Network Attack Detection Using Intrusion Detection System Utilizing Snort Based on Telegram

Abstract

The constantly evolving of information technology landscape has made information security something of paramount importance, yet the development of information technology is not met with a corresponding advancement in its security systems. As a result, in the current era, there is a multitude of cybercrimes in the realm of the internet. Therefore, this research aims to create a computer network attack detector using the Linux operating system by leveraging the Telegram-based Snort application and employing the Intrusion Detection System (IDS) method through an IDS-based application, namely Snort. Additionally, this study incorporates features for blocking IP addresses and changing the Linux server password through the Telegram application for initial response when an attack is detected, accomplished by sending specific commands within the Telegram application. Furthermore, this paper also introduce a feature for categorizing the risk of computer network attacks into three categories: Low, Medium, and High within the Telegram application. The results of this research demonstrate that Snort can detect predefined rules and send alerts to the Telegram application for every attack occurring within the Wireless Local Area Network (WLAN). Successful IP address blocking is achieved through Telegram integration with the Iptables application, and changing the Linux server password is also accomplished through Telegram by integrating the bash shell programming language found in the Terminal of the Linux operating system. Finally, the risk of attacks can be viewed within the Telegram application.