Call for Paper - January 2024 Edition
IJCA solicits original research papers for the January 2024 Edition. Last date of manuscript submission is December 20, 2023. Read More

Network Forensic on Distributed Denial of Service Attacks using National Institute of Standards and Technology Method

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2021
Arifaleo Nurdin, Imam Riadi

Arifaleo Nurdin and Imam Riadi. Network Forensic on Distributed Denial of Service Attacks using National Institute of Standards and Technology Method. International Journal of Computer Applications 183(40):39-47, December 2021. BibTeX

	author = {Arifaleo Nurdin and Imam Riadi},
	title = {Network Forensic on Distributed Denial of Service Attacks using National Institute of Standards and Technology Method},
	journal = {International Journal of Computer Applications},
	issue_date = {December 2021},
	volume = {183},
	number = {40},
	month = {Dec},
	year = {2021},
	issn = {0975-8887},
	pages = {39-47},
	numpages = {9},
	url = {},
	doi = {10.5120/ijca2021921799},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}


Router hardware is a network device that can be used to connect multiple networks, either the same network or different networks. One of the attacks that can be carried out on a router is a Distributed Denial of Service attack, an attack that is carried out by consuming available resources, this can make the function of a computer or server not run properly and can make it difficult for other parties. to gain access to services from the attacked computer. The mechanism that can be used is a network forensic mechanism as evidence that can later ensnare criminals. The object of this research is a router network device. The data collection method used is literature study and simulation of DDoS attacks on routers. The research process was carried out using the National Institute of Standards and Technology method. NIST methods include Collection, Examination, Analysis, and Reporting. The system used is the Intrusion Detection System using Snort as a detection sensor, using the Basic Analysis System Engine application, and analyzing attack log files to obtain digital evidence. The results of the study prove that the detection system built using snort 100% can detect DDoS attacks on routers, based on the analysis process, DDoS attacks can make the CPU Load on the router increase up to 100% and the capacity of Free Memory before the attack of 40.0 MB is reduced to 37, 6 MB in no time. The attack information found in the form of attack time information, the source of the attack, the purpose of the attack, what attack was carried out, and the number of attack packets sent, this information can be used as evidence that there is a DDoS attack on the router network device.


