OPTIMASI DETEKSI MALWARE PADA SIEM WAZUH MELALUI INTEGRASI CYBER THREAT INTELLIGENCE DENGAN MISP DAN DFIR-IRIS

Muhamad Ropi Taofiq Hidayat; Nur Widiyasono; Rohmat Gunawan

doi:10.23960/jitet.v13i1.5686

Muhamad Ropi Taofiq Hidayat
Universitas Siliwangi
Nur Widiyasono
Universitas Siliwangi
Rohmat Gunawan
Universitas Siliwangi

DOI: https://doi.org/10.23960/jitet.v13i1.5686

Abstract Views (Last 12 Months)

1414 Abstract Views

1357 Downloads

Abstract

Ancaman siber terus meningkat seiring kemajuan teknologi informasi, dengan malware sebagai salah satu bentuk ancaman utama yang mengeksploitasi celah keamanan. Security Information and Event Management (SIEM) seperti WAZUH menjadi solusi efektif untuk mendeteksi dan merespons ancaman siber. Namun, performa deteksi malware oleh WAZUH standalone masih terbatas, dengan akurasi rendah (19,70%) dan recall rendah (16,26%). Penelitian ini bertujuan mengoptimalkan deteksi malware melalui integrasi WAZUH dengan Cyber Threat Intelligence (CTI) menggunakan Malware Information Sharing Platform (MISP) dan DFIR-IRIS. Hasil penelitian menunjukkan bahwa integrasi MISP meningkatkan presisi deteksi ancaman (96,3%), meskipun recall (62,9%) dan akurasi (63,1%) masih menunjukkan adanya ancaman yang terlewat. Penambahan DFIR-IRIS memungkinkan respons insiden secara real-time, meningkatkan efisiensi mitigasi. Kombinasi MISP dan DFIR-IRIS memperkuat kemampuan deteksi dan respons SIEM secara signifikan, memberikan solusi yang lebih efektif dan menyeluruh dalam menghadapi ancaman siber.

Downloads

Download data is not yet available.

References

R. D. Hapsari and K. G. Pambayun, “ANCAMAN CYBERCRIME DI INDONESIA: Sebuah Tinjauan Pustaka Sistematis,” Jurnal Konstituen, vol. 5, no. 1, 2023, doi: 10.33701/jk.v5i1.3208.

A. Roberts, “Cyber Threat Intelligence – What Does It Even Mean?,” in Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers, Berkeley, CA: Apress, 2021, pp. 17–36. doi: 10.1007/978-1-4842-7220-6_2.

S. Gillard, D. P. David, A. Mermoud, and T. Maillart, “Efficient collective action for tackling time-critical cybersecurity threats,” J Cybersecur, vol. 9, no. 1, 2023, doi: 10.1093/cybsec/tyad021.

G. González-Granadillo, S. González-Zarzosa, and R. Diaz, “Security information and event management (SIEM): Analysis, trends, and usage in critical infrastructures,” Sensors, vol. 21, no. 14, 2021, doi: 10.3390/s21144759.

Wazuh, “The Open Source Security Platform | Wazuh,” Web. Accessed: May 13, 2024. [Online]. Available: https://documentation.wazuh.com/current/index.html

P. Briand, R. Rafati, and A. C. Team, “Incident Response Information Sharing with DFIR IRIS: Enhancing Cybersecurity Investigations,” Threat Intelligence Lab, 2023, [Online]. Available: https://blog.dfir-iris.org

A. Alanda, H. A. Mooduto, and R. Hadi, “JITCE (Journal of Information Technology and Computer Engineering) Real-time Defense Against Cyber Threats: Analyzing Wazuh’s Effectiveness in Server Monitoring,” JITCE, pp. 56–62, 2023, doi: 10.25077/jitce.7.02.56-62.2023.

D. P. Widyatono and W. Sulistyo, “Pemodelan Instrusion Prevention System Untuk Pendeteksi Dan Pencegahan Penyebaran Malware Menggunakan Wazuh,” Journal of Information Technology Ampera, vol. 4, no. 1, pp. 113–127, 2023, [Online]. Available: https://journal-computing.org/index.php/journal-ita/index

M. Alexandru STAN, “Automation of Log Analysis Using the Hunting ELK Stack,” 2021.

S. E. Jeon et al., “An Effective Threat Detection Framework for Advanced Persistent Cyberattacks,” Computers, Materials and Continua, vol. 75, no. 2, 2023, doi: 10.32604/cmc.2023.034287.

R. Fernandes, S. Bugla, P. Pinto, and A. Pinto, “On the Performance of Secure Sharing of Classified Threat Intelligence between Multiple Entities,” Sensors, vol. 23, no. 2, Jan. 2023, doi: 10.3390/s23020914.

IBM, “What is Security Information and Event Management (SIEM)?,” IBM. Accessed: May 13, 2024. [Online]. Available: https://www.ibm.com/id-en/topics/siem

S. Abu, S. R. Selamat, A. F. M. Ariffin, and R. Yusof, “Cyber Threat Intelligence – Issue and Challenges,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 10, pp. 371–379, 2018, [Online]. Available: https://api.semanticscholar.org/CorpusID:4882915

MISP, “MISP - Malware Information Sharing Platform and Threat Sharing - The Open Source Threat Intelligence Platform,” MISP. [Online]. Available: https://www.misp-project.org/