Analisis Sistem Mitigasi DDoS Menggunakan Entropy Pada ...
Transcript of Analisis Sistem Mitigasi DDoS Menggunakan Entropy Pada ...
Analisis Sistem Mitigasi DDoS Menggunakan Entropy Pada
Jaringan Honeypot - Software Defined Network (SDN)
TUGAS AKHIR
Diajukan Untuk Memenuhi
Persyaratan Guna Meraih Gelar Sarjana
Informatika Universitas Muhammadiyah Malang
IRMAWATI FEREN KILWALAGA
201610370311143
Jaringan
PROGRAM STUDI INFORMATIKA
FAKULTAS TEKNIK
UNIVERSITAS MUHAMMADIYAH MALANG
2020
i
ii
iii
vii
KATA PENGANTAR
Dengan memanjatkan puji syukur kehadirat Allah SWT. Atas limpahan
rahmat dan hidayah-NYA sehingga peneliti dapat menyelesaikan tugas akhir yang
berjudul
“ANALISIS SISTEM MITIGASI DDOS MENGGUNAKAN
ENTROPY PADA JARINGAN HONEYPOT – SOFTWARE
DEFINED NETWORK (SDN)”
Di dalam tulisan ini disajikan pokok-pokok bahasan yang meliputi
penjelasan terkait penelitian-penelitian terdahulu, metode yang digunakan, deteksi
dan mitigasi untuk serangan DDoS tipe ICMP Flood.
Penulis menyadari sepenuhnya bahwa dalam penulisan tugas akhir ini masih
banyak kekurangan dan keterbatasan. Oleh karena itu peneliti mengharapkan saran
yang membangun agar tulisan ini bermanfaat bagi perkembangan ilmu
pengetahuan.
Malang, 20 Juni 2020
Penulis
viii
DAFTAR ISI
HALAMAN JUDUL
LEMBAR PERSETUJUAN ...................................................................................i
LEMBAR PENGESAHAN .................................................................................. ii
LEMBAR PERNYATAAN ................................................................................. iii
ABSTRAK .............................................................................................................iv
ABSTRACT ............................................................................................................ v
LEMBAR PERSEMBAHAN .............................................................................. vi
KATA PENGANTAR ......................................................................................... vii
DAFTAR ISI ....................................................................................................... viii
DAFTAR GAMBAR .............................................................................................. x
DAFTAR TABEL..................................................................................................xi
BAB I PENDAHULUAN ....................................................................................... 1
1. 1. Latar Belakang .................................................................................... 1
1. 2. Rumusan Masalah ............................................................................... 3
1. 3. Tujuan Penelitian ................................................................................ 3
1. 4. Batasan Masalah ................................................................................. 3
BAB II TINJAUAN PUSTAKA ............................................................................ 5
2.1. Tinjauan Pustaka ................................................................................. 5
2.2. Software Defined Network ................................................................. 6
2.3. Open Flow .......................................................................................... 7
2.4. Ryu Controller .................................................................................... 8
2.5. Modern Honey Network ..................................................................... 8
2.6. Suricata ......................................................................................... 8
2.7. Mikrotik ......................................................................................... 9
2.8. Scapy .......................................................................................... 9
2.9. TCPReplay .......................................................................................... 9
2.10. Distributed Denial of Service (DDoS) ............................................... 9
2.10.1. ICMP Flood ............................................................................ 10
2.11. Wireshark ........................................................................................ 11
2.12. Entropy ........................................................................................ 11
BAB III METODOLOGI PENELITIAN .......................................................... 12
ix
3.1 Rancangan Arsitektur Jaringan ......................................................... 12
3.2 Rancangan Sistem ............................................................................. 13
3.2.1 Kebutuhan Perangkat Keras dan Perangkat Lunak ................ 13
3.2.2 Entropy .................................................................................... 14
3.2.3 Rancangan Generate Paket ..................................................... 15
3.2.4 Rancangan Deteksi DDoS ...................................................... 15
3.2.5 Rancangan Mitigasi DDoS ..................................................... 16
3.3 Skenario Pengujian ........................................................................... 20
BAB IV HASIL DAN PEMBAHASAN..............................................................23
4.1. Implementasi Pengujian .................................................................... 23
4.2. Analisis Hasil Pengujian ................................................................... 27
