DAFTAR ISI HALAMAN JUDUL... LEMBAR PENGESAHAN PEMBIMBING... LEMBAR PERNYATAAN KEASLIAN... LEMBAR PENGESAHAN PENGUJI... HALAMAN PERSEMBAHAN... HALAMAN MOTTO... KATA PENGANTAR... ABSTRAKSI... TAKARIR... DAFTAR ISI... DAFTAR TABEL... DAFTAR GAMBAR... i ii iii iv v vi vii ix x xi xv xvi BAB I PENDAHULUAN... 1 1.1 Latar Belakang... 1 1.2 Rumusan Masalah... 2 1.3 Batasan Masalah... 2 1.4 Tujuan Penelitian... 2 1.5 Manfaat Penelitian... 3 1.6 Metode Penelitian... 3 1.7 Sistematika Penulisan... 4 BAB II LANDASAN TEORI... 5 2.1 Intrusi dan Intruder... 5 2.2 Jenis-jenis serangan... 5 2.2.1 Port Scanning... 5 2.2.2 Ddos Attack... 6 2.2.3 Ping Flood... 7 2.3 Pengertian Intrusion Detection System... 7 2.4 Cara kerja IDS... 8 2.5 Jenis Intrusion Detection System... 9 2.5.1 Network-based Intrusion Detection (NIDS)... 9 2.5.2 Host-based Intrusion Detection (HIDS)... 9 2.6 Teknik deteksi Intrusion Detection System... 10 2.6.1 Stack-based Detection... 10 2.6.2 Signature-based Detection... 10 2.6.3 Anomali-based Detection... 10 2.6.4 Hybrid-based Detection... 11 2.7 Kategori IDS... 11 2.7.1 Passive IDS... 11 2.7.2 Reactive IDS... 11 2.8 Komponen Intrusion Detection System... 12 2.8.1 Sensor... 12 2.8.2 Backend... 12 2.8.3 Frontend... 12 2.9 Sistem kerja IDS... 12 2.9.1 Packet Sniffer... 12 2.9.2 Decoder... 13 2.9.3 Preprocessor... 14 2.9.4 Detection Engine... 14
2.9.5 Rule... 15 2.9.6 Output Plugin... 15 2.10 Aplikasi pendukung Simulasi Intrusion Detection System... 15 2.10.1 VMware... 16 2.10.2 Snort... 17 2.10.3 Suricata... 18 2.10.4 Barnyard2... 19 2.10.5 Snorby... 19 2.10.6 Nmap... 20 2.10.7 Slowloris... 20 BAB III METODOLOGI PENELITIAN... 23 3.1 Alur Penelitian...... 3.2. Studi literatur atau studi Pustaka..... 3.3 Kategori deteksi... 23 3.4 Persiapan Skenario... 25 3.4.1 Skenario Topologi... 25 3.4.2 Instalasi Sistem Operasi dan Aplikasi... 26 3.5 Skenario Aktivitas Normal... 26 3.6 Skenario Serangan... 27 3.7 Pengujian NIDS... 30 BAB IV IMPLEMENTASI DAN ANALISIS.... 33 4.1 Hasil Pengujian... 33 4.2 Hasil Pengujian Aktifitas Normal... 33 4.3 Hasil Pengujian Serangan... 39 4.3.1 Insider (lokal)... 40 4.3.2 Outsider... 52 4.4 Analisis Perbandingan NIDS... 63 4.4.1 Berdasarkan Pengujian Aktivitas Normal... 64 4.3.2 Berdasarkan Pengujian Serangan (Insider)... 66 4.3.3 Berdasarkan Adanya Serangan (Outsider/Internet)... 70 BAB V KESIMPULAN DAN SARAN...... 71 5.1 Kesimpulan... 71 5.2 Saran... 71 DAFTAR PUSTAKA... 72 LAMPIRAN... 73 Lampiran 1 Instalasi Perangkat Lunak... 73 Lampiran 2 CD... 79
DAFTAR TABEL Tabel 4.1. Akurasi (Ping)... 64 Tabel 4.2. Kecepatan deteksi (Ping)... 64 Tabel 4.3. Akurasi (Telnet)... 65 Tabel 4.4. Kecepatan deteksi (Telnet)... 65 Tabel 4.5. Akurasi (Port Scan)... 66 Tabel 4.6. Kecepatan deteksi (Port Scan)... 67 Tabel 4.7. Akurasi (Ping Flood)... 67 Tabel 4.8. Kecepatan deteksi (Ping Flood)... 68 Tabel 4.9. Akurasi (Ddos)... 68 Tabel 4.10. Kecepatan deteksi (Ddos)... 69 Tabel 4.11 Akurasi (Login Failed)... 69 Tabel 4.12. Kecepatan deteksi (Login Failed)... 69 Tabel 4.13. Akurasi (Port Scan)... 70 Tabel 4.14. Kecepatan deteksi (Port Scan)... 71 Tabel 4.15. Akurasi (Ping Flood)... 71 Tabel 4.16. Kecepatan deteksi (Ping Flood)... 72 Tabel 4.17. Akurasi (Ddos)... 72 Tabel 4.18. Kecepatan deteksi (Ddos)... 73
