File Integrity Monitoring as a Method for Detecting and Preventing Web Defacement Attacks

Authors

  • Candra Kurniawan Department of Communication and Information Technology, Universitas Nasional, Indonesia
  • Agung Triayudi Department of Communication and Information Technology, Universitas Nasional, Indonesia https://orcid.org/0000-0002-1269-5888

DOI:

https://doi.org/10.15575/join.v9i2.1326

Keywords:

Brute Force Attack, File Integrity Monitoring, Wazuh, Web Defacement

Abstract

The cybersecurity landscape in Indonesia recorded an increase in cyberattacks in 2022. One of the types of attacks observed was web defacement attacks targeting government websites. In 2022, there were a total of 2,348 web defacement attacks in Indonesia, with the majority occurring in the governmental sector. In proactive efforts to monitor and prevent web defacement attacks, this study implemented the open-source tool Wazuh and activated the file integrity monitoring module to detect file changes in the system. Testing was conducted with two types of attacks: brute force attacks to gain system access and web defacement attacks involving script insertion to trigger alerts from the file integrity monitoring. The results of the testing show that the implementation of Wazuh and the file integrity monitoring module can real-time detect malicious activities and file additions, so that it can be used to mitigate cyberattacks.

References

[1] S. Inc, “2024 SonicWall Cyber Threat Report,” 2024.

[2] Trend Micro, “Calibrating Expansion: 2023 Annual Cybersecurity Report,” 2023.

[3] BSSN, “KEAMANAN SIBER INDONESIA 2022 T L P : C L E A R,” Jakarta, 2023.

[4] D. Zlatkovski, A. Mileva, K. Bogatinova, and I. Ampov, “A New Real-Time File Integrity Monitoring System for Windows-based Environments.”

[5] B. Al-Muntaser, M. Afendee Mohamed, A. Yaseen Tuama, U. Sultan Zainal Abidin, and K. Terengganu, “Real-Time Intrusion Detection of Insider Threats in Industrial Control System Workstations Through File Integrity Monitoring,” IJACSA) International Journal of Advanced Computer Science and Applications, vol. 14, no. 6, pp. 327–333, 2023, [Online]. Available: www.ijacsa.thesai.org

[6] S. Agarwal, A. Sable, D. Sawant, S. Kahalekar, and M. K. Hanawal, “Threat Detection and Response in Linux Endpoints,” in 2022 14th International Conference on COMmunication Systems and NETworkS, COMSNETS 2022, Institute of Electrical and Electronics Engineers Inc., 2022, pp. 447–449. doi: 10.1109/COMSNETS53615.2022.9668567.

[7] A. A. Mughal and A. A. Mughal, “Building and Securing the Modern Security Operations Center (SOC),” International Journal of Business Intelligence and Big Data Analytics, 2022, [Online]. Available: https://orcid.org/0009-0006-8460-8006

[8] B. Shi, B. Li, L. Cui, and L. Ouyang, “Vanguard: A cache-level sensitive file integrity monitoring system in virtual machine environment,” IEEE Access, vol. 6, pp. 38567–38577, Jun. 2018, doi: 10.1109/ACCESS.2018.2851192.

[9] S. K. Peddoju, H. Upadhyay, and L. Lagos, “File integrity monitoring tools: Issues, challenges, and solutions,” Concurr Comput, vol. 32, no. 22, Nov. 2020, doi: 10.1002/cpe.5825.

[10] M. Albalawi, R. Aloufi, N. Alamrani, N. Albalawi, A. Aljaedi, and A. R. Alharbi, “Website Defacement Detection and Monitoring Methods: A Review,” Electronics (Switzerland), vol. 11, no. 21. MDPI, Nov. 01, 2022. doi: 10.3390/electronics11213573.

[11] A. Salman, M. S. Khan, S. Idrees, F. Akram, M. Junaid, and A. L. Malik, “File Integrity Checkers: Functionality, Attacks, and Protection,” in 2022 2nd International Conference on Digital Futures and Transformative Technologies, ICoDT2 2022, Institute of Electrical and Electronics Engineers Inc., 2022. doi: 10.1109/ICoDT255437.2022.9787428.

[12] D. Laksmiati, “IMPLEMENTASI WAZUH 4.0 UNTUK PERLINDUNGAN KEAMANAN INTEGRITAS FILE,” Jurnal AKRAB JUARA, vol. 6, pp. 164–174, 2021.

[13] T. Suryantoro, B. D. P. Purnomosidi, and W. Andriyani, “The Analysis of Attacks Against Port 80 Webserver with SIEM Wazuh Using Detection and OSCAR Methods,” in 2022 5th International Seminar on Research of Information Technology and Intelligent Systems, ISRITI 2022, Institute of Electrical and Electronics Engineers Inc., 2022, pp. 1–6. doi: 10.1109/ISRITI56927.2022.10052950.

[14] S. Stankovic, S. Gajin, and R. Petrovic, “A Review of Wazuh Tool Capabilities for Detection Attack Based on Log Analysis,” Serbia: IX International Conference IcETRAN, Jun. 2022, pp. 1–5.

[15] M. Romagna and N. Jan van den Hout, “Hacktivism and Website Defacement: Motivations, Capabilites and Potential Threats,” 27th Virus Bulletin Conference, vol. 1, pp. 1–10, 2017, [Online]. Available: http://www.zone-h.org/.

[16] Anggrahito, R. Ibrahim, A. Fajri, and E. Murniyanti, “Implementasi Web Application Firewall Menggunakan ReverseProxy dan ModSecurity Sebagai Alternatif Pengamanan Aplikasi Web Pada Sektor Pemerintah,” CITEE2019, pp. 199–205, Jul. 2019, [Online]. Available: http://news.netcraft.com/archives/2018/02/13/february-2018-web-server-

[17] Wazuh, “Getting started with Wazuh,” https://documentation.wazuh.com/current/getting-started/index.html. Accessed: Nov. 17, 2023. [Online]. Available: https://documentation.wazuh.com/current/getting-started/index.html

[18] Incident Response Team, “WEB DEFACEMENT : JUDI ONLINE,” 2023.

[19] A. Nursetyo, D. R. I. M. Setiadi, C. A. Sari, and E. H. Rachmawanto, “Website and Network Security Techniques against Brute Force Attacks using Honeypot,” Fourth International Conference on Informatics and Computing (ICIC), pp. 1–6, Oct. 2019, doi: 10.1109/ICIC47613.2019.8985686.

[20] P. G. Shah and J. Ayoade, “An Empricial Study of Brute Force Attack on Wordpress Website,” in Proceedings - 5th International Conference on Smart Systems and Inventive Technology, ICSSIT 2023, Institute of Electrical and Electronics Engineers Inc., 2023, pp. 659–662. doi: 10.1109/ICSSIT55814.2023.10060966.

Downloads

Published

2024-12-31

Issue

Section

Article

Citation Check

Similar Articles

1 2 3 4 > >> 

You may also start an advanced similarity search for this article.