Development of hybrid intrusion detection system based on Suricata with pfSense method for high reduction of DDoS attacks on IPv6 networks

Authors

DOI:

https://doi.org/10.15587/1729-4061.2023.285275

Keywords:

CPU utilization, DDoS attacks, Jitter, pfSense, Suricata, DDoS, IDS, IPv6

Abstract

Distributed Denial of Service (DDoS) attacks is a problem in computer networks. DDoS attacks pose a significant threat to internet networks as they cause congestion and disrupt the optimal functioning of servers. Detecting the source of these attacks is essential for effective protection. Therefore, in this study, we propose a hybrid strategy that combines Suricata, an intrusion detection system (IDS), with pfSense, a firewall, to address DDoS attacks. Suricata, the IDS, can identify the destination of the attack, which allows pfSense, the Firewall, to block the attack by dropping packets sent by the attacker. As a result, by leveraging this combined approach, we have observed significant improvements in the quality of service (QoS). The results of our study indicate a 1.08 % increase in throughput value, from 1881.97 bytes to 902.44 bytes, demonstrating improved efficiency in data transmission. Additionally, we observed a 57.32 % increase in the average total number of packets sent, from 1382 packets to 3238 packets, indicating better network performance. Furthermore, the proposed strategy significantly reduced delay and jitter values. The delay value decreased by 88.78 %, from 90.76 ms to 10.18 ms, and the jitter value decreased by 88.99 %, from 181.85 ms to 20.03 ms. These improvements signify a notable reduction in latency and packet timing variations, leading to a smoother network experience. Another crucial aspect we evaluated was the CPU utilization. The proposed strategy resulted in a substantial decrease in CPU utilization by 81.23 %, from 78.3 % to 14.7 %. The combination of pfSense and Suricata has proven to be a successful approach, providing robust protection against DDoS attacks, including those utilizing IPv6. This research can be implemented as a solution on a campus ad-hoc network with limited computers

