Pola Pengelompokan dan Pencegahan Public Honeypot menggunakan Teknik K-Means dan Automation Shell-Script

HILLMAN AKHYAR DAMANIK, MERRY ANGGRAENI

Abstract


ABSTRAK

Makalah ini mengimplementasikan sistem log honeypot untuk menganalisis eksploitasi dari global internet berupa kategori serangan Statistical Traffic Analysis, Top Targeted Attack Sources and Destination, Penetration Analysis dan Infection Pattern Analysis serta Intrusion Detection System (IDS). Pengelompokan level kategori serangan adalah low, medium, dan high, dengan Teknik K-Means dan menerapkan rule filtering IPTables Automation yang digunakan untuk teknik mitigasi pada perangkat farm server dan virtual router public. Hasil attribute yang di cluster mendapatkan jumlah kuadrat jarak cluster ke pusat cluster terdekat, ditimbang dengan bobot nilai μi dan persentase jumlah serangan sebesar 64% untuk kategori High, 36% medium dan Low dengan jumlah tahapan clustering sebanyak 3 tahapan iterasi untuk mendapatkan cluster yang sesuai. Iterasi hasil Rule Firewall IPTables, untuk perangkat vRouter menghasilkan history beban kerja CPU berkurang menjadi 28%, dan memory 39%. vFarm Server menunjukkan beban kerja CPU pada masing-masing vServer berkurang menjadi 43% dan Memory (RAM) menjadi menjadi 21%.

Kata kunci: Machine Learning, Cyber Security, Honeypot, K-Means, Firewall IPTables

 

ABSTRACT

This paper implements a honeypot log system to analyze exploitation of the global internet in the form of Statistical Traffic Analysis attack categories, Top Targeted Attack Sources and Destinations, Penetration Analysis and Infection Pattern Analysis and Intrusion Detection System (IDS). The grouping of attack category levels is low, medium, and high, using the K-Means technique and applying the IPTables Automation filtering rule used for mitigation techniques on server farm devices and public virtual router. The results of the clustering attribute get the mean of the squares of the cluster distance to the nearest cluster center, weighted by the weight of the μi value and the percentage of the number of attacks is 64% for the High, 36% medium and Low with a number of clustering stages of 3 iteration stages to get the appropriate cluster. Iteration of the results of the IPTables Firewall Rule, for vRouter devices, results in a history of CPU workload being reduced to 28%, and memory to 39%. vFarm Server shows the CPU workload on each vServer is reduced to 43% and RAM to 21%.

Keywords: Machine Learning, Cyber Security, Honeypot, K-Means, Firewall IPTables


Keywords


Machine Learning; Cyber Security; Honeypot; K-Means; Firewall IPTables

References


Araujo, F., Taylor, T., Zhang, J., & Stoecklin, M. P. (2018). Cross-Stack Threat Sensing for Cyber Security and Resilience. Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2018 , (pp. 18–21).

Bahjat, H., Mohammed, S. N., Ahmed, W., Hamad, S., & Mohammed, S. (2020). Anomaly Based Intrusion Detection System Using Hierarchical Classification and Clustering Techniques. Proceedings - International Conference on Developments in ESystems Engineering, DeSE, 2020-December, (pp. 257–262).

Ceron, M., & Scholten, C. (n.d.). [IEEE NOMS 2020-2020 IEEE_IFIP Network Operations and Management Symposium - Budapest, Hungary (2020.4.20-2020.4.24)] NOMS 2020 - 2020 IEEE_IFIP Network Operations and Management Symposium - MikroTik Devices Lan.pdf.

Cunha, V. A., Corujo, D., Barraca, J. P., & Aguiar, R. L. (2020). Using Linux TCP connection repair for mid-session endpoint handover: A security enhancement use-case. 2020 IEEE Conference on Network Function Virtualization and Software Defined Networks, NFV-SDN 2020 - Proceedings, (pp. 174–180).

Damanik, H. A. (2020). Skema Penerapan Mekanisme SLA Dan Network Availability Untuk Customer Service Provider. Jurnal Penelitian Pos dan Informatika, 10(2), 125–44.

Damanik, H. A. (2021). Fast-Recovery and Optimization Multipath Circuit Networks Environments Using Routing Policies Different Administrative Distance and Internal BGP, 2021 4th International Seminar on Research of Information Technology and Intelligent Systems (ISRITI), Yogyakarta, Indonesia, (pp. 299-305).

Damanik, H. A. (2022). Securing Data Network for Growing Business Vpn Architectures Cellular Network Connectivity. Acta Informatica Malaysia, 6(1), 01–06.

El Kamel, N., Eddabbah, M., Lmoumen, Y., & Touahni, R. (2020). A Smart Agent Design for Cyber Security Based on Honeypot and Machine Learning. Security and Communication Networks, 2020.

Fraunholz, D., Zimmermann, M., Antón, S. D., Schneider, J., & Dieter Schotten, H. (2017). Distributed and highly-scalable WAN network attack sensing and sophisticated analysing framework based on Honeypot technology. Proceedings of the 7th International Conference Confluence 2017 on Cloud Computing, Data Science and Engineering, (pp. 416–421).

Kosseff, J. (2020). Retorsion as a Response to Ongoing Malign Cyber Operations. International Conference on Cyber Conflict, CYCON, 2020-May, (pp. 9–23).

Kashtalian, A., & Sochor, T. (2021). K-means clustering of honeynet data with unsupervised representation learning. CEUR Workshop Proceedings, 2853, (pp. 439–449).

Liao, M. L., Yu, C. L., Lai, Y. C., Chiu, S. P., Chen, J. L. (2023). An Intelligent Cyber Threat Classification System, 2023 25th International Conference on Advanced Communication Technology (ICACT), Pyeongchang, Korea, Republic of, 2023, (pp. 189-194).

Polyakov, V. V., & Lapin, S. A. (2018). Architecture of the Honeypot System for Studying Targeted Attacks. 2018 14th International Scientific-Technical Conference on Actual Problems of Electronic Instrument Engineering, APEIE 2018 - Proceedings, (pp. 202–205).

Owezarski, P. (2014). Unsupervised classification and characterization of honeypot attacks. Proceedings of the 10th International Conference on Network and Service Management, CNSM 2014, (pp. 10–18).

Rosli, N. A., Yassin, W., Faizal, M. A., & Selamat, S. R. (2019). Clustering analysis for malware behavior detection using registry data. International Journal of Advanced Computer Science and Applications, 10 (12), 93–102.

Sokol, P., Husak, M., & Liptak, F. (2015). Deploying honeypots and honeynets: Issue of privacy. Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015, (pp. 397–403).




DOI: https://doi.org/10.26760/elkomika.v12i1.65

Refbacks

  • There are currently no refbacks.


 

_______________________________________________________________________________________________________________________

ISSN (print) : 2338-8323 | ISSN (electronic) : 2459-9638

Publisher:

Department of Electrical Engineering Institut Teknologi Nasional Bandung, Indonesia

Address: 20th Building  Institut Teknologi Nasional Bandung PHH. Mustofa Street No. 23 Bandung 40124, Indonesia

Contact: +627272215 (ext. 206)

Email: jte.itenas@itenas.ac.id________________________________________________________________________________________________________________________


Free counters!

Web

Analytics Made Easy - StatCounter

Statistic Journal

Jurnal ini terlisensi oleh Creative Commons Attribution-ShareAlike 4.0 International License.

Creative Commons License