Implementation of IT Security Operations Management Application for Cyber Security Threat Monitoring
DOI:
https://doi.org/10.26418/jp.v12i1.105673Keywords:
Deteksi Ancaman Siber, Pemantauan Integritas File, Pusat Operasi Keamanan, Intelijen Ancaman, Keamanan WebAbstract
Peningkatan kompleksitas dan volume serangan siber mengharuskan organisasi untuk menerapkan mekanisme pemantauan keamanan terintegrasi dan real-time. Studi ini mengusulkan model pemantauan berbasis Operasi Keamanan (Security Operations) untuk meningkatkan efektivitas deteksi serangan siber dan respons insiden di lingkungan sektor keuangan. Sistem ini mengintegrasikan pemantauan firewall aplikasi web, pemantauan integritas file berbasis host, dan pengayaan intelijen ancaman siber dalam platform terpusat yang mampu melakukan tindakan respons otomatis, termasuk pemblokiran IP dan karantina file. Model ini dievaluasi menggunakan skenario serangan terkontrol yang meliputi serangan injeksi SQL, skrip lintas situs, eksekusi kode jarak jauh, dan unggahan file berbahaya. Hasil eksperimen menunjukkan bahwa semua serangan berhasil dideteksi dan diatasi. Sistem mencapai waktu deteksi berkisar antara 0 hingga 37 detik dan waktu respons antara 3 hingga 6 detik, dengan rata-rata waktu respons 4 detik. Pemantauan lintas lapisan dan penahanan otomatis mengurangi paparan serangan dan meningkatkan efisiensi penanganan insiden operasional. Temuan ini menunjukkan bahwa integrasi deteksi multi-lapisan dengan respons otomatis memberikan perbaikan yang dapat diukur dalam operasi keamanan dunia nyata. Kerangka kerja mini–Security Operations Center yang diusulkan menawarkan pendekatan pemantauan keamanan praktis bagi organisasi dengan sumber daya keamanan terbatas.References
R. Bakır, “UniEmbed: A Novel Approach to Detect XSS and SQL Injection Attacks Leveraging Multiple Feature Fusion with Machine Learning Techniques,” Arab. J. Sci. Eng., vol. 50, no. 19, pp. 15591–15604, Oct. 2025, doi: 10.1007/s13369-024-09916-4.
E. Sun, J. Han, Y. Li, and C. Huang, “A Packet Content-Oriented Remote Code Execution Attack Payload Detection Model,” Future Internet, vol. 16, no. 7, Jul. 2024, doi: 10.3390/fi16070235.
C. Bassey, E. T. Chinda, and S. Idowu, “Building a Scalable Security Operations Center: A Focus on Open-source Tools,” Journal of Engineering Research and Reports, vol. 26, no. 7, pp. 196–209, Jun. 2024, doi: 10.9734/jerr/2024/v26i71203.
G. Luo, Z. Chen, and B. O. Mohammed, “A systematic literature review of intrusion detection systems in the cloud-based IoT environments,” Concurr. Comput., vol. 34, no. 10, May 2022, doi: 10.1002/cpe.6822.
F. Alsubaei, A. Abuhussein, and S. Shiva, “Security and Privacy in the Internet of Medical Things: Taxonomy and Risk Assessment,” in Proceedings - 2017 IEEE 42nd Conference on Local Computer Networks Workshops, LCN Workshops 2017, Institute of Electrical and Electronics Engineers Inc., Nov. 2017, pp. 112–120. doi: 10.1109/LCN.Workshops.2017.72.
A. Toluwalope, “Automating Security Operations Centers (SOCs) with AI: Benefits and Challenges.”
M. Husák, J. Komárková, E. Bou-Harb, and P. P. Pavelčeleda, “Survey of Attack Projection, Prediction, and Forecasting in Cyber Security.”
