1111II7111817031957 >

ISSN: 1817..3195

E..ISSN: 1992-8615

J"O"UIllfAL OF

'1'8 I~f)111~'1'1(~l\'IJl\.NI) 1\'" IJII~I)INI~f)111)1\,'1'1f)N 'I'I~(~IIN()IJ()f_Y

."oL 2J Jro. f c:JaDU.~201f

.... _--..•"...An International Publication ofLIlTLE LION SCIENTIFIC

: RESEARCH Bc DEVELOPMENTISLAMABAD PAKSITAN.

JOURNAL OF\!Cbeoretieal ano ~pplieb~nformation \!tee nologp

'<1,':,"~"

.~

, '~\:",

....._.-..~ ...$a"scri"e to aaonthlr-,a~lis~~!I_l~,!~~al~t11!~oreticalanct~'-1l<!4

InlorJ"-~U~n1echnotoJJr*Subscriptions will be for a year only*All back issues are available*AII orders must be prepaid (bank wire

transfer OR credit cards)http://www.jatit.org/subscribe.php

Correspondence concerning subscriptions, change of address and other business mattersshould be addressed to:

Journal Volumes: MonthlyAnnual Subscription: 550 $

Single Copy Price: 55 $(GST & Shipping Inclusive)

Shahbaz GhayyurCo-Chief Editor,Journal of Theoretical and AppliedInformation Technology.

Suite No 101, Golden Heights,Sector F-11 Markaz,. Islamabad. 44000PAKISTAN

All queries including payment methods and details should be directed to. editorjatit@gmail.com

~ATIT CoverageQuality Original Research & Review papers which may include, but are not limited to the following

Artificial IntelligenceS/W & H/W ArchitectureIntelligent SystemsSoftware EngineeringGenomics And BioinformaticsInternet and WebExpert SystemsComputer SimulationDatabase SystemsBioinformaticsComputational IntelligenceProgramming LanguagesSearch Engine DesignE-CommerceWireless CommunicationsComputer SystemsControl SystemsSystem EngineeringTheory Of Computation

Automata Theory(Formal Languages)Computability TheoryComputational ComplexityConcurrency TheoryAlgorithmsData StructuresOperating SystemsComputer CommunicationsInformation TheoryInternet, World Wide WebWireless ComputingMobile ComputingComputer SecurityReliabilityCryptographyFault-Tolerant ComputingDistributed ComputingGrid ComputingParallel ComputingHigh-Performance ComputingQuantu m ComputingComputer GraphicsImage ProcessingScientific VisualizationComputational GeometrySoftware RequirementsSoftware DesignUnified Modeling Language

Software DevelopmentSoftware TestingSoftware MaintenanceERP Issues

Software ConfigurationManagement & S/WSoftware ProcessesSoftware Engineering Tools CASESoftware QualityFormal MethodsProgramming LanguagesProgramming ParadigmsProgram SemanticsCompilersConcurrent ProgrammingLanguagesInformation ScienceDatabaseMultimedia, HypermediaData MiningInformation RetrievalArtificial IntelligenceAutomated ReasoningComputer VisionMachine LearningArtificial Neural NetworkNatural Language Processing(Computational Linguistics)Expert SystemsRoboticsHuman-Computer InteractionNumerical AnalysisSymbolic ComputationComputational Number TheoryComputational MathematicsScientific Computing(Computational Science)Computational Biology(Bioinformatics)Computational PhysicsComputational ChemistryComputational NeuroscienceComputer-Aided EngineeringFinite Element AnalysisComputational Fluid DynamicsComputing In Social Sciences, ArtsAnd Humanities, ProfessionsComputational EconomicsComputational SociologyComputational FinanceHumanities Computing (DigitalHumanities)Information Systems (BusinessInformatics)Management Information SystemsHealth InformaticsMathematical Logic

Number TheoryGraph TheoryType TheoryCategory TheoryComputational Geometry QuantumComputing TheoryDigital LogicMicro Architecture MultiprocessingBioinformaticsCognitive Science ComputationalChemistry ComputationalNeuroscience ComputationalPhysics Numerical AlgorithmsSymbolic MathematicsData TransmissionCommunication NetworkNetwork ArchitectureNetwork SimulationCryptographyMachine TranslationMachine VisionSemantic WebVirtual Reality3D TechnologyLaser DisplaysGenetic EngineeringSwarm RoboticsProgrammable MatterComputer EthicsRugged Computer,Portable ComputingAgri-InformaticsComputer EducationSystem SimulationVLSI DesignInduction MotorsMulti-Agent SystemsPattern RecognitionComputing in TechnologyComputing In MathematicsComputing in Natural SciencesComputing in Applied SciencesComputing in Physical SciencesComputing in Life SciencesComputing in Social SciencesComputing in EngineeringComputing in MedicineSoft and Hard ComputingComputing and MachinesComputing and NatureComputing and Society

@~ 0/ l.ittlt l.ion ~ritntifit 1\&11, Islamabad PAKISTANJournal of Theoretical and Applied Information Technoloqy j; _';!