4.2.1 Nilai Entropy .......................................................................... 27
4.2.2 Rata-rata CPU Usage .............................................................. 28
4.2.3 Waktu Flow Mitigasi Terinstall ............................................. 30
BAB V PENUTUP ................................................................................................ 31
5.1 Kesimpulan ....................................................................................... 31
5.2 Saran ................................................................................................ 31
DAFTAR PUSTAKA ........................................................................................... 32
LAMPIRAN .......................................................................................................... 35
x
DAFTAR GAMBAR
Gambar 2.1. SDN Arsitektur Layer ........................................................................ 6
Gambar 2.2. Komponen Open Flow ........................................................................ 7
Gambar 2.3. Alur ICMP Flood .............................................................................. 10
Gambar 3.1. Topologi Jaringan .............................................................................. 12
Gambar 3.2. Block Diagram Switch SDN ............................................................. 16
Gambar 3.3. Block Diagram Controller SDN ........................................................ 17
Gambar 3.3. Block Diagram MHN SDN ............................................................... 17
Gambar 4.1. Menjalankan Controller..................................................................... 23
Gambar 4.2. Packet DDoS ..................................................................................... 23
Gambar 4.3. Packet Normal ................................................................................... 24
Gambar 4.4. Seleksi ICMP Request ....................................................................... 24
Gambar 4.5. Pengiriman Serangan......................................................................... 24
Gambar 4.6. Waktu Awal Serangan ...................................................................... 25
Gambar 4.7. Script attack.py .................................................................................. 25
Gambar 4.8 Menjalankan Entropy ......................................................................... 26
Gambar 3.9. Hasil Flow Print ................................................................................ 26
Gambar 4.10. Flow Mod ........................................................................................ 27
Gambar 4.11. Menjalankan CPU Usage ................................................................ 27
xi
DAFTAR TABEL
Tabel 3.1. Spesifikasi Perangkat Keras...................................................................... 14
Tabel 3.2. Spesifikasi Perangkat Lunak ................................................................. 14
Tabel 3.3. Contoh Data Normal dan DDoS Dari MHN ......................................... 18
Tabel 3.4. Komponen flow rule Untuk Block Serangan ........................................ 19
Tabel 3.5. Nilai Entropy ......................................................................................... 20
Tabel 3.6. CPU Usage (Normal) ............................................................................ 21
Tabel 3.7. CPU Usage (DDoS) .............................................................................. 21
Tabel 3.8. Waktu flow Mitigasi Terinstall ............................................................. 21
Tabel 4.1. Hasil Entropy ........................................................................................ 28
Tabel 4.2. CPU Usage (Normal) ............................................................................ 29
Tabel 4.3. CPU Usage (DDoS) .............................................................................. 29
Tabel 4.3. Waktu flow Mitigasi Terinstall ............................................................. 30
32
DAFTAR PUSTAKA
[1] A. Collaguazo Jaramillo, R. Alcivar, J. Pesantez, and R. Ponguillo, “Cost
Effective test-bed for Comparison of SDN Network and Traditional
Network,” 2018 IEEE 37th Int. Perform. Comput. Commun. Conf. IPCCC
2018, pp. 1–2, 2019.
[2] R. M. Thomas and D. James, “DDOS detection and denial using third party
application in SDN,” 2017 Int. Conf. Energy, Commun. Data Anal. Soft
Comput. ICECDS 2017, pp. 3892–3897, 2018.
[3] V. Deepa, K. M. Sudar, and P. Deepalakshmi, “Detection of DDoS Attack on
SDN Control plane using Hybrid Machine Learning Techniques,” 2018 Int.
Conf. Smart Syst. Inven. Technol., no. Icssit, pp. 299–303, 2019.
[4] S. Gangadhara, S. N. Hasyagar, and U. Damotharan, “Deployable SDN
architecture for network applications: An investigative survey,” 2019 5th Int.
Conf. Adv. Comput. Commun. Syst. ICACCS 2019, pp. 43–49, 2019.
[5] N. I. G. Dharma, M. F. Muthohar, J. D. A. Prayuda, K. Priagung, and D. Choi,
“Time-based DDoS detection and mitigation for SDN controller,” 17th Asia-
Pacific Netw. Oper. Manag. Symp. Manag. a Very Connect. World, APNOMS
2015, pp. 550–553, 2015.
[6] N. Bhagat and B. Arora, “Intrusion detection using honeypots,” PDGC 2018
- 2018 5th Int. Conf. Parallel, Distrib. Grid Comput., pp. 412–417, 2018.
