evaluasi performa NIDS untuk mengetahui kinerja diterapkannya NIDS dan keakuratan NIDS dalam mengklasifikasikan serangan. Kata Kunci : IDS, Network Intrusion Detection System, NIDS, Cloud Computing, Signature Based Nowadays, cloud computing has become a new trend technology used in various areas, especially in startup and big companies. Cloud computing offers some advantages such as the easiness to create their own cloud services, cost-effective infrastructure and flexible to increase or decrease the capacity of the service in accordance with the requirements. Apart from these advantages, the security aspects of cloud computing is becoming one of the factors that must be considered by the company. The use of antivirus and firewall doesn't guarantee the cloud system is fully secure. Besides that, the limitation of administrator to monitor traffic and attacks throughout the cloud network become a constraint in cloud computing management. One solution to improve network security, traffic monitoring and overseeing attacks on cloud computing using Network-based Intrusion Detection System (NIDS). NIDS is one type of Intrusion Detection System (IDS) which can monitor the attacks and traffic throughout the network. Signature Based is one method that can be used NIDS to identify each packet of data in or out to the network. In this research, the author conducted performances test NIDS with Signature Based method based on UDP Flooding. This research also perform conducted analysis of the result and performance evaluation of NIDS on cloud computing. The aim to determine the performance of NIDS and the accuracy of NIDS in classifying attacks. Kata Kunci : IDS, Network Intrusion Detection System, NIDS, Cloud Computing, Signature Based DAFTAR PUSTAKA R. Eka, “Tren Penggunaan Teknologi Cloud Di Kalangan UKM Indonesia Terus Bertumbuh,” Korpora.net, 7 Februari 2015. [Online]. Available: http://www.korpora.net/post/tren-penggunaan-teknologi-cloud-di-kalangan-ukm-Indonesia-terus-bertumbuh/. [Diakses 15 Februari 2015]. J. Enterprise, “Jenis Layanan Cloud Computing,” dalam Trik Mengoperasikan PC Tanpa Software, Jakarta, PT Elex Media Komputindo, 2010, p. 3. Deliusno, “Cloud Computing Cocok untuk Startup,” Kompas Tekno, 5 Oktober 2012. [Online]. Available: http://tekno.kompas.com/read/2012/10/05/18554681/quotcloud.computing.cocok.untuk.startupquot. [Diakses 20 Februari 2015]. Omegasoft, “Keuntungan Cloud Computing bagi Perusahaan dan Individu,” 18 Maret 2014. [Online]. Available: http://omegasoft.co.id/2014/03/18/2001/keuntungan-cloud-computing-bagi-Perusahaan-dan-individu/. [Diakses 4 Maret 2015]. A. S. Pillai dan L. Swasthimathi, “A Study On Open Source Cloud Computing Platforms,” EXCEL International Journal of Multidisciplinary Management Studies, vol. 2, no. 7, pp. 31-40, 2012. O. Sefraoui, M. Aissaoui dan M. Eleuldj, “ Applications OpenStack: Toward an Open-Source Solution for Cloud Computing,” International Journal of Computer, vol. 55, no. 3, pp. 38-42, 2012. Z. Tan, U. T. Nagar, X. He, P. Nanda, R. P. Liu, S. Wang dan J. Hu, “Enhancing Big Data Security with Collaborative Intrusion Detection,” IEEE Cloud Computing, pp. 27-33, 2014. R. A. Wibowo, “Analisis