15th January 2011. Vcl. 23 Nc.1 "~ l, .© 2009 - 2011 JATIT & LLS. All rights reserved'

ISSN: 1992-8645 www.iatitorg E-ISSN: 1817-3195

JOURNAL OF THEORETICAL AND APPLIEDINFORMATION TECHNOLOGY

EDITORIAL COMMITTEE

NIAZAHMAD(Chief Editor)

Professor, FCE, MOE, H-9 IslamabadPAKISTAN

SHAHBAZ GHAYYUR(Co- Chief Editor)

Assistant Professor, DCS, FBAS, International Islamic University Islamabad,PAKISTAN

SAEEDULLAH(Associate Editor)

Assistant Professor, DCS, Federal Urdu University of Arts, Science & Technology Islamabad,PAKSITAN

MADIHA AZEEM(Associate Editor)

Journal of Theoretical and Applied Information Technology, Islamabad.PAKISTAN

SALE HA SAMAR(Managing Editor)

Journal of Theoretical and Applied Information Technology, Islamabad.PAKISTAN

SHAHZAD A. KHANLecturer IMCB, FDE Islamabad, PAKISTAN

(Managing Editor/Linguists & In-charge Publishing)Journal of Theoretical and Applied Information Technology, Islamabad.

PAKISTAN

REGIONAL ADVISORY PANEL

SIKANDAR HA YAT KHIY ALProfessor & Chairman DCS & DSE, Fatima Jinnah Women University, Rawalpindi, PAKISTAN

MUHAMMAD SHERProfessor & Chairman DCS, FBAS, International Islamic University Islamabad, PAKISTAN

ABDULAZIZProfessor of Computer Science, University of Central Punjab, PAKIST AN

rg~ 01 'l.ittlt llion ~ritntifit ~&m, Islamabad PAKIST ANJournal of Theoretical ~nd Applied Information Technology ~ .0'·J

15 January 2011. Vol. 23 No.1 r': .© 2009 - 2011 JATIT & LLS. All rights reserved' );."1J7

ISSN: 1992-8645 E-ISSN: 1817-3195

JOURNAL OF THEORETICAL AND APPLIEDINFORMATION TECHNOLOGY

EDITORIAL ADVISORY BOARD

Dr. CHRISTEL BAlER Dr KHAIRUDDIN BIN OMAR

Technical University Dresden, GERMANY Universiti Kebangsaan Malysia, 43600 BangiSelangor Darul-Ehsan, MAL YSIA

Dr. S. KARTHIKEYAN

Dr. YUSUF PISAN Department of Electronics and Computer

University of Technology, Sydney, AUSTRALIA Engineering, Caledonian College of Engineering,OMAN (University College with Glascow

University, Scotland, UK)

Dr.ZARINASHUKUR Dr. NOR AZAN MAT ZINFakulti Teknologi dan Sa ins Maklumat, Faculty ofInformation Science & Technology,

University Kebangsaan MAL YSIA National University of MAL YSIA

Dr. R.PONALAGUSAMY Dr. MOHAMMAD TENGKU SEMBOKNational Institute of Technology, Tiruchirappalli, Universiti Kebangsaan MAL YSIA

Tarnil Nadu, INDIADr. PRABHA T K. MAHANTI Dr. NITINUPADHYAY

University of New Brunswick, Saint John, New Birla Institute of Technology and Science (BITS),Brunswick, CANADA Pilani-Goa Campus, INDIA

Dr. S.S.RIAZ AHAMED Dr. A. SERMET ANAGONMohamed Sathak Engineering College, Kilakarai, Eskisehir Osmangazi University, Industrial& Sathak Institute of Technology, Engineering Department, Badernlik Campus,Ramanathapuram , Tarnilnadu, INDI..A.