DAFTAR GAMBAR Gambar 2.1. Serangan Ddos... 6 Gambar 2.2. Cara kerja IDS... 8 Gambar 2.3. Packet Sniffer... 13 Gambar 2.4. Proses Dekoder... 13 Gambar 2.5. Prepocessor... 14 Gambar 2.6. Proses pencocokan antara rule dan paket data... 15 Gambar 2.7. Arsitektur Snort... 18 Gambar 2.8. Snort... 18 Gambar 2.9. Suricata... 19 Gambar 3.1. Alur Penelitian... 23 Gambar 3.2. Topologi jaringan... 25 Gambar 3.3. Skenario serangan... 27 Gambar 4.1. Ping ke server... 33 Gambar 4.2. Ping ke Internet... 34 Gambar 4.3 Ping terdeteksi......34 Gambar 4.4 Tingkat Severitas Ping... 35 Gambar 4.5. Event Ping (Suricata)... 35 Gambar 4.6 Waktu event Ping terdeteksi (Suricata)... 31 Gambar 4.7. Telnet... 36 Gambar 4.8 Telnet terdeteksi... 37 Gambar 4.9 Tingkat Severitas telnet... 37 Gambar 4.10 Event telnet (snort)... 33 Gambar 4.11 Waktu event telnet terdeteksi (Snort)... 34 Gambar 4.12 akses web server... 39 Gambar 4.13 Browsing tidak terdeteksi... 39 Gambar 4.14 Skenario serangan... 40 Gambar 4.15. Port Scan... 40 Gambar 4.16 Port Scan terdeteksi... 41 Gambar 4.17. Severitas Port Scan... 41 Gambar 4.18. High-Severity Port Scan... 42 Gambar 4.19 Medium-Severity Port Scan... 42 Gambar 4.20 Low-Severity Port Scan... 42 Gambar 4.21. waktu event port scan terdeteksi (snort)... 43 Gambar 4.22 waktu event port scan terdeteksi (suricata)... 43 Gambar 4.23 Ping Flood... 45 Gambar 4.24. Ping Flood terdeteksi... 45 Gambar 4.25. Severitas Ping Flood... 45 Gambar 4.26. Event Ping Flood (Snort)... 45 Gambar 4.27. waktu event port scan terdeteksi (snort)... 46 Gambar 4.28. Ddos dengan Slowloris... 46 Gambar 4.29. Ddos tidak terdeteksi... 47 Gambar 4.30. Ddos secara manual... 47 Gambar 4.31. Ddos manual terdeteksi... 48 Gambar 4.32. Severitas Ddos manual... 48 Gambar 4.33. Event Ddos (Suricata)... 49 Gambar 4.34. waktu Event Ddos terdeteksi (Suricata)... 49 Gambar 4.35 Login Failed... 50 Gambar 4.36 Login Failed terdeteksi... 50 Gambar 4.37. Severitas Login Failed... 51 Gambar 4.38 Medium-Severity Login Failed... 51
Gambar 4.39 waktu event Login Failed terdeteksi (Suricata)... 51 Gambar 4.40 Low-Severity Login Failed... 52 Gambar 4.41 waktu event Login Failed terdeteksi (Snort)... 52 Gambar 4.42 Port Scan... 53 Gambar 4.43 Port Scan terdeteksi... 53 Gambar 4.44 Severitas Port Scan... 54 Gambar 4.45. High-Severity Port Scan... 54 Gambar 4.46. Medium-Severity Port Scan... 54 Gambar 4.47. Low-Severity Port Scan... 55 Gambar 4.48. waktu saat event Port Scan terdeteksi (Snort)... 56 Gambar 4.49. waktu saat event Port Scan terdeteksi (Suricata)... 56 Gambar 4.50. Ping Flood... 57 Gambar 4.51. Ping Flood terdeteksi... 57 Gambar 4.52. Tingkat Severitas Ping Flood... 58 Gambar 4.53. Event Ping Flood... 58 Gambar 4.54. waktu event Ping Flood terdeteksi (Snort)... 59 Gambar 4.55. waktu event Ping Flood terdeteksi (Suricata)... 56 Gambar 4.56. Ddos dengan Slowloris... 60 Gambar 4.57. Ddos tidak terdeteksi... 60 Gambar 4.58. Ddos secara manual... 61 Gambar 4.59. Ddos manual terdeteksi... 61 Gambar 4.60. Severitas Ddos manual... 62 Gambar 4.61. Event Ddos... 62 Gambar 4.62. waktu event Ddos terdeteksi (Snort)... 63 Gambar 4.63. waktu event Ddos terdeteksi (Suricata)... 63
DAFTAR PUSTAKA IDS (Intrusion Detection System) Snort FAQ, http://www.webhostingtalk.com/news/ids-intrusion-detection-system/ http://www.snort.org Sommer, R and Paxson, V. 2003. Enhancing byte-level network intrusion detection signatures with context. In: Proceedings of the 10th ACM conference on Computer and Communications Security. October 2003. ACM. pp. 262-271. Suricata-vs-Snort http://www.aldeid.com/wiki/suricata-vs-snort Cheat sheet : Installing Snorby 2.2 with Apache2 and Suricata with Barnyard2 on Ubuntu 10.x http://www.cs.unc.edu/~jeffay/courses/nidss05/signatures/sommercontext-ccs03.pdf https://www.corelan.be/index.php/2011/02/27/cheat-sheet-installingsnorby-2-2-with-apache2-and-suricata-with-barnyard2-on-ubuntu-10-x/ Suricata Download http://www.openinfosecfoundation.org/index.php/download-suricata An Overview ofintrusion Detection System (IDS) http:// www.tigerhats.org