Dan Implementasi IDS Menggunakan Snort,” (Skripsi), 2014. L. Putri, “Implementasi Intrusion Detection System (IDS) Menggunakan Snort Pada Jaringan Wireless (Studi Kasus : SMK Triguna Ciputat),” (Skripsi), 2011. J. T. Rodfoss, “Comparison of Open Source Network Intrusion Detection Systems,” p. 2011. M. Pihelgas, “A Comparative Analysis of Opensource Intrusion Detection Systems,” 2012. V. Kumar dan O. P. Sangwan, “Signature Based Intrusion Detection System using SNORT,” International Journal of Computer Applications & Information Technology, vol. I, no. III, pp. 35-41, 2012. R. U. Rehman, Intrusion Detection Systems with Snort - Advanced IDS Techniques Using Snort, Apache, MySQL, PHP, and ACID, New Jersey: Prentice Hall PTR, 2003. Sukirmanto, “Rancang Bangun dan Implementasi Keamanan Jaringan Komputer Menggunakan Metode Intrusion Detection System (IDS) pada SMP ISLAM TERPADU PAPB,” 2012. P. Mell dan T. Grance, “The NIST Definition of Cloud Computing,” Computer Security, 2011. D. Rani dan R. K. Ranjan, “Comparative Study of SaaS, PaaS and IaaS in Cloud Computing,” International Journal of Advanced Research in Computer Science and Software Engineering Research, vol. 4, no. 6, pp. 158-161, 2014. Alex, “Apa itu Public Cloud, Private Cloud dan Hybrid Cloud?,” 28 April 2012. [Online]. Available: http://www.cloudindonesia.or.id/apa-itu-public-cloud-private-cloud-dan-hybrid-cloud.html. [Diakses 6 Maret 2015]. S. Singh dan T. Jangwal, “Cost breakdown of public cloud computing and private cloud computing and security issues,” International Journal of Computer Science & Information Technology (IJCSIT), vol. 4, no. 2, pp. 17-31, 2012. E. Kurniawan, “Perbandingan antara private & public cloud computing,” 27 September 2013. [Online]. Available: http://www.ekurniawan.net/it-articles/internet/159-perbandingan-antara-private-a-public-cloud-computing.html. [Diakses 20 February 2015]. A. Sehgal, “Introduction to OpenStack - Running a Cloud Computing Infrastructure with OpenStack,” dalam 6th International Conference on Autonomous Infrastructure, Management and Security, 2012. OpenStack, “About OpenStack,” 2015. [Online]. Available: http://www.openstack.org/. [Diakses 22 Februari 2015]. OpenStack, “OpenStack Compute,” 2015. [Online]. Available: http://www.openstack.org/software/openstack-compute/. [Diakses 22 Februari 2015]. OpenStack, “OpenStack Network,” 2015. [Online]. Available: http://www.openstack.org/software/openstack-networking/. [Diakses 22 Februari 2015]. R. Alvianus, “OpenStack Overview,” 25 Januari 2015. [Online]. Available: http://alvianus.com/2015/01/25/openstack-overview/. [Diakses 22 Februari 2015]. OpenStack, “Chapter 1. Get started with OpenStack,” 2015. [Online]. Available: http://docs.openstack.org/admin-guide-cloud/content/ch_getting-started-with-openstack.html. [Diakses 22 Februari 2015]. R. Alvianus, “Instalasi OpenStack Menggunakan Devstack,” 13 Jannuari 2015. [Online]. Available: http://alvianus.com/2015/01/13/instalasi-openstack-menggunakan-devstack/. [Diakses 25 Februari 2015]. K. Scarfone dan P. Mell, “Guide to Intrusion Detection and Prevention Systems (IDPS),” 2007. I. Susanto, “Penerapan Easy Intrusion Detection System (EASYIDS) Sebagai Pemberi Peringatan Dini Kepada Administrator Sistem Jaringan,” 2010. D. Ariyus, Intrusion Detection System, Sistem Pendeteksi Penyusup Pada Jaringan Komputer, Yogyakarta: Penerbit Andi, 2007. P. K. Shelke, S. Sontakke dan A. D. Gawande, “Intrusion Detection System for Cloud Computing,” International Journal of Scientific & Technology Research, vol. I, no. 4, 2012. Snorby, “Ruby On Rails Application For Network Security Monitoring,” 2015. [Online]. Available: https://www.snorby.org/. [Diakses 27 Februari 2015]. R. B. Adi, “Keamanan Jaringan Menggunakan SNORT,” Kompasiana, 10 July 2013. [Online]. Available: http://teknologi.kompasiana.com/terapan/2013/07/10/keamanan-jaringan-menggunakan-snort-575520.html. [Diakses 26 Februari 2015]. G. L. Indonesia, “GPL,” 20 Juni 2013. [Online]. Available: http://gudanglinux.com/glossary/gpl/. [Diakses 6 Maret 2015]. Snort, “Oikcodes,” 2015. [Online]. Available: https://www.snort.org/oinkcodes. [Diakses 27 Februari 2015]. Professionals, “Module 10: Denial-of-Service,” dalam Ethical Hacking and Countermeasures v8, EC-Council, p. 1403. T. Gunasekhar, K. T. Rao, P. Saikiran dan P. V. Lakshmi, “A Survey on Denial of Service Attack,” International Journal of Computer Science and Information Technologies, vol. 5, no. 2, pp. 2373-2376, 2014. M. Kusumawati, “Implementasi IDS (Intrusion Detection System) Serta Monitoring Jaringan Dengan Interface Web Berbasis BASE Pada Jaringan,” 2010. P. Shankdhar, “DOS Attacks and Free DOS Attacking Tools,” Infosec Institute, 29 Oktober 2013. [Online]. Available: http://resources.infosecinstitute.com/dos-attacks-free-dos-attacking-tools/. [Diakses 24 Maret 2015]. J. Ellingwood, “How To Use Top, Netstat, Du, & Other Tools to Monitor Server Resources,” DigitalOcean Inc, 28 Agustus 2013. [Online]. Available: https://www.digitalocean.com/community/tutorials/how-to-use-top-netstat-du-other-tools-to-monitor-server-resources. [Diakses 29 Mei 2015]. “top – display tasks and system status in Unix,” UNIX TUTORIAL COMMUNITY, [Online]. Available: http://www.unixtutorial.org/commands/top/. [Diakses 29 Mei 2015]. S. Pillai, “Linux iptraf and iftop: Monitor,Analyse Network Traffic and Bandwidth,” 25 Maret 2013. [Online]. Available: http://www.slashroot.in/linux-iptraf-and-iftop-monitor-and-analyse-network-traffic-and-bandwidth. [Diakses 25 Mei 2015]. G. Kumar, “Evaluation Metrics for Intrusion Detection Systems - A Study,” International Journal of Computer Science and Mobile Applications, vol. 2, no. 11, pp. 11-17, 2014. N. Dietrich, “Snort 2.9.7.x on Ubuntu 12 and 14 with Barnyard2, PulledPork, and BASE,” 14 January 2015. L. Xiaoming, V. Sejdini dan H. Chowdhury, “Denial of service (dos) attack with udp flood,” School of Computer Science, University of Windsor, Canada, 2010. S. M. Specht dan R. M. Lee, “Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures,” dalam Proceedings of the 17th International Conference on Parallel and Distributed Computing Systems, 2004. V. Gite, “Linux Kernel Security (SELinux vs AppArmor vs Grsecurity),” NixCraft Community, 29 Mei 2009. [Online]. Available: http://www.cyberciti.biz/tips/selinux-vs-apparmor-vs-grsecurity.html. [Diakses 05 Agustus 2015]