26030 Eskisehir, TURKEY.

Dr. CHRISTOS GRECOSDr. YACINE LAFIFI School Of Computing, Engineering And Physical

Department of Computer Science, University of Sciences University Of Central Lancashire.Guelma, BP 401, Guelma 24000, ALGERIA. UNITED KINGDOM

Dr. JAY ANTHI RANJAN Dr. ADEL M. ALIMIInstitute of Management Technology National Engineering School ofSfax (ENIS),

Raj Nagar, Ghaziabad, Uttar Pradesh, INDIA University of SFAX, TUNISIA

Dr. ADEL MERABETDr. RAKESH DUBE Department of Electrical & Computer

Professor & Head, RKG Institute of Technology, Engineering, Dalhousie University, Halifax,Ghaziabad, UP, INDIA CANADA

Dr. HEMRAJ SAINI Dr. MAUMITA BHATTACHARYACE&IT Department, Higher Institute of SOBIT, Charles Sturt UniversityElectronics, Bani Walid. LIBYA

Albury - 2640, NSW, AUSTRALIA

11

rg~ o/l.ittlt l.ion ~titntifit 3a.&Jl, Islamabad PAKISTANJournal of Theoretical and Applied Information Technology

15th January 2011. Vol. 23 No.1

© 2009 - 2011 JATIT & LLS. All rights reserved'

ISSN: 1992-8645 www,jatitorg E-ISSN: 1817-3195

Dr. SEIFEDINE KADRY Dr. AIJUAN DONG

Lebanese International University, Department of Computer Science

LEBONON Hood College Frederick, MD 21701. USA

Dr. ZURlA TI AHMAD WKARNAIN Dr. HEMRAJ SAINIUniversity Putra Malaysia, Higher Institute of Electronic, Bani Walid

MALAYSIA LIBYA

Dr. CHELLALI BENACHAIBADr. MOHD NAZRI ISMAILUniversity of Be char, ALGERIA

University of Kuala Lumpur (UniKL) MAL YSIA

Dr. VIruS SAl WA LAM Dr. WITCHA CHIMPHLEEThe University of Hong Kong, CHINA Suan Dusit Rajabhat University, Bangkok,

THAILAND

Dr. SIDDHIVINA YAK KULKARNI Dr. S. KARTHIKEYANUniversity of Ballarat, Ballarat, Caledonian College of Engineering,

AUSTRALIA OMAN

Dr. DRAGAN R. MILIVOJEVIC Dr. E. SREENIV ASA REDDYMining and Metallurgy Institute Bor Zeleni Principal - Vasireddy Venkatadri Institute ofbulevar 35, 19210 Bor, SERBIA Technology, Guntur, A.P., INDIA

Dr OUSMANE THIAREGaston Berger University, Department of Dr. SANTOSH DHONDOPANT KHAMITKAR

Computer Science, UFR S.A.T, BP 234 Saint- Rarnanand Teerth Marathwada University,Louis SENEGAL Nanded. Maharashtra431605, INDIA

Dr. M. IQBAL SARIPAN(MIEEE, MInstP, Member IAENG, GradBEM)Dept. of Computer and Communication Systems Dr. E. SREENIV ASA REDDYEngineering, Faculty of Engineering, Universiti Principal - Vasireddy Venkatadri Institute of

Putra MALAYSIA Technology, Guntur, A.P., INDIA

Dr. T.C.MANJUNATH,Professor & Head of the Dept.,

Dr. SIDDHIVINA YAK KULKARNIElectronicis & Communication Engg. Dept, Graduate School of Information Technology andNew Horizon College ofEngg., Mathematics University of Ballart AUSTRALIA

Bangalore-560087, Kamataka, INDIA.

Dr. BONNY BANERJEEDr. RIKTESH SRIV AST AVA PhD in Computer Science and Engineering,

Assistant Professor, Information Systems The Ohio State University, Columbus, OH, USASkyline University College Senior Scientist

PO Box 1797, Sharjah, UAE Audigence, FL, USA

PROFESSOR NICKOLAS S. SAPIDISDME, University of Western Macedonia

Kozani GR-50100, GREECE.

Elite Panel Members Have A Decision Weight Equivalent of Two Referees (Internal OR External).The Expertise Of Editorial Board Members Are Also Called In For Settling Refereed Conflict About

AcceptancelRejection And Their Opinion Is Considered As Final.

