Enhancing Network Security Through Real-Time Threat Detection with Intrusion Prevention System (Case Study on Web Attack)

Tia Rahmawati; Nyoman Karna; Soo Young Shin; Made Adi Paramartha Putra

doi:10.26555/jiteki.v10i4.30380

Authors

Tia Rahmawati Telkom University
Nyoman Karna Telkom University https://orcid.org/0000-0002-0092-2692
Soo Young Shin Kumoh National Institute of Technology https://orcid.org/0000-0002-2526-2395
Made Adi Paramartha Putra Primakara University https://orcid.org/0000-0002-6024-941X

DOI:

https://doi.org/10.26555/jiteki.v10i4.30380

Keywords:

Cyberattacks, Elasticsearch, Intrusion Prevention System, Suricata, Web Attack

Abstract

Cyberattacks on government websites in Indonesia have been steadily increasing, with over 109 million incidents recorded in 2023 by the National Cyber Security Operations Center (BSSN). A Netcraft survey revealed that more than one billion websites globally face similar threats, highlighting the urgent need for improved security measures, especially given infrastructure limitations and inadequate security implementations. Approximately 51% of Micro, Small, and Medium Enterprises in Indonesia reported experiencing web attacks, with 95% stating that these attacks severely disrupted their operations. This study implements a Suricata-based Intrusion Prevention System (IPS) to protect web servers from attacks such as SQL Injection, XSS, and command injection. Suricata monitors network traffic and blocks threats in real time. Detection logs in JSON format are managed through Filebeat, processed by Logstash, stored in Elasticsearch, and visualized using Kibana. The key contribution of this research lies in designing a comprehensive set of rules and integrating all components into a single Docker container, streamlining the deployment process. Testing confirmed that the designed rules effectively detect and block attack payloads by leveraging a rule structure in suricata and nfqueue capable of identifying all suspicious traffic. The novelty of this research lies in deploying a fully operational real-time security system on low-resource computers, demonstrating effective threat management under constrained conditions.

Author Biographies

Nyoman Karna, Telkom University

Received the Ph.D. degree in electrical engineering and computer science from Bandung Institute of Technology, West Java, Indonesia, in 2018. He has been a full-time Lecturer with the School of Electrical Engineering, Telkom Higher School of Technology (now Telkom University), West Java, since 1999. His research interests include the intelligent IoT, cybersecurity, and the Internet of Drone Things. Email: aditya@telkomuniversity.ac.id, Orcid: 0000-0002-0092-2692

Soo Young Shin, Kumoh National Institute of Technology

Received his Ph.D. degrees in electrical engineering and computer science from Seoul National University in 2006. He was with WiMAX Design Lab, Samsung Electronics, Suwon, South Korea, from 2007 to 2010. He joined as a full-time professor the School of Electronics, Kumoh National Institute of Technology, Gumi, South Korea, in 2010. He is currently an associate professor in the Department of IT Convergence Engineering at Kumoh National Institute of Technology, Korea. He was a postdoctoral researcher at the University of Washington in 2007 and a visiting scholar at the University of British Columbia, Canada, in 2017. His research interests include 5G/6G wireless communications and networks, signal processing, the Internet of Things, mixed reality, drone applications, and more. Email: wdragon@kumoh.ac.kr, Orcid: 0000-0002-2526-2395

Made Adi Paramartha Putra, Primakara University

Received the Ph.D. degree in IT convergence engineering from the Kumoh National Institute of Technology, Gumi, South Korea, in 2024. He is currently a full-time Lecturer of informatics engineering with Primakara University, Bali, Indonesia, and also the Director of the Postgraduate Studies, in 2024. His research interests include named data networks (NDN), the real-time Internet of Things, federated learning optimization, blockchain, and energy efficient architecture.of Drone Things. Email: adi@primakara.ac.id, Orcid: 0000-0002-6024-941X

References

[1] R. A. Muzaki, O. C. Briliyant, M. A. Hasditama, and H. Ritchi, “Improving Security of Web-Based Application Using ModSecurity and Reverse Proxy in Web Application Firewall,” in 2020 International Workshop on Big Data and Information Security, IWBIS, pp. 85–90, Oct. 2020, https://doi.org/10.1109/IWBIS50925.2020.9255601.

