Embed Size (px)
Citation preview
Analisa Performa Intrusion Detection System (IDS) Snort Dan Suricata
Terhadap Serangan TCP SYN Flood
Tugas Akhir
Diajukan Untuk Memenuhi
Persyaratan Guna Meraih Gelar Sarjana
Informatika Universitas Muhammadiyah Malang
Edi H. Kalabo
201410370311270
Jaringan Komputer
PROGRAM STUDI INFORMATIKA
FAKULTAS TEKNIK
UNIVERSITAS MUHAMMADIYAH MALANG
2021
LEMBAR PERSETUJUAN
Analisa Performa Intrusion Detection System (IDS) Snort Dan
Suricata Terhadap Serangan TCP SYN Flood
TUGAS AKHIR
Sebagai Persyaratan Guna Meraih Gelar Sarjana Strata 1
Teknik Informatika Universitas Muhammadiyah Malang
Disusun oleh:
EDI H. KALABO
201410370311270
Menyetujui,
Pembimbing I
Syaifuddin, S.Kom, M.Kom.
NIP. 108.16120590
Pembimbing II
Fuazi Dwi Setiawan S.,S.Kom., M.Kom.
NIP. 180.307061992
KATA PENGANTAR
حمن الل بســــــــــــــــــم حيم الر الر
Puji Syukur yang teramat dalam saya panjatkan ke hadirat Tuhan Yang Maha Segala, atas
percikan kasih, hidayat, dan taufiq-Nya sehingga Skripsi dengan judul “Analisa Performa
Intrusion Detection System (IDS) Snort Dan Suricata Terhadap Serangan TCP SYN Flood ”
ini dapat terselesaikan pada waktu yang telah direncanakan. Teriring do’a sholawat serta
salam semoga senantiasa selalu melimpah ke haribaan Nabi Muhammad Saallahu ‘Alaihi Wa
Sallam., Rasul akhir zaman, penutup para Nabi yang membawa kesempurnaan ajaran Tauhid
dan keutamaan budi pekerti. Dan semoga tumpahan do’a sholawat menetes kepada segenap
keluarga dan sahabatnya, para syuhada, para mushonifin, para ulama, dan seluruh umatnya
yang dengan tulus ikhlas mencintai dan menjunjung sunnahnya.
DAFTAR ISI
LEMBAR PERSETUJUAN ................................................................................................... i
LEMBAR PENGESAHAN .................................................................................................. iii
LEMBAR PERNYATAAN .................................................................................................. iv
Abstrak ................................................................................................................................... v
Abstract ................................................................................................................................. vi
LEMBAR PERSEMBAHAN .............................................................................................. vii
KATA PENGANTAR .......................................................................................................... ix
DAFTAR ISI.......................................................................................................................... x
DAFTAR GAMBAR ........................................................................................................... xii
DAFTAR TABEL............................................................................................................... xiii
BAB I PENDAHULUAN ...................................................................................................... 1
1.1 Latar Belakang ........................................................................................................ 1
1.2 Rumusan Masalah ................................................................................................... 3
1.3 Tujuan Penelitian..................................................................................................... 3
1.4 Cakupan Masalah .................................................................................................... 4
1.5 Sistematika Laporan Tugas Akhir ........................................................................... 4
BAB II KAJIAN TEORI........................................................................................................ 6
2.1 SYN Flood.Attack ................................................................................................... 8
2.2 IntrusionlDetection System.(IDS) ......................................................................... 10
2.3 Rule ....................................................................................................................... 11
2.4 Snort ...................................................................................................................... 12
2.5 Suricata. ................................................................................................................. 13
2.6 Scapy. .................................................................................................................... 14
2.7 Tcpreplay............................................................................................................... 14
BAB III METODOLOGI ..................................................................................................... 16
3.1 Analisa................................................................................................................... 16
3.2 Desain Perancangan Sistem .................................................................................. 17
3.2.1 Tesbed ujicoba penelitian............................................................................... 17
3.3 Implementasi ......................................................................................................... 19
3.3.1 rule pada IDS Snort dan IDS Suricata ........................................................... 19
3.3.2 Komponen Sistem .......................................................................................... 20
3.4 Hasil dan Analisa .................................................................................................. 22
BAB IV HASIL DAN ANALISA ....................................................................................... 24
