Teler Real-time HTTP Intrusion Detection at Website with Nginx Web Server

Teler Real-time HTTP Intrusion Detection at Website with Nginx Web Server

Web servers and web-based applications are now widely used, but in this case, the crime rate in cyberspace has also increased. Crime in cyberspace can occur due to the exploitation of how a system works. For example, the way HTTP works are exploited to weaken the webserver. Various tools for attacki...

Full description

Saved in:
Bibliographic Details
Published in:JOIV : international journal on informatics visualization Online Vol. 5; no. 3; pp. 327 - 332
Main Authors: Tedyyana, Agus, Ghazali, Osman
Format: Journal Article
Language:English
Published: Politeknik Negeri Padang 27-09-2021
Subjects:
http
intrusion detection
teler
web server
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Web servers and web-based applications are now widely used, but in this case, the crime rate in cyberspace has also increased. Crime in cyberspace can occur due to the exploitation of how a system works. For example, the way HTTP works are exploited to weaken the webserver. Various tools for attacking the internet are also starting to be easy to find, but so are the tools to detect these attacks. One of the useful tools for detecting attacks and sending warnings against threats is based on the weblogs on the webserver. Many have not reviewed Teler as an intrusion detection system on HTTP on web servers because the existing tools are relatively new. Teler detecting the weblog and run on the terminal with rule resources collected from the community. So here, the researcher tries to implement the use of Teler in detecting HTTP intrusions on a Nginx-based web server. Intrusion is carried out in attacks commonly used by attackers, for example, port scanning and directory brute force using the Nmap and OWASP ZAP tools. Then the detection results will be sent via the Telegram bot to the server admin. From the results of the experiments conducted, it has been found that Teler is still classified as being able to send warning notifications with a delay between the time of detection and the time when the alert is received, no more than 3 seconds.
ISSN:2549-9610
2549-9904
DOI:10.30630/joiv.5.3.510