PEMANFAATAN SKRIP ADAPTIF BERBASIS PYTHON DAN SCAPY UNTUK MENYAMARKAN AKTIVITAS PORT SCANNING TERHADAP IDS SURICATA
DOI:
https://doi.org/10.37792/jukanti.v8i2.1894Keywords:
Network security, Intrusion Detection System, Suricata, Port Scanning, Adaptive scanning, Stealth scanAbstract
ABSTRAK
Sistem Deteksi Intrusi (IDS) berperan penting dalam mendeteksi aktivitas berbahaya pada jaringan, namun efektivitasnya sering kali terganggu oleh teknik pemindaian yang mampu menyamarkan lalu lintas berbahaya. Penelitian ini mengembangkan skrip pemindaian adaptif berbasis Python dengan pustaka Scapy untuk menguji ketahanan IDS Suricata terhadap aktivitas port scanning. Pengujian dilakukan dalam lingkungan virtual dengan membandingkan pemindaian konvensional menggunakan Nmap dan skrip adaptif yang dikembangkan. Hasil menunjukkan bahwa skrip adaptif memiliki akurasi yang sama dengan Nmap dalam mengidentifikasi port terbuka, namun tidak memicu alert pada Suricata. Temuan ini menunjukkan bahwa pendekatan adaptif sederhana dapat secara efektif menghindari deteksi IDS berbasis signature. Penelitian ini menawarkan pendekatan alternatif yang ringan dan efisien untuk menguji keandalan sistem deteksi intrusi modern.
Kata kunci : Keamanan jaringan, Pemindaian adaptif, Pemindaian port, Sistem Deteksi Intrusi, Suricata, Stealth scan.
ABSTRACT
Intrusion Detection Systems (IDS) are crucial for identifying malicious network activities, yet their effectiveness is often challenged by stealth scanning techniques. This study develops an adaptive port scanning script using Python and the Scapy library to evaluate the resilience of the Suricata IDS against scanning activities. Experiments were conducted in a virtualized environment comparing conventional Nmap scanning and the proposed adaptive script. Results show that the adaptive script achieved equal accuracy in detecting open ports while generating no alerts on Suricata. These findings demonstrate that a simple adaptive approach can effectively evade signature-based IDS detection. This research contributes a lightweight and efficient alternative for testing the robustness of modern intrusion detection systems.
Keywords: Network security, Intrusion Detection System, Suricata, Port scanning, Adaptive scanning, Stealth scan.
Downloads
References
Badan Siber dan Sandi Negara, Lanskap Keamanan Siber Indonesia 2024, Jakarta: Id-SIRTII/CC - BSSN, 2024
G. Lyon, Nmap network scanning: official Nmap project guide to network discovery and security scanning, Zero-day Release: May 2008. Sunnyvale, CA: Insecure.Com LLC, 2010
A. R. Zain, P. Oktivasari, N. Fauzi Soelaiman, and F. Watsiqul Umam, Implementasi Intrusion Detection System Suricata dan Management Log Elk Stack Untuk Pendeteksian Kegiatan Mining, J. Poli-Teknol., vol. 22, no. 1, pp. 23–29, Jan. 2023, doi: 10.32722/pt.v22i1.4974
Z. Xu, H. Khan, and R. Muresan, TMorph: A Traffic Morphing Framework to Test Network Defenses Against Adversarial Attacks, in 2022 International Conference on Information Networking (ICOIN), Jeju-si, Korea, Republic of: IEEE, Jan. 2022, pp. 18–23. doi: 10.1109/ICOIN53446.2022.9687165
W. Pan, X. Liu, J. Han, W. Zheng, and M. Yin, Scorpio: an Automated Penetration Testing Tool and Its Integration with a Cyber Range, in 2021 2nd International Conference on Electronics, Communications and Information Technology (CECIT), Sanya, China: IEEE, Dec. 2021, pp. 1113–1119. doi: 10.1109/CECIT53797.2021.00197
G. Yadav, K. Paul, A. Allakany, and K. Okamura, IoT-PEN: An E2E Penetration Testing Framework for IoT, J. Inf. Process., vol. 28, no. 0, pp. 633–642, 2020, doi: 10.2197/ipsjjip.28.633
D. B. Sufardy and I. R. Widiasari, The Use of PFSense and Suricata as a Network Security Attack Detection and Prevention Tool on Web servers, INOVTEK Polbeng - Seri Inform., vol. 9, no. 2, pp. 765–777, Oct. 2024, doi: 10.35314/shxy2045
