IMPLEMENTASI SISTEM KEAMANAN JARINGAN MENGGUNAKAN SURICATA DAN NTOPNG

Masalah keamanan jaringan semakin menjadi perhatian dikarenakan perkembangan teknologi informasi yang semakin cepat. Hal ini membuat seseorang secara ilegal untuk masuk ke dalam sistem dan membuat lumpuh sistem tersebut. Selain itu, adanya celah dan tidak adanya sistem keamanan yang melindungi sistem menjadikan sistem rentan terhadap serangan. Oleh karena itu, pada Tugas Akhir ini dibuatlah sebuah sistem kemanan dengan menggunakan Suricata sebagai Network Intrusion Detection System (NIDS) dan Ntopng sebagai alat untuk me-monitoring jaringan hingga ke layer-7. Dengan fokus pada serangan Denial of Services (DoS), maka akan dilihat perbandingan antara kedua aplikasi tersebut dalam menangani serangan DoS. Dari hasil penelitian ini, berdasarkan rule Suricata yang penulis buat, penulis berhasil mendeteksi semua serangan yang diujicobakan. Sedangkan pada rule default pada Ntopng, penulis hanya mampu mengidentifikasi jenis serangan DoS berupa SYN flood. Untuk serangan DoS dengan tujuan website server, pada bagian akurasinya, rule Suricata yang penulis buat lebih unggul daripada rule default pada Ntopng untuk aplikasi LOIC sebesar 52,70%, sedangkan untuk aplikasi Hping3 sebesar 48,80%, dan aplikasi GoldenEye sebesar 52,84%. Sedangkan untuk serangan DoS dengan tujuan FTP server, pada bagian akurasinya, rule Suricata yang penulis buat juga lebih unggul daripada rule default pada Ntopng untuk aplikasi LOIC sebesar 52,30%, sedangkan untuk aplikasi Hping3 sebesar 59,97%. Sehingga ada perbedaan jauh antara persentase akurasi, precision rate, dan recall rate dari Suricata dan Ntopng yaitu Suricata lebih unggul dalam ketepatan akurasi rule-nya dalam mendeteksi serangan DoS

Evaluating IP Blacklists Effectiveness

IP blacklists are widely used to increase network security by preventing communications with peers that have been marked as malicious. There are several commercial offerings as well as several free-of-charge blacklists maintained by volunteers on the web. Despite their wide adoption, the effectiveness of the different IP blacklists in real-world scenarios is still not clear. In this paper, we conduct a large-scale network monitoring study which provides insightful findings regarding the effectiveness of blacklists. The results collected over several hundred thousand IP hosts belonging to three distinct large production networks highlight that blacklists are often tuned for precision, with the result that many malicious activities, such as scanning, are completely undetected. The proposed instrumentation approach to detect IP scanning and suspicious activities is implemented with home-grown and open-source software. Our tools enable the creation of blacklists without the security risks posed by the deployment of honeypots

Deep Learning Enhanced Visulization Tool For Network Monitroing

In this era of web technology driven by social networks, cloud computing, big data, and E-business, technology is also rapidly evolving. Most of the information is stored and managed via the Internet. With an increase in these development tools and techniques, cyber-crime is constantly increasing. The level of damage these attacks cause to the system affects the organizations to the core. Contemporary Deep Learning and Machine Learning technologies have become the popular choice of intrusion detection systems for the detection and prediction of cyber-attack. Similarly, cyber-security visualization is also an integral and essential part of monitoring network traffic and optimization. Abundant work has already been done to detect attacks, but monitoring these attacks still appears as elusive as detection for cyber analysts. However, the current open-source visualization tool has not been integrated with Deep Learning models to gain intelligence on the network. While many researchers [3] are already working on cyber-attack defense mechanisms, this research also takes advantage of Deep Learning and Machine Learning technologies to contribute to the work against such crimes. A novel Deep Learning enhanced visualization tool is also proposed for malicious traffic node prediction and monitoring. The proposed method exploits the intriguing properties of Deep Learning models to gain intelligence for network monitoring. A real-world DARPA dataset has been used to validate the proposed method. Index Terms—Cyber-security, data analysis, data science, darpa-dataset, decision tree, deep learning, deep neural network, DL model, ML model, network analysis tool, network monitoring tool, supervised learning, support vector machine, visualization tool

Quality of Experience monitoring and management strategies for future smart networks

One of the major driving forces of the service and network's provider market is the user's perceived service quality and expectations, which are referred to as user's Quality of Experience (QoE). It is evident that QoE is particularly critical for network providers, who are challenged with the multimedia engineering problems (e.g. processing, compression) typical of traditional networks. They need to have the right QoE monitoring and management mechanisms to have a significant impact on their budget (e.g. by reducing the users‘ churn). Moreover, due to the rapid growth of mobile networks and multimedia services, it is crucial for Internet Service Providers (ISPs) to accurately monitor and manage the QoE for the delivered services and at the same time keep the computational resources and the power consumption at low levels. The objective of this thesis is to investigate the issue of QoE monitoring and management for future networks. This research, developed during the PhD programme, aims to describe the State-of-the-Art and the concept of Virtual Probes (vProbes). Then, I proposed a QoE monitoring and management solution, two Agent-based solutions for QoE monitoring in LTE-Advanced networks, a QoE monitoring solution for multimedia services in 5G networks and an SDN-based approach for QoE management of multimedia services