Analisis Sistem Mitigasi DDoS Menggunakan Entropy Pada

Jaringan Honeypot - Software Defined Network (SDN)

TUGAS AKHIR

Diajukan Untuk Memenuhi

Persyaratan Guna Meraih Gelar Sarjana

Informatika Universitas Muhammadiyah Malang

IRMAWATI FEREN KILWALAGA

201610370311143

Jaringan

PROGRAM STUDI INFORMATIKA

FAKULTAS TEKNIK

UNIVERSITAS MUHAMMADIYAH MALANG

2020

i

ii

iii

vii

KATA PENGANTAR

Dengan memanjatkan puji syukur kehadirat Allah SWT. Atas limpahan

rahmat dan hidayah-NYA sehingga peneliti dapat menyelesaikan tugas akhir yang

berjudul

“ANALISIS SISTEM MITIGASI DDOS MENGGUNAKAN

ENTROPY PADA JARINGAN HONEYPOT – SOFTWARE

DEFINED NETWORK (SDN)”

Di dalam tulisan ini disajikan pokok-pokok bahasan yang meliputi

penjelasan terkait penelitian-penelitian terdahulu, metode yang digunakan, deteksi

dan mitigasi untuk serangan DDoS tipe ICMP Flood.

Penulis menyadari sepenuhnya bahwa dalam penulisan tugas akhir ini masih

banyak kekurangan dan keterbatasan. Oleh karena itu peneliti mengharapkan saran

yang membangun agar tulisan ini bermanfaat bagi perkembangan ilmu

pengetahuan.

Malang, 20 Juni 2020

Penulis

viii

DAFTAR ISI

HALAMAN JUDUL

LEMBAR PERSETUJUAN ...................................................................................i

LEMBAR PENGESAHAN .................................................................................. ii

LEMBAR PERNYATAAN ................................................................................. iii

ABSTRAK .............................................................................................................iv

ABSTRACT ............................................................................................................ v

LEMBAR PERSEMBAHAN .............................................................................. vi

KATA PENGANTAR ......................................................................................... vii

DAFTAR ISI ....................................................................................................... viii

DAFTAR GAMBAR .............................................................................................. x

DAFTAR TABEL..................................................................................................xi

BAB I PENDAHULUAN ....................................................................................... 1

1. 1. Latar Belakang .................................................................................... 1

1. 2. Rumusan Masalah ............................................................................... 3

1. 3. Tujuan Penelitian ................................................................................ 3

1. 4. Batasan Masalah ................................................................................. 3

BAB II TINJAUAN PUSTAKA ............................................................................ 5

2.1. Tinjauan Pustaka ................................................................................. 5

2.2. Software Defined Network ................................................................. 6

2.3. Open Flow .......................................................................................... 7

2.4. Ryu Controller .................................................................................... 8

2.5. Modern Honey Network ..................................................................... 8

2.6. Suricata ......................................................................................... 8

2.7. Mikrotik ......................................................................................... 9

2.8. Scapy .......................................................................................... 9

2.9. TCPReplay .......................................................................................... 9

2.10. Distributed Denial of Service (DDoS) ............................................... 9

2.10.1. ICMP Flood ............................................................................ 10

2.11. Wireshark ........................................................................................ 11

2.12. Entropy ........................................................................................ 11

BAB III METODOLOGI PENELITIAN .......................................................... 12

ix

3.1 Rancangan Arsitektur Jaringan ......................................................... 12

3.2 Rancangan Sistem ............................................................................. 13

3.2.1 Kebutuhan Perangkat Keras dan Perangkat Lunak ................ 13

3.2.2 Entropy .................................................................................... 14

3.2.3 Rancangan Generate Paket ..................................................... 15

3.2.4 Rancangan Deteksi DDoS ...................................................... 15

3.2.5 Rancangan Mitigasi DDoS ..................................................... 16

3.3 Skenario Pengujian ........................................................................... 20

BAB IV HASIL DAN PEMBAHASAN..............................................................23

4.1. Implementasi Pengujian .................................................................... 23

4.2. Analisis Hasil Pengujian ................................................................... 27

4.2.1 Nilai Entropy .......................................................................... 27

4.2.2 Rata-rata CPU Usage .............................................................. 28

4.2.3 Waktu Flow Mitigasi Terinstall ............................................. 30

BAB V PENUTUP ................................................................................................ 31

5.1 Kesimpulan ....................................................................................... 31

5.2 Saran ................................................................................................ 31

DAFTAR PUSTAKA ........................................................................................... 32

LAMPIRAN .......................................................................................................... 35

x

DAFTAR GAMBAR

Gambar 2.1. SDN Arsitektur Layer ........................................................................ 6