4.1 Parameter dari Pengujian ...................................................................................... 24
4.2 Perhitungan Persentase Akurasi dan Rata-rata...................................................... 24
4.3 Implementasi Sistem ............................................................................................. 25
4.4 Akurasi.Deteksi ..................................................................................................... 30
4.4.1 Hasil.Pengujian Akurasi.Deteksi Snort. ......................................................... 30
4.4.2 Hasil Pengujian Akurasi Deteksi Suricata ..................................................... 30
4.4.3 Menghitung Persentase Akurasi Deteksi ....................................................... 31
4.5 Keecepatan Deteksi. .............................................................................................. 32
4.5.1 Hasil Pengujian kecepatan Deteksi ................................................................ 32
4.5.2 Menghitung rata-rata kecepatan Deteksi........................................................ 33
4.6 Penggunaan Sumber Daya (RAM)......................................................................... 35
BAB V PENUTUP............................................................................................................... 38
5.1 Kesimpulan............................................................................................................ 38
5.2 Saran ...................................................................................................................... 39
DAFTAR PUSTAKA .......................................................................................................... 40
DAFTAR GAMBAR
Gambar 2.1 three-why-handshake.......................................................................................... 9
Gambar 2.3 Alur TCP SYN ................................................................................................. 10
Gambar 2.3 TCP Syn Flood Attack...................................................................................... 10
Gambar 2.4 Intrusion Detection Sytem (IDS) ...................................................................... 10
Gambar 2.5 Snort Arsitektur Beralur singlethread............................................................... 12
Gambar 2.6 Suricata Arsitektur Beralur multi- threads ........................................................ 13
Gambar 3.1 Flowchart Metode Penelitian............................................................................ 16
Gambar 3.2 Topologi IDS Snort .......................................................................................... 18
Gambar 3.3 Topologi IDS Suricata ...................................................................................... 19
Gambar 3.4 Rules IDS Snort dan Suricata ........................................................................... 19
Gambar 3.5 Source Code Tcp Syn from Scapy.................................................................... 22
Gambar 3.6 Flowchart Pengujian Serangan Tcp Syn........................................................... 23
Gambar 4.1 Hasil Pembuatan Paket Dengan Scapy ............................................................. 25
Gambar 4.2 Running Tcpreplay ........................................................................................... 25
Gambar 4.3 Running Snort Mode IDS ................................................................................. 26
Gambar 4.4 Running Suricata .............................................................................................. 28
Gambar 4.5 Output Snort ..................................................................................................... 28
Gambar 4.6 Output stats.log Suricata................................................................................... 29
Gambar 4.7 Perbandingan Akurasi deteksi IDS Snort dan Suricata .................................... 31
Gambar 4.8 Perbandingan kecepatan detekti IDS Snort dan Suricata ................................. 34
Gambar 4.9 Perbandingan Penggunaan Sumber Daya RAM IDS Snort dan Suricata 36
DAFTAR TABEL
Table 2.1 Perbandingan penelitian penulis dengan penelitian sebelumnya ............7
Table 3.1 Spesifikasi Laptop .................................................................................21
Table 3.2 Spesifikasi Software yang diimplementasikan......................................21
Table 3.3 Jumlah Aktivitas dan Paket yang diuji ..................................................22
Table 4.1 Deteksi Akurasi Snort ...........................................................................30
Table 4.2 Akurasi Deteksi Suricata .......................................................................30
Table 4.3 Persentase Akurasi Deteksi Snort dan Suricata ....................................31
Table 4.4 Kecepatan Deteksi Snort dalam satuan detik ........................................32
Table 4.5 Kecepatan Deteksi Suricata dalam satuan detik ....................................33
Table 4.6 Hasil rata-rata kecepatan deteksi Snort dan Suricata ............................34
Table 4.7 Penggunaan sumber daya (RAM) pada Snort .......................................35
Table 4.8 Penggunaan Sumber daya (RAM) pada Suricata ..................................35
DAFTAR PUSTAKA
[1] L.Xiaoming, “Denial of Service (DoS)attackwith UDPFlood.”
[2] M. Muqorobin, Z. Hisyam, M. Mashuri, H. Hanafi, and Y. Setiyantara, “Implementasi
Network Intrusion Detection System (NIDS) Dalam Sistem Keamanan Open Cloud
Computing,” Maj. Ilm. Bahari Jogja, vol. 17, no. 2, pp. 1–9, 2019, doi:
10.33489/mibj.v17i2.205.
