ANALISIS PERFORMA INTRUSION DETECTION SYSTEM SNORT DAN SURICATA TERHADAP SERANGAN SQL INJECTION

Fabian Ramot Argenta Pasaribu; Andi Maslan

doi:10.33884/comasiejournal.v13i2.10403

Authors

Fabian Ramot Argenta Pasaribu Universitas Putera Batam
Andi Maslan

DOI:

https://doi.org/10.33884/comasiejournal.v13i2.10403

Keywords:

Network security, SQL Injection, Snort, Suricata, Intrusion Detection System

Abstract

Web application security is becoming increasingly important due to the rise of threats such as SQL Injection, which exploits vulnerabilities to access sensitive data. As one of the most severe types of attacks, SQL Injection compromises the confidentiality, integrity, and access control of a system. Intrusion Detection Systems such as Snort and Suricata are used to detect and mitigate this. This study compares the effectiveness of Snort and Suricata in detecting SQL Injection using an experimental setup. The vulnerable web application (DVWA) was installed on Ubuntu, while attacks were launched from Kali Linux. Both IDS tools were configured to monitor network traffic and detect intrusions based on predefined rules. Performance was evaluated using accuracy, precision, recall, and F1 score. Suricata outperformed Snort in all metrics, Suricata also demonstrated faster detection. These results indicate that Suricata is more accurate and efficient at detecting SQL injection attacks in the test environment.

References

Abdulganiyu, O. H., Ait Tchakoucht, T., & Saheed, Y. K. (2023). A systematic literature review for network intrusion detection system (IDS). International Journal of Information Security, 22(5), 1125–1162. https://doi.org/10.1007/s10207-023-00682-2

Barends, J. K., Dewanta, F., & Karna, N. B. A. (2022). Perancangan dan Analisis Intrusion Prevention System Berbasis SNORT dan IPTABLES dengan Integrasi Honeypot pada Arsitektur Software Defined Network. Multinetics, 7(2), 163–176. https://doi.org/10.32722/multinetics.v7i2.4276

Chen, D., Yan, Q., Wu, C., & Zhao, J. (2021). SQL Injection Attack Detection and Prevention Techniques Using Deep Learning. Journal of Physics: Conference Series, 1757(1). https://doi.org/10.1088/1742-6596/1757/1/012055

de Santana, K. G. Q., Schwarz, M., & Wangham, M. S. (2024). Cybersecurity Testbeds for IoT: A Systematic Literature Review and Taxonomy. Journal of Internet Services and Applications, 15(1), 450–473. https://doi.org/10.5753/jisa.2024.4363

Efe, A., & Abaci, İ. N. (2022). Comparison of the Host Based Intrusion Detection Systems and Network Based Intrusion Detection Systems. Celal Bayar Üniversitesi Fen Bilimleri Dergisi, 18(1), 23–32. https://doi.org/10.18466/cbayarfbe.832533

Hoover, C., & Thompson, D. R. (2022). Comparative Study of Snort 3 and Suricata Intrusion Detection Systems Click here to let us know how this document benefits you . by.

Silalahi, M., & Saragih, S. P. . (2023). Implementasi Iot Pada Sistem Pembayaran Di Koperasi Sekolah. Prosiding Seminar Nasional Ilmu Sosial Dan Teknologi (Snistek), 5, 521–526. Https://Doi.Org/10.33884/Psnistek.V5i.8128

Hu, Q., Yu, S. Y., & Asghar, M. R. (2020). Analysing performance issues of open-source intrusion detection systems in high-speed networks. Journal of Information Security and Applications, 51, 102426. https://doi.org/10.1016/j.jisa.2019.102426

Jemal, I., Cheikhrouhou, O., Hamam, H., & Mahfoudhi, A. (2021). SQL Injection Attack Detection and Prevention Techniques Using Deep Learning. Journal of Physics: Conference Series, 1757(1). https://doi.org/10.1088/1742-6596/1757/1/012055

Kareem, F. Q., Ameen, S. Y., Salih, A. A., Ahmed, D. M., Kak, S. F., Yasin, H. M., Ibrahim, I. M., Ahmed, A. M., Rashid, Z. N., & Omar, N. (2021). SQL Injection Attacks Prevention System Technology: Review. Asian Journal of Research in Computer Science, July, 13–32. https://doi.org/10.9734/ajrcos/2021/v10i330242

Saragih, S. P. T. I., & Harisno, H. (2015). Influence Of Knowledge Sharing And Information Technology Innovation On Employees Performance At Batamindo Industrial Park. Commit (Communication And Information Technology) Journal, 9(2), 45. Https://Doi.Org/10.21512/Commit.V9i2.1657

Adhiatma, N., & Ikhsan, M. (2024). Implementasi E-Kasir Pada Industri Percetakan Dan Periklanan. Jurnal Simantec, 13(1), 15–24. Https://Doi.Org/10.21107/Simantec.V13i1.27974

Saragih, S. P., & Silalahi, M. . (2024). Pengembangan Learning Management System Berbasis Web Menggunakan Konsep Mooc. Jurnal Desain Dan Analisis Teknologi, 3(1), 15–21. Https://Doi.Org/10.58520/Jddat.V3i1.42

Centuria, S., & Adhiatma, N. (2025). Rancang Bangun Sistem Informasi Pemesanan Pada Aqiqah Rahayu Batam Berbasis Web. Ejournal.Upbatam.Ac.Id. Https://Doi.Org/10.33884/Cbis.V13i2.10344

Saragih, S. P. (2019). Technology Acceptance Of Digital Payment System Pada Pelaku Umkm Di Kota Batam. Computer Based Information System Journal, 7(2), 82–90. Https://Doi.Org/10.33884/Cbis.V7i2.1402

Safana Hyder Abbas, Wedad Abdul Khuder Naser, & Amal Abbas Kadhim. (2023). Subject review: Intrusion Detection System (IDS) and Intrusion Prevention System (IPS). Global Journal of Engineering and Technology Advances, 14(2), 155–158. https://doi.org/10.30574/gjeta.2023.14.2.0031