B. Al-Muntaser, M. Afendee Mohamed, A. Yaseen Tuama, U. Sultan Zainal Abidin, and K. Terengganu, “Real-Time Intrusion Detection of Insider Threats in Industrial Control System Workstations Through File Integrity Monitoring.” [Online]. Available: www.ijacsa.thesai.org
P. Cichonski, T. Millar, T. Grance, and K. Scarfone, “Computer Security Incident Handling Guide Recommendations of the National Institute of Standards and Technology.”
E. M. Hutchins, M. J. Cloppert, and R. M. Amin, “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains.”
S. García, M. Grill, J. Stiborek, and A. Zunino, “An Empirical Comparison of Botnet Detection Methods.” [Online]. Available: http://www.iscx.ca/datasets
J. S. Raval, N. Pandya, and J. Soni, “Cyber Threat Intelligence (CTI): A Comprehensive Review of Automated Threat Intelligence Platforms, Dark Web Monitoring, and Threat Hunting.” [Online]. Available: www.spujstmr.in
S. A. Chamkar, Y. Maleh, and N. Gherabi, “Security Operations Centers: Use Case Best Practices, Coverage, and Gap Analysis Based on MITRE Adversarial Tactics, Techniques, and Common Knowledge,” Journal of Cybersecurity and Privacy, vol. 4, no. 4, pp. 777–793, Dec. 2024, doi: 10.3390/jcp4040036.
A. Milenkoski, M. Vieira, S. Kounev, A. Avritzer, and B. D. Payne, “Evaluating computer intrusion detection systems: A survey of common practices,” ACM Comput. Surv., vol. 48, no. 1, Jan. 2015, doi: 10.1145/2808691.
G. González-Granadillo, S. González-Zarzosa, and R. Diaz, “Security information and event management (SIEM): Analysis, trends, and usage in critical infrastructures,” Sensors, vol. 21, no. 14, Jul. 2021, doi: 10.3390/s21144759.
R. Mitchell and I.-R. Chen, “Behavior Rule Specification-based Intrusion Detection for Safety Critical Medical Cyber Physical Systems.”
A. Ahmad, S. B. Maynard, and S. Park, “Information security strategies: Towards an organizational multi-strategy perspective,” J. Intell. Manuf., vol. 25, no. 2, pp. 357–370, 2014, doi: 10.1007/s10845-012-0683-0.
C. Security, “Signature & Behavior Based Malware Detection Proposal report (Information Cyberwarfare),” 2023.
C. Kurniawan and A. Triayudi, “File Integrity Monitoring as a Method for Detecting and Preventing Web Defacement Attacks,” Jurnal Online Informatika, vol. 9, no. 2, pp. 276–285, Aug. 2024, doi: 10.15575/join.v9i2.1326.
P. Santos, R. Abreu, M. J. C. S. Reis, C. Serôdio, and F. Branco, “A Systematic Review of Cyber Threat Intelligence: The Effectiveness of Technologies, Strategies, and Collaborations in Combating Modern Threats,” Jul. 01, 2025, Multidisciplinary Digital Publishing Institute (MDPI). doi: 10.3390/s25144272.
F. Valeur, D. Mutz, and G. Vigna, “A Learning-Based Approach to the Detection of SQL Attacks.”
A. Ahmad, J. Hadgkiss, and A. B. Ruighaver, “Incident Response Teams-Challenges in Supporting the Organisational Security Function.”
S. Jaradat, M. M. Komol, M. Elhenawy, and N. Dong, “Cyber attack detection on SWaT Plant industrial control systems using machine learning,” Artificial Intelligence and Autonomous Systems, Sep. 2024, doi: 10.55092/aias20240006.
M. Boutassetta and I. Boutabia, “Hybrid IDS Using Signature-Based and Anomaly-Based Detection.”
J. R. Tadhani, V. Vekariya, V. Sorathiya, S. Alshathri, and W. El-Shafai, “Securing web applications against XSS and SQLi attacks using a novel deep learning approach,” Sci. Rep., vol. 14, no. 1, Dec. 2024, doi: 10.1038/s41598-023-48845-4.