[2] A. Fadhlillah, N. Karna, and A. Irawan, “IDS Performance Analysis using Anomaly-based Detection Method for DOS Attack,” in IoTaIS 2020 - Proceedings: 2020 IEEE International Conference on Internet of Things and Intelligence Systems, pp. 18–22, Jan. 2021, https://doi.org/10.1109/IoTaIS50849.2021.9359719.

[3] T. Rahmawati, R. W. Shiddiq, M. Sumpena, S. Setiawan, N. Karna, and S. Hertiana, “Web Application Firewall Using Proxy and Security Information and Event Management for OWASP Cyber Attack Detection,” IEEE International Conference on Internet of Things and Intelligence Systems (IoTaIS)), pp. 280–285, Nov. 2023, https://doi.org/10.1109/IoTaIS60147.2023.10346051.

[4] F. Ahmed, U. Jahangir, H. Rahim, and K. Ali, “Centralized Log Management Using Elasticsearch, Logstash and Kibana,” International Conference on Information Science and Communication Technology, pp. 1–7, 2020, https://doi.org/10.1109/ICISCT49550.2020.9080053.

[5] A. R. Muhammad, P. Sukarno, and A. A. Wardana, “Integrated Security Information and Event Management (SIEM) with Intrusion Detection System (IDS) for Live Analysis based on Machine Learning,” in Procedia Computer Science, pp. 1406–1415, 2022, https://doi.org/10.1016/j.procs.2022.12.339.

[6] A. Coscia, V. Dentamaro, S. Galantucci, A. Maci, and G. Pirlo, “Automatic decision tree-based NIDPS ruleset generation for DoS/DDoS attacks,” Journal of Information Security and Applications, vol. 82, May 2024, https://doi.org/10.1016/j.jisa.2024.103736.

[7] S. Adiwal, B. Rajendran, P. S. D., and S. D. Sudarsan, “DNS Intrusion Detection (DID) — A SNORT-based solution to detect DNS Amplification and DNS Tunneling attacks,” Franklin Open, vol. 2, p. 100010, Mar. 2023, https://doi.org/10.1016/j.fraope.2023.100010.

[8] A. Wiranata, N. Karna, A. Irawan, and A. I. Prakoso, “Implementation and Analysis of Network Security in Raspberry Pi against DOS Attack with HIPS Snort,” International Conference on Computer Science, Information Technology and Engineering (ICCoSITE), pp. 892-896, 2023, https://doi.org/https://doi.org/10.1109/ICCoSITE57641.2023.10127741.

[9] K. Barik and S. Misra, “IDS-Anta: An open-source code with a defense mechanism to detect adversarial attacks for intrusion detection system,” Software Impacts, vol. 21, Sep. 2024, https://doi.org/10.1016/j.simpa.2024.100664.

[10] M. R. Ahmed and F. M. Ali, “Enhancing Hybrid Intrusion Detection and Prevention System for Flooding Attacks Using Decision Tree,” 2019 International Conference on Computer, Control, Electrical, and Electronics Engineering (ICCCEEE), pp. 1–4, 2019, https://doi.org/10.1109/ICCCEEE46830.2019.9071191.

[11] A. Paul, V. Sharma, and O. Olukoya, “SQL injection attack: Detection, prioritization & prevention,” Journal of Information Security and Applications, vol. 85, Sep. 2024, https://doi.org/10.1016/j.jisa.2024.103871.

[12] I. T. Wibowo, A. Kurniawan, N. F. Sulaiman, P. Oktivasari, “Design and Implementation of Cloud Computing Using the NDLC Method Combined with Tunnel Link Split,” in Proceeding - International Conference on Information Technology and Computing, ICITCOM, pp. 131–135. 2023, https://doi.org/10.1109/ICITCOM60176.2023.10442875.

