{"title":"集成低交互蜜罐和ELK堆栈作为服务器攻击检测系统","authors":"F. S. Mukti, R. Sukmawan","doi":"10.17933/jppi.v11i1.336","DOIUrl":null,"url":null,"abstract":"The high need for information technology that can be accessed anywhere and anytime indirectly opens a big opportunity for irresponsible parties to attack and destroy the system. The server farm is one of the targets most hunted by attackers, intending to damage, and even retrieving victim data. One of the efforts to deal with this problem is to add server security by using honeypot. The existence of a honeypot is one of the efforts to prevent system hacking by creating a fake server to divert attackers access. In its application, the logs generated from the honeypot are only letters and numbers, making it difficult to analyze the logs. It became a problem it will being a lot of log data being processed. To make it easier for administrators in analyzing logs, a visualization system using the ELK Stack is proposed. Honeypot and ELK Stack integration can be a security system solution in detecting attacks while providing visualization to administrators. Five testing schemes were carried out to provide a comparative study between the low interaction honeypot Cowrie and Dionaea. Cowrie delivers a better performance detection system (real-time) compared to the detection system offered by Dionaea, and the average delay time is 3.75 seconds, while ELK managed to provide better monitoring results to administrators through its visualization.","PeriodicalId":31332,"journal":{"name":"Jurnal Penelitian Pos dan Informatika","volume":" ","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2021-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Integration of Low Interaction Honeypot and ELK Stack as Attack Detection Systems on Servers\",\"authors\":\"F. S. Mukti, R. Sukmawan\",\"doi\":\"10.17933/jppi.v11i1.336\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The high need for information technology that can be accessed anywhere and anytime indirectly opens a big opportunity for irresponsible parties to attack and destroy the system. The server farm is one of the targets most hunted by attackers, intending to damage, and even retrieving victim data. One of the efforts to deal with this problem is to add server security by using honeypot. The existence of a honeypot is one of the efforts to prevent system hacking by creating a fake server to divert attackers access. In its application, the logs generated from the honeypot are only letters and numbers, making it difficult to analyze the logs. It became a problem it will being a lot of log data being processed. To make it easier for administrators in analyzing logs, a visualization system using the ELK Stack is proposed. Honeypot and ELK Stack integration can be a security system solution in detecting attacks while providing visualization to administrators. Five testing schemes were carried out to provide a comparative study between the low interaction honeypot Cowrie and Dionaea. Cowrie delivers a better performance detection system (real-time) compared to the detection system offered by Dionaea, and the average delay time is 3.75 seconds, while ELK managed to provide better monitoring results to administrators through its visualization.\",\"PeriodicalId\":31332,\"journal\":{\"name\":\"Jurnal Penelitian Pos dan Informatika\",\"volume\":\" \",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-11-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Jurnal Penelitian Pos dan Informatika\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.17933/jppi.v11i1.336\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Jurnal Penelitian Pos dan Informatika","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17933/jppi.v11i1.336","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Integration of Low Interaction Honeypot and ELK Stack as Attack Detection Systems on Servers
The high need for information technology that can be accessed anywhere and anytime indirectly opens a big opportunity for irresponsible parties to attack and destroy the system. The server farm is one of the targets most hunted by attackers, intending to damage, and even retrieving victim data. One of the efforts to deal with this problem is to add server security by using honeypot. The existence of a honeypot is one of the efforts to prevent system hacking by creating a fake server to divert attackers access. In its application, the logs generated from the honeypot are only letters and numbers, making it difficult to analyze the logs. It became a problem it will being a lot of log data being processed. To make it easier for administrators in analyzing logs, a visualization system using the ELK Stack is proposed. Honeypot and ELK Stack integration can be a security system solution in detecting attacks while providing visualization to administrators. Five testing schemes were carried out to provide a comparative study between the low interaction honeypot Cowrie and Dionaea. Cowrie delivers a better performance detection system (real-time) compared to the detection system offered by Dionaea, and the average delay time is 3.75 seconds, while ELK managed to provide better monitoring results to administrators through its visualization.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