III

@~ 41littlt llion s;nentifit ~&D, Islamabad PAKISTANJournal of Theoretical and Applied Information Technology

15th Januarv 2011. Vol. 23 No.1

© 2009 - 2011 JATIT & LLS. All rights reserved

ISSN: 1992-8645 www,jiltit,Qrg. E-ISSN: 1817-3195

PREFACE

Journal of Theoretical and Applied Information Technology (JATIT) published since 2005 (E-ISSN 1817-3195 /ISSN 1992-8645) is an International refereed research publishing journal with a focused aim ofpromoting and publishing original high quality research dealing with theoretical and scientific aspects in alldisciplines of Information Technology. JATIT is an international scientific research journal focusing onissues in information technology research. A large number of manuscript inflows, reflects its popularity andthe trust of world's research community. JATIT is indexed with various organizations and is now publishedon monthly basis.

All technical or research papers and research results submitted to JA TIT should be original in nature, neverpreviously published in any journal or undergoing such process across the globe. All the submissions willbe peer-reviewed by the panel of experts associated with JATIT. Submitted papers should meet theinternationally accepted criteria and manuscripts should follow the style of the journal for the purpose ofboth reviewing and editing. All of its articles also appear online as per policy of JATIT

Journal of Theoretical and Applied Information Technology receives papers in continuous flow and we willconsider articles from a wide range of Information Technology disciplines encompassing the most basicresearch to the most innovative technologies. Please submit your papers electronically to our submissionsystem at http://jatit.org/submit paper.php in an MSWord, Pdf or compatible format so that they may beevaluated for publication in the upcoming issue. This journal uses a blinded review process; pleaseremember to include all your personal identifiable information in the manuscript before submitting it forreview, we will edit the necessary information at our side. Submissions to JA TIT should be full research /review papers (properly indicated below main title).

It is the sole responsibility of the submitting authors to make sure that the submitted manuscript is not inprocess of publication anywhere in any conference/journal across the globe, nor part or whole of it iscopied from any source.

The review process may take anywhere from five days to two months depending on the response time toreferees. Authors will be informed about the updated status via e-mail as soon as we receive the evaluationresults. After submission of publication dues for accepted manuscripts a publication slot will be allocated toyour manuscript for its publication in upcoming monthly issues of JATIT.

******************

IV

I i>- •• _

~ of I.ittle I.ion ~rientifit 1\&1), Islamabad PAKIST ANJournal of Theoretical and Applied Information Technology - ~.:;"1

15th January 2011. Vo!. 23 No.1

© 2009 - 2011 JATIT & LLS. All rights reserved'

ISSN: 1992-8645 www-iatitprg E-ISSN: 1817-3195

REAL TIME WARNING SYSTEM DESIGN FOR WEBDEFACE BASED ON SHORT MESSAGE SERVICE

IERI PRASETYO WIBOWO, 2FITRAH ELLY FIRDAUS and 3METTY MUSTIKASARI

'Assoc. Prof. , Department of Computer sciences, Gunadarma University, Indonesia

2Master Student, Information Technology, Gunadarma University, Indonesia

3Asstt. Prof., Department of Computer sciences, Gunadarma University, Indonesia

E-mail: eri@staff.gunadarma.ac.id.th3nux3r@firdauslinux.info.mettycm.staff.gunadam1a.ac.id

ABSTRACT

Currently the internet is becoming more important in many aspects of human life. The number of peoplewho use the internet in daily activities is also increasing. The rapid growing of computer networks and theinterconnection among them has entailed some security problems. There are a growing number of bad-intentioned people trying to take advantage of the security problems. In the manner of existence problem,then needed a certain warning system which can prevent or give warning for crime possibility in the web.This paper proposes a system design to protect system from intruders and develop warning system via shortmessages service.

1. INTRODUCTION

Keywords: Agent Systems, Short Message Service, Warning System, Intrusion Detection System

Web defacement attacks alter the contents of webpages in an unauthorized manner with an intention tocause embarrassment, inconvenience and possiblebusiness loss to the website owner. They are a majorchallenge to the integrity of websites and attacksstatistics are indeed astonishing: there areapproximately 600 attacks in one hour [7]. Thereforeorganizations need to protect their systems fromthese intruders and consequently, new networksecurity tools are being developed. The most widelyused tool of this kind is Intrusion Detection Systems(IDSs). Intrusion detection systems have proved tobe an effective instrument for protecting computerand network resources. They monitor the activity ofthe network with the purpose of identifying intrusiveevents and can take actions to abort these riskyevents. Currently, Intrusion Detection System onlycould give information about sniffing and intrudervia website [2],[1],[8]. But for high secure, real timeinformation is needed.

