RAHMANSYAH, MAHEER FADLI (2025) IMPLEMENTASI DIONAEA HONEYPOT BERBASIS FILE UMPAN UNTUK DETEKSI SERANGAN RANSOMWARE MELALUI PROTOKOL JARINGAN. S1 thesis, Universitas Mercu Buana Jakarta.
|
Text (HAL COVER)
01 COVER.pdf Download (404kB) | Preview |
|
![]() |
Text (BAB I)
02 BAB 1.pdf Restricted to Registered users only Download (110kB) |
|
![]() |
Text (BAB II)
03 BAB 2.pdf Restricted to Registered users only Download (199kB) |
|
![]() |
Text (BAB III)
04 BAB 3.pdf Restricted to Registered users only Download (113kB) |
|
![]() |
Text (BAB IV)
05 BAB 4.pdf Restricted to Registered users only Download (1MB) |
|
![]() |
Text (BAB V)
06 BAB 5.pdf Restricted to Registered users only Download (38kB) |
|
![]() |
Text (DAFTAR PUSTAKA)
07 DAFTAR PUSTAKA.pdf Restricted to Registered users only Download (177kB) |
|
![]() |
Text (LAMPIRAN)
08 LAMPIRAN.pdf Restricted to Registered users only Download (948kB) |
Abstract
Ransomware attacks have become a threat in the digital world that can cause significant financial and operational losses. Based on data from the National Cyber and Crypto Agency (BSSN), ransomware in Indonesia increased in 2024 by 275,740 cases. This research aims to develop and implement a bait file-based Dionaea Honeypot system that can detect ransomware attacks through network protocols including SMB, HTTP, FTP, and MSSQL. The research methodology uses a qualitative experimental approach with system implementation on Ubuntu 22.04 LTS using Docker containers integrated with Samba server. The honeypot system is configured with a Samba server to provide file sharing services accessible through the SMB protocol on ports 445 and 139, as well as additional protocols HTTP (port 80), FTP (port 21), and MSSQL (port 1433). Testing was conducted through three scenarios: Basic SMB Protocol Detection, Advanced Bulk File Access Detection, and Multi-Protocol Integration Testing. Implementation results show that the system is capable of detecting file activity in real-time with response times of less than 1 second for single protocol detection and a maximum of 3 seconds for complex bulk access patterns. The system successfully implements an automated response mechanism that includes file isolation, network blocking, and administrator alerting within less than 3 seconds after threat detection. Advanced bulk file access detection successfully identifies ransomware patterns with threshold detection of more than 3 file accesses within less than 2 seconds. The system successfully records all network interactions, payloads, and attack metadata that can be used for further forensic analysis. Keywords: Dionaea Honeypot, Ransomware Detection, File Umpan, Cybersecurity, Docker Container, SMB Protocol. Serangan ransomware telah menjadi ancaman dalam dunia digital yang dapat mengakibatkan kerugian finansial dan operasional yang signifikan. Berdasarkan data Badan Siber dan Sandi Negara (BSSN), Ransomware di Indonesia meningkat pada tahun 2024 sebanyak 275.740. Penelitian ini bertujuan mengembangkan dan mengimplementasikan sistem Dionaea Honeypot berbasis file umpan yang dapat mendeteksi serangan ransomware melalui protokol jaringan mencakup SMB, HTTP, FTP, dan MSSQL. Metodologi penelitian menggunakan pendekatan eksperimental kualitatif dengan implementasi sistem pada Ubuntu 22.04 LTS menggunakan Docker container yang terintegrasi dengan Samba server. Sistem honeypot dikonfigurasi dengan Samba server untuk menyediakan layanan file sharing yang dapat diakses melalui protokol SMB pada port 445 dan 139, serta protokol tambahan HTTP (port 80), FTP (port 21), dan MSSQL (port 1433). Pengujian dilakukan melalui tiga skenario yaitu Basic SMB Protocol Detection, Advanced Bulk File Access Detection, dan Multi-Protocol Integration Testing. Hasil implementasi menunjukkan sistem mampu mendeteksi aktivitas file secara real-time dengan respons time kurang dari 1 detik untuk single protocol detection dan maksimal 3 detik untuk complex bulk access patterns. Sistem berhasil mengimplementasikan automated response mechanism yang meliputi file isolation, network blocking, dan administrator alerting dalam waktu kurang dari 3 detik setelah threat detection. Advanced bulk file access detection berhasil mengidentifikasi pattern Ransomware dengan threshold detection lebih dari 3 file access dalam kurun waktu kurang dari 2 detik. Sistem berhasil mencatat semua interaksi jaringan, payload, dan metadata serangan yang dapat digunakan untuk analisis forensik lebih lanjut. Kata kunci: Dionaea Honeypot, Ransomware Detection, File Umpan, Cybersecurity, Docker Container, SMB Protokol.
Actions (login required)
![]() |
View Item |