IMPLEMENTASI DIONAEA HONEYPOT BERBASIS FILE UMPAN UNTUK DETEKSI SERANGAN RANSOMWARE MELALUI PROTOKOL JARINGAN

RAHMANSYAH, MAHEER FADLI (2025) IMPLEMENTASI DIONAEA HONEYPOT BERBASIS FILE UMPAN UNTUK DETEKSI SERANGAN RANSOMWARE MELALUI PROTOKOL JARINGAN. S1 thesis, Universitas Mercu Buana Jakarta.

[img]
Preview
 Text (HAL COVER)
01 COVER.pdf
Download (404kB) | Preview
[img] Text (BAB I)
02 BAB 1.pdf
Restricted to Registered users only
Download (110kB)
[img] Text (BAB II)
03 BAB 2.pdf
Restricted to Registered users only
Download (199kB)
[img] Text (BAB III)
04 BAB 3.pdf
Restricted to Registered users only
Download (113kB)
[img] Text (BAB IV)
05 BAB 4.pdf
Restricted to Registered users only
Download (1MB)
[img] Text (BAB V)
06 BAB 5.pdf
Restricted to Registered users only
Download (38kB)
[img] Text (DAFTAR PUSTAKA)
07 DAFTAR PUSTAKA.pdf
Restricted to Registered users only
Download (177kB)
[img] Text (LAMPIRAN)
08 LAMPIRAN.pdf
Restricted to Registered users only
Download (948kB)

Abstract

Ransomware attacks have become a threat in the digital world that can cause significant financial and operational losses. Based on data from the National Cyber and Crypto Agency (BSSN), ransomware in Indonesia increased in 2024 by 275,740 cases. This research aims to develop and implement a bait file-based Dionaea Honeypot system that can detect ransomware attacks through network protocols including SMB, HTTP, FTP, and MSSQL. The research methodology uses a qualitative experimental approach with system implementation on Ubuntu 22.04 LTS using Docker containers integrated with Samba server. The honeypot system is configured with a Samba server to provide file sharing services accessible through the SMB protocol on ports 445 and 139, as well as additional protocols HTTP (port 80), FTP (port 21), and MSSQL (port 1433). Testing was conducted through three scenarios: Basic SMB Protocol Detection, Advanced Bulk File Access Detection, and Multi-Protocol Integration Testing. Implementation results show that the system is capable of detecting file activity in real-time with response times of less than 1 second for single protocol detection and a maximum of 3 seconds for complex bulk access patterns. The system successfully implements an automated response mechanism that includes file isolation, network blocking, and administrator alerting within less than 3 seconds after threat detection. Advanced bulk file access detection successfully identifies ransomware patterns with threshold detection of more than 3 file accesses within less than 2 seconds. The system successfully records all network interactions, payloads, and attack metadata that can be used for further forensic analysis. Keywords: Dionaea Honeypot, Ransomware Detection, File Umpan, Cybersecurity, Docker Container, SMB Protocol. Serangan ransomware telah menjadi ancaman dalam dunia digital yang dapat mengakibatkan kerugian finansial dan operasional yang signifikan. Berdasarkan data Badan Siber dan Sandi Negara (BSSN), Ransomware di Indonesia meningkat pada tahun 2024 sebanyak 275.740. Penelitian ini bertujuan mengembangkan dan mengimplementasikan sistem Dionaea Honeypot berbasis file umpan yang dapat mendeteksi serangan ransomware melalui protokol jaringan mencakup SMB, HTTP, FTP, dan MSSQL. Metodologi penelitian menggunakan pendekatan eksperimental kualitatif dengan implementasi sistem pada Ubuntu 22.04 LTS menggunakan Docker container yang terintegrasi dengan Samba server. Sistem honeypot dikonfigurasi dengan Samba server untuk menyediakan layanan file sharing yang dapat diakses melalui protokol SMB pada port 445 dan 139, serta protokol tambahan HTTP (port 80), FTP (port 21), dan MSSQL (port 1433). Pengujian dilakukan melalui tiga skenario yaitu Basic SMB Protocol Detection, Advanced Bulk File Access Detection, dan Multi-Protocol Integration Testing. Hasil implementasi menunjukkan sistem mampu mendeteksi aktivitas file secara real-time dengan respons time kurang dari 1 detik untuk single protocol detection dan maksimal 3 detik untuk complex bulk access patterns. Sistem berhasil mengimplementasikan automated response mechanism yang meliputi file isolation, network blocking, dan administrator alerting dalam waktu kurang dari 3 detik setelah threat detection. Advanced bulk file access detection berhasil mengidentifikasi pattern Ransomware dengan threshold detection lebih dari 3 file access dalam kurun waktu kurang dari 2 detik. Sistem berhasil mencatat semua interaksi jaringan, payload, dan metadata serangan yang dapat digunakan untuk analisis forensik lebih lanjut. Kata kunci: Dionaea Honeypot, Ransomware Detection, File Umpan, Cybersecurity, Docker Container, SMB Protokol.

Item Type: Thesis (S1)
Call Number CD: FIK/INFO. 25 089
NIM/NIDN Creators: 41520010143
Uncontrolled Keywords: ensik lebih lanjut. Kata kunci: Dionaea Honeypot, Ransomware Detection, File Umpan, Cybersecurity, Docker Container, SMB Protokol.
Subjects: 000 Computer Science, Information and General Works/Ilmu Komputer, Informasi, dan Karya Umum > 000. Computer Science, Information and General Works/Ilmu Komputer, Informasi, dan Karya Umum > 004 Data Processing, Computer Science/Pemrosesan Data, Ilmu Komputer, Teknik Informatika
000 Computer Science, Information and General Works/Ilmu Komputer, Informasi, dan Karya Umum > 000. Computer Science, Information and General Works/Ilmu Komputer, Informasi, dan Karya Umum > 004 Data Processing, Computer Science/Pemrosesan Data, Ilmu Komputer, Teknik Informatika > 004.6 Interfacing and Communications/Tampilan Antar Muka (Interface) dan Jaringan Komunikasi Komputer > 004.62 Interfacing and Communications Protocols (Standards)/Tampilan Antarmuka dan Protokol Komunikasi (Standar)
000 Computer Science, Information and General Works/Ilmu Komputer, Informasi, dan Karya Umum > 000. Computer Science, Information and General Works/Ilmu Komputer, Informasi, dan Karya Umum > 005 Computer Programmming, Programs, Data/Pemprograman Komputer, Program, Data > 005.7 Data in Computer Systems/Data dalam Sistem-sistem Komputer > 005.74 Data Files and Database/Data File-file dan Database, Pangkalan Data, Pusat Data
Divisions: Fakultas Ilmu Komputer > Informatika
Depositing User: khalimah
Date Deposited: 02 Aug 2025 02:07
Last Modified: 02 Aug 2025 02:07
URI: http://repository.mercubuana.ac.id/id/eprint/96454

Actions (login required)

View Item View Item
UMB Repository is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.