ABSTRAK

Makalah ini mengimplementasikan sistem log honeypot untuk menganalisis eksploitasi dari global internet berupa kategori serangan Statistical Traffic Analysis, Top Targeted Attack Sources and Destination, Penetration Analysis dan Infection Pattern Analysis serta Intrusion Detection System (IDS). Pengelompokan level kategori serangan adalah low, medium, dan high, dengan Teknik K-Means dan menerapkan rule filtering IPTables Automation yang digunakan untuk teknik mitigasi pada perangkat farm server dan virtual router public. Hasil attribute yang di cluster mendapatkan jumlah kuadrat jarak cluster ke pusat cluster terdekat, ditimbang dengan bobot nilai μi dan persentase jumlah serangan sebesar 64% untuk kategori High, 36% medium dan Low dengan jumlah tahapan clustering sebanyak 3 tahapan iterasi untuk mendapatkan cluster yang sesuai. Iterasi hasil Rule Firewall IPTables, untuk perangkat vRouter menghasilkan history beban kerja CPU berkurang menjadi 28%, dan memory 39%. vFarm Server menunjukkan beban kerja CPU pada masing-masing vServer berkurang menjadi 43% dan Memory (RAM) menjadi menjadi 21%.

Kata kunci: Machine Learning, Cyber Security, Honeypot, K-Means, Firewall IPTables

 

ABSTRACT

This paper implements a honeypot log system to analyze exploitation of the global internet in the form of Statistical Traffic Analysis attack categories, Top Targeted Attack Sources and Destinations, Penetration Analysis and Infection Pattern Analysis and Intrusion Detection System (IDS). The grouping of attack category levels is low, medium, and high, using the K-Means technique and applying the IPTables Automation filtering rule used for mitigation techniques on server farm devices and public virtual router. The results of the clustering attribute get the mean of the squares of the cluster distance to the nearest cluster center, weighted by the weight of the μi value and the percentage of the number of attacks is 64% for the High, 36% medium and Low with a number of clustering stages of 3 iteration stages to get the appropriate cluster. Iteration of the results of the IPTables Firewall Rule, for vRouter devices, results in a history of CPU workload being reduced to 28%, and memory to 39%. vFarm Server shows the CPU workload on each vServer is reduced to 43% and RAM to 21%.

Keywords: Machine Learning, Cyber Security, Honeypot, K-Means, Firewall IPTables

Araujo, F., Taylor, T., Zhang, J., & Stoecklin, M. P. (2018). Cross-Stack Threat Sensing for Cyber Security and Resilience. Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2018 , (pp. 18–21).

Bahjat, H., Mohammed, S. N., Ahmed, W., Hamad, S., & Mohammed, S. (2020). Anomaly Based Intrusion Detection System Using Hierarchical Classification and Clustering Techniques. Proceedings - International Conference on Developments in ESystems Engineering, DeSE, 2020-December, (pp. 257–262).

Ceron, M., & Scholten, C. (n.d.). [IEEE NOMS 2020-2020 IEEE_IFIP Network Operations and Management Symposium - Budapest, Hungary (2020.4.20-2020.4.24)] NOMS 2020 - 2020 IEEE_IFIP Network Operations and Management Symposium - MikroTik Devices Lan.pdf.

Cunha, V. A., Corujo, D., Barraca, J. P., & Aguiar, R. L. (2020). Using Linux TCP connection repair for mid-session endpoint handover: A security enhancement use-case. 2020 IEEE Conference on Network Function Virtualization and Software Defined Networks, NFV-SDN 2020 - Proceedings, (pp. 174–180).

Damanik, H. A. (2020). Skema Penerapan Mekanisme SLA Dan Network Availability Untuk Customer Service Provider. Jurnal Penelitian Pos dan Informatika, 10(2), 125–44.

Damanik, H. A. (2021). Fast-Recovery and Optimization Multipath Circuit Networks Environments Using Routing Policies Different Administrative Distance and Internal BGP, 2021 4th International Seminar on Research of Information Technology and Intelligent Systems (ISRITI), Yogyakarta, Indonesia, (pp. 299-305).

Damanik, H. A. (2022). Securing Data Network for Growing Business Vpn Architectures Cellular Network Connectivity. Acta Informatica Malaysia, 6(1), 01–06.

El Kamel, N., Eddabbah, M., Lmoumen, Y., & Touahni, R. (2020). A Smart Agent Design for Cyber Security Based on Honeypot and Machine Learning. Security and Communication Networks, 2020.

Fraunholz, D., Zimmermann, M., Antón, S. D., Schneider, J., & Dieter Schotten, H. (2017). Distributed and highly-scalable WAN network attack sensing and sophisticated analysing framework based on Honeypot technology. Proceedings of the 7th International Conference Confluence 2017 on Cloud Computing, Data Science and Engineering, (pp. 416–421).

Kosseff, J. (2020). Retorsion as a Response to Ongoing Malign Cyber Operations. International Conference on Cyber Conflict, CYCON, 2020-May, (pp. 9–23).

Kashtalian, A., & Sochor, T. (2021). K-means clustering of honeynet data with unsupervised representation learning. CEUR Workshop Proceedings, 2853, (pp. 439–449).

Liao, M. L., Yu, C. L., Lai, Y. C., Chiu, S. P., Chen, J. L. (2023). An Intelligent Cyber Threat Classification System, 2023 25th International Conference on Advanced Communication Technology (ICACT), Pyeongchang, Korea, Republic of, 2023, (pp. 189-194).

Polyakov, V. V., & Lapin, S. A. (2018). Architecture of the Honeypot System for Studying Targeted Attacks. 2018 14th International Scientific-Technical Conference on Actual Problems of Electronic Instrument Engineering, APEIE 2018 - Proceedings, (pp. 202–205).

Owezarski, P. (2014). Unsupervised classification and characterization of honeypot attacks. Proceedings of the 10th International Conference on Network and Service Management, CNSM 2014, (pp. 10–18).

Rosli, N. A., Yassin, W., Faizal, M. A., & Selamat, S. R. (2019). Clustering analysis for malware behavior detection using registry data. International Journal of Advanced Computer Science and Applications, 10 (12), 93–102.

Sokol, P., Husak, M., & Liptak, F. (2015). Deploying honeypots and honeynets: Issue of privacy. Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015, (pp. 397–403).