Implementasi Intrusion Prevention System (IPS) Menggunakan Signature – Based Detection Berbasis Suricata

Abstract

Network security is a crucial aspect of maintaining the integrity, confidentiality, and availability of data. One solution to strengthen network security is the implementation of an Intrusion Prevention System (IPS). This research implements a hybrid IPS that integrates Suricata as a signature-based detection engine with the Aho-Corasick algorithm for secondary log analysis and pattern matching. The system, implemented on a Windows operating system, is designed to automatically detect and block various types of attacks, such as Port Scanning, DDoS (SYN Flood), and Protocol-Specific Attacks. Testing was conducted through end-to-end attack scenarios to measure the system's effectiveness and response time. The results demonstrate that the proposed architecture is highly effective, achieving an average detection rate (recall) of 86.67% and a precision rate of 81.25%, which yields an F1-Score of 83.87%. Response time analysis revealed that Suricata detects threats within an average of 1-3 seconds, while the Aho-Corasick layer analyzes the resulting logs in a matter of milliseconds. This implementation proves that the combination of Suricata and Aho-Corasick provides a security solution that is not only effective at detecting known threats but also efficient at analyzing the results.