PACKET INSPECTION DAN LOGGING SYSTEM ON OPENFLOW NETWORK WITH RYU, SNORT, AND ELASTIC STACK
Problems arise in the network such as capacity and attack frequently can be solved by analyzing the data from the network itself. The information gathered from the network can serve as a basis or support for solving problems in the network and making design or business decisions. The action taken ba...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/48008 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | Problems arise in the network such as capacity and attack frequently can be solved by analyzing the data from the network itself. The information gathered from the network can serve as a basis or support for solving problems in the network and making design or business decisions. The action taken based on the information is expected to be more effective and efficient in technical and cost aspects. Network data is extracted by inspecting and collecting traffic in the network to a centralized logging system. The gathered data can be analyzed in the future to extract relevant information to the network administrator.
The final project has the objective of implementing a packet inspection and logging system in OpenFlow network integrating Ryu, Snort, and Elastic stack. The approach in this project is iterative design, implementation, and testing to meet the objective and predefined specifications. Three scenarios are adopted to test the capabilities of the system: packet logging, malware, and Denial-of-Service attack. Based on the first scenario, the system is able to decode packets to inspect the information in the packet data unit and store the information in the data store. In the malware scenario, the system can detect malware traffic traversing in the network using signature detection. And in DDoS testing scenario, the system is able to visualize distributions of traffic volume thus the administrator could identify possible DDoS attack attempts. Based on the testing, it is concluded that the objectives are met and the system is functioning as intended.
By opening the final project to contributions, the project is expected to solve other problems related to the network in other scenarios.
|
|---|