Implementasi Sistem Deteksi Ransomware Menggunakan Deep Packet Inspection pada Layanan SMK Negeri 1 Palembang

Dio Azmi Saputra; Stiawan Deris; Sutabri Tata

doi:10.31004/ijmst.v1i2.142

Authors

Dio Azmi Saputra Magister Informatika, Universitas Bina Darma
Stiawan Deris Sistem Komputer, Universitas Sriwijaya
Sutabri Tata Magister Informatika, Universitas Bina Darma

DOI:

https://doi.org/10.31004/ijmst.v1i2.142

Keywords:

Deep Packet Inspection, Intrusion Detection System, Ransomware, WannaCry

Abstract

Sistem deteksi adalah salah satu teknik untuk mendeteksi dan memberikan alarm bahwa adanya ancaman Malware bagi setiap perusahaan di indonesia. Sistem deteksi serangan Malware bertujuan untuk mendeteksi dan memberikan alarm agar sistem berfungsi secara optimal. Serangan Ransomware dapat menghentikan proses transaksi serta fungsi website SMK Negeri 1 Palembang dan memberikan dampak negatif bagi nasabah SMK Negeri 1 Palembang. Deep Packet Inspection (DPI) adalah sebuah metode untuk mendeteksi anomali berupa serangan Ransomware yang terjadi pada jaringan enterprise SMK Negeri 1 Palembang. Serangan yang dideteksi oleh DPI berupa serangan Ransomware WannaCry yang dilakukan oleh attacker untuk mendapatkan akses ke file yang ada di client maupun server. Pola serangan paket Ransomware Wannacry pada SMK Negeri 1 Palembang dapat dikenali dengan beberapa parameter seperti, Protocol, Source Port, Destination Port, TLSv, serta JA3 yang digunakan.

References

Al-Hisnawi, M., & Ahmadi, M. (2017). Deep packet inspection using Cuckoo filter. 2017 Annual Conference on New Trends in Information and Communications Technology Applications, NTICT 2017, October 2019, 197–202. https://doi.org/10.1109/NTICT.2017.7976111

Cheng, R., & Watson, G. (2018). D 2 PI : Identifying Malware through Deep Packet Inspection with Deep Learning.

Ferdiansyah. (2018). Analisis Aktivitas Dan Pola Jaringan Terhadap Eternal Blue Dan Wannacry Ransomware. JUSIFO (Jurnal Sistem Informasi), 2(1), 44–59. http://eprints.binadarma.ac.id/3873/1/Ferdiansyah-Analisis Aktivitas dan Pola Jaringan Terhadap Eternal Blue dan Wannacry Ransomware.pdf

Grant, L., & Parkinson, S. (2018). Identifying File Interaction Patterns in Ransomware Behaviour. September, 317–335. https://doi.org/10.1007/978-3-319-92624-7_14

Jatti, S. A. V., & Kishor Sontif, V. J. K. (2019). Intrusion detection systems. International Journal of Recent Technology and Engineering, 8(2 Special Issue 11), 3976–3983. https://doi.org/10.35940/ijrte.B1540.0982S1119

Kiru, M. U., & Jantan, A. (2020). Ransomware Evolution: Solving Ransomware Attack Challenges. The Evolution of Business in the Cyber Age, January, 193–229. https://doi.org/10.1201/9780429276484-9

Kolodenker, E., Koch, W., Stringhini, G., & Egele, M. (2017). PayBreak : Defense against cryptographic ransomware. ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security, 599–611. https://doi.org/10.1145/3052973.3053035

O.Imaji, A. (2019). Ransomware Attacks : Critical Analysis , Threats , and Prevention methods. March, 1–32.

Rodrigues, G. A. P., de Oliveira Albuquerque, R., de Deus, F. E. G., de Sousa, R. T., de Oliveira Júnior, G. A., Villalba, L. J. G., & Kim, T. H. (2017). Cybersecurity and network forensics: Analysis of malicious traffic towards a honeynet with deep packet inspection. Applied Sciences (Switzerland), 7(10), 1–29. https://doi.org/10.3390/app7101082

Saad Hafeez B.Eng., T. I. U. of B., & A. (2017). Deep Packet Inspection using Snort. Deep Packet Inspection Using Snort, 24. http://on-demand.gputechconf.com/gtc/2017/presentation/s7468-wenji-wu-network-traffic-analysis-using-gpus.pdf

Salim, T., Valianta, S. A., & Stiawan, D. (2016). Klasifikasi Trafik Terenkripsi Menggunakan Metode Deep Packet Inspection (Dpi). 2(1), 424–429. http://ars.ilkom.unsri.ac.id

Sikos, L. F. (2020). Packet analysis for network forensics: A comprehensive survey. Forensic Science International: Digital Investigation, 32, 200892. https://doi.org/10.1016/j.fsidi.2019.200892

Velea, R., & Margarit, L. (2017). Network Traffic Anomaly Detection Using Shallow Packet Inspection and Parallel K-means Data Clustering. December. https://doi.org/10.24846/v26i4y201702

Winanto, E. A., Heryanto, A., & Stiawan, D. (2016). Visualisasi Serangan Remote to Local ( R2L ) Dengan Clustering K-Means. Annual Research Seminar 2016, 2(1), 359–362.

Xu, C., Chen, S., Su, J., Yiu, S. M., & Hui, L. C. K. (2016). A Survey on Regular Expression Matching for Deep Packet Inspection: Applications, Algorithms, and Hardware Platforms. IEEE Communications Surveys and Tutorials, 18(4), 2991–3029. https://doi.org/10.1109/COMST.2016.2566669