Comparative Analysis of Network Security: Firewall, IDS, and AI-Based Defense Against DDoS Attacks

Elsa Kristi Aprilia Tobing; Rara Eka Septya; Yustian Servanda

doi:10.59934/jaiea.v4i3.1026

Authors

Elsa Kristi Aprilia Tobing Universitas Mulia
Rara Eka Septya Universitas Mulia
Yustian Servanda Universitas Mulia

DOI:

https://doi.org/10.59934/jaiea.v4i3.1026

Keywords:

Firewall, Intrusion Detection System, Artificial Intelligence, DDoS Attack, Network Security

Abstract

Distributed Denial of Service (DDoS) attacks have become one of the most significant threats in today’s network security landscape. By overwhelming a network with excessive traffic, these attacks can disrupt service availability and render digital systems inaccessible. Various defense mechanisms have been developed to counter this threat, including firewalls for initial traffic filtering, Intrusion Detection Systems (IDS) for real-time anomaly detection, and Artificial Intelligence (AI)-based systems that can adaptively recognize new attack patterns. This study aims to analyze and compare the effectiveness of these three approaches in mitigating DDoS attacks. The method used is a literature review of selected scientific journals published between 2019 and 2024. The findings show that firewalls are effective for standard traffic filtering, IDS excels in early threat detection, and AI-based systems offer high accuracy with lower false positive rates. A combined implementation of these three methods is recommended to build a comprehensive and adaptive network defense system capable of withstanding increasingly complex DDoS threats.

Downloads

Download data is not yet available.

References

Q. Syahputra, D. Akbi, and D. Risqiwati, “Deteksi Dan Mitigasi Serangan DDoS Pada Software Defined Network Menggunakan Algoritma Decision Tree,” Repositor, vol. 2, no. 11, pp. 1491–1502, 2020, doi: 10.22219/repositor.v2i11.795.

M. H. Dar and S. Z. Harahap, “IMPLEMENTASI SNORT INTRUSION DETECTION SYSTEM (IDS) PADA SISTEM JARINGAN KOMPUTER,” JURNAL INFORMATIKA, vol. 6, no. 3, pp. 14–23, Sep. 2017, doi: 10.36987/informatika.v6i3.1619.

M. R. H. Tambunan and S. N. Neyman, “Implementasi Firewall pada Linux untuk Pencegahan Dari Serangan DoS,” Journal of Technology and System Information, vol. 1, no. 4, pp. 1–10, 2024, doi: 10.47134/jtsi.v1i4.2648.

I. Rahmadaniar, D. A. A. Tondang, B. S. Fernando, and A. Setiawan, “Implementasi Firewall Menggunakan Iptables untuk Melindungi Server dari Serangan DDoS,” Journal of Internet and Software Engineering, vol. 1, no. 3, pp. 1–10, 2024, doi: 10.47134/pjise.v1i3.2564.

R. Aulianita, N. Musyaffa, and R. Martiwi, “Penggunaan Metode IDS dalam Implementasi Firewall pada Jaringan untuk Deteksi Serangan Distributed Denial of Service (DDoS),” Jusikom: Jurnal Sistem Komputer Musirawas, vol. 6, no. 2, pp. 94–104, 2021, doi: 10.32767/jusikom.v6i2.1411.

R. Fauzi, Y. Muhyidin, and D. Singasatia, “Sistem Keamanan Jaringan Komputer Berbasis Teknik Intrusion Detection System (IDS) Untuk Mendeteksi Serangan Distrubuted Denial Of Service (DDOS),” Jurnal Sains Komputer & Informatika (J-SAKTI, vol. 7, no. 1, pp. 72–86, 2023, doi: 10.30645/j-sakti.v7i1.

A. R. Syujak, K. Diantoro, V. Yuni T, A. Soderi, and P. A. Sucipto, “Integrasi Deep Packet Inspection dengan Intrusion Detection System (IDS) untuk Identifikasi Serangan DDoS dalam Jaringan Skala Besar,” Jurnal Minfo Polgan, vol. 13, no. 2, pp. 1971–1975, Dec. 2024, doi: 10.33395/jmp.v13i2.14324.

J. C. J. Sihombing, D. P. Kartikasari, and A. Bhawiyuga, “Implementasi Sistem Deteksi dan Mitigasi Serangan Distributed Denial of Service (DDoS) menggunakan SVM Classifier pada Arsitektur Software-Defined Network (SDN),” Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer, vol. 3, no. 10, pp. 9608–9613, 2019, [Online]. Available: https://j-ptiik.ub.ac.id/index.php/j-ptiik/article/view/6476