Implementasi dan Analisa Attack Tree pada Vulnerable Machine Sunset: 1 Berdasarkan Pendekatan Cubesat Security Attack Tree Analysis dan Sand Gate

Penulis

  • Wahyu Limutu Telkom University
  • Adityas Widjajarto Telkom University
  • Ahmad Almaarif Telkom University

Abstrak

Penelitian ini mengimplementasikan dan menganalisa attack tree pada Sunset: 1 vulnerable machine dengan menggunakan pendekatan CubeSat Security Attack Tree Analysis dan SAND gate. Analisa attack tree juga menggunakan perhitungan tiga komponen yaitu time metric, cost metric, dan frequency metric. Skenario eksploitasi pada walkthrough yang digunakan, memiliki tahapan yang sama. Tahapan tersebut adalah information gathering, scanning, enumeration, exploitation, dan privilege escalation. Dari proses tersebut bisa digambarkan activity diagram dan attack tree. Activity diagram digunakan sebagai dasar perhitungan cost metric dengan menghitung jumlah langkah yang ada di dalamnya. Attack tree mewakili berbagai tahapan eksploitasi dan dilakukan perangkingan berdasarkan metrics. Metrics tersebut menjadi dasar untuk mendapatkan perangkingan attack tree. Berdasarkan time metric, attack tree 1 merupakan jalur tercepat jika dibanding attack tree lainnya dengan nilai real time sebesar 64,895 detik. Berdasarkan cost metric, attack tree 1, 3, dan 4 memiliki nilai cost yang rendah dibandingkan attack tree lainnya dengan nilai cost 15. Berdasarkan frequency metric, attack tools John The Ripper dan Netdiscover memiliki persentase terbesar dalam penggunaannya di attack tree sebesar 40% dan 30% secara berurutan. Kelanjutan dari penelitian ini dapat dilakukan dengan menambahkan faktor kerentanan dengan melakukan pemindaian celah keamanan pada sistem.

Kata kunci— sunset: 1, attack tree, time, cost, frequency

Referensi

S. Garfinkel, A. Schwartz and G. Spafford, Practical Unix & Internet Security, 3rd Edition, California: O' Reilly & Associates, Inc., 2003.

A. K. Lab, "What is hacking? And How To Prevent it," 1 July 2022. [Online]. Available:https://www.kaspersky.com/resourcecenter/definitions/whatis-hacking.

A. P. Moore, R. J. Ellison and R. C. Linger, Attack Modeling for Information Security and Survivability, Pennsylvania: Carnegie Mellon University, 2001.

L. Kuipers, "Analysis of Attack Trees: Fast Algorithms For Subclasses,"Bachelor Thesis Computing Science, pp. 9-19, 2020.

D. T. Bourgeois, Information Systems for Business and Beyond,Washington DC: Saylor Academy, 2014.

R. Rezaee and A. G. Bafghi, "A Risk Estimation Framework for SecurityThreats in Computer Networks," Journal of Computing andSecurity, pp. 19-33, Journal of Computing and Security.

R. Lehtinen, D. Russell and S. G. T. Gangemi, Computer Security Basics: Computer Security, 2nd Edition, California: O'Reilly Media, Inc., 2006.

M. Zwolinski, "Structural Exploitation," Social Philosophy & Policy Foundation, pp. 154-179, 2012.

B. Posey, "Computer Exploit," 28 September 2017.

[Online]. Available:https://www.techtarget.com/searchsecurity/definition/exploit.

G. Marczyk, D. DeMatteo and D. Festinger, Essentials of Behavioral Science Series, New Jersey:John Wiley & Sons, Inc., 2005.

F. N. Kerlinger and H. B. Lee, Foundations of Behavioral Research,Australia: Wadsworth, 1999.

O. W. Bertelsen, "The Activity Walkthrough: An Expert Review Method Based on Activity Theory," NordiCHI '04, October 23-27, 2004Tampere,Finland Copyright 2004 ACM 1-58113-857-1/04/10, pp. 251254, 2004.

P. Kirvan, "TechTarget," 8 November 2022. [Online]. Available: https://www.techtarget.com/searchsecurity/tip/Type

s-of-vulnerability-scanning-and-when-to-use-each.

J. A. Kendall and E. J. Kendall, Systems Analysis and Design, New Jersey: Pearson Education, Inc., 2005.

S. Mauw and M. Oostdijk, "Foundations of Attack Trees," D. Won and S. Kim (Eds.): ICISC 2005, LNCS 3935 Springer-Verlag Berlin Heidelberg, pp. 186-198, 2006.

A. R. Hevner, S. T. March, J. Park and S. Ram, "Design Science in Information Systems Research," MIS Quarterly, Vol. 28, No. 1 (Mar., 2004), pp. 75-105, 2004.

##submission.downloads##

Diterbitkan

2023-09-18

Terbitan

Vol 10 No 4 (2023): Agustus 2023

Bagian

Program Studi S1 Sistem Informasi