Implementasi Intrusion Prevention System (IPS) Pada Software Defined Network (SDN) Menggunakan RYU Controller

Abstract

SDN is a technology that separates the control plane and the data plane. The control plane is used to configure network devices using the SDN controller, while the data plane is used to forward information packets. The controller is the main control for the network and is centralized, if this part is successfully attacked then the entire network can be taken over. If SDN resources are attacked with Denial of Service, SYN Flooding will consume network resources, causing the SDN controller to be unable to serve SDN network user requests. One of the efforts to overcome this problem is to use an IPS security system because it can prevent DoS attacks by using the snort application to block attacks in real time. The tests carried out tested the performance of QoS parameters with a DoS SYN Flood attack. The results of this study are the implementation of the use of IPS proved to be effective in detecting and blocking Denial of Service attacks so as to improve the quality of the security system on the SDN network. The QoS throughput value before the attack had an average of 22.536 Gb/s, during an attack it was 14,163 Gb/s, while blocking was 14.926 Gb/s, inversely proportional to the very small latency of 0.1ms in each condition. CPU usage performance during SYN Flood attacks and IPS system blocking is almost 100%, in line with high CPU usage conditions of 18% when the IPS system is active to block attacks.