Gambar 2.2. Komponen Open Flow ........................................................................ 7

Gambar 2.3. Alur ICMP Flood .............................................................................. 10

Gambar 3.1. Topologi Jaringan .............................................................................. 12

Gambar 3.2. Block Diagram Switch SDN ............................................................. 16

Gambar 3.3. Block Diagram Controller SDN ........................................................ 17

Gambar 3.3. Block Diagram MHN SDN ............................................................... 17

Gambar 4.1. Menjalankan Controller..................................................................... 23

Gambar 4.2. Packet DDoS ..................................................................................... 23

Gambar 4.3. Packet Normal ................................................................................... 24

Gambar 4.4. Seleksi ICMP Request ....................................................................... 24

Gambar 4.5. Pengiriman Serangan......................................................................... 24

Gambar 4.6. Waktu Awal Serangan ...................................................................... 25

Gambar 4.7. Script attack.py .................................................................................. 25

Gambar 4.8 Menjalankan Entropy ......................................................................... 26

Gambar 3.9. Hasil Flow Print ................................................................................ 26

Gambar 4.10. Flow Mod ........................................................................................ 27

Gambar 4.11. Menjalankan CPU Usage ................................................................ 27

xi

DAFTAR TABEL

Tabel 3.1. Spesifikasi Perangkat Keras...................................................................... 14

Tabel 3.2. Spesifikasi Perangkat Lunak ................................................................. 14

Tabel 3.3. Contoh Data Normal dan DDoS Dari MHN ......................................... 18

Tabel 3.4. Komponen flow rule Untuk Block Serangan ........................................ 19

Tabel 3.5. Nilai Entropy ......................................................................................... 20

Tabel 3.6. CPU Usage (Normal) ............................................................................ 21

Tabel 3.7. CPU Usage (DDoS) .............................................................................. 21

Tabel 3.8. Waktu flow Mitigasi Terinstall ............................................................. 21

Tabel 4.1. Hasil Entropy ........................................................................................ 28

Tabel 4.2. CPU Usage (Normal) ............................................................................ 29

Tabel 4.3. CPU Usage (DDoS) .............................................................................. 29

Tabel 4.3. Waktu flow Mitigasi Terinstall ............................................................. 30

32

DAFTAR PUSTAKA

[1] A. Collaguazo Jaramillo, R. Alcivar, J. Pesantez, and R. Ponguillo, “Cost

Effective test-bed for Comparison of SDN Network and Traditional

Network,” 2018 IEEE 37th Int. Perform. Comput. Commun. Conf. IPCCC

2018, pp. 1–2, 2019.

[2] R. M. Thomas and D. James, “DDOS detection and denial using third party

application in SDN,” 2017 Int. Conf. Energy, Commun. Data Anal. Soft

Comput. ICECDS 2017, pp. 3892–3897, 2018.

[3] V. Deepa, K. M. Sudar, and P. Deepalakshmi, “Detection of DDoS Attack on

SDN Control plane using Hybrid Machine Learning Techniques,” 2018 Int.

Conf. Smart Syst. Inven. Technol., no. Icssit, pp. 299–303, 2019.

[4] S. Gangadhara, S. N. Hasyagar, and U. Damotharan, “Deployable SDN

architecture for network applications: An investigative survey,” 2019 5th Int.

Conf. Adv. Comput. Commun. Syst. ICACCS 2019, pp. 43–49, 2019.

[5] N. I. G. Dharma, M. F. Muthohar, J. D. A. Prayuda, K. Priagung, and D. Choi,

“Time-based DDoS detection and mitigation for SDN controller,” 17th Asia-

Pacific Netw. Oper. Manag. Symp. Manag. a Very Connect. World, APNOMS

2015, pp. 550–553, 2015.

[6] N. Bhagat and B. Arora, “Intrusion detection using honeypots,” PDGC 2018

- 2018 5th Int. Conf. Parallel, Distrib. Grid Comput., pp. 412–417, 2018.

