Electronic Theses and Dissertation

Intrusion detection system (ids) adalah sistem keamanan jaringan yang berfungsi untuk memantau lalu lintas jaringan dan aktivitas guna mendeteksi serangan atau intrusi. namun, dengan perkembangan teknologi, peretas semakin berhasil melakukan serangan dengan berbagai cara, termasuk distributed denial of service (ddos) yang mencakup udp flood, syn flood, icmp flood, dan ip spoofing. serangan ddos dapat mengancam sistem keamanan jaringan, sehingga diperlukan analisis kinerja ids dalam mendeteksi dan mencegah serangan tersebut. penelitian ini bertujuan untuk menganalisis kinerja ids suricata dalam mendeteksi serangan ddos pada jaringan menggunakan simulator ns-3. penelitian dilakukan dengan tinjauan pustaka mengenai ids, jaringan, suricata api, wireshark, dan simulasi ns-3. setelah itu, dilakukan desain dan implementasi skenario simulasi untuk menguji kinerja ids pada jaringan yang terdiri dari beberapa node yang tersebar di lokasi berbeda. evaluasi akurasi ids dilakukan dengan menganalisis hasil simulasi ns-3 menggunakan parameter kinerja seperti accuracy, precision, recall, dan f1 score. hasil penelitian menunjukkan bahwa suricata sebagai ids berhasil mendeteksi serangan ddos jenis udp flood, syn flood, icmp flood, dan ip spoofing. nilai accuracy dari setiap serangan juga tinggi dengan accuracy serangan syn flood sebesar 94% hingga ip spoofing dengan nilai terendah sebesar 92%. namun, nilai precision, recall, dan f1 score cenderung menurun, dengan precision tertinggi diperoleh dari serangan udp flood sebesar 97% dan precision terendah dari serangan ip spoofing sebesar 94%. perbedaan nilai tersebut hanya berkisar 2-4%, menunjukkan bahwa ids suricata berhasil dengan rata-rata nilai lebih dari 90%.

Intrusion Detection System (IDS) is a network security system that monitors network traffic and activities to detect attacks or intrusions. However, with technological advancements, hackers have become increasingly successful in launching various types of attacks, including Distributed Denial of Service (DDoS) attacks, which include UDP Flood, SYN Flood, ICMP Flood, and IP Spoofing. DDoS attacks can threaten network security systems, necessitating an analysis of IDS performance in detecting and preventing such attacks. DDoS attacks can threaten network security systems, necessitating an analysis of IDS performance in detecting and preventing such attacks. This research aims to analyze the performance of the Suricata IDS in detecting DDoS attacks on a network using the NS-3 simulator. The research was conducted with a literature review on IDS, networks, Suricata API, Wireshark, and NS-3 simulation. Subsequently, simulation scenarios were designed and implemented to test the IDS performance on a network consisting of several nodes distributed across different locations. IDS accuracy evaluation was performed by analyzing the NS-3 simulation results using performance parameters such as Accuracy, Precision, Recall, and F1 Score. The research results indicate that Suricata, as an IDS, successfully detected DDoS attacks, including UDP Flood, SYN Flood, ICMP Flood, and IP Spoofing. The accuracy values for each attack were high, with the SYN Flood attack achieving 94% accuracy and IP Spoofing having the lowest accuracy at 92%. However, Precision, Recall, and F1 Score values tended to decrease, with the highest Precision obtained from the UDP Flood attack at 97% and the lowest Precision from IP Spoofing at 94%. These value differences, ranging only from 2-4%, indicate that Suricata IDS was successful, with an average value above 90%