Cyber Crime can be detected by IntrusionDetection System such as using PHP Injection,SQL Injection, and Cross Side Scripting. Using

Intrusion Detection Systems, systems still havesome weaknesses. The weaknesses are thesystems could not check property file and alsothey could not detect a problem before attackoccurred. In this paper, we added is property ofdetection. This property is a checking property offile. This application system could also detect thehole before Web Server is cracked by cracker. Ingeneral, we developed warning system in realtime base on short message service (SMS).

To check the system from cracker action used3 methods. First, Wapiti was used to check anyholes. From this holes report, an interface wasmade for time schedule checking and sendingShort Messages Services. Second, Snort is usedto detect an attack from cracker. From snortreport, a script was made to update databaseLogNIDS, time schedule checking and sendingShort Messages Services. Third, a script wasmade to check property of file. From this script aTime schedule was made for checking andsending Short Messages Services.

2. RESEARCH METHOD2.1. Design System2.1.1. Design Agent Architecture

(f1J~ 0/<I.ittlt I.ion ~ritntif~t 3l&Jl, Isl~mabad PAKIST ANJournal of Theoretical and Applied Information Technology

15th January 2011. Vcl 23 Nc.1

© 2009 - 2011 JATIT & LLS. All rights reserved'

ISSN: 1992-8645 www-iatitorg: E-ISSN: 1817-3195

tCracktrIIIpAdres! : VarrharI UserI TargetPort : Vmhar I I I I:':1... II llame Yi\f(harTln9g~ : Date Domain: V<U'{har NoHP: Varchar

SniffingO : void Do-cRoot: Vmhar 1 1 i'aSl¥Ior'd : VimharPHPlnjectionO : void Errorlog : Va«har ID :TlnyintOefaceWtbO : void Updil.telogO: void Domain: Varchar

LogNI[)s

Tanggal: Date ----------- 1..*

8eritl : Varchar I1..••

Domaln :Vanhar\Jcnislntruder: (har Sensor 1 T------

hnggal : Da.le Be8erit<l : v<lrchar No

KiSensorO : void

lPOest : varcharIPSOllrre : Va«harPort : Vardlarhnggal : Da.teJtllis\lItfl!der'Tinyjnt

Directory

OlrectorySensor: varcbarHoHP: Vat<barDomain: Varcbar

anggal : Daterita : VaftharHP: V:arcbar

rimSMSO : boelean

Figure 1. Data Model

In the following, we will present our approachfor the development of system. The system thathas been developed consists of two kind of agent:agent Sensor and agent target.

• Agent SensorAgent Sensor The Function of Agent

Sensor[3],[6] is to check intruder via network, bychecking log file. This agent can also check theholes as a hole for PHP Injection (The Method isused for crack website via try and error in URLAddress), Mysql Injection (The Method is usedfor cracking website with input the SQL Script inURL Address) and Cross Site Scripting (TheMethod is used for crack website with remotetarget from cracker machine via URL Addre~s).If the agent found an intruding, sensor Machinewill send Short Messages Services to Person whohas domain and update Database.

• Agent Target .Agent Target The Function of Agent Target IS

to check file in target machine. If the file hasbeen modified, the Target machine will send aShort Messages Service to person who hasdomain.

2.1.2. Design Data Model

To design the data model system, we use anobject oriented approach. This approach. hasseveral advantages. This model enrichedmodeling capabilities. In addition it allows newabstract data types to be built from existing types.The model data also enforce serializability onconcurrent transactions to maintain databaseconsistency. Object oriented data model allowsthe real world to be modeled more closely.

Class Diagram that shown in the figure 1, has4 entity classes. They are Cracker, Target, Userand Sensor. The Association Classes have beendeveloped are LogNIDS, Directory, LogCheckand SMS. Class Cracker contains 3 attributes,such as IpAddress with var-char data type, Portwith varchar data type, and date with date datatype. Some of methods from Class Target areDomain, ErrorLog and DocRoot with varchardata type. Class Target involves Update-Log.Class Sensor contains two attributes. They aredate with date data type, and News with varchardata type. This class have I method is Sensor.Class User contains Name and No-HP with Var-char data-type. This data model has 4 association

2

@~ of'l.ittlt 'l.ion 6ritntifit 1\&1), Islamabad PAKISTANJournal of Theoretical and Applied Information Technology .,..,;/f

15th January 2011. Vol. 23 No.1

© 2009 - 2011 JATIT & LLS. All rights reserved' ~'2n'

