Enhancing Network Security Through Real-Time Threat Detection with Intrusion Prevention System (Case Study on Web Attack)

Rahmawati, Tia and Karna, Nyoman and Shin, Soo Young and Putra, Made Adi Paramartha (2025) Enhancing Network Security Through Real-Time Threat Detection with Intrusion Prevention System (Case Study on Web Attack). Jurnal Ilmiah Teknik Elektro Komputer dan Informatika (JITEKI), 10 (4). pp. 1004-1020.

[thumbnail of 25-Enhancing Network Security Through Real-Time Threat Detection with Intrusion Prevention System (Case Study on Web Attack).pdf] Text
25-Enhancing Network Security Through Real-Time Threat Detection with Intrusion Prevention System (Case Study on Web Attack).pdf
Download (1MB)

Abstract

Cyberattacks on government websites in Indonesia have been steadily increasing, with over 109 million incidents recorded in 2023 by the National Cyber Security Operations Center (BSSN). A Netcraft survey revealed that more than one billion websites globally face similar threats, highlighting the urgent need for improved security measures, especially given infrastructure limitations and inadequate security implementations. Approximately 51% of Micro, Small, and Medium Enterprises in Indonesia reported experiencing web attacks, with 95% stating that these attacks severely disrupted their operations. This study implements a Suricata-based Intrusion Prevention System (IPS) to protect web servers from attacks such as SQL Injection, XSS, and command injection. Suricata monitors network traffic and blocks threats in real time. Detection logs in JSON format are managed through Filebeat, processed by Logstash, stored in Elasticsearch, and visualized using Kibana. The key contribution of this research lies in designing a comprehensive set of rules and integrating all components into a single Docker container, streamlining the deployment process. Testing confirmed that the designed rules effectively detect and block attack payloads by leveraging a rule structure in suricata and nfqueue capable of identifying all suspicious traffic. The novelty of this research lies in deploying a fully operational real-time security system on low-resource computers, demonstrating effective threat management under constrained conditions.

Item Type: Artikel Umum
Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering
Divisi / Prodi: Faculty of Industrial Technology (Fakultas Teknologi Industri) > S1-Electrical Engineering (S1-Teknik Elektro)
Depositing User: M.Eng. Alfian Ma'arif
Date Deposited: 21 Feb 2025 07:24
Last Modified: 21 Feb 2025 07:24
URI: http://eprints.uad.ac.id/id/eprint/82033

Actions (login required)

View Item View Item