Analisis dan Implementasi Honeypot Honeyd Sebagai Low Interaction Terhadap Serangan Distributed Denial Of Service (DDOS) dan Malware

Ubaidillah Ubaidillah; Taswanda Taryo; Achmad Hindasyah

doi:10.35746/jtim.v5i3.405

Ubaidillah Ubaidillah Universitas Pamulang
Taswanda Taryo Universitas Pamulang
Achmad Hindasyah Universitas Pamulang

DOI: https://doi.org/10.35746/jtim.v5i3.405

Keywords: Network Security, Honeypot, Honeyd, DDOS attack, Malware

Abstract

Every computer device connected to a wide computer network is vulnerable to security risks. These threats encompass vulnerabilities to data, information, resources, and services within the system. These threats include intrusion, eavesdropping, theft of vital data, as well as damage to the network system. These actions are carried out by parties who are not accountable, commonly referred to as intruders or attackers. One method to prevent or anticipate these malicious actions is by utilizing the honeyd Honeypot technique. The honeyd Honeypot adopts a low-interaction approach, which involves indirect interaction with attackers. This Honeypot serves as a decoy or simulated server intentionally presented as a target for attacks. The purpose of this Honeypot is to detect and analyze ongoing attacks. In this research, the honeyd Honeypot is implemented as a simulated server resembling an authentic server. This server provides various services and opens several ports deliberately prepared as attack targets, such as Port 139, and Port 21.The results of this research unveil the existence of attacks. Signs of these attacks include a surge in network traffic, reaching up to 100 Megabits above the normal level. Another indicator is a sudden spike in CPU usage, reaching 100%. The activities of these attacks can be analyzed through the installed Wireshark application on the Honeypot server. Information obtained from this analysis encompasses details about the attacker's activities, enabling more effective preventive, anticipatory, and corrective measures. These steps encompass securing the server, network system, and existing services.

Downloads

Download data is not yet available.

References

K. Elviani, “ANALISA DAN IMPLEMENTASI HONEYPOT HONEYD PADA JARINGAN WIRELESS DI FAKULTAS TEKNIK UNIVERSITAS ISLAM KUANTAN SINGINGI,” vol. 4, no. February, p. 6, 2021.

R. Hildha Hassan and S. Juli Irzal Ismail, “Implementasi Honeypot Dengan Metode Honeytrap,” e-Proceeding Appl. Sci., vol. 6, no. 2, p. 1960, 2020.

V. A. Manoppo, A. S. . Lumenta, and S. D. . Karouw, “Analisa Malware Menggunakan Metode Dynamic Analysis Pada Jaringan Universitas Sam Ratulangi,” J. Tek. Elektro Dan Komput., vol. 9, no. 3, pp. 181–188, 2020.

N. Bhagat and B. Arora, “Intrusion detection using Honeypots,” PDGC 2018 - 2018 5th Int. Conf. Parallel, Distrib. Grid Comput., pp. 412–417, 2018, doi: 10.1109/PDGC.2018.8745761.

D. K. NURILAHI, R. MUNADI, S. SYAHRIAL, and A. BAHRI, “Penerapan Metode Naïve Bayes pada Honeypot Dionaea dalam Mendeteksi Serangan Port Scanning,” ELKOMIKA J. Tek. Energi Elektr. Tek. Telekomun. Tek. Elektron., vol. 10, no. 2, p. 309, 2022, doi: 10.26760/elkomika.v10i2.309.

W. A. Sulaksono and C. E. Suharyanto, “Implementasi Honeypot Sebagai Sistem Keamanan Jaringan Pada Virtual Private Server,” InfoTekJar J. Nas. Inform. dan Teknol. Jar., vol. 5, no. 1, pp. 90–95, 2020.

A. Z. Mardiansyah, Y. M. Abdussyakur, and A. H. Jatmika, “OPTIMASI PORT KNOCKING DAN HONEYPOT MENGGUNAKAN IPTABLES SEBAGAI KEAMANAN JARINGAN PADA SERVER (Port Knocking and Honeypot Opti-mization using IPTables for Serverrs Network Security ),” vol. 3, no. 2, 2021, [Online]. Available: http://jtika.if.unram.ac.id/index.php/JTIKA/

D. P. Agustino, Y. Priyoatmojo, and N. W. W. Safitri, “Implementasi Honeypot Sebagai Pendeteksi Serangan dan Melindungi Layanan Cloud Computing,” Konf. Nas. Sist. Inform. 2017, pp. 196–201, 2017.

I. A. Romadhan, S. Syaifudin, and D. R. Akbi, “Implementasi Multiple Honeypot pada Raspberry Pi dan Visualisasi Log Honeypot Menggunakan ELK Stack,” J. Repos., vol. 2, no. 4, pp. 475–484, 2020, doi: 10.22219/repositor.v2i4.114.

A. Akhriana and A. Irmayana, “Web App Pendeteksi Jenis Serangan Jaringan Komputer Dengan Memanfaatkan Snort Dan Log Honeypot,” CCIT J., vol. 12, no. 1, pp. 85–96, 2019, doi: 10.33050/ccit.v12i1.604.

J. K. Barends, F. Dewanta, N. Bogi, and A. Karna, “Perancangan dan Analisis Intrusion Prevention Sistem Berbasis SNORT dan IPTABLES dengan Integrasi Honeypot pada Arsitektur Software Defined Network,” vol. 7, no. 2, p. 163, 2021.

N. Arkaan and D. V. S. Y. Sakti, “Implementasi Low Interaction Honeypot Untuk Analisa Serangan Pada Protokol SSH,” J. Nas. Teknol. dan Sist. Inf., vol. 5, no. 2, pp. 112–120, 2019, doi: 10.25077/teknosi.v5i2.2019.112-120.

N. Fitriana and F. N. Khasanah, “Honeypot Menggunakan Honeyd Sebagai Solusi Keamanan Jaringan Dari Aktivitas Serangan,” Bina Insa. Ict J., vol. 5, no. 2, pp. 143–152, 2018.

R. Fauzi, Y. Muhyidin, and D. Singasatia, “Sistem Keamanan Jaringan Komputer Berbasis Teknik Intrusion Detection System ( IDS ) Untuk Mendeteksi Serangan Distrubuted Denial Of Service ( DDOS ),” vol. 7, pp. 72–86, 2023.

A. Aminanto and W. Sulistyo, “Simulasi Sistem Keamanan Jaringan Komputer Berbasis IPS Snort dan Honeypot Ar-tilery,” Aiti, vol. 16, no. 2, pp. 135–150, 2020, doi: 10.24246/aiti.v16i2.135-150.