Analisis Forensik Jaringan Studi Kasus Serangan SQL Injection pada Server Universitas Gadjah Mada

https://doi.org/10.22146/ijccs.2157

Resi Utami Putri(1*), Jazi Eko Istiyanto(2)

(1) 
(2) 
(*) Corresponding Author

Abstract


Abstrak

Forensik jaringan merupakan ilmu keamanan komputer berkaitan dengan investigasi untuk menemukan sumber serangan pada jaringan berdasarkan bukti log, mengidentifikasi, menganalisis serta merekonstruksi ulang kejadian tersebut. Penelitian forensik jaringan dilakukan di Pusat Pelayanan Teknologi Informasi dan Komunikasi (PPTIK) Universitas Gadjah Mada.

Metode yang digunakan adalah model proses forensik (The Forensic Process Model) sebuah model proses investigasi forensik digital, yang terdiri dari tahap pengkoleksian, pemeriksaan, analisis dan pelaporan. Penelitian dilakukan selama lima bulan dengan mengambil data dari Intrusion Detection System (IDS) Snort. Beberapa file log digabungkan menjadi satu file log, lalu data dibersihkan agar sesuai untuk penelitian.

Berdasarkan hasil penelitian yang telah dilakukan, terdapat 68 IP address  yang melakukan tindakan illegal SQL Injection pada server www.ugm.ac.id. Kebanyakan penyerang menggunakan tools SQL Injection yaitu Havij dan SQLMap sebagai tool otomatis untuk memanfaatkan celah keamanan pada suatu website. Selain itu, ada yang menggunakan skrip Python yaitu berasal dari benua Eropa yaitu di Romania.

 

Kata kunci—forensik jaringan, model proses forensik, SQL injection

 

Abstract

Network forensic is a computer security investigation to find the sources of the attacks on the network by examining log evidences, identifying, analyzing and reconstructing the incidents. This research has been conducted at The Center of Information System and Communication Service, Gadjah Mada University.

The method that used was The Forensic Process Model, a model of the digital investigation process, consisted of collection, examination, analysis, and reporting. This research has been conducted over five months by retrieving data that was collected from Snort Intrusion Detection System (IDS). Some log files were retrieved and merged into a single log file, and then the data cleaned to fit for research.

Based on the research, there are 68 IP address was that did illegal action, SQL injection, on server www.ugm.ac.id. Most of attackers using Havij and SQLmap (automated tools to exploit vulnerabilities on a website). Beside that, there was also Python script that was derived from the continent of Europe in Romania.

 

Keywords— Network Forensics, The Forensic Process Models, SQL Injection


Full Text:

PDF



DOI: https://doi.org/10.22146/ijccs.2157

Article Metrics

Abstract views : 14055 | views : 10798

Refbacks

  • There are currently no refbacks.


Bookmark and Share


Copyright (c) 2013 IJCCS - Indonesian Journal of Computing and Cybernetics Systems

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.


Copyright of :
IJCCS (Indonesian Journal of Computing and Cybernetics Systems)
ISSN 1978-1520 (print); ISSN 2460-7258 (online)
is a scientific journal the results of Computing
and Cybernetics Systems
A publication of IndoCEISS.
Gedung S1 Ruang 416 FMIPA UGM, Sekip Utara, Yogyakarta 55281
Fax: +62274 555133
email:ijccs.mipa@ugm.ac.id | http://jurnal.ugm.ac.id/ijccs


View My Stats1
View My Stats2