[13] Z. Noor, S. Hina, F. Hayat, and G. A. Shah, “An intelligent context-aware threat detection and response model for smart cyber-physical systems,” Internet of Things (Netherlands), vol. 23, Oct. 2023, https://doi.org/10.1016/j.iot.2023.100843.

[14] M. H. Nasir, J. Arshad, and M. M. Khan, “Collaborative device-level botnet detection for internet of things,” Comput Secur, vol. 129, Jun. 2023, https://doi.org/10.1016/j.cose.2023.103172.

[15] D. Bhatnagar, R. J. Subalakshmi, and C. Vanmathi, “Twitter Sentiment Analysis Using Elasticsearch, LOGSTASH and KIBANA,” in International Conference on Emerging Trends in Information Technology and Engineering, ic-ETITE, pp. 1-5, Feb. 2020. https://doi.org/10.1109/ic-ETITE47903.2020.351.

[16] M. M. Rahman, S. Al Shakil, and M. R. Mustakim, “A survey on intrusion detection system in IoT networks,” Cyber Security and Applications, p. 100082, 2024, https://doi.org/10.1016/j.csa.2024.100082.

[17] M. A. Hossain and M. S. Islam, “Ensuring network security with a robust intrusion detection system using ensemble-based machine learning,” Array, vol. 19, Sep. 2023, https://doi.org/10.1016/j.array.2023.100306.

[18] R. A. Abed, E. K. Hamza, and A. J. Humaidi, “A modified CNN-IDS model for enhancing the efficacy of intrusion detection system,” Measurement: Sensors, vol. 35, Oct. 2024, https://doi.org/10.1016/j.measen.2024.101299.

[19] F. Younas, A. Raza, N. Thalji, L. Abualigah, R. A. Zitar, and H. Jia, “An efficient artificial intelligence approach for early detection of cross-site scripting attacks,” Decision Analytics Journal, vol. 11, Jun. 2024, https://doi.org/10.1016/j.dajour.2024.100466.

[20] P. Nespoli, D. Díaz-López, and F. Gómez Mármol, “Cyberprotection in IoT environments: A dynamic rule-based solution to defend smart devices,” Journal of Information Security and Applications, vol. 60, Aug. 2021, https://doi.org/10.1016/j.jisa.2021.102878.

[21] A. Bhardwaj, S. Bharany, A. Almogren, A. Ur Rehman, and H. Hamam, “Proactive threat hunting to detect persistent behaviour-based advanced adversaries,” Egyptian Informatics Journal, vol. 27, Sep. 2024, https://doi.org/10.1016/j.eij.2024.100510.

[22] M. A. Hussain et al., “Provably throttling SQLI using an enciphering query and secure matching,” Egyptian Informatics Journal, vol. 23, no. 4, pp. 145–162, Dec. 2022, https://doi.org/10.1016/j.eij.2022.10.001.

[23] J. Jung, T. Oh, I. Kim, and S. Park, “Open-sourced real-time visualization platform for traffic simulation,” in Procedia Computer Science, pp. 243–250, 2023, https://doi.org/10.1016/j.procs.2023.03.033.

[24] X. Huang et al., “Clean: Minimize Switch Queue Length via Transparent ECN-proxy in Campus Networks,” in 2021 IEEE/ACM 29th International Symposium on Quality of Service, IWQOS, pp. 1-6, Jun. 2021. https://doi.org/10.1109/IWQOS52092.2021.9521295.

[25] S. Alem, D. Espes, L. Nana, E. Martin, and F. De Lamotte, “A novel bi-anomaly-based intrusion detection system approach for industry 4.0,” Future Generation Computer Systems, vol. 145, pp. 267-283, 2023, https://doi.org/10.1016/j.future.2023.03.024.

[26] N. Negm et al., “Tasmanian devil optimization with deep autoencoder for intrusion detection in IoT assisted unmanned aerial vehicle networks,” Ain Shams Engineering Journal, vol. 15, no. 11, p. 102943, Nov. 2024, https://doi.org/10.1016/j.asej.2024.102943.