ISSN: 1992-8645 www-iatitorg E-ISSN: 1817-3195

classes. Class Log-NIDS contains Domain, Ip-Address and Port with varchar datatype and Datewith date data-type. This Class is made fromrelationship between class Craker and classTarget. Multiplicity of this relationship is 1...* to1. Class Directory has 3 attributes. They areDirectory-Sensor, NoHP and Domain withvarchar datatype. This class is made fromrelationship between class Target and User.Multiplicity of this relationship is 1 to 1...* withcomposite aggregation. Class LogCheck has 4attributes. They are Date with date datatype,News and Domain with varchar data type, andIntruderType with char datatype. This Class ismade from relationship between Class Target andClass Sensor. Multiplicity of this relationship is1...* to 1. Class SMS consist 3 attributes, such asDate with Date datatype, News and NoHP withvarchar datatype. Class SMS has 1 Method that isSend SMS. This Class is made from relationshipbetween class User and Sensor. Multiplicity ofthis relationship is 1...* to 1.

2.2. Impientation System2.2.1. Snort Detection System

This system was used to detecting sniffmgand intruding. For this detection, we used SnortNetwork Intrusion Detection System. The Snortdid not have an interface to send Short MessagesServices [4]. For this reason, we made Script withPHP for connecting Snort and Short MessageServices System. This script would check/var/log/snort/snort.log file. The Cyber crime canbe detected by Snort such as using WEB-PHPRemote, XSS, Etc. Script algorithm was a scriptread file which is exploded by space and its inputinto array. Array has input wich would read.Information need is first row and third row fromeach part. First Row refers to type of crime andthird row refer to time, IP Address source and IPAdress destination. In third row, we needexploded line by space. Array zero refer time ofcrime, array first refer IP Address Cracker and IPAddress target. After we get all information,script will update database and sending ShortMessages Service.

2.2.2. Early Warning System

The warning system is used to detect anydomain before the domain is intruded by cracker.For this detection, we used Wapiti. The Phase ofbuilding of this script is running wapiti thenreading the output file from Wapiti. Output file

from Wapiti has 2 parts, GET part and POSTpart. In order to read the output file, the programreads zeroth array from each row. This arraycontains the crime that may be occurred in theweb server. The Zeroth array may contain XSS(Cross Site Scripting) which indicates that asecure hole is a cross side scripting crime.Usually the hole is located in GET method, whilein POST method the array contains FOUND.Warning that refers to secure hole which is a PHPinjection usually is located in POST method,while in GET method , the array contains 500.MySQL indicates that the secure hole is an SQLinjection crime. After the script gets the zerotharray, it will examine the next array. If the zerotharray contains XSS, the script will check the sixtharray. The array contains the intrusion way ofCSS. If the zeroth array contains Found orwaning, the script then checks the third and theseventh array, then combines the third and theseventh array in order to get the way of intrusion.If the zeroth array contains 500, then the scriptchecks the seventh array to get the way ofintrusion.

Furthermore the script will be connected todatabase server in order to update a report if thereport is available. The script will create a reportif it is not available in server database.

After the report is executed, the script willsend a short message of the secure hole in eachcategory to the owner of domain. The message isnot sent in intrusion way because it needs manyshort messages processing. In order to show thedetail of the intrusion way, owner of domain canaccess web-based page report.

2.2.3. Web Deface Detection System

This system is used to detect a web defaceattack. The way of detection is by reading a fileproperty then time of modication of the le isexamined. If the hour of modi cation is in therange of checking, then the program will give awarning via short message service to the ownerof domain. First, the program is connected to thedatabase server, then it takes all of directory thatwill be censored using query. Next, the programtakes the hour that is available in target machine.After that the program checks all the file in thedirecrory.

If the file has been checked has a php or htmlextension, then the program takes the time

3

([J5~ 41Uttlt ]lion ~titntifit ~&;m, Islamabad PAKISTANJournal of Theoretical and Applied Information Technology

15th January 2011. Vol. 23 No.1

© 2009 - 2011 JATIT & LLS. All rights reserved

ISSN: 1992-8645 www.iatit.org E-ISSN: 1817-3195

modication property of that file. The timemodi cation property is in unix format. Thereforethe program should change the format to the formthat will be understood. Then the modication timecan be analyzed.

Furthermore, the year, month and day areanalyzed. If the file property is the same as theyear, month, and day of the target machine, thenthe program will check further the hour andminutes. If the difference of hour in that propertyand hour at that time is equal to zero, then theprogram will count the difference of minutes. Ifthe difference of minutes is less than or equal tove then the program will give instruction to ShortMessage service machine to send short Messageservice warning to the user. If the difference ofhour of that property and hour at that time isequal to one and the difference of minutes is -59or less than or equal to -55 then the program willgive instruction to Short Message servicemachine to send short message service warning tothe user.