Author Biographies

Supriyanto Praptodiyono, Universitas Sultan Ageng Tirtayasa

Doctor of Computer Sciences, Professor, Vice Dean of Academic Affairs

Department of Electrical Engineering

Teguh Firmansyah, Universitas Sultan Ageng Tirtayasa

Doctor of Electrical Engineering, Lecturer

Department of Electrical Engineering

Muhamad Haerul Anwar, Universitas Sultan Ageng Tirtayasa

Bachelor of Electrical Engineering, Student

Department of Electrical Engineering

Cakra Adipura Wicaksana, Universitas Sultan Ageng Tirtayasa

Master of Electrical Engineering, Lecturer

Department of Informatics

Anggoro Suryo Pramudyo, Universitas Sultan Ageng Tirtayasa

Master of Computer Sciences, Lecturer

Department of Electrical Engineering

Ali Al-Allawee, University of Haute Alsace

Doctor of Computer Sciences, Lecturer

Department of Computer Sciences

References

  1. Choi, K.-S., Lee, C. S., Louderback, E. R. (2020). Historical Evolutions of Cybercrime: From Computer Crime to Cybercrime. The Palgrave Handbook of International Cybercrime and Cyberdeviance, 27–43. doi: https://doi.org/10.1007/978-3-319-78440-3_2
  2. Al-Khater, W. A., Al-Maadeed, S., Ahmed, A. A., Sadiq, A. S., Khan, M. K. (2020). Comprehensive Review of Cybercrime Detection Techniques. IEEE Access, 8, 137293–137311. doi: https://doi.org/10.1109/access.2020.3011259
  3. Cascavilla, G., Tamburri, D. A., Van Den Heuvel, W.-J. (2021). Cybercrime threat intelligence: A systematic multi-vocal literature review. Computers & Security, 105, 102258. doi: https://doi.org/10.1016/j.cose.2021.102258
  4. Staroletov, S. (2022). Software Architecture for an Intelligent Firewall Based on Linux Netfilter. 2022 25th Conference on Innovation in Clouds, Internet and Networks (ICIN). doi: https://doi.org/10.1109/icin53892.2022.9758121
  5. Cinar, A. C., Kara, T. B. (2023). The current state and future of mobile security in the light of the recent mobile security threat reports. Multimedia Tools and Applications, 82 (13), 20269–20281. doi: https://doi.org/10.1007/s11042-023-14400-6
  6. Oloyede, O. A., Yekini, A. N., Akinwole, K. A., Ojo, O. (2021). Firewall Approach To Computer Network Security: Functional Viewpoint. International Journal of Advanced Networking and Applications, 13 (03), 4993–5000. doi: https://doi.org/10.35444/ijana.2021.13308
  7. Heino, J., Hakkala, A., Virtanen, S. (2022). Study of methods for endpoint aware inspection in a next generation firewall. Cybersecurity, 5 (1). doi: https://doi.org/10.1186/s42400-022-00127-8
  8. Ho, H. T. N., Luong, H. T. (2022). Research trends in cybercrime victimization during 2010–2020: a bibliometric analysis. SN Social Sciences, 2 (1). doi: https://doi.org/10.1007/s43545-021-00305-4
  9. Moneva, A., Leukfeldt, E. R., Klijnsoon, W. (2022). Alerting consciences to reduce cybercrime: a quasi-experimental design using warning banners. Journal of Experimental Criminology. doi: https://doi.org/10.1007/s11292-022-09504-2
  10. La Rosa, G. (2021). The 5G Technology Nexus: Assessing Threats and Risks of Implementation. Univerzita Karlova.
  11. Afolaranmi, A. O. (2022). Towards Understanding the Nexus between Pastoral Care, Social Media, and Sustainable Development in the Post-COVID-19 Era. doi: https://doi.org/10.21203/rs.3.rs-1630706/v1
  12. Gundur, R. V., Levi, M., Topalli, V., Ouellet, M., Stolyarova, M., Chang, L. Y.-C., Mejía, D. D. (2021). Evaluating Criminal Transactional Methods in Cyberspace as Understood in an International Context. CrimRxiv. doi: https://doi.org/10.21428/cb6ab371.5f335e6f
  13. Chowdhury, N., Gkioulos, V. (2021). Cyber security training for critical infrastructure protection: A literature review. Computer Science Review, 40, 100361. doi: https://doi.org/10.1016/j.cosrev.2021.100361
  14. Gupta, B. B., Perez, G. M., Agrawal, D. P., Gupta, D. (Eds.) (2020). Handbook of Computer Networks and Cyber Security. Springer Cham, 959. doi: https://doi.org/10.1007/978-3-030-22277-2
  15. Rawat, S., Srinivasan, A., Ravi, V., Ghosh, U. (2020). Intrusion detection systems using classical machine learning techniques vs integrated unsupervised feature learning and deep neural network. Internet Technology Letters, 5 (1). doi: https://doi.org/10.1002/itl2.232
