Analisis Performansi Intrusion Detection And Prevention Sytem (IDPS) Terhadap Serangan Port Scanning Dan UDP Flooding
Total View This Week0
Total View This Week0
Institusion
Institut Teknologi Telkom Purwokerto
Author
Ikram, Muh. Aasif
Subject
T Technology (General)
Datestamp
2021-11-18 07:48:21
Abstract :
Computer network security is increasingly needed along with the rise of attacks carried out by hackers with a specific purpose. Attacks that are common and generally easy for hackers to do are port scanning and Denial of Service (DOS). In this study, we will test the implementation of Snort in carrying out its function as an Intrusion Detection Prevention System (IDPS) when detecting port scanning and UDP flooding attacks using afpacket method. The performance test in this study uses the Quality of Service (QOS) measurement parameter on the client side which is accessing the web server at the time of testing the UDP flooding attack. Port scanning attacks are not measured using QOS, because they only function to see open ports. The throughput measurement results under normal conditions of 57081 bit/s then decreased when there was a UDP flooding attack to 56194 bit/s and increased again when Snort succeeded in detecting and blocking attacks to 64397 bit/s. The resulting delay value on a normal web server is 47.04 ms and increases during UDP flooding attacks to 50.63 ms and decreases to 33.52 ms when Snort is activated. The jitter generated when the web server is normal is 0.087 ms and decreases during a UDP flooding attack to 0.065 ms, then increases to 2.619 ms when Snort is activated. Packet loss value is 4.75% when UDP flooding and Snort are active. Key Words : Denial of Service, Intrusion Detection Prevention System, Port Scanning, Quality of Service, Snort
Computer network security is increasingly needed along with the rise of attacks carried out by hackers with a specific purpose. Attacks that are common and generally easy for hackers to do are port scanning and Denial of Service (DOS). In this study, we will test the implementation of Snort in carrying out its function as an Intrusion Detection Prevention System (IDPS) when detecting port scanning and UDP flooding attacks using afpacket method. The performance test in this study uses the Quality of Service (QOS) measurement parameter on the client side which is accessing the web server at the time of testing the UDP flooding attack. Port scanning attacks are not measured using QOS, because they only function to see open ports. The throughput measurement results under normal conditions of 57081 bit/s then decreased when there was a UDP flooding attack to 56194 bit/s and increased again when Snort succeeded in detecting and blocking attacks to 64397 bit/s. The resulting delay value on a normal web server is 47.04 ms and increases during UDP flooding attacks to 50.63 ms and decreases to 33.52 ms when Snort is activated. The jitter generated when the web server is normal is 0.087 ms and decreases during a UDP flooding attack to 0.065 ms, then increases to 2.619 ms when Snort is activated. Packet loss value is 4.75% when UDP flooding and Snort are active. Key Words : Denial of Service, Intrusion Detection Prevention System, Port Scanning, Quality of Service, Snort
Download
book
BibTex
Latex, Jabref
cloud_download
Original Resource
url resource Institution