2.2.4. Short Message Services-System

As already mentioned earlier, we use asystem design to protect system from intrudersand develop warning system via short messageservice. This system sends short mes sagesservices to the owner of domain, if the systemgets crime or holes. This script receives inputfrom Hand Phone Number and messages that willbe sent. To send short mes sages services,Gammu is used as SMS Gateway.

2.3. Testing

The system has been tested using VirtualMachine, 1 host computer for SMS Gateway, and4 Guest Computer for Target machine, SensorMachine, Adrnin Machine and Cracker Machine.Web Application is used for testing the system issisfokampus made in Indonesia. This applicationis used for campus information system. URLaddress of web application ishttp://www.sisfokampus.net. Mechanism oftesting is cracker machine which is connected tovirtual machine with NAT (Network AddressTranslation, but System connected in Host OnlyNetwork ing. Cracker Machine can intrude intotarget machine with WEB-REMOTE PHP, CrossSide Scripting, and Snifng in SSH (Secure Shell)or FTP Port. Sensor Machine runs a Warningsystem in order to check any holes, then runs

Snortand Warning Web Deface System in orderto check the target machine from cracker action.

3. RESULTS3.1. Short Message Service

As already mentioned earlier, we use asystem design to protect system from intrudersand develop warning system via short messageservice. The following is some examples of shortmessage services. Some of short messageservices will send to a person who has domainsuch as the following:

• Short Message Service From Snort Detection IfSnort Detects an intruding, The system will senda Short Message Service to a person who hasDomain. The message is "Domain target.info areCracked with WEB-REMOTE PHP from JP70.86.29.178".

• Short Messages Services From warning SystemThis Short Message Services will Send to aPerson who has Domain, If System detect holes.The message is "Domain target.info have hole.There are Cross Side Scripting 54 holes, PHPinjection 756 holes, MySQL Injection 88 holes".

• Short Message Services From Warning WebDeface System This Short Message Services willbe Send to a Person who ha Domain, if WarningWeb Deface System de tect a file that has beenmodied. The message is "File test.php in domaintarget.info D;J$ been modied from IP70.86.29.178"

3.2. Graphics

Web application is used for testing thesystem is sisfokampus version 3.2, The result canbe seen as follow.

3.2.1. Snort

Figure 2 shows a graphic snort. This graphicis generated by intruder has sensor report during1 month. Graphic is shown in the figure 2 has 2bars. Blue bar is illustrated for WEB-PHPRemote (Method for crack website with remotetarget from cracker machine via SSH Port) andorange bar is illustrated for cross side scripting.This graphic refers to amount of cracker act in

4

@!~ 4]littlt ]lion ~dtntifit l\&jlB, Islamabad PAKISTANJournal of Theoretical and Applied Information Technology

15th January 2011. Vol. 23 No.1

© 2009 - 2011 JATIT & LLS. All rights reserved'

1J

ISSN: 1992-8645 www.ia!it.Qrg E-ISSN: 1817-3195

month. In the experiment, done WEB PHPRemote as 5 times and system can detect 3 times.For Cross Side Scripting, experiment is done 3times but system detected 1 time. The system cannot detect all of cracker because in theexperiment used virtual machine where one CPUdivided to five machine, so detection is notoptimal. This Snort Inspection usedSensor _ intruder.php script.

, aWESPHP

~ ne••••I·~

05·I

0'·_·-Snort Report

Figure 2. Graphics of Snort

3.2.2. Warning System

Figure 3 illustrates a graphic of warningsystem. This graphic is not generated by time, butthis graphic generate report from checking hole.The system used script of Sensor_Inject.php toinspection. Graphic is seen in the figure 3 has 3bars. Yellow bar is illustrated for cross sitescripting, Orange bar for PHP Injection, Blue baris illustrated for MySQL Injection. This graphicrefers to amount of each hole.

100 .

~ ...

Qlct;:';, ..

i a::;lnFo--i .~!yOOLIn-

! jlOe\t!j1

100

0-

Early Warning Report

Figure 3. Graphic of Warning System

3.2.3. Warning Web Deface System

Figure 4 shows a graphic of web defacesystem. This Graphic is generated from Warning

Web Deface System in 1 month. Graphic isshown in the figure 4 has 1 bar. This bar refers toamount of Web Defacing act. During 1 monthexperiment, System can detect 2 web deface of 2web deface testing. System used a script ofSensor _Deface.php to inspection.

