Desain Dan Implementasi Web Application Firewall dan Rate Limiting untuk Cyber Defense

Authors

  • I Gusti Ngurah Bagus Dimas Telkom University
  • Nyoman Bogi Aditya Karna Telkom University
  • Favian Dewanta Telkom University

Abstract

Aplikasi web sebagai salah satu media digital yang sering menjadi target serangan siber, mengalami sekitar 75% dari total serangan siber. Tahun 2023, sebanyak 30.000 situs web diretas setiap hari, menggarisbawahi kerentanan aplikasi web karena ketersediaannya yang harus konstan bagi pengguna. Salah satu jenis ancaman keamanan aplikasi web adalah adanya request berisi payload berbahaya seperti SQLi dan XSS ke aplikasi web. Jenis ancaman keamanan aplikasi web lainnya adalah DDoS. Berdasarkan hasil pengujian, WAF memperoleh skor security quality sebesar 99,6% dan detection quality sebesar 92,3%. Rata-rata throughput tanpa rate limiting adalah 13382.389916 kbits/s, sedangkan rata-rata throughput dengan rate limiting adalah 8004.082379 kbits/s. Rata-rata packet loss tanpa rate limiting adalah 0.191928%, sedangkan rata-rata packet loss dengan rate limiting adalah 0.011805%. Rata-rata delay tanpa rate limiting sebesar 0.000355 s, sedangkan rata-rata delay dengan rate limiting sebesar 0.000284 s. Rata-rata jitter tanpa rate limiting sebesar 0.000012 s, sedangkan rata-rata jitter dengan rate limiting sebesar 0.000020 s. Pada IDS, Snort berhasil mengirimkan pesan peringatan sesuai dengan jenis serangan yang terjadi seperti SQLi, XSS, dan DDoS. 

Kata kunci: Cyber defense, Intrusion Detection system, Rate limiting, Web application firewall. 

References

Statista, “Number of cyber-attack cases in Indonesia from 2019 to 2022,” Statista, 2022. https://www.statista.com/statistics/1412527/indonesia-number-of-cyber-attacks/ (accessed Oct. 11, 2023).

Acunetix, “What Is a Web Application Attack and how to Defend Against It,” Acunetix, 2023. https://www.acunetix.com/websitesecurity/web-application-attack/ (accessed Oct. 11, 2023).

R. Vardhman, “How Many Cyber Attacks Happen Per Day in 2023?” Techjury, 2023. https://techjury.net/blog/how-many-cyber-attacks-per-day/ (accessed Oct. 11, 2023).

Kingthorin, “SQL Injection,” OWASP. https://owasp.org/www-community/attacks/SQL_Injection (accessed Jun. 05, 2024).

KirstenS, “Cross Site Scripting (XSS),” OWASP. https://owasp.org/www-community/attacks/xss/# (accessed Jun. 05, 2024).

Microsoft, “Apa itu serangan DDoS?,” Microsoft, 2023. https://www.microsoft.com/id-id/security/business/security-101/what-is-a-ddos-attack#:~:text=Serangan DDoS menargetkan situs web,atau membuatnya offline sama sekali. (accessed Oct. 11, 2023).

CloudFlare, “What is a WAF? Web Application Firewall explained,” CloudFlare. https://www.cloudflare.com/learning/ddos/glossary/web-application-firewall-waf/#:~:text=A WAF or web application,and SQL injection%2C among others. (accessed Jun. 05, 2024).

A. Shaheed and M. H. D. B. Kurdy, “Web Application Firewall Using Machine Learning and Features Engineering,” Secur. Commun. Networks, vol. 2022, 2022, doi: 10.1155/2022/5280158.

T. C. H. Nguyen, M. K. Le-Nguyen, D. T. Le, V. H. Nguyen, L. P. Tôn, and K. Nguyen-An, “Improving Web Application Firewalls with Automatic Language Detection,” SN Comput. Sci., vol. 3, no. 6, pp. 1–14, 2022, doi: 10.1007/s42979-022-01327-2.

M. Medet, “Overview of Distributed Denial of Service (DDoS) Attack Types and Mitigation Methods,” pp. 494–508, 2024, doi: 10.51582/interconf.19-20.03.2024.048.

H. Sun, W. Ngan, and H. J. Chao, “RateGuard: A robust Distributed Denial of Service (DDoS) Defense System,” GLOBECOM - IEEE Glob. Telecommun. Conf., no. 3, 2009, doi: 10.1109/GLOCOM.2009.5425941.

T. Saranya, S. Sridevi, C. Deisy, T. D. Chung, and M. K. A. A. Khan, “Performance Analysis of Machine Learning Algorithms in Intrusion Detection System: A Review,” Procedia Comput. Sci., vol. 171, no. 2019, pp. 1251–1260, 2020, doi: 10.1016/j.procs.2020.04.133.

M. S. Korium, M. Saber, A. Beattie, A. Narayanan, S. Sahoo, and P. H. J. Nardelli, “Intrusion Detection System for Cyberattacks in the Internet of Vehicles environment,” Ad Hoc Networks, vol. 153, no. November 2023, 2024, doi: 10.1016/j.adhoc.2023.103330.

Downloads

Published

2024-12-01

Issue

Vol. 11 No. 6 (2024): Desember 2024

Section

Program Studi S1 Teknik Telekomunikasi