DEEP PACKET INSPECTION IMPLEMENTATION ON IPTABLES AS WANNACRY INFECTION PREVENTION
After 18 months after first infection, Kryptos Logic reports on December 2018, there at least 500.000 host infected WannaCry. Alcatel-Lucent survey found host-based antivirus is not effective to protect host from malware. 81% host with host-based antivirus installed is infected by malware. Furthe...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/37047 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | After 18 months after first infection, Kryptos Logic reports on December 2018, there
at least 500.000 host infected WannaCry. Alcatel-Lucent survey found host-based
antivirus is not effective to protect host from malware. 81% host with host-based
antivirus installed is infected by malware. Furthermore, with increasing Internet user,
there is more host to spread malware over Internet.
Currently, open-source firewall cannot detect malware attack. Firewall in this added
with module to detect malware infection over network. IN this project focused on
WannaCry.
Module implementation use dynamic signature-based approach to detect malware
infection. This approach choosen because theoritically have lowwer false-negative.
Futhermore, implementation use state machine to represent WannaCry infection
behavior.
Validation experiment for this implementation is using transparent-firewall in a
subnet. The result is DPI implementation as firewall module can drop infection
based on 83 trials. But, current implementation cause drop 4% of bandwidth and
increasing 8202% of packet retry. |
|---|