Integration of Low Interaction Honeypot and ELK Stack as Attack Detection Systems on Servers

Article Sidebar

Published: Nov 30, 2021
DOI: https://doi.org/10.17933/jppi.v11i1.336
Keywords:
server, attack detection, honeypot, cowrie, dionaea, elk stack
Dimensions
Altmetrics
Statistics
Read Counter : 971
Crossmark/ Data Version

Main Article Content

Fransiska Sisilia Mukti
Institut Teknologi dan Bisnis Asia Malang
R. Muhammad Sukmawan
Institut Teknologi dan Bisnis Asia Malang

Abstract

The high need for information technology that can be accessed anywhere and anytime indirectly opens a big opportunity for irresponsible parties to attack and destroy the system. The server farm is one of the targets most hunted by attackers, intending to damage, and even retrieving victim data. One of the efforts to deal with this problem is to add server security by using honeypot. The existence of a honeypot is one of the efforts to prevent system hacking by creating a fake server to divert attackers access. In its application, the logs generated from the honeypot are only letters and numbers, making it difficult to analyze the logs. It became a problem it will being a lot of log data being processed. To make it easier for administrators in analyzing logs, a visualization system using the ELK Stack is proposed. Honeypot and ELK Stack integration can be a security system solution in detecting attacks while providing visualization to administrators. Five testing schemes were carried out to provide a comparative study between the low interaction honeypot Cowrie and Dionaea. Cowrie delivers a better performance detection system (real-time) compared to the detection system offered by Dionaea, and the average delay time is 3.75 seconds, while ELK managed to provide better monitoring results to administrators through its visualization.

Article Details

Issue
Vol. 11 No. 1 (2021): September 2021
Section
Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

JPPI provides immediate open access to its content on the principle that making research freely available to the public to supports a greater global exchange of knowledge.


Creative Commons License
JPPI by MCIT/Kemenkominfo is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at https://kominfo.go.id/.

References

Agustino, D. P., Priyoatmojo, Y., & Safitri, N. W. W. (2017). Implementasi Honeypot Sebagai Pendeteksi Serangan dan Melindungi Layanan Cloud Computing. Konferensi Nasional Sistem & Informatika, 196–201.

Arifin, M. N., Sugiartowo, & Susilowati, E. (2018). Desain dan Implementasi Log Event Management Server Menggunakan Elasticsearch Logstash Kibana (ELK STACK). Seminar Nasional Sains Dan Teknologi, 1–7. https://doi.org/2460 – 8416

Arkaan, N., & Sakti, D. V. S. Y. (2019). Implementasi Low Interaction Honeypot Untuk Peningkatan Keamanan dan Analisa Serangan pada Protokol SSH. Jurnal Nasional Teknologi Dan Sistem Informasi, 5(2), 112–120. https://doi.org/10.25077/teknosi.v5i2.2019.112-120

Cahyanto, T. A., Oktavianto, H., & Royan, A. W. (2016). Analisis Dan Implementasi Honeypot Menggunakan Dionaea Sebagai Penunjang Keamanan Jaringan. Jurnal Sistem Dan Teknologi Informasi Indonesia, 1(2), 86–92. https://doi.org/10.1017/CBO9781107415324.004

Cisco. (n.d.). Snort - Network Intrusion Detection & Prevention System. Retrieved November 20, 2020, from https://www.snort.org

Dawson, C. W. (2009). Projects in Computing and Information Systems. In Information Systems Journal (Vol. 2).

Elasticsearch B.V. (2020). What is the ELK Stack? https://www.elastic.co/what-is/elk-stack

Livshitz, I. (2020). What’s the Difference Between a High Interaction Honeypot and a Low Interaction Honeypot? https://www.guardicore.com/2019/1/high-interaction-honeypot-versus-low-interaction-honeypot/

Mardiyanto, B., Indriyani, T., Suartana, I. M., & Kunci, K. (2016). Analisis Dan Implementasi Honeypot Dalam Mendeteksi Serangan Distributed Denial-Of-Services (DDOS) Pada Jaringan Wireless. Integer Journal, 1(2), 32–42.

Mukti, F. S. (2019). Studi Komparatif Empat Model Propagasi Empiris Dalam Ruangan untuk Jaringan Nirkabel Kampus. Jurnal Teknologi Dan Sistem Komputer, 7(4), 154–160. https://doi.org/10.14710/jtsiskom.7.4.2019.154-160

Nawrocki, M., Wählisch, M., Schmidt, T. C., Keil, C., & Schönfelder, J. (2016). A Survey on Honeypot Software and Data Analysis. http://arxiv.org/abs/1608.06249

Oosterhof, M. (n.d.). Cowrie Honeypot. Retrieved November 20, 2020, from https://github.com/cowrie/cowrie

Project, C. (n.d.). Dionaea Honeypot. Retrieved November 20, 2020, from http://dionaea.carnivore.it/

Putra, Y. S., Indriastuti, M. T., & Mukti, F. S. (2020). Optimalisasi Nilai Throughput Jaringan Laboratorium Menggunakan Metode Hierarchical Token Bucket (Studi Kasus: Stmik Asia Malang). Network Engineering Research Operation, 5(2), 83. https://doi.org/10.21107/nero.v5i2.161

Romadhan, I. A., Syaifudin, & Akbi, D. R. (2020). Implementasi Multiple Honeypot Dengan Rasberry Pi Dan Visualisasi Log Honeypot Menggunakan Elk Stack. REPOSITOR, 2(4), 20.

S, A. K., Bandyopadhyay, A., Bhoomika, H., Singhania, I., & Shah, K. (2018). Analysis of Network Traffic and Security through Log Aggregation. International Journal of Computer Science and Information Security (IJCSIS), 16(6), 124–131.

Sukardi. (2013). Metodologi Penelitian Pendidikan. Bumi Aksara.

Tambunan, B., Raharjo, W. S., & Purwadi, J. (2013). Desain dan Implementasi Honeypot dengan Fwsnort dan PSAD sebagai Intrusion Prevention System. Jurnal ULTIMA Computing, 5(1), 1–7. https://doi.org/10.31937/sk.v5i1.283