Implementasi dan Analisis Mitigasi Serangan Distributed Denial of Service SYN Flood pada Software Defined Network Menggunakan Rate Limiting

Authors

  • Mochamad Teguh Kurniawan
  • Muhammad Fathinuddin
  • Evandani Giantino Rafif

Abstract

Software Defined Network (SDN) memisahkan control plane dan data plane, menjadikan kontroler sebagai pusat pengendali sekaligus titik rawan serangan. Serangan DDoS jenis SYN Flood dapat membanjiri kontroler dengan koneksi palsu, menguras sumber daya, dan menghentikan pemrosesan paket normal. Penelitian ini mengembangkan sistem deteksi dan mitigasi berbasis Support Vector Machine (SVM) dan rate limiting dengan algoritma token bucket. Model SVM dilatih menggunakan dataset publik dengan skema train-validation-test dan optimasi hyperparameter menggunakan Optuna, menghasilkan akurasi 96,64%. Sistem diuji pada 23 skenario serangan, masing-masing 4 kali, mencakup IP statis, acak, dan kombinasi. Rata-rata false negative tercatat hanya 1,2–1,5 paket per trial, dengan mitigasi serangan mencapai 98–99%. Paket normal berhasil dikirim tanpa kehilangan pada 83 dari 92 trial, dan sisanya hanya mencatat packet loss sebesar 0,83%. Sistem dilengkapi Prometheus, Grafana, dan notifikasi Telegram, memungkinkan pemantauan kontroler secara pasif. Hasil menunjukkan sistem mampu menjaga layanan SDN secara otomatis, efisien, dan tangguh saat menghadapi serangan SYN Flood

 

Kata kunci— Software Defined Network, SYN Flood, Rate Limiting, Support Vector Machine

References

S. Khorsandroo, A. G. Sánchez, A. S. Tosun, J. M. Arco, and R. Doriguzzi-Corin, “Hybrid SDN evolution: A comprehensive survey of the state-of-the-art,” Computer Networks, vol. 192, Jun. 2021, doi: 10.1016/j.comnet.2021.107981.

N. M. Kazi, S. R. Suralkar, and U. S. Bhadade, “Performance Evaluation of RYU SDN Controller Using Mininet,” International Research Journal of Engineering and Technology, 2021, [Online]. Available: www.irjet.net

M. T. Islam, N. Islam, and M. Al Refat, “Node to Node Performance Evaluation through RYU SDN Controller,” Wirel Pers Commun, vol. 112, no. 1, pp. 555–570, May 2020, doi: 10.1007/s11277-020-07060-4.

M. Dimolianis, A. Pavlidis, and V. Maglaris, “SYN Flood Attack Detection and Mitigation using Machine Learning Traffic Classification and Programmable Data Plane Filtering,” in 2021 24th Conference on Innovation in Clouds, Internet and Networks and Workshops, ICIN 2021, Institute of Electrical and Electronics Engineers Inc., Mar. 2021, pp. 126–133. doi: 10.1109/ICIN51074.2021.9385540.

K. Johnson Singh, D. Maisnam, and U. S. Chanu, “Intrusion Detection System with SVM and Ensemble Learning Algorithms,” SN Comput Sci, vol. 4, no. 5, Sep. 2023, doi: 10.1007/s42979-023-01954-3.

B. Asa’ari Lubis, D. Yanuar Ar-Rafi, I. Widiyani, K. I. Lestari, and A. T. Zy, “NOVICE RESEARCH EXPLORATION (NRE) Analysis and Mitigation Technique of DDoS on Server Networks Based on Modern Technology,” Jul. 2024.

C. Ariza-Porras, V. Kuznetsov, and F. Legger, “The CMS monitoring infrastructure and applications,” Comput Softw Big Sci, vol. 5, no. 1, Dec. 2021, doi: 10.1007/s41781-020-00051-x.

H. Fathoni, H.-Y. Yen, C.-T. Yang, C.-Y. Huang, and E. Kristiani, “A Container-Based of Edge Device Monitoring on Kubernetes,” in Frontier Computing, J.-W. Chang, N. Yen, and J. C. Hung, Eds., Singapore: Springer Singapore, 2021, pp. 231–237.

D. Kshirsagar and S. Kumar, “A feature reduction based reflected and exploited DDoS attacks detection system,” J Ambient Intell Humaniz Comput, vol. 13, no. 1, pp. 393–405, Jan. 2022, doi: 10.1007/s12652-021-02907-5.

E. E. D. Hemdan and D. H. Manjaiah, “An efficient digital forensic model for cybercrimes investigation in cloud computing,” Multimed Tools Appl, vol. 80, no. 9, pp. 14255–14282, Apr. 2021, doi: 10.1007/s11042-020-10358-x.

M. Abubakre, I. Faik, and M. Mkansi, “Digital entrepreneurship and indigenous value systems: An Ubuntu perspective,” Information Systems Journal, vol. 31, no. 6, pp. 838–862, Nov. 2021, doi: 10.1111/isj.12343.

Downloads

Published

2026-04-20

Issue

Vol. 13 No. 1 (2026): Februari 2026

Section

Prodi S1 Sistem Informasi