[27] F. Ullah, S. Ullah, G. Srivastava, and J. C. W. Lin, “IDS-INT: Intrusion detection system using transformer-based transfer learning for imbalanced network traffic,” Digital Communications and Networks, vol. 10, no. 1, pp. 190–204, Feb. 2024, https://doi.org/10.1016/j.dcan.2023.03.008.

[28] I. S. Crespo-Martínez, A. Campazas-Vega, Á. M. Guerrero-Higueras, V. Riego-DelCastillo, C. Álvarez-Aparicio, and C. Fernández-Llamas, “SQL injection attack detection in network flow data,” Comput Secur, vol. 127, Apr. 2023, https://doi.org/10.1016/j.cose.2023.103093.

[29] T. O. Ojewumi, G. O. Ogunleye, B. O. Oguntunde, O. Folorunsho, S. G. Fashoto, and N. Ogbu, “Performance evaluation of machine learning tools for detection of phishing attacks on web pages,” Sci Afr, vol. 16, Jul. 2022, https://doi.org/10.1016/j.sciaf.2022.e01165.

[30] F. Wang, “Design of Computer Network Security Intrusion Prevention Strategy and Evaluation Algorithm Analysis Technology,” in Procedia Computer Science, pp. 1270–1276, 2023, https://doi.org/10.1016/j.procs.2023.11.093.

[31] L. Shuai and S. Li, “Performance optimization of Snort based on DPDK and Hyperscan,” in Procedia Computer Science, pp. 837–843, 2021, https://doi.org/10.1016/j.procs.2021.03.007.

[32] R. A. Abed, E. K. Hamza, and A. J. Humaidi, “A modified CNN-IDS model for enhancing the efficacy of intrusion detection system,” Measurement: Sensors, vol. 35, Oct. 2024, https://doi.org/10.1016/j.measen.2024.101299.

[33] A. S. Alghawli, “Complex methods detect anomalies in real time based on time series analysis,” Alexandria Engineering Journal, vol. 61, no. 1, pp. 549–561, Jan. 2022, https://doi.org/10.1016/j.aej.2021.06.033.

[34] M. Husák, M. Žádník, V. Bartoš, and P. Sokol, “Dataset of intrusion detection alerts from a sharing platform,” Data in Brief, vol. 33, p. 106530, Nov. 2020, https://doi.org/10.17632/p6tym3fghz.1.

[35] J. Ye, W. Zhao, and D. Wang, “A Tool Design for SQL injection vulnerability detection based on improved crawler,” in Procedia Computer Science, pp. 1331–1339, 2023, https://doi.org/10.1016/j.procs.2024.10.159.

[36] R. L. Alaoui and E. H. Nfaoui, “Web attacks detection using stacked generalization ensemble for LSTMs and word embedding,” in Procedia Computer Science, pp. 687–696, 2022, https://doi.org/10.1016/j.procs.2022.12.070.

[37] A. Haydar and M. Ramparison, “Modeling Wazuh rules with Weighted Timed Automata,” Procedia Comput Sci, vol. 251, pp. 75–82, 2024, https://doi.org/10.1016/j.procs.2024.11.086.

[38] H. Haugerud, H. N. Tran, N. Aitsaadi, and A. Yazidi, “A dynamic and scalable parallel Network Intrusion Detection System using intelligent rule ordering and Network Function Virtualization,” Future Generation Computer Systems, vol. 124, pp. 254–267, Nov. 2021, https://doi.org/10.1016/j.future.2021.05.037.

[39] A. Adu-Kyere, E. Nigussie, and J. Isoaho, “Analyzing the effectiveness of IDS/IPS in real-time with a custom in-vehicle design,” in Procedia Computer Science, pp. 175–183, 2024, https://doi.org/10.1016/j.procs.2024.06.013.

[40] T. S. Pooja, P. Shrinivasacharya, “Evaluating neural networks using Bi-Directional LSTM for network IDS (intrusion detection systems) in cyber security,” Global Transitions Proceedings, vol. 2, no. 2, pp. 448–454, Nov. 2021, https://doi.org/10.1016/j.gltp.2021.08.017.

