Implementasi Wazuh-ELK-Suricata untuk Deteksi Privilege Escalation di Ubuntu Server

Authors

  • Setio ardy Nuswantoro Sistem Informasi, Universitas Muhammadiyah Palangkaraya
  • M. Ziaurrahman Sistem Informasi, Universitas Muhammadiyah Palangkaraya
  • Miftahurrizqi Miftahurrizqi Sistem Informasi, Universitas Muhammadiyah Palangkaraya
  • Muhammad Achiril Haq Manajemen, Universitas Muhammadiyah Palangkaraya
  • Reza Athallah Rashid Ilmu Komputer, Universitas Muhammadiyah Palangkaraya

DOI:

https://doi.org/10.33020/saintekom.v15i2.941

Keywords:

cybersecurity, wazuh, suricata, ELK stack, metasploit

Abstract

Privilege escalation is one of the most critical cyberattacks because it enables adversaries with limited rights to gain full system control. Such attacks often act as gateways to larger data breaches, as seen in the 2016 Uber incident that exposed 57 million users’ personal data. This study implements and evaluates an open-source integrated intrusion detection system by combining Wazuh (HIDS), Suricata (NIDS), and the ELK Stack (Elasticsearch, Logstash, Kibana) on Ubuntu Server.Experiments were conducted through privilege escalation attack simulations using Metasploit, covering kernel exploits, misconfigurations, and software vulnerabilities. Findings reveal that the integrated system delivers broader detection compared to the default Wazuh configuration, capturing both host-level activities and network traffic. Quantitatively, a major difference was observed in response time: the integrated system detected and blocked malicious actions within 1–2 seconds, whereas the standalone system required 2–5 minutes and lacked automated blocking capabilities.Additionally, integration with the Kibana dashboard provided real-time, interactive visualization of threats, enabling administrators to trace attack patterns and respond swiftly. Overall, this research demonstrates that an integrative approach enhances detection accuracy, shortens response time, and significantly improves the quality of cybersecurity monitoring

Downloads

Download data is not yet available.

References

Aditya, R., Muhyidin, Y., & Singasatia, D. (2024). Implementasi Security Information And Event Management (SIEM) Untuk Monitoring Keamanan Server Menggunakan Wazuh. Jurnal Riset Sistem Informasi Dan Teknik Informatika, 2(5). https://doi.org/10.61132/merkurius.v2i4.289

Al-Sabaawi, A., & Alrowidhan, T. A. (n.d.). Detecting Network Security Vulnerabilities and Proactive Strategies to Mitigate Potential Threats.

Ardiyansyah, F., Setiawan, K., & Sutisna, N. (2024). Implementasi IDS pada Jaringan Komputer Menggunakan Snort Berbasis Chatbot Telegram. MALCOM: Indonesian Journal of Machine Learning and Computer Science, 4(4), 1614–1623. https://doi.org/10.57152/malcom.v4i4.1561

Chen, Z., Simsek, M., Kantarci, B., Bagheri, M., & Djukic, P. (2024). Machine learning-enabled hybrid intrusion detection system with host data transformation and an advanced two-stage classifier. Computer Networks, 250, 110576. https://doi.org/https://doi.org/10.1016/j.comnet.2024.110576

Glass-Vanderlan, T. R., Iannacone, M. D., Vincent, M. S., Qian, Chen, & Bridges, R. A. (2018). A Survey of Intrusion Detection Systems Leveraging Host Data. http://arxiv.org/abs/1805.06070

Hajamydeen, A. I., Hasni, M., & Abdullah, M. I. (2024). Integrating Wazuh for Efficient Real-Time Threat Monitoring and Vulnerability Assessment in a SOC Environment (pp. 292–320). https://doi.org/10.4018/979-8-3693-2814-9.ch013

Happe, A., & Cito, J. (2024). Got Root? A Linux Priv-Esc Benchmark. http://arxiv.org/abs/2405.02106

Kalekar, S. M., Sharma, U., & Mangesh Kalekar, S. (2024). Article ID: IJCET_15_04_062 Cite this Article: Ujjwal Sharma and Samruddhi Mangesh Kalekar, Dissecting the Uber Security Breach: Root Cause Analysis and Mitigation Strategies. International Journal of Computer Engineering and Technology (IJCET), 15(4), 715–720. https://doi.org/10.5281/zenodo.13368425

Mehmood, M., Amin, R., Muslam, M., Xie, J., & Aldabbas, H. (2023). Privilege Escalation Attack Detection and Mitigation in Cloud Using Machine Learning. IEEE Access, PP, 1. https://doi.org/10.1109/ACCESS.2023.3273895

Moneva, A., Ruiter, S., & Meinsma, D. (2024). Criminal expertise and hacking efficiency. Computers in Human Behavior, 155. https://doi.org/10.1016/j.chb.2024.108180

Mukhopadhyay, I., Chakraborty, M., & Chakrabarti, S. (2011). A Comparative Study of Related Technologies of Intrusion Detection & Prevention Systems. Journal of Information Security, 02(01), 28–38. https://doi.org/10.4236/jis.2011.21003

Pfsense, P., Sebagai, D. S., Pendeteksi, A., Pencegahan, D., Keamanan, S., Pada, J., Server, W., Sufardy, D. B., & Widiasari, I. R. (n.d.). THE USE OF PFSENSE AND SURICATA AS A NETWORK SECURITY ATTACK DETECTION AND PREVENTION TOOL ON WEB SERVERS. 9(2), 2024.