Technical Report on Deploying a highly secured OpenStack Cloud Infrastructure using BradStack as a Case Study

Cloud computing has emerged as a popular paradigm and an attractive model for providing a reliable distributed computing model.it is increasing attracting huge attention both in academic research and industrial initiatives. Cloud deployments are paramount for institution and organizations of all scales. The availability of a flexible, free open source cloud platform designed with no propriety software and the ability of its integration with legacy systems and third-party applications are fundamental. Open stack is a free and opensource software released under the terms of Apache license with a fragmented and distributed architecture making it highly flexible. This project was initiated and aimed at designing a secured cloud infrastructure called BradStack, which is built on OpenStack in the Computing Laboratory at the University of Bradford. In this report, we present and discuss the steps required in deploying a secured BradStack Multi-node cloud infrastructure and conducting Penetration testing on OpenStack Services to validate the effectiveness of the security controls on the BradStack platform. This report serves as a practical guideline, focusing on security and practical infrastructure related issues. It also serves as a reference for institutions looking at the possibilities of implementing a secured cloud solution.Comment: 38 pages, 19 figures

Building an Emulation Environment for Cyber Security Analyses of Complex Networked Systems

Computer networks are undergoing a phenomenal growth, driven by the rapidly increasing number of nodes constituting the networks. At the same time, the number of security threats on Internet and intranet networks is constantly growing, and the testing and experimentation of cyber defense solutions requires the availability of separate, test environments that best emulate the complexity of a real system. Such environments support the deployment and monitoring of complex mission-driven network scenarios, thus enabling the study of cyber defense strategies under real and controllable traffic and attack scenarios. In this paper, we propose a methodology that makes use of a combination of techniques of network and security assessment, and the use of cloud technologies to build an emulation environment with adjustable degree of affinity with respect to actual reference networks or planned systems. As a byproduct, starting from a specific study case, we collected a dataset consisting of complete network traces comprising benign and malicious traffic, which is feature-rich and publicly available

Master of Science in Computing

thesisCurrent Intrusion Detection Systems (IDS) in a typical enterprise or campus network are limited by having a number of static monitoring points and static IDS resources deployed. The monitoring points are typically deployed using hardware optical taps or span ports which are directly fed into the IDS. The IDS system is a compute resource requiring dedicated-server-grade hardware, and these are statically configured when installing the network for an enterprise or campus. We designed a framework for making a distributed elastic Intrusion Detection System (IDS) for a Software Defined Network (SDN) capable network, called Distributed Elastic Intrusion DeTECTion (DEIDtect). We combine the flexibility of SDN and the elastic resource usage of a cloud infrastructure with a DEIDtect orchestrating controller to achieve an elastic IDS framework. DEIDtect enables simple and more dynamic management of IDS systems. The flexibility of our approach also enables new IDS use cases and deployment strategies

Trusted Computing and Secure Virtualization in Cloud Computing

Large-scale deployment and use of cloud computing in industry is accompanied and in the same time hampered by concerns regarding protection of data handled by cloud computing providers. One of the consequences of moving data processing and storage off company premises is that organizations have less control over their infrastructure. As a result, cloud service (CS) clients must trust that the CS provider is able to protect their data and infrastructure from both external and internal attacks. Currently however, such trust can only rely on organizational processes declared by the CS provider and can not be remotely verified and validated by an external party. Enabling the CS client to verify the integrity of the host where the virtual machine instance will run, as well as to ensure that the virtual machine image has not been tampered with, are some steps towards building trust in the CS provider. Having the tools to perform such verifications prior to the launch of the VM instance allows the CS clients to decide in runtime whether certain data should be stored- or calculations should be made on the VM instance offered by the CS provider. This thesis combines three components -- trusted computing, virtualization technology and cloud computing platforms -- to address issues of trust and security in public cloud computing environments. Of the three components, virtualization technology has had the longest evolution and is a cornerstone for the realization of cloud computing. Trusted computing is a recent industry initiative that aims to implement the root of trust in a hardware component, the trusted platform module. The initiative has been formalized in a set of specifications and is currently at version 1.2. Cloud computing platforms pool virtualized computing, storage and network resources in order to serve a large number of customers customers that use a multi-tenant multiplexing model to offer on-demand self-service over broad network. Open source cloud computing platforms are, similar to trusted computing, a fairly recent technology in active development. The issue of trust in public cloud environments is addressed by examining the state of the art within cloud computing security and subsequently addressing the issues of establishing trust in the launch of a generic virtual machine in a public cloud environment. As a result, the thesis proposes a trusted launch protocol that allows CS clients to verify and ensure the integrity of the VM instance at launch time, as well as the integrity of the host where the VM instance is launched. The protocol relies on the use of Trusted Platform Module (TPM) for key generation and data protection. The TPM also plays an essential part in the integrity attestation of the VM instance host. Along with a theoretical, platform-agnostic protocol, the thesis also describes a detailed implementation design of the protocol using the OpenStack cloud computing platform. In order the verify the implementability of the proposed protocol, a prototype implementation has built using a distributed deployment of OpenStack. While the protocol covers only the trusted launch procedure using generic virtual machine images, it presents a step aimed to contribute towards the creation of a secure and trusted public cloud computing environment