SIMULASI MITIGASI ZERO-TOUCH PADA SERANGAN BRUTE FORCE SSH DAN RDP BERBASIS ORKESTRASI SIEM WAZUH

Authors

  • Putu Dedi Juliana Universitas Pamulang
  • Arya Adhyaksa Waskita Universitas Pamulang
  • Ferhat Aziz Universitas Pamulang

DOI:

https://doi.org/10.31539/w7g4ba46

Abstract

Administrasi server berbasis Secure Shell (SSH, port 22) dan Remote Desktop Protocol (RDP, port 3389) pada infrastruktur layanan publik, khususnya Layanan Pengadaan Secara Elektronik (LPSE) Kabupaten Mahakam Ulu, secara inheren memperluas permukaan serangan terhadap Teknik brute force (MITRE ATT&CK T1110). Model mitigasi manual yang bergantung pada analis memperpanjang jarak antara deteksi kegagalan logon berulang dan kontainmen, sehingga membuka jendela eksploitasi yang dapat dimanfaatkan penyerang. Penelitian ini merancang dan memvalidasi prototipe simulasi mitigasi otomatis berbasis semantic Active Response Wazuh dalam kerangka Security Information and Event Management (SIEM). Arsitektur klien–pelayan (React/Vite pada sisi klien; Node.js/Express dengan persistensi JSON pada sisi pelayan) menjalankan tiga skenario pengujian fungsional: serangan brute force bersumber tunggal pada SSH, bersumber tunggal pada RDP, dan multi-sumber dengan tiga alamat IP berotasi. Setiap skenario menggunakan ambang 10 kegagalan autentikasi untuk memicu aturan deteksi 5710 (SSH) dan 60122 (RDP) beranotasi T1110, dilanjutkan eksekusi Active Response berupa firewall-drop (Linux) dan netsh.exe (Windows). Hasil pengujian menunjukkan Mean Time to Respond (MTTR) diskret sebesar satu tick simulasi pada ketiga skenario, dengan rasio keberhasilan isolasi alamat IP mencapai 100% terhadap himpunan sumber yang dimodelkan. Prototipe yang tervalidasi berfungsi sebagai cetak biru konseptual bagi perencanaan penerapan SIEM pada infrastruktur publik tanpa risiko gangguan layanan produksi.

References

Alanda, A., Mooduto, H. A., & Hadi, R. (2023). Real-time defense against cyber threats: Analyzing Wazuh's effectiveness in server monitoring. Journal of Information Technology and Computer Engineering, 7(2), 56–62. https://doi.org/10.25077/jitce.7.2.56-62.2023

Chamkar, S. A., Zaydi, M., Maleh, Y., & Gherabi, N. (2025). Improving threat detection in Wazuh using machine learning techniques. Journal of Cybersecurity and Privacy, 5(2), Article 34. https://doi.org/10.3390/jcp5020034

Fahrnberger, G. (2022). Realtime risk monitoring of SSH brute force attacks. In Communications in Computer and Information Science. Springer International Publishing. pp. 75–95. https://doi.org/10.1007/978-3-031-06668-9_8

González-Granadillo, G., González-Zarzosa, S., & Diaz, R. (2021). Security information and event management (SIEM): Analysis, trends, and usage in critical infrastructures. Sensors, 21(14), Article 4759. https://doi.org/10.3390/s21144759

Ismail, Kurnia, R., Widyatama, F., Wibawa, I. M., Brata, Z. A., Ukasyah, Nelistiani, G. A., & Kim, H. (2025). Enhancing security operations center: Wazuh security event response with retrieval-augmented-generation copilot. Sensors, 25(3), Article 870. https://doi.org/10.3390/s25030870

Jalalvand, F., Baruwal Chhetri, M., Nepal, S., & Paris, C. (2024). Alert prioritisation in security operations centres: A systematic survey on criteria and methods. ACM Computing Surveys, 57(2), 1–36. https://doi.org/10.1145/3695462

Khandait, P., Tiwari, N., & Hubballi, N. (2021). Who is trying to compromise your SSH server? An analysis of authentication logs and detection of brute-force attacks. In Adjunct proceedings of the 2021 International Conference on Distributed Computing and Networking (pp. 127–132). Association for Computing Machinery. https://doi.org/10.1145/3427477.3429772

López Velásquez, J. M., Martínez Monterrubio, S. M., Sánchez Crespo, L. E., & Garcia Rosado, D. (2023). Systematic review of SIEM technology: SIEM-SC birth. International Journal of Information Security, 22(3), 691–711. https://doi.org/10.1007/s10207-022-00657-9

MITRE ATT&CK. (n.d.). Brute force (T1110). MITRE Corporation. Retrieved April 9, 2026, from https://attack.mitre.org/techniques/T1110/

Noor, Z., Hina, S., Hayat, F., & Shah, G. A. (2023). An intelligent context-aware threat detection and response model for smart cyber-physical systems. Internet of Things, 22, Article 100843. https://doi.org/10.1016/j.iot.2023.100843

Park, J., Kim, J., Gupta, B. B., & Park, N. (2021). Network log-based SSH brute-force attack detection model. Computers, Materials & Continua, 68(1), 887–901. https://doi.org/10.32604/cmc.2021.015172

Pitkar, H. (2025). Cloud security automation through symmetry: Threat detection and response. Symmetry, 17(6), Article 859. https://doi.org/10.3390/sym17060859

Ruambo, F. A., Masanga, E. E., Lufyagila, B., Ateya, A. A., Abd El-Latif, A. A., Almousa, M., & Abd-El-Atty, B. (2025). Brute-force attack mitigation on remote access services via software-defined perimeter. Scientific Reports, 15, Article 18599. https://doi.org/10.1038/s41598-025-01080-5

Singh, S. K., Gautam, S., Cartier, C., Patil, S., & Ricci, R. (2024). Where the wild things are: Brute-force SSH attacks in the wild and how to stop them. In Proceedings of the 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI ’24). USENIX Association. https://www.usenix.org/system/files/nsdi24-singh-sachin.pdf

Skopik, F., Landauer, M., & Wurzenberger, M. (2022). Blind spots of security monitoring in enterprise infrastructures: A survey. IEEE Security & Privacy, 20(6), 18–26. https://doi.org/10.1109/MSEC.2021.3133764

Suskalo, D., Moric, Z., Redzepagic, J., & Regvart, D. (2023). Comparative analysis of IBM QRadar and Wazuh for security information and event management. In Proceedings of the 34th DAAAM International Symposium (pp. 96–102). DAAAM International. https://doi.org/10.2507/34th.daaam.proceedings.014

Tiwari, N., & Hubballi, N. (2023). Secure socket shell bruteforce attack detection with Petri net modeling. IEEE Transactions on Network and Service Management, 20(1), 697–710. https://doi.org/10.1109/TNSM.2022.3212591

Wazuh Team. (n.d.). Wazuh documentation. Wazuh. Retrieved April 9, 2026, from https://documentation.wazuh.com/current/

Winkler, A. M., & Sharma, P. (2025). Proactive threat detection in enterprise systems using Wazuh: A MITRE ATT&CK evaluation. Computers & Security, 159, Article 104702. https://doi.org/10.1016/j.cose.2025.104702

Downloads

Published

2026-05-24

Issue

Vol. 9 No. 2 (2026): INTECOMS: Journal of Information Technology and Computer Science

Section

Articles

License

Copyright (c) 2026 Putu Dedi Juliana, Arya Adhyaksa Waskita, Ferhat Aziz

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.