Pemanfaatan Network Forensic Investigation Framework untuk Mengidentifikasi Serangan Jaringan Melalui Intrusion Detection System (IDS)

Abstract

Intrusion Detection System (IDS) is one of the technology to ensure the security of computers. IDS is an early detection system in the event of a computer network attack. The IDS will alert the computer network administrator in the event of a computer network attack. IDS also records all attempts and activities aimed at disrupting computer networks and other computer network attacks. The purpose of this study is to implement IDS on network systems and analyze IDS logs to determine the different types of computer network attacks. Logs on the IDS will be analyzed and will be used as leverage to improve computer network security. The research was carried out using the Network Forensic Investigation Framework proposed by Pilli, Joshi, and Niyogi. The stages of the Network Forensic Investigation Framework are used to perform network simulations, analysis, and investigations to determine the types of computer network attacks. The results show that the Network Forensic Investigation Framework facilitates the investigation process when a network attack occurs. The Network Forensic Investigation Framework is effectively used when the computer network has network security support applications such as IDS or others. IDS is effective in detecting network scanning activities and DOS attacks. IDS gives alerts to administrators because there are activities that violate the rules on the IDS.