Pola Pengelompokan dan Pencegahan Public Honeypot menggunakan Teknik K-Means dan Automation Shell-Script

HILLMAN AKHYAR DAMANIK; MERRY ANGGRAENI

doi:10.26760/elkomika.v12i1.65

Jurnal Elkomika (Jan 2024)

Pola Pengelompokan dan Pencegahan Public Honeypot menggunakan Teknik K-Means dan Automation Shell-Script

HILLMAN AKHYAR DAMANIK,
MERRY ANGGRAENI

Affiliations

HILLMAN AKHYAR DAMANIK: Universitas Budi Luhur
MERRY ANGGRAENI: Universitas Budi Luhur

DOI: https://doi.org/10.26760/elkomika.v12i1.65
Journal volume & issue: Vol. 12, no. 1

Abstract

Read online

ABSTRAK Makalah ini mengimplementasikan sistem log honeypot untuk menganalisis eksploitasi dari global internet berupa kategori serangan Statistical Traffic Analysis, Top Targeted Attack Sources and Destination, Penetration Analysis dan Infection Pattern Analysis serta Intrusion Detection System (IDS). Pengelompokan level kategori serangan adalah low, medium, dan high, dengan Teknik K-Means dan menerapkan rule filtering IPTables Automation yang digunakan untuk teknik mitigasi pada perangkat farm server dan virtual router public. Hasil attribute yang di cluster mendapatkan jumlah kuadrat jarak cluster ke pusat cluster terdekat, ditimbang dengan bobot nilai Î¼i dan persentase jumlah serangan sebesar 64% untuk kategori High, 36% medium dan Low dengan jumlah tahapan clustering sebanyak 3 tahapan iterasi untuk mendapatkan cluster yang sesuai. Iterasi hasil Rule Firewall IPTables, untuk perangkat vRouter menghasilkan history beban kerja CPU berkurang menjadi 28%, dan memory 39%. vFarm Server menunjukkan beban kerja CPU pada masing-masing vServer berkurang menjadi 43% dan Memory (RAM) menjadi menjadi 21%. Kata kunci: Machine Learning, Cyber Security, Honeypot, K-Means, Firewall IPTables Â ABSTRACT This paper implements a honeypot log system to analyze exploitation of the global internet in the form of Statistical Traffic Analysis attack categories, Top Targeted Attack Sources and Destinations, Penetration Analysis and Infection Pattern Analysis and Intrusion Detection System (IDS). The grouping of attack category levels is low, medium, and high, using the K-Means technique and applying the IPTables Automation filtering rule used for mitigation techniques on server farm devices and public virtual router. The results of the clustering attribute get the mean of the squares of the cluster distance to the nearest cluster center, weighted by the weight of the Î¼i value and the percentage of the number of attacks is 64% for the High, 36% medium and Low with a number of clustering stages of 3 iteration stages to get the appropriate cluster. Iteration of the results of the IPTables Firewall Rule, for vRouter devices, results in a history of CPU workload being reduced to 28%, and memory to 39%. vFarm Server shows the CPU workload on each vServer is reduced to 43% and RAM to 21%. Keywords: Machine Learning, Cyber Security, Honeypot, K-Means, Firewall IPTables

Published in Jurnal Elkomika

ISSN: 2338-8323 (Print); 2459-9638 (Online)
Publisher: Teknik Elektro Institut Teknologi Nasional Bandung
Country of publisher: Indonesia
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: http://ejurnal.itenas.ac.id/index.php/elkomika

About the journal