O. I. Emmanuel, A. A. Ayodele, A. M. Adebiyi, and B. F. Osang, Windows Firewall Bypassing Techniques: An Overview of HTTP Tunneling and Nmap Evasion, in Computational Science and Its Applications – ICCSA 2021, vol. 12957, O. Gervasi, B. Murgante, S. Misra, C. Garau, I. Blecic, D. Taniar, B. O. Apduhan, A. M. A. C. Rocha, E. Tarantino, and C. M. Torre, Eds., in Lecture Notes in Computer Science, vol. 12957. , Cham: Springer International Publishing, 2021, pp. 546–556. doi: 10.1007/978-3-030-87013-3_41
J. Smith, C. Theisen, and T. Barik, A Case Study of Software Security Red Teams at Microsoft, in 2020 IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), Dunedin, New Zealand: IEEE, Aug. 2020, pp. 1–10. doi: 10.1109/VL/HCC50065.2020.9127203
N. Koroniotis, N. Moustafa, B. Turnbull, F. Schiliro, P. Gauravaram, and H. Janicke, A Deep Learning-based Penetration Testing Framework for Vulnerability Identification in Internet of Things Environments, in 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Shenyang, China: IEEE, Oct. 2021, pp. 887–894. doi: 10.1109/TrustCom53373.2021.00125
M. C. Ghanem, T. M. Chen, and E. G. Nepomuceno, Hierarchical reinforcement learning for efficient and effective automated penetration testing of large networks, J. Intell. Inf. Syst., vol. 60, no. 2, pp. 281–303, Apr. 2023, doi: 10.1007/s10844-022-00738-0.
W. Eddy, Transmission Control Protocol (TCP), RFC Editor, RFC9293, Aug. 2022. doi: 10.17487/RFC9293.
Proofpoint Emerging Threats Rules. Accessed: Jul. 01, 2025. [Online]. Available: https://rules.emergingthreats.net/open/suricata-7.0.3/rules
A. A. Mohamed, A. Al-Saleh, S. K. Sharma, and G. G. Tejani, Zero-day exploits detection with adaptive WavePCA-Autoencoder (AWPA) adaptive hybrid exploit detection network (AHEDNet), Sci. Rep., vol. 15, no. 1, p. 4036, Feb. 2025, doi: 10.1038/s41598-025-87615-2
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Junior Silambi, Dian Widiyanto Chandra
This work is licensed under a Creative Commons Attribution 4.0 International License.
JUKANTI Journal License
JUKANTI (Jurnal Pendidikan Teknologi Informasi) is committed to supporting open access and the dissemination of scholarly knowledge. All articles published in JUKANTI are distributed under the Creative Commons Attribution 4.0 International License (CC BY 4.0).
Creative Commons Attribution 4.0 International License (CC BY 4.0)
Under this license, users are permitted to read, download, copy, distribute, print, search, link to, remix, transform, adapt, and build upon the published work for any lawful purpose, including commercial purposes, provided that appropriate credit is given to the original author(s) and the original publication in JUKANTI, a link to the license is provided, and any changes made are indicated.
Author Rights
Authors retain the copyright of their articles and grant JUKANTI the right of first publication. Authors are also permitted to deposit and share the published version of their articles in institutional repositories, subject repositories, personal websites, and academic networks, provided that the original publication in JUKANTI is properly cited and linked.
Author Obligations
Authors publishing with JUKANTI are responsible for ensuring that their work is original, does not infringe any copyright, and complies with applicable ethical and legal standards. Authors must obtain permission for any third-party material included in their manuscript when required.
License Information
License: Creative Commons Attribution 4.0 International License (CC BY 4.0)
License URL: https://creativecommons.org/licenses/by/4.0/
Commitment to Open Access Standards
JUKANTI is committed to maintaining transparent editorial policies, clear licensing terms, and open access publishing practices in accordance with international scholarly publishing standards.
For further questions or clarifications regarding this license, please contact the JUKANTI editorial office at edu@ucb.ac.id