[7] P. A. Pandire and V. B. Gaikwad, “Attack Detection in Cloud Virtual

Environment and Prevention Using Honeypot,” Proc. Int. Conf. Inven. Res.

Comput. Appl. ICIRCA 2018, no. Icirca, pp. 515–520, 2018.

[8] N. Agrawal and S. Tapaswi, “The Performance Analysis of Honeypot Based

Intrusion Detection System for Wireless Network,” Int. J. Wirel. Inf.

Networks, vol. 24, no. 1, pp. 14–26, 2017.

[9] S. Kyung et al., “HoneyProxy: Design and implementation of next-generation

honeynet via SDN,” 2017 IEEE Conf. Commun. Netw. Secur. CNS 2017, vol.

2017-January, no. October, pp. 1–9, 2017

[10] Brady Sullivan, "Suricata Sensor - Deployment." [Online]. Available:

https://github.com/pwnlandia/mhn/wiki/Suricata-Sensor. [Accessed: 26-

33

March-2020].

[11] H. Wafi, A. Fiade, N. Hakiem, and R. B. Bahaweres, “Implementation of a

modern security systems honeypot Honey Network on wireless networks,”

Proc. - 2017 Int. Young Eng. Forum, YEF-ECE 2017, pp. 91–96, 2017.

[12] S. M. Mousavi and M. St-Hilaire, “Early detection of DDoS attacks against

SDN controllers,” 2015 Int. Conf. Comput. Netw. Commun. ICNC 2015, pp.

77–81, 2015.

[13] M. Dave, “Defending DDoS against Software Defined Networks using

Entropy,” 2019 4th Int. Conf. Internet Things Smart Innov. Usages, pp. 1–5,

2019.

[14] W. Li, W. Meng, and L. F. Kwok, “A survey on OpenFlow-based Software

Defined Networks: Security challenges and countermeasures,” J. Netw.

Comput. Appl., vol. 68, no. October 2018, pp. 126–139, 2016.

[15] Admin, "RYU SDN Framework - Build SDN Agilely." [Online]. Available:

https://osrg.github.io/ryu/. [Accessed: 26-March-2020].

[16] Admin, "Mikrotik ." [Online]. Available: https://mikrotik.com/. [Accessed:

26-March-2020].

[17] Philippe Biondi, "Scapy - Introduction." [Online]. Available:

https://scapy.net/. [Accessed: 26-March-2020].

[18] Fred Klassen, "TCPReplay - Pcap Editing and Replaying Utilities." [Online].

Available: https://tcpreplay.appneta.com/. [Accessed: 26-March-2020].

[19] R. Yan, G. Xu, and X. J. Qin, “Detect and identify DDoS attacks from flash

crowd based on self-similarity and Renyi entropy,” Proc. - 2017 Chinese

Autom. Congr. CAC 2017, vol. 2017-Janua, pp. 7188–7194, 2017.

[20] A. Koay, A. Chen, I. Welch, and W. K. G. Seah, “A new multi classifier

system using entropy-based features in DDoS attack detection,” Int. Conf. Inf.

Netw., vol. 2018-January, pp. 162–167, 2018.

[21] S. Daneshgadeh, T. Ahmed, T. Kemmerich, and N. Baykal, “Detection of

DDoS Attacks and Flash Events Using Shannon Entropy, KOAD and

Mahalanobis Distance,” Proc. 2019 22nd Conf. Innov. Clouds, Internet

Networks Work. ICIN 2019, pp. 222–229, 2019.

[22] H. Harshita, “Detection and Prevention of ICMP Flood DDOS Attack,” Int.

34

J. New Technol. Res., vol. 3, no. 3, p. 263333, 2017.

[23] R. Wang, Z. Jia, and L. Ju, “An entropy-based distributed DDoS detection

mechanism in software-defined networking,” Proc. - 14th IEEE Int. Conf.

Trust. Secur. Priv. Comput. Commun. Trust. 2015, vol. 1, pp. 310–317, 2015.

[24] I R. Divyasree and K. Selvamani “Detection of High-Rate Distributed Denial

of Service Attack using Entropy Metrics in Cloud Computing Environment,”

pp. 53–59, 2018.

[25] L. Ertaul, K. Venkatachalam, and N. Star, “Security of Software Defined

Networks ( SDN ),” ICWN’17 - 16th Int’l Conf Wirel. Networks, pp. 24–30,

2017.