[3] A. H. Hambali and S. Nurmiati, “Implementasi Intrusion Detection System (IDS) Pada
Keamanan PC Server Terhadap Serangan Flooding Data,” Sainstech J. Penelit. dan
Pengkaj. Sains dan Teknol., vol. 28, no. 1, pp. 35–43, 2018, doi:
10.37277/stch.v28i1.267.
[4] Igal Zeifman, “Global DDoS Threat Landscape Q1 2017,” Imperva Incapsula, p. 1,
2017, [Online]. Available: https://www.incapsula.com/ddos-report/ddos-report-q1-
2016.html%0Ahttps://www.incapsula.com/ddos-report/ddos-report-q1-2017.html.
[5] S. Khadafi, B. D. Meilani, and S. Arifin, “Sistem Keamanan Open Cloud Computing
Menggunakan Ids (Intrusion Detection System) Dan Ips (Intrusion Prevention
System),” J. IPTEK, vol. 21, no. 2, p. 67, 2017, doi: 10.31284/j.iptek.2017.v21i2.207.
[6] N.Dietrich, “Snort 2.9.9.xonUbuntu 14and16,” p.3,2015.
[7] E. Risyad, M. Data, and E. S. Pramukantoro, “Perbandingan Performa Intrusion
Detection System ( IDS ) Snort Dan Suricata Dalam Mendeteksi Serangan TCP SYN
Flood,” J. Pengemb. Teknol. Inf. dan Ilmu Komput., vol. 2, no. 9, pp. 2615–2624,
2018.
[8] Lukman and M. Suci, “Analisis Perbandingan Kinerja Snort Dan Suricata Sebagai
Intrusion Detection System Dalam Mendeteksi Serangan Syn Flood Pada Web Server
Apache,” J. Teknol. Inf., vol. XV, no. 2, pp. 6–15, 2020.
[9] P. Biondi, “Scapy Documentation,” vol. 469, no. 4, pp. 155–203, 2017, [Online].
Available: http://dx.doi.org/10.1016/j.physrep.2008.09.003.
[10] S. A. Raza Shah and B. Issac, “Performance Comparison of Intrusion Detection
Systems andApplication of Machine Learning toSnortSystem,” arXiv, 2017.
[11] F. Informatika, U. Telkom, and W. Fathoni, Deteksi Penyusupan Pada Jaringan
Komputer Menggunakan Ids Snort Intrusion Detection in Computer Netwoks Using
Ids Snort. 2015.
[12] A. Alhomoud, R. Munir, J. P. Disso, I. Awan, and A. Al-Dhelaan, “Performance
evaluation study of Intrusion Detection Systems,” Procedia Comput. Sci., vol. 5, pp.
173–180, 2011, doi: 10.1016/j.procs.2011.07.024.
[13] S. Sinha, Beginning Ethical Hacking with Kali Linux . 2018.
[14] P.S. (IAINS.A.S.Ningsih,“Babii kajianteori,” Bab Ii Kaji. Teor., no. 1, pp. 23–35,
2011.
TA-010
UNIVERSITAS MUHAMMADIYAH MALANG
FAKULTAS TEKNIK PROGRAM STUDI TEKNIK INFORMATIKA
Jl. Raya Tlogomas 246 Malang 65144 Telp. 0341 - 464318 Ext. 247, Fax. 0341 - 460782
FORM CEK PLAGIARISME LAPORAN TUGAS AKHIR
Nama Mahasiswa : Edi H. Kalabo
NIM : 201410370311270
Judul TA : Analisa Performa Intrusion Detection System (IDS) Snort Dan
Suricata Terhadap Serangan TCP SYN Flood
Hasil Cek Plagiarisme dengan Turnitin
No. Komponen Pengecekan Nilai Maksimal
Plagiarisme (%)
Hasil Cek Plagiarisme
(%) *
1. Bab 1 – Pendahuluan 10 % 14%
2. Bab 2 – Daftar Pustaka 25 % 10%
3. Bab 3 – Analisis dan Perancangan 25 % 18%
4. Bab 4 – Implementasi dan Pengujian 15 % 12%
5. Bab 5 – Kesimpulan dan Saran 5 % 2%
6. Makalah Tugas Akhir 20% 11%
Mengetahui,
Dosen Pembimbing
(Syaifuddin, S.Kom., M.Kom.)
*) Hasil cek plagiarism bisa diisikkan oleh salah satu pembimbing
