Design of Security Information and Event Management (SIEM) to Detect Incidents on Websites

##plugins.themes.bootstrap3.article.main##

Daniel Rudiaman Sijabat Stevanus Evo

Abstract

In an increasingly complex digital era, websites are the main target for attacks by irresponsible parties. Therefore, a system is needed that can monitor, analyze, and provide early warning against suspicious activity or attacks that occur on websites. For this reason, this research analyzes and designs a Security Information and Event Management (SIEM) system that can be used to detect incidents of attacks on websites. The SIEM built in this study uses an Elastic Stack which will be used to analyze, monitor, detect, and store event information or security logs for each connected agent. To simulate testing types of attacks on websites such as the OWASP TOP 10 2017, several vulnerable web applications are used, namely DVWA, XVWA, and MUTILLIDAE. Tests on the SIEM system that was created showed that the system was able to detect the types of attacks on websites as mentioned in the OWASP TOP 10 2017.

##plugins.themes.bootstrap3.article.details##

Section
Articles
References
Arass (2019). Smart SIEM: From Big Data Logs and Events To Smart Data Alerts. International Journal of Innovative Technology and Exploring Engineering (IJITEE), 3186-3191. https://www.researchgate.net/publication/333752299_Smart_SIEM_From_Big_Data_logs_and_events_to_Smart_Data_alerts
Chandra, Edward (2018). Sensitive Data Exposure. https://mti.binus.ac.id/2018/02/09/sensitive-data-exposure/
Dizdar, Admir (2022). Security Misconfiguration: Impact, Examples, and Prevention. https://brightsec.com/blog/security-misconfiguration/
Febrianto, Andi (2018). Using Component With Known Vulnerabilities. https://mti.binus.ac.id/2018/07/11/using-component-with-known-vulnerabilities/
Hadiansyah, Chandra (2017). Pembangunan server security information management untuk monitoring keamanan di server Diskominfo Provinsi Jawa Barat. https://elib.unikom.ac.id/gdl.php?mod=browse&op=read&id=jbptunikompp-gdl-chandrahad-36808
Kiprin, Borislav (2021). Logging & Monitoring and How to Prevent It. https://crashtest-security.com/insufficient-logging-monitoring-guide/
Muscat, Ian (2019). What Are XML External Entity (XXE) Attacks. https://www.acunetix.com/blog/articles/xml-external-entity-xxe-vulnerabilities/
Nugraha, Ayub (2022). Broken Access Control. https://www.academia.edu/35776231/Broken_Access_Control_OWASP
Situmeang, Yoel (2018). Broken Authentication and Session Management. https://mti.binus.ac.id/2018/07/11/broken-authentication-and-session-management/
Syaikhoni, Ahmad (2018). Cross Site Scripting. https://mti.binus.ac.id/2018/07/11/cross-site-scripting/
Syani, Ropi (2018). Analisis dan Perancangan Network Security System Menggunakan Teknik Host-Based Intrusion Detection System (HIDS) Berbasis Cloud Computing. Seminar Nasional Telekomunikasi dan Informatika(SELISIK 2018), 158-163. https://www.researchgate.net/publication/327791386_analisis_dan_implementasi_network_security_system_menggunakan_teknik_host-based_intrusion_detection_system_hids_berbasis_cloud_computing