ANALISIS PERFORMANSI IDS SNORT DAN IDS SURICATA DENGAN MANY-CORE PROCESSOR PADA VIRTUAL MACHINE TERHADAP SERANGAN DOS/DDOS

FADHILAH, DEDE (2020) ANALISIS PERFORMANSI IDS SNORT DAN IDS SURICATA DENGAN MANY-CORE PROCESSOR PADA VIRTUAL MACHINE TERHADAP SERANGAN DOS/DDOS. S2 thesis, Universitas Mercu Buana Jakarta-Menteng.

[img]
Preview
 Text (Cover)
01 Cover.pdf
Download (2MB) | Preview
[img] Text (BAB I)
02 Bab 1.pdf
Restricted to Registered users only
Download (280kB)
[img] Text (BAB II)
03 Bab 2.pdf
Restricted to Registered users only
Download (789kB)
[img] Text (BAB III)
04 Bab 3.pdf
Restricted to Registered users only
Download (601kB)
[img] Text (BAB IV)
05 Bab 4.pdf
Restricted to Registered users only
Download (2MB)
[img] Text (BAB V)
06 Bab 5.pdf
Restricted to Registered users only
Download (208kB)
[img] Text (DAFTAR PUSTAKA)
07 Daftar Pustaka.pdf
Restricted to Registered users only
Download (96kB)
[img] Text (LAMPIRAN)
08 Lampiran.pdf
Restricted to Registered users only
Download (2MB)

Abstract

Pesatnya perkembangan teknologi memungkinkan sebuah physical machine dapat diubah menjadi sebuah virtual machine, yang dapat mengoperasikan beberapa sistem operasi dan dijalankan secara bersamaan serta dapat terhubung ke internet. Serangan DoS/DDoS merupakan serangan cyber yang dapat mengancam sektor telekomunikasi karena serangan ini menyebabkan layanan menjadi terganggu dan sulit diakses. Terdapat beberapa aplikasi untuk melakukan monitoring dari aktivitas abnormal pada jaringan, diantaranya IDS Snort dan IDS Suricata. Dari penelitian sebelumnya, IDS Suricata lebih unggul daripada IDS Snort versi 2 dikarenakan IDS Suricata sudah mendukung multi-threading, sedangkan IDS Snort versi 2 hanya mendukung single threading. Tesis ini bertujuan untuk menguji IDS Snort versi 3.0 yang sudah mendukung multi-threading dengan IDS Suricata. Penelitian ini dijalankan pada mesin virtual dengan pengaturan 1 core, 2 core, dan 4 core processor terhadap penggunaan CPU, memory, dan capture paket serangan pada IDS Snort dan IDS Suricata. Skenario serangan dibagi dalam 2 bagian yaitu skenario serangan DoS menggunakan 1 physical komputer dan skenario serangan DDoS menggunakan 5 physical komputer. Berdasarkan pengujian keseluruhan, hasil umumnya IDS Snort lebih baik daripada IDS Suricata. Dengan hasil ketika penggunaan maksimum 4 core processor, penggunaan CPU stabil pada 55% - 58%, dan memory maksimum 3.000 MB serta dapat mendeteksi serangan DoS dengan jumlah 27.034.751 paket, dan serangan DDoS dengan jumlah 36.919.395 paket. Berbeda hasil yang diperoleh oleh IDS Suricata, dimana penggunaan CPU lebih baik dengan penggunaan hanya 10% - 40%, dan memory maksimum 1.800 MB, namun hasil pendeteksian serangan DoS lebih kecil dengan jumlah 3.671.305 paket, dan serangan DDoS dengan jumlah 7.619.317 paket pada uji coba serangan TCP Flood. Kata Kunci: IDS, Intrusion Detection System, Snort, Suricata, DoS, DDoS. The rapid development of technology makes it possible for a physical machine to be converted into a virtual machine, which can operate multiple operating systems that is running simultaneously and can be connected to the internet. DoS/DDoS attacks are cyber attacks that can threaten the telecommunications sector because these attacks cause services to be disrupted and be difficult to access. There are several software tools for monitoring abnormal activities on the network, such as IDS Snort and IDS Suricata. From previous studies, IDS Suricata is superior to IDS Snort version 2 because IDS Suricata already supports multi-threading, while IDS Snort version 2 still only supports single-threading. This thesis aims to conduct tests on IDS Snort version 3.0 which already supports multi-threading and IDS Suricata. This research was carried out on a virtual machine with 1 core, 2 core, and 4 core processor settings for CPU, memory, and capture packet attacks on IDS Snort and IDS Suricata. The attack scenario is divided into 2 parts, the DoS attack scenario using 1 physical computer and the DDoS attack scenario using 5 physical computers. Based on overall testing, the results are generally IDS Snort better than IDS Suricata. With the results when using a maximum of 4 core processor, CPU usage is stable at 55% - 58%, and a maximum memory of 3,000 MB and can detect DoS attacks with 27,034,751 packets, and DDoS attacks with 36,919,395 packets. Different results obtained by IDS Suricata, where CPU usage is better with only 10% - 40% usage, and a maximum memory of 1,800 MB, but the results of detecting DoS attacks are smaller with 3,671,305 packets, and DDoS attacks with a total of 7,619,317 packet on a TCP Flood attack test. Keywords: IDS, Intrusion Detection System, Snort, Suricata, DoS, DDoS.

Item Type: Thesis (S2)
Call Number CD: CDT-554-20-035
Call Number: T-54-20-002
NIM/NIDN Creators: 55418110007
Uncontrolled Keywords: IDS, Intrusion Detection System, Snort, Suricata, DoS, DDoS.IDS, Intrusion Detection System, Snort, Suricata, DoS, DDoS.
Subjects: 600 Technology/Teknologi > 620 Engineering and Applied Operations/Ilmu Teknik dan operasi Terapan > 621 Applied Physics/Fisika terapan
Divisions: Pascasarjana > Magister Teknik Elektro
Depositing User: UMMI RAHMATUSSYIFA
Date Deposited: 21 Feb 2022 02:56
Last Modified: 18 Jun 2022 06:34
URI: http://repository.mercubuana.ac.id/id/eprint/56402

Actions (login required)

View Item View Item
UMB Repository is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.