  16. Reshmi, T. R. (2021). Information security breaches due to ransomware attacks - a systematic literature review. International Journal of Information Management Data Insights, 1 (2), 100013. doi: https://doi.org/10.1016/j.jjimei.2021.100013
  17. Balakrishnan, N., Rajendran, A., Pelusi, D., Ponnusamy, V. (2021). Deep Belief Network enhanced intrusion detection system to prevent security breach in the Internet of Things. Internet of Things, 14, 100112. doi: https://doi.org/10.1016/j.iot.2019.100112
  18. Naeem, M. A. A., Abubakar, A., Rahman, M. M. H. (2020). Dealing With Well-Formed and Malformed Packets, Associated With Point of Failure That Cause Network Security Breach. IEEE Access, 8, 197554–197566. doi: https://doi.org/10.1109/access.2020.3034383
  19. Ouiazzane, S., Addou, M., Barramou, F. (2022). A Suricata and Machine Learning Based Hybrid Network Intrusion Detection System. Lecture Notes in Networks and Systems, 474–485. doi: https://doi.org/10.1007/978-3-030-91738-8_43
  20. Gupta, A., Sharma, L. S. (2019). Performance Evaluation of Snort and Suricata Intrusion Detection Systems on Ubuntu Server. Proceedings of ICRIC 2019, 811–821. doi: https://doi.org/10.1007/978-3-030-29407-6_58
  21. Praptodiyono, S., Firmansyah, T., Murugesan, R. K., Alaydrus, M., Aprilia, R., Leau, Y.-B. (2021). Improving the security of mobile IPV6 signalling using KECCAK / SHA-3. Journal of Engineering Science and Technology, 16 (3), 2312–2325. Available at: https://jestec.taylors.edu.my/Vol%2016%20issue%203%20June%202021/16_3_33.pdf
  22. Scarfone, K. A., Mell, P. M. (2007). Guide to Intrusion Detection and Prevention Systems (IDPS). NIST. doi: https://doi.org/10.6028/nist.sp.800-94
  23. Shams, M., Sookhak, M., Gani, A., Buyya, R., Talebian, H. (2016). A comprehensive survey of network virtualization. Computer Networks, 108, 147–176.
  24. Ramachandran, A., Feamster, N. (2006). Understanding the network-level behavior of spammers. ACM SIGCOMM Computer Communication Review, 36 (4), 291–302. doi: https://doi.org/10.1145/1151659.1159947
  25. Mirkovic, J., Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34 (2), 39–53. doi: https://doi.org/10.1145/997150.997156
  26. Karasaridis, A., Manousakis, K. (2017). Detection and mitigation of DDoS attacks using SDN: A comprehensive survey. IEEE Communications Surveys & Tutorials, 20 (3), 2233–2271.
  27. The Treacherous 12: Top Threats to Cloud Computing (2017). Cloud Security Alliance.
  28. Kolias, C., Kambourakis, G., Stavrou, A., Gritzalis, D. (2016). Distributed Denial of Service Attacks in Software-Defined Networking with Cloud Computing. IEEE Transactions on Dependable and Secure Computing, 13 (3), 373–378.
  29. Ramli, R., Maarof, M. A., Zainal, A. (2017). A survey of machine learning in DDoS attack detection. Journal of Network and Computer Applications, 88, 60–76.
  30. Nunes, B. A. A., Mendonca, M., Nguyen, X.-N., Obraczka, K., Turletti, T. (2014). A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks. IEEE Communications Surveys & Tutorials, 16 (3), 1617–1634. doi: https://doi.org/10.1109/surv.2014.012214.00180
  31. National Cyber Incident Response Plan (2010). U.S. Department of Homeland Security.
  32. Steinberger, J., Sperotto, A., Baier, H., Pras, A. (2020). Distributed DDoS Defense:A collaborative Approach at Internet Scale. NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium. doi: https://doi.org/10.1109/noms47738.2020.9110300
Development of hybrid intrusion detection system based on Suricata with pfSense method for high reduction of DDoS attacks on IPv6 networks

Downloads

Published

2023-10-31

How to Cite

Praptodiyono, S., Firmansyah, T., Anwar, M. H., Wicaksana, C. A., Pramudyo, A. S., & Al-Allawee, A. (2023). Development of hybrid intrusion detection system based on Suricata with pfSense method for high reduction of DDoS attacks on IPv6 networks. Eastern-European Journal of Enterprise Technologies, 5(9 (125), 75–84. https://doi.org/10.15587/1729-4061.2023.285275

Issue

Vol. 5 No. 9 (125) (2023): Information and controlling system

Section

Information and controlling system

License

Copyright (c) 2023 Supriyanto Praptodiyono, Teguh Firmansyah, Muhamad Haerul Anwar, Cakra Adipura Wicaksana, Anggoro Suryo Pramudyo, Ali Al-Allawee

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.