DEEP PACKET INSPECTION IMPLEMENTATION ON IPTABLES AS WANNACRY INFECTION PREVENTION
After 18 months after first infection, Kryptos Logic reports on December 2018, there at least 500.000 host infected WannaCry. Alcatel-Lucent survey found host-based antivirus is not effective to protect host from malware. 81% host with host-based antivirus installed is infected by malware. Furthe...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/37047 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| id |
id-itb.:37047 |
|---|---|
| spelling |
id-itb.:370472019-03-18T14:07:19ZDEEP PACKET INSPECTION IMPLEMENTATION ON IPTABLES AS WANNACRY INFECTION PREVENTION Kholilul Islam, Ibrohim Indonesia Final Project network-based malware detection, firewall, wannacry i INSTITUT TEKNOLOGI BANDUNG https://digilib.itb.ac.id/gdl/view/37047 After 18 months after first infection, Kryptos Logic reports on December 2018, there at least 500.000 host infected WannaCry. Alcatel-Lucent survey found host-based antivirus is not effective to protect host from malware. 81% host with host-based antivirus installed is infected by malware. Furthermore, with increasing Internet user, there is more host to spread malware over Internet. Currently, open-source firewall cannot detect malware attack. Firewall in this added with module to detect malware infection over network. IN this project focused on WannaCry. Module implementation use dynamic signature-based approach to detect malware infection. This approach choosen because theoritically have lowwer false-negative. Futhermore, implementation use state machine to represent WannaCry infection behavior. Validation experiment for this implementation is using transparent-firewall in a subnet. The result is DPI implementation as firewall module can drop infection based on 83 trials. But, current implementation cause drop 4% of bandwidth and increasing 8202% of packet retry. text |
| institution |
Institut Teknologi Bandung |
| building |
Institut Teknologi Bandung Library |
| continent |
Asia |
| country |
Indonesia Indonesia |
| content_provider |
Institut Teknologi Bandung |
| collection |
Digital ITB |
| language |
Indonesia |
| description |
After 18 months after first infection, Kryptos Logic reports on December 2018, there
at least 500.000 host infected WannaCry. Alcatel-Lucent survey found host-based
antivirus is not effective to protect host from malware. 81% host with host-based
antivirus installed is infected by malware. Furthermore, with increasing Internet user,
there is more host to spread malware over Internet.
Currently, open-source firewall cannot detect malware attack. Firewall in this added
with module to detect malware infection over network. IN this project focused on
WannaCry.
Module implementation use dynamic signature-based approach to detect malware
infection. This approach choosen because theoritically have lowwer false-negative.
Futhermore, implementation use state machine to represent WannaCry infection
behavior.
Validation experiment for this implementation is using transparent-firewall in a
subnet. The result is DPI implementation as firewall module can drop infection
based on 83 trials. But, current implementation cause drop 4% of bandwidth and
increasing 8202% of packet retry. |
| format |
Final Project |
| author |
Kholilul Islam, Ibrohim |
| spellingShingle |
Kholilul Islam, Ibrohim DEEP PACKET INSPECTION IMPLEMENTATION ON IPTABLES AS WANNACRY INFECTION PREVENTION |
| author_facet |
Kholilul Islam, Ibrohim |
| author_sort |
Kholilul Islam, Ibrohim |
| title |
DEEP PACKET INSPECTION IMPLEMENTATION ON IPTABLES AS WANNACRY INFECTION PREVENTION |
| title_short |
DEEP PACKET INSPECTION IMPLEMENTATION ON IPTABLES AS WANNACRY INFECTION PREVENTION |
| title_full |
DEEP PACKET INSPECTION IMPLEMENTATION ON IPTABLES AS WANNACRY INFECTION PREVENTION |
| title_fullStr |
DEEP PACKET INSPECTION IMPLEMENTATION ON IPTABLES AS WANNACRY INFECTION PREVENTION |
| title_full_unstemmed |
DEEP PACKET INSPECTION IMPLEMENTATION ON IPTABLES AS WANNACRY INFECTION PREVENTION |
| title_sort |
deep packet inspection implementation on iptables as wannacry infection prevention |
| url |
https://digilib.itb.ac.id/gdl/view/37047 |
| _version_ |
1822924802316304384 |