[41] Z. Chiba, N. Abghour, K. Moussaid, O. Lifandali, and R. Kinta, “A Deep Study of Novel Intrusion Detection Systems and Intrusion Prevention Systems for Internet of Things Networks,” in Procedia Computer Science, pp. 94–103, 2022, https://doi.org/10.1016/j.procs.2022.10.124.

[42] D. Arnaldy and T. S. Hati, “Performance Analysis of Reverse Proxy and Web Application Firewall with Telegram Bot as Attack Notification on Web Server,” in 2020 3rd International Conference on Computer and Informatics Engineering, IC2IE, pp. 455–459, Sep. 2020, https://doi.org/10.1109/IC2IE50715.2020.9274592.

[43] T. Gaber, J. B. Awotunde, M. Torky, S. A. Ajagbe, M. Hammoudeh, and W. Li, “Metaverse-IDS: Deep learning-based intrusion detection system for Metaverse-IoT networks,” Internet of Things (Netherlands), vol. 24, Dec. 2023, https://doi.org/10.1016/j.iot.2023.100977.

[44] O. Nyarko-Boateng, I. K. Nti, A. A. Mensah, and E. K. Gyamfi, “Controlling user access with scripting to mitigate cyber-attacks,” Sci Afr, vol. 26, Dec. 2024, https://doi.org/10.1016/j.sciaf.2024.e02355.

[45] A. C. Rus, M. El-Hajj, and D. K. Sarmah, “NAISS: A reverse proxy approach to mitigate MageCart’s e-skimmers in e-commerce,” Comput Secur, vol. 140, May 2024, https://doi.org/10.1016/j.cose.2024.103797.

[46] L. F. Sikos, “Packet analysis for network forensics: A comprehensive survey,” Forensic Science International: Digital Investigation, vol. 32, p. 200892. 2020, https://doi.org/10.1016/j.fsidi.2019.200892.

[47] V. Devalla, S. Srinivasa Raghavan, S. Maste, J. D. Kotian, and D. Annapurna, “MURLi: A Tool for Detection of Malicious URLs and Injection Attacks,” in Procedia Computer Science, pp. 662–676, 2022, https://doi.org/10.1016/j.procs.2022.12.068.

[48] O. Takaki, N. Hamamoto, A. Takefusa, S. Yokoyama, and K. Aida, “Implementation of Anonymization Algorithms for Log Data Analysis on a Cloud-Based Learning Management System,” in Procedia Computer Science, pp. 3774–3784, 2023, https://doi.org/10.1016/j.procs.2023.10.373.

[49] M. A. Lawall, R. A. Shaikh, and S. R. Hassan, “A DDoS Attack Mitigation Framework for IoT Networks using Fog Computing,” in Procedia Computer Science, pp. 13–20, 2021, https://doi.org/10.1016/j.procs.2021.02.003.

[50] T. Bajtoš, P. Sokol, and F. Kurimský, “Processing of IDS alerts in multi-step attacks [Formula presented],” Software Impacts, vol. 19, Mar. 2024, https://doi.org/10.1016/j.simpa.2024.100622.

About the Journal	Journal Policies	Author	Information
Focus and Scope Editorial Board Reviewer Open Access Policy Sponsorships Contact Us Google Scholar Most Cited Paper	Publication Ethics Peer Review Process Review Guideline Archiving Advertising	Author Guidelines Online Submission Publication Charge / Fee Plagiarism Policy Article Withdrawal	For Readers For Authors Journal History For Editor For Reviewer

Enhancing Network Security Through Real-Time Threat Detection with Intrusion Prevention System (Case Study on Web Attack)

Authors

DOI:

Keywords:

Abstract

Author Biographies

Nyoman Karna, Telkom University

Soo Young Shin, Kumoh National Institute of Technology

Made Adi Paramartha Putra, Primakara University

References

Downloads

Published

How to Cite

Issue

Section

License

Similar Articles

special_links

journal_metrics

current_indexing

journal_template_2

Make a Submission

sinta_certificate

visitor_country

visitors

Information