OPTIMASI DETEKSI MALWARE PADA SIEM WAZUH MELALUI INTEGRASI CYBER THREAT INTELLIGENCE DENGAN MISP DAN DFIR-IRIS
DOI:
https://doi.org/10.23960/jitet.v13i1.5686Abstract Views: 753 File Views: 657
Abstract
Ancaman siber terus meningkat seiring kemajuan teknologi informasi, dengan malware sebagai salah satu bentuk ancaman utama yang mengeksploitasi celah keamanan. Security Information and Event Management (SIEM) seperti WAZUH menjadi solusi efektif untuk mendeteksi dan merespons ancaman siber. Namun, performa deteksi malware oleh WAZUH standalone masih terbatas, dengan akurasi rendah (19,70%) dan recall rendah (16,26%). Penelitian ini bertujuan mengoptimalkan deteksi malware melalui integrasi WAZUH dengan Cyber Threat Intelligence (CTI) menggunakan Malware Information Sharing Platform (MISP) dan DFIR-IRIS. Hasil penelitian menunjukkan bahwa integrasi MISP meningkatkan presisi deteksi ancaman (96,3%), meskipun recall (62,9%) dan akurasi (63,1%) masih menunjukkan adanya ancaman yang terlewat. Penambahan DFIR-IRIS memungkinkan respons insiden secara real-time, meningkatkan efisiensi mitigasi. Kombinasi MISP dan DFIR-IRIS memperkuat kemampuan deteksi dan respons SIEM secara signifikan, memberikan solusi yang lebih efektif dan menyeluruh dalam menghadapi ancaman siber.Downloads
References
R. D. Hapsari and K. G. Pambayun, “ANCAMAN CYBERCRIME DI INDONESIA: Sebuah Tinjauan Pustaka Sistematis,” Jurnal Konstituen, vol. 5, no. 1, 2023, doi: 10.33701/jk.v5i1.3208.
A. Roberts, “Cyber Threat Intelligence – What Does It Even Mean?,” in Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers, Berkeley, CA: Apress, 2021, pp. 17–36. doi: 10.1007/978-1-4842-7220-6_2.
S. Gillard, D. P. David, A. Mermoud, and T. Maillart, “Efficient collective action for tackling time-critical cybersecurity threats,” J Cybersecur, vol. 9, no. 1, 2023, doi: 10.1093/cybsec/tyad021.
G. González-Granadillo, S. González-Zarzosa, and R. Diaz, “Security information and event management (SIEM): Analysis, trends, and usage in critical infrastructures,” Sensors, vol. 21, no. 14, 2021, doi: 10.3390/s21144759.
Wazuh, “The Open Source Security Platform | Wazuh,” Web. Accessed: May 13, 2024. [Online]. Available: https://documentation.wazuh.com/current/index.html
P. Briand, R. Rafati, and A. C. Team, “Incident Response Information Sharing with DFIR IRIS: Enhancing Cybersecurity Investigations,” Threat Intelligence Lab, 2023, [Online]. Available: https://blog.dfir-iris.org
A. Alanda, H. A. Mooduto, and R. Hadi, “JITCE (Journal of Information Technology and Computer Engineering) Real-time Defense Against Cyber Threats: Analyzing Wazuh’s Effectiveness in Server Monitoring,” JITCE, pp. 56–62, 2023, doi: 10.25077/jitce.7.02.56-62.2023.
D. P. Widyatono and W. Sulistyo, “Pemodelan Instrusion Prevention System Untuk Pendeteksi Dan Pencegahan Penyebaran Malware Menggunakan Wazuh,” Journal of Information Technology Ampera, vol. 4, no. 1, pp. 113–127, 2023, [Online]. Available: https://journal-computing.org/index.php/journal-ita/index
M. Alexandru STAN, “Automation of Log Analysis Using the Hunting ELK Stack,” 2021.
S. E. Jeon et al., “An Effective Threat Detection Framework for Advanced Persistent Cyberattacks,” Computers, Materials and Continua, vol. 75, no. 2, 2023, doi: 10.32604/cmc.2023.034287.
R. Fernandes, S. Bugla, P. Pinto, and A. Pinto, “On the Performance of Secure Sharing of Classified Threat Intelligence between Multiple Entities,” Sensors, vol. 23, no. 2, Jan. 2023, doi: 10.3390/s23020914.
IBM, “What is Security Information and Event Management (SIEM)?,” IBM. Accessed: May 13, 2024. [Online]. Available: https://www.ibm.com/id-en/topics/siem
S. Abu, S. R. Selamat, A. F. M. Ariffin, and R. Yusof, “Cyber Threat Intelligence – Issue and Challenges,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 10, pp. 371–379, 2018, [Online]. Available: https://api.semanticscholar.org/CorpusID:4882915
MISP, “MISP - Malware Information Sharing Platform and Threat Sharing - The Open Source Threat Intelligence Platform,” MISP. [Online]. Available: https://www.misp-project.org/
