MITIGATION OF MULTI TARGET DENIAL OF SERVICE (DOS) ATTACKS USING WAZUH ACTIVE RESPONSE

Arya Pandya  Paramaputra; Galura Muhammad  Suranegara; Endah  Setyowati

doi:10.47709/cnahpc.v7i2.5755

Authors

Arya Pandya Paramaputra Universitas Pendidikan Indonesia
Galura Muhammad Suranegara Universitas Pendidikan Indonesia, Indonesia
Endah Setyowati Universitas Pendidikan Indonesia, Indonesia

DOI:

https://doi.org/10.47709/cnahpc.v7i2.5755

Keywords:

Active Response, Denial of Service, Multi Target, SIEM, Wazuh

Abstract

The increasing frequency of cyberattacks, particularly Denial of Service (DoS) attacks, poses significant challenges to the availability of online services. Multi-target DoS attacks exacerbate this issue by simultaneously targeting multiple systems, requiring robust and automated mitigation strategies. This study evaluates the effectiveness of Wazuh Active Response, an open-source Security Information and Event Management (SIEM) solution, in mitigating multi-target DoS attacks using the Slowloris technique. The methodology involved simulating multi-target DoS attacks using `slowhttptest` against multiple target servers and configuring Wazuh Active Response to automatically block malicious IP addresses upon detection. Key metrics measured included Success Rate, Response Time Detection, and Response Time Blocking. The results showed a Success Rate of 100% with Active Response enabled, an average Response Time Detection of 10.36 seconds, and an average Response Time Blocking of 50.36 seconds. This study confirms that Wazuh Active Response effectively mitigates multi-target DoS attacks, ensuring a high success rate in blocking malicious IP addresses and demonstrating the potential of automated threat detection and response mechanisms in enhancing network security against complex attack scenarios.

Downloads

Download data is not yet available.

References

Alhakami, W. (2024). Evaluating modern intrusion detection methods in the face of Gen V multi-vector attacks with fuzzy AHP-TOPSIS. PLOS ONE, 19(5), e0302559.https://doi.org/10.1371/journal.pone.0302559

Dasmen, R. N., M. Hendra Firmansyah, M. Khadafi, & Tri Yolanda. (2022). Penerapan Keamanan Jaringan Menggunakan Metode Firewall Security Port: Network Security Implementation Using Firewall Security Port Method. Decode: Jurnal Pendidikan Teknologi Informasi, 2(1), 1–7. https://doi.org/10.51454/decode.v2i1.29

Ginting, E., Sahara, P., & Tambunan, S. N. (2023). ANCAMAN DENIAL OF SERVICE ATTACK DALAM EKSPLOITASI KEAMANAN SISTEM INFORMASI.

Mulyanto, Y., Susanto, E. S., Akbar, M. I., & Idifitriani, F. (2024). Analisis Keamanan Jaringan Komputer Menggunakan Metode Intrusion Detection System (IDS) dan Firewall. Digital Transformation Technology, 3(2), 864–870. https://doi.org/10.47709/digitech.v3i2.3402

National Institute of Standards and Technology. (2018). Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (No. NIST CSWP 04162018; p. NIST CSWP 04162018). Gaithersburg, MD: National Institute of Standards and Technology. https://doi.org/10.6028/NIST.CSWP.04162018

Prasetyo, O. D., Trisnawan, P. H., & Bhawiyuga, A. (2022). Uji Kinerja Host-Based Intrution Detection System WAZUH terhadap Serangan Brute Force dan Dos.

Pratama, M. D., Nova, F., & Prayama, D. (2022). Wazuh sebagai Log Event Management dan Deteksi Celah Keamanan pada Server dari Serangan Dos. 3(1).

Putra, D. N. (2023, May 9). Apa itu serangan DDoS yang bikin situs KPU lumpuh lebih dari 24 jam? CNN Indonesia. Retrieved April 10, 2025, from https://www.cnnindonesia.com/teknologi/20230509134321-192-947190/apa-itu-serangan-ddos-yang-bikin-situs-kpu-lumpuh-lebih-dari-24-jam

Offensive Security. (2024). Slowhttptest: Simulate application layer denial of service attacks by slowly sending partial HTTP requests. Retrieved April 10, 2025, from https://www.kali.org/tools/slowhttptest/

Scarfone, K. A., & Mell, P. M. (2007). Guide to Intrusion Detection and Prevention Systems (IDPS) (No. NIST SP 800-94; 0 ed., p. NIST SP 800-94). Gaithersburg, MD: National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-94

Shafiyyah, A., Nama, G. F., & Pradipta, R. A. (2024). IMPLEMENTASI WAZUH MENGGUNAKAN METODE PPDIOO DI SISTEM KEAMANAN JARINGAN PSDKU UNIVERSITAS LAMPUNG WAYKANAN SEBAGAI DETEKSI DAN RESPON SERANGAN SIBER. Jurnal Informatika dan Teknik Elektro Terapan, 12(2). https://doi.org/10.23960/jitet.v12i2.4074

Sumayyah, Z. I., Permana, S. D. S., Tsabit, M., & Setiawan, A. (2024). Penerapan dan Mitigasi Teknik Slowloris dalam Serangan Distributed Denial-of-Service (DDos) terhadap Website Ilegal dengan Kali Linux. Journal of Internet and Software Engineering, 1(2), 14. https://doi.org/10.47134/pjise.v1i2.2694

Wazuh. (2025). Active Response. Retrieved April 10, 2025, from https://documentation.wazuh.com/current/user-manual/capabilities/active-response/index.html

Wazuh. (2025). Architecture Wazuh. Retrieved April 10, 2025, from https://documentation.wazuh.com/current/getting-started/architecture.html

Wicaksono, D., & Widiasari, I. R. (2022). Sistem Keamanan Jaringan Menggunakan Firewall Dengan Metode Port Blocking Dan Firewall Filtering. 9(2).

Zidane, M. (2022). Klasifikasi Serangan Distributed Denial-of-Service (DDoS) menggunakan Metode Data Mining Naïve Bayes.