Rajyashree, R., Mathi, S., Saravanan, G., & Sakthivel, M. (2024). An Empirical Investigation of Docker Sockets for Privilege Escalation and Defensive Strategies. Procedia Computer Science, 233, 660–669. https://doi.org/10.1016/j.procs.2024.03.255

Rosa, L., Cruz, T., Freitas, M. B. de, Quitério, P., Henriques, J., Caldeira, F., Monteiro, E., & Simões, P. (2021). Intrusion and anomaly detection for the next-generation of industrial automation and control systems. Future Generation Computer Systems, 119, 50–67. https://doi.org/10.1016/j.future.2021.01.033

Skandylas, C., & Asplund, M. (2025). Automated penetration testing: Formalization and realization. Computers and Security, 155. https://doi.org/10.1016/j.cose.2025.104454

Sworna, Z. T., Mousavi, Z., & Babar, M. A. (2023). NLP methods in host-based intrusion detection systems: A systematic review and future directions. Journal of Network and Computer Applications, 220, 103761. https://doi.org/https://doi.org/10.1016/j.jnca.2023.103761

Talukder, Md. A., Hasan, K. F., Islam, Md. M., Uddin, Md. A., Akhter, A., Yousuf, M. A., Alharbi, F., & Moni, M. A. (2023). A dependable hybrid machine learning model for network intrusion detection. Journal of Information Security and Applications, 72, 103405. https://doi.org/https://doi.org/10.1016/j.jisa.2022.103405

Zhang, W., Xing, J., & Li, X. (2025). Penetration Testing for System Security: Methods and Practical Approaches. http://arxiv.org/abs/2505.19174

Downloads

PlumX Metrics

Published

30-09-2025

How to Cite

Nuswantoro, Setio ardy, M. Ziaurrahman, Miftahurrizqi Miftahurrizqi, Muhammad Achiril Haq, and Reza Athallah Rashid. 2025. “Implementasi Wazuh-ELK-Suricata Untuk Deteksi Privilege Escalation Di Ubuntu Server”. Jurnal Saintekom : Sains, Teknologi, Komputer Dan Manajemen 15 (2):153-64. https://doi.org/10.33020/saintekom.v15i2.941.

Issue

Vol. 15 No. 2 (2025): September 2025

Section

Articles

License

Copyright (c) 2025 Setio ardy Nuswantoro, M. Ziaurrahman, Miftahurrizqi Miftahurrizqi, Muhammad Achiril Haq, Reza Athallah Rashid

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Copyright :
By submitting manuscripts to Jurnal Saintekom : Sains, Teknologi, Komputer dan Manajemen, the author agrees with this policy. No specific document approval is required.

  1. The copyright in each article belongs to the author.
  2. Authors retain all their rights to the published work, not limited to the rights set forth in this page.
  3. Authors acknowledge that Saintekom Journal: Science, Technology, Computers and Management as the first to publish under the Creative Commons Attribution 4.0 International license (CC BY-SA).
  4. The author may submit the paper separately, arrange for non-exclusive distribution of the manuscript that has been published in this journal into other versions (e.g. sent to the author's institutional respository, publication into a book, etc.), by acknowledging that the manuscript has been first published Jurnal Saintekom : Sains, Teknologi, Komputer dan Manajemen;
  5. The author warrants that the article is original, written by the named author, has not been previously published, contains no unlawful statements, does not infringe the rights of others, is subject to copyright exclusively held by the author.
  6. If the article is jointly prepared by more than one author, each author submitting the manuscript warrants that he or she has been authorized by all co-authors to agree to copyright and license notices (agreements) on their behalf, and agrees to inform co-authors of the terms of this policy. Jurnal Saintekom : Sains, Teknologi, Komputer dan Manajemen will not be held liable for anything that may arise due to internal author disputes.

Lisensi :
Jurnal Saintekom : Sains, Teknologi, Komputer dan Manajemen  is published under the terms of the Creative Commons Attribution 4.0 International License (CC BY-SA). This license permits anyone to:.

  1. Share - copy and redistribute this material in any form or format;
  2. Adaptation - modify, alter, and create derivatives of this material for any purpose.
  3. Attribution - you must give appropriate credit, include a link to the license, and state that changes have been made. You may do this in any appropriate manner, but it does not imply that the licensor endorses you or your use.
  4. Similar Sharing - If you modify, alter, or create a derivative of this material, you must distribute your contribution under the same license as the original material.