USE OF EXPERT SYSTEMS TO PREDICT ATTACKS ON WEB-BASED SERVERS
Kata Kunci:
Cyber Attacks, System Security, Expert System, Attack Prediction, Penetration Testing, OWASP ZapAbstrak
Cyber-attacks are on the rise, and various types of threats can compromise data confidentiality, integrity, and availability. Reports from the National Cyber and Crypto Agency (BSSN) and research by Check Point indicate a significant increase in cyber-attacks. These attacks often occur due to a lack of understanding and security testing of systems. In this context, the fundamental rules of the CIA (Confidentiality, Integrity, and Availability) become a crucial foundation for system security. Self-testing through penetration testing methods emerges as a solution to identify security vulnerabilities. Therefore, this research aims to develop an expert system using the OWASP Zap penetration testing tool to predict attacks on web-based servers. Utilizing a rule-based algorithm, the output of this expert system will provide results containing the type of attack, CIA classification, score, solutions, and more. In this study, testing and evaluation of the expert system are conducted on domains within the State University of Malang as the target. The test results indicate a satisfactory expert system performance with an accuracy rate of 91.62 percent. This evaluation is expected to provide a comprehensive insight into the expert system's performance in securing the system, enabling developers or campus administrators to address any issues promptly..
Referensi
Microsoft, “What is Cyber Attack?,” 2023. [Online]. Available: https://www.microsoft.com/id-id/security/business/security-101/what-is-a-cyberattack.
BSSN, “Lanskap 2022,” 20 February 2023. [Online]. Available: https://www.bssn.go.id/lanskap2022/.
C. P. Research, “Check Point 2022 Cyber Security Report,” 2023. [Online]. Available: https://resources.checkpoint.com/cyber-security-resources/2022-cyber-security-report.
M. Gupta, C. Akiri, K. Aryal, E. Parker and L. Praharaj, “From chatgpt to threatgpt: Impact of Generative AI in Cybersecurity and Privacy,” IEEE Access, vol. 11, pp. 80218-80245, p. Https://doi.org/10.1109/ACCESS.2023.3300381, 2023.
A. M. Dwika, STUDI KEAMANAN SISTEM INFORMASI BERBASIS WORDPRESS TERHADAP SERANGAN SQL INJECTION DI SITUS CAHUNNES.COM, Semarang: UNIVERSITAS NEGERI SEMARANG, 2017.
K. Hughes-Lartey, M. Li, F. E. Botchey and Z. Qin, “Human factor, a critical weak point in the information security of an organization’s Internet of things,” Heliyon, 7(3), 2021.
G. Guntoro, L. Costaner and M. Musfawati, “ANALISIS KEAMANAN WEB SERVER OPEN JOURNAL SYSTEM (OJS) MENGGUNAKAN METODE ISSAF DAN OWASP (STUDI KASUS OJS UNIVERSITAS LANCANG KUNING),” JIPI (Jurnal Ilmiah Penelitian dan Pembelajaran Informatika) 5(1): 45-55, p. Https://doi.org/10.29100/jipi.v5i1.1565, 2020.
A. P. Dewanto, Penetration Testing Pada Domain UUI.AC.ID menggunakan OWASP 10, Yogyakarta: Universitas Islam Indonesia, 2018.
G. Kusuma, “IMPLEMENTASI OWASP ZAP UNTUK PENGUJIAN KEAMANAN SISTEM INFORMASI AKADEMIK,” Jurnal Teknologi Informasi: Jurnal Keilmuan dan Aplikasi Bidang Teknik Informatika 16.2 (2022): 178-186., pp. Https://e-journal.upr.ac.id/index.php/JTI/article/download/3995/3679, 2022.
A. W. Kuncoro, PENGUJIAN AUTENTIKASI DAN OTORISASI WEB MI-GATEWAY UII BERDASARKAN DOKUMEN owaspwstgv4.2, Yogyakarta: Univeristas Islam Indonesia, 2022.
Taufiq, E. Hasmin, C. Susanto and K. Aryasa, “Expert System for Predicting Diabetes Using the Android-Based K-nnmethod,” cogito Smart Journal, 8(2), 359–370, pp. Https://doi.org/10.31154/cogito.v8i2.406.359-370, 2022.
Hidayatulloh and Saptadiaji, “Penetration Testing pada Website Universitas ARS Menggunakan Open Web Application Security Project (OWASP),” Jurnal Algoritma 18.1 (2021): 77-86, pp. Https://doi.org/10.33364/algoritma/v.18-1.827, 2021.
M. Albahar, D. Alansari and A. Jurcut, “An empirical comparison of pen-testing tools for detecting web app vulnerabilities,” Electronics 11.19 (2022): 2991., p. Https://doi.org/10.3390/electronics11192991, 2022.
3.png)
1.png)
1.png)
