SIEM (Security Information Event Management) Model for Malware Attack Detection Using Suricata and Evebox

  • Hendra Setiawan Universitas Kristen Satya Wacana
  • Wiwin Sulistyo Universitas Kristen Satya Wacana, Indonesia
DOI: https://doi.org/10.46923/ijets.v5i2.241
Keywords: Intrusion Prevention System, Evebox, Malware, SIEM, Suricata

Abstract

Malware or malicious software is software or program code specifically designed to damage software on a computer or perform malicious activities. Malware is spread over the internet and includes viruses and other forms of malware. Losses caused by malware can take the form of financial losses or disruptions to business processes. Prevention of malware attacks can be achieved by analyzing the malware to find out how it works and what its characteristics are. This information can be utilized to define an Indicator of Compromise (IOC), which is stored in a Cyber Threat Intelligence (CTI) system designed to be used as a source of information, such as the Intrusion Prevention System (IPS) Suricata. An Intrusion Detection System (IDS) can detect the presence of malware and can identify the same malware with the Signature Based Detection method. Furthermore, the database is stored by EveBox and organized to make it easier to read logs and alerts. All of these components are contained in the Security Information and Event Management (SIEM) model. The SIEM model can detect malware attacks based on their characteristics and store logs and alerts in real-time for deeper analysis by the Security Operations Center (SOC).

References

Ramli, M., & Soewito, B. (2023). Monitoring dan Evaluasi Keamanan Jaringan Dengan Pendekatan System Information and Security Management (SIEM). Faktor Exacta, 16(1).

Anugrah, F. T., Ikhwan, S., & AG, J. G. (2022). Implementasi Intrusion Prevention System (IPS) Menggunakan Suricata Untuk Serangan SQL Injection. Techné: Jurnal Ilmiah Elektroteknika, 21(2), 199-210.

Mualfah, D., & Riadi, I. (2017). Network forensics for detecting flooding attack on web server. International Journal of Computer Science and Information Security, 15(2), 326.

Widiasari, I. R. (2022). “Siasat” Uksw (Universitas Kristen Satya Wacana) Website Security Analysis Using Owasp (Open Web Application Security Project). Jurnal Teknik Informatika (Jutif), 3(3), 763-770.

M. Syani, "Implementasi Intrusion Detection System (IDS) Menggunakan Suricata Pada Linux Debian 9 Berbasis Cloud Virtual Private Servers (VPS)," Jurnal Infokar, vol. 1, no. 1, pp. 13-20, 2020.

B. S. Anggoro and W. Sulistyo, "Implementasi Intrusion Prevention System Suricata dengan Anomaly-Based untuk Keamanan Jaringan PT. Grahamedia Informasi," Seminar Nasional APTIKOM (SEMNASTIK), pp. 280-288, 201

Pamungkas, M. H., & Chandra, D. W. (2022). Analisis Pola dan Dampak Serangan Cryptojacking dengan Menggunakan Metode Analisis Dinamis dan Analisis Statis. JURIKOM (Jurnal Riset Komputer), 9(5), 1511-1519.

Sopaheluwakan, C. R., & Chandra, D. W. (2020). Anti-WebShell PHP Backdoor Scanner pada Linux Server. ILKOM Jurnal Ilmiah, 12(2), 143-153.

Tallane, R. B., & Chandra, D. W. (2022). Implementation Of Intrusion Detection System (Ids) Using Security Onion. Syntax Literate; Jurnal Ilmiah Indonesia, 7(10), 14947-14959.

Aulianita, R., & Martiwi, R. (2021). PENGGUNAAN METODE IDS DALAM IMPLEMENTASI FIREWALL UNTUK PENCEGAHAN SERANGAN Distributed Denial Of Service (DDoS) PADA JARINGAN. Jusikom: Jurnal Sistem Komputer Musirawas, 6(2), 94-104.

Submitted
2023-08-13
Accepted
2023-12-30
How to Cite
Hendra Setiawan, & Wiwin Sulistyo. (2023). SIEM (Security Information Event Management) Model for Malware Attack Detection Using Suricata and Evebox. International Journal of Engineering Technology and Natural Sciences, 5(2), 138 - 147. https://doi.org/10.46923/ijets.v5i2.241
Issue
Vol. 5 No. 2 (2023): International Journal of Engineering, Technology and Natural Sciences
Section
Articles

Copyright (c) 2024 Hendra Setiawan, Wiwin Sulistyo

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Copyright Notice

The Authors submitting a manuscript do so on the understanding that if accepted for publication, copyright of the article shall be assigned to journal IJETS, University Of Technology Yogyakarta as publisher of the journal, and the author also holds the copyright without restriction.

Copyright encompasses exclusive rights to reproduce and deliver the article in all form and media, including reprints, photographs, microfilms and any other similar reproductions, as well as translations. The reproduction of any part of this journal, its storage in databases and its transmission by any form or media, such as electronic, electrostatic and mechanical copies, photocopies, recordings, magnetic media, etc. , are allowed with a written permission from journal IJETS, University Of Technology Yogyakarta.

Jurnal IJETS Board, University Of Technology Yogyakarta, the Editors and the Advisory International Editorial Board make every effort to ensure that no wrong or misleading data, opinions or statements be published in the journal. In any way, the contents of the articles and advertisements published in the journal IJETS, University Of Technology Yogyakarta are sole and exclusive responsibility of their respective authors and advertisers.