1.&,--- --------..,iI

I.~ --·--1l.ww ••••...,.-1 boe·1-

QS\I

0---

\Neb Deface Report

Figure 4. Graphic of Web Deface System

4. CONCLUSIONS AND PERSPECTIVES

This system is proposed to help administratorweb server and person who has a domain to guardwebsite from cracker. As Warning systems usedis short Messages Service, web serveradministrator or person who has domain canquickly response an attack. In addition thissystem can detect holes before the systemattacked by cracker. This system can also detect afile which has been modi fed, not only DirectoryIndex but also other files in web server.Eventhough the system has been developedsuccessfully, but this system should be increasedtheir performance.

There are two perspectives for developingthis system. The first one is this System should bedeveloped in distributed systems. Distributedsystem can accommodate web serverrequirement, therefore system performance wouldbe improved,

The second, administrator page should bedeveloped with Advanced Java Servlet usingMVC (Model View Controller) framework suchas Spring, Using security Frame work such asSpring Security would improve the level ofsecurity of the system.

5

@~ 4- !:,i!,!tt lion ~titnttfit l\&Jl, Islamabad PAKIST ANJournal of Theoretical and Applied Information Technology

15th Januarv 2011, Vol. 23 No.1

© 2009 - 2011 JATIT & LLS, All rights reserved'

ISSN: 1992-8645-------,------ _----'~w=w~wj~;»:~it~,Q~rf:~ E-ISSN: 1817-3195

REFERENCES:

[1] D.Liesen. Requirements for Enterprise-Wide

Scaling Intrusion Detection Products. 2002.

[2] J.Denton. Slackware snort installation guide.http://www .cochiselinux.orgl?les/slackware-snort-0.2.txt, 2007.

[3] ----------. Object Oriented: An agent basedsystem for identifying and refining objectsfrom software requirements based on objectbased formal specification, February 2003.

[4] T. S. Team, Snort Users Manual. Home page:http://snort.org, March 2008.

[5] R. S. Wahono, Intelligent agents for objectmodel creation process in object orientedanalysis and design, Thesis, Department ofInformation and Computer SciencesGraduate School of Science and EngineeringSaitarna University, Jepang, 2001.

[6] R.S. Wahonno. Pengantar software Agent:Teori dan Aplikasi, proceedings of the IECIJapan Workshop. Tokyo 2001. 3.1.

[7] Karsten Bsufka, Olaf Kroll-Peters and SahinAlbayrak. Intelligent network-Based EarlyWarning Systems. Lecture Notes inComputer Sciences Springer. 2006: Vol.(434712006):103-11l.

[8] Arjita Ghost and Sandip Sen. Agent-BasedDistributed Intrusion Alert System. LectureNotes in Computer Sciences Springer. 2005:Vol.( 3326/2005):7-47.

[9] Mariana Hentea. Intelligent System forInformation Security management:Architecture and Design Issues. InformingSciences and Information Technology. 2007:Vol(4):29-43.

6

Journal of Theoretical aDd Applied Information Technology published since 200S (E-ISSN 1817-3195 I ISSN 1992-864S) is an International refereed research publisbingjoumal. JATIT receives aDdpublishes papers in continuous flow aDd we·will consider articles from a wide range of InformationTechnology disciplines encompassing the IDOIt basic research to innovative out of the boX ideas .

. Please submit your papers electronically to our submission system athtql://jatit.org/submit Daper.php in an ~Word, Pdf format so that they may be evaluated forpublication in theupcM1ing issue. Thisjoumal uses a double bliDdcd review process. Submissi toJAm should be full papers.You IR invited to submit papers presenting higb-quality original research relevant fields of

information teChnology. There is DO submission fee but publication I processing fee for publicationofpeper in upcomjog issues of JAm iffacceptcd after double blind peer review is applicable. Pleasevisithttp://www.jatit.org for more information about this journal.A detailed list of area coverage can be found at the beck of cover page aDd on JATIT website at

The Joumal of Theoretical and Applied Information Technology is published mon1bIy withtwelve Volumes per year aDd X . per volume. Recent Volumes I Issues can be f0un4onHnehe of cost at www.jatit.orglvolumes.php . All back issues are also available via post.

h!!p:/ /www.jatit.org editorj ati t@gmail.comeditor@iatit.org