[7] P. A. Pandire and V. B. Gaikwad, “Attack Detection in Cloud Virtual
Environment and Prevention Using Honeypot,” Proc. Int. Conf. Inven. Res.
Comput. Appl. ICIRCA 2018, no. Icirca, pp. 515–520, 2018.
[8] N. Agrawal and S. Tapaswi, “The Performance Analysis of Honeypot Based
Intrusion Detection System for Wireless Network,” Int. J. Wirel. Inf.
Networks, vol. 24, no. 1, pp. 14–26, 2017.
[9] S. Kyung et al., “HoneyProxy: Design and implementation of next-generation
honeynet via SDN,” 2017 IEEE Conf. Commun. Netw. Secur. CNS 2017, vol.
2017-January, no. October, pp. 1–9, 2017
[10] Brady Sullivan, "Suricata Sensor - Deployment." [Online]. Available:
https://github.com/pwnlandia/mhn/wiki/Suricata-Sensor. [Accessed: 26-
33
March-2020].
[11] H. Wafi, A. Fiade, N. Hakiem, and R. B. Bahaweres, “Implementation of a
modern security systems honeypot Honey Network on wireless networks,”
Proc. - 2017 Int. Young Eng. Forum, YEF-ECE 2017, pp. 91–96, 2017.
[12] S. M. Mousavi and M. St-Hilaire, “Early detection of DDoS attacks against
SDN controllers,” 2015 Int. Conf. Comput. Netw. Commun. ICNC 2015, pp.
77–81, 2015.
[13] M. Dave, “Defending DDoS against Software Defined Networks using
Entropy,” 2019 4th Int. Conf. Internet Things Smart Innov. Usages, pp. 1–5,
2019.
[14] W. Li, W. Meng, and L. F. Kwok, “A survey on OpenFlow-based Software
Defined Networks: Security challenges and countermeasures,” J. Netw.
Comput. Appl., vol. 68, no. October 2018, pp. 126–139, 2016.
[15] Admin, "RYU SDN Framework - Build SDN Agilely." [Online]. Available:
https://osrg.github.io/ryu/. [Accessed: 26-March-2020].
[16] Admin, "Mikrotik ." [Online]. Available: https://mikrotik.com/. [Accessed:
26-March-2020].
[17] Philippe Biondi, "Scapy - Introduction." [Online]. Available:
https://scapy.net/. [Accessed: 26-March-2020].
[18] Fred Klassen, "TCPReplay - Pcap Editing and Replaying Utilities." [Online].
Available: https://tcpreplay.appneta.com/. [Accessed: 26-March-2020].
[19] R. Yan, G. Xu, and X. J. Qin, “Detect and identify DDoS attacks from flash
crowd based on self-similarity and Renyi entropy,” Proc. - 2017 Chinese
Autom. Congr. CAC 2017, vol. 2017-Janua, pp. 7188–7194, 2017.
[20] A. Koay, A. Chen, I. Welch, and W. K. G. Seah, “A new multi classifier
system using entropy-based features in DDoS attack detection,” Int. Conf. Inf.
Netw., vol. 2018-January, pp. 162–167, 2018.
[21] S. Daneshgadeh, T. Ahmed, T. Kemmerich, and N. Baykal, “Detection of
DDoS Attacks and Flash Events Using Shannon Entropy, KOAD and
Mahalanobis Distance,” Proc. 2019 22nd Conf. Innov. Clouds, Internet
Networks Work. ICIN 2019, pp. 222–229, 2019.
[22] H. Harshita, “Detection and Prevention of ICMP Flood DDOS Attack,” Int.
34
J. New Technol. Res., vol. 3, no. 3, p. 263333, 2017.
[23] R. Wang, Z. Jia, and L. Ju, “An entropy-based distributed DDoS detection
mechanism in software-defined networking,” Proc. - 14th IEEE Int. Conf.
Trust. Secur. Priv. Comput. Commun. Trust. 2015, vol. 1, pp. 310–317, 2015.
[24] I R. Divyasree and K. Selvamani “Detection of High-Rate Distributed Denial
of Service Attack using Entropy Metrics in Cloud Computing Environment,”
pp. 53–59, 2018.
[25] L. Ertaul, K. Venkatachalam, and N. Star, “Security of Software Defined
Networks ( SDN ),” ICWN’17 - 16th Int’l Conf Wirel. Networks, pp. 24–30,
2017.