  1. F. Ridho, A. Yudhana, and I. Riadi, “Forensic Analysis of Routers to Detect Distributed Danial of Service (DDoS) Attacks in Real Time,” vol. 2, no. 1, pp. 111–116, 2016, [Online]. Available:
  2. Nexusguard, “Threat Report Distributed Denial of Service (DDoS) Q1 2020,” Aust. Cyber Secur. Cent., 2020, [Online]. Available:
  3. T. L. Report et al., “AWS Shield,” pp. 1–9, 2020.
  4. F. Ridho, A. Yudhana, and I. Riadi, “Implementation of Logs in Router Forensics against Faizin's Distributed Denial of Service (DDoS) Attacks,” J. TIMES, vol. 2, no. Desember, pp. 652–657, 2017, doi: 10.1109/ETFA.2003.1248760.
  5. I. Riadi, A. Fadlil, and M. N. Hafizh, “Analysis of Evidence of Address Resolution Protocol Spoofing Attacks using the National Institute of Standard Technology Method,” Edumatic J. Pendidik. Inform., vol. 4, no. 1, pp. 21–29, 2020, doi: 10.29408/edumatic.v4i1.2046.
  6. R. Umar, I. Riadi, and G. Maulana, “A Comparative Study of Forensic Tools for WhatsApp Analysis using NIST Measurements,” Int. J. Adv. Comput. Sci. Appl., vol. 8, no. 12, pp. 69–75, 2017, doi: 10.14569/ijacsa.2017.081210.
  7. B. Mardiyanto, T. Indriyani, and I. M. Suartana, “Honeypot Analysis and Implementation in Detecting Distributed Denial-Of-Services (DDOS) Attacks on Wireless Networks,” Integer J., vol. 1, no. 2, pp. 32–42, 2016.
  8. A. R. Caesarano and I. Riadi, “Network Forensics for Detecting SQL Injection Attacks using NIST Method,” Int. J. Cyber-Security Digit. Forensics, vol. 7, no. 4, pp. 436–443, 2018.
  9. Kristono and I. Riadi, “Simulation for Data Security Improvement in Exploited,” Int. J. Comput. Sci. Inf. Secur. (IJCSIS), vol. 16, no. 5, pp. 6–15, 2018.
  10. M. Purwoko and H. Hilal, “Analysis of the Application of Nftables Firewall as a Server Security System in Virtualization Machines,” J. Telekomun. dan Komput., vol. 9, pp. 1–22, 2019, doi: 10.22441/incomtech.v9i1.5676.
  11. N. Al-munawar and A. Sediyono, “Characteristics of Computer Power Consumption with Changes in the Level of Distributed Denial of Service (Ddos) attacks,” Semin. Nas. Cendekiawan Ke 3, pp. 141–147, 2017.
  12. M. Siddik Hasibuan, “The Syn Flooding Threat Analysis Model in Networks,” J. Teknovasi, vol. 05, pp. 2540–8389, 2018.
  13. F. Ridho, “Forensic Analysis of Routers Against Distributed Denial of Service (DDoS) Attacks,” Universitas Ahmad Dahan, 2018.
  14. J. Chris, J. Sihombing, D. P. Kartikasari, and A. Bhawiyuga, “Implementation of Distributed Denial of Service (DDoS) Attack Detection and Mitigation Systems using SVM Classifier on Software-Defined Network (SDN) Architecture,” J. Pengemb. Teknol. Inf. dan Ilmu Komput., vol. 3, no. 10, pp. 9608–9613, 2019.
  15. A. H. Hambali and S. Nurmiati, “Implementation of Intrusion Detection System (IDS) on PC Server Security Against Data Flooding Attacks,” Sainstech J. Penelit. dan Pengkaj. Sains dan Teknol., vol. 28, no. 1, pp. 35–43, 2018, doi: 10.37277/stch.v28i1.267.
  16. M. Q. Syahputra, D. R. Akbi, and D. Risqiwati, “DDoS Attack Detection and Mitigation in Software Defined Networks Using Decision Tree Algorithms,” J. Repos., vol. 2, no. 11, p. 1491, 2020, doi: 10.22219/repositor.v2i11.795.
  17. H. E. Wahanani, B. Nugroho, and G. I. Prakoso, “Analysis of Smurfs and Ping of Death Attacks Using the Support Vector Machine (Svm) Method,” Anal. Smurfs Attack And Ping Death With Method. Support Vector Mach. ( Svm ), 2016.
  18. Lukman and M. Suci, “Comparative Analysis of Snort and Suricata Performance as Intrusion Detection System in Detecting Syn Flood Attacks on Apache Web Server,” J. Teknol. Inf., vol. XV, no. 2, pp. 6–15, 2020.
  19. W. W. Purba and R. Efendi, “Design and analysis of computer network security system using SNORT,” Aiti, vol. 17, no. 2, pp. 143–158, 2021, doi: 10.24246/aiti.v17i2.143-158.
  20. V. Prisscilya and T. Santoso, “Implementation Of Network Security Using Intrusion,” J. Inf. Technol., vol. 6, pp. 1–8, 2021.
  21. M. Suyuti Ma’sum, M. Azhar Irwansyah, and H. Priyanto, “Comparative Analysis of Network Security Systems Using Snort and Netfilter,” J. Sist. dan Teknol. Inf., vol. 5, no. 1, pp. 56–60, 2017.
  22. M. Zulfadhilah, Yudi Prayudi, and I. Riadi, “Cyber Profiling using Log Analysis and K-Means Clustering A Case Study Higher Education in Indonesia,” Int. J. Adv. Comput. Sci. Appl., vol. 7, no. 7, pp. 430–435, 2016, [Online]. Available:
  23. L. Arsada and H. Pembahasan, “Application of the NIST Method for Analysis of Denial of Service (DoS) Attacks on Internet of Things (IoT) Devices,” J. Ilm. KOMPUTASI, vol. 20, pp. 275–281, 2021.
  24. Firmansyah, A. Fadlil, and R. Umar, “Identification of Forensic Evidence for Virtual Router Networks Using the NIST Method,” Resti, vol. 1, no. 1, pp. 19–25, 2017.
  25. B. Jaya, Y. Yuhandri, and S. Sumijan, “Improved Mikrotik Router Security Against Denial of Service (DoS) Attacks,” J. Sistim Inf. dan Teknol., vol. 2, pp. 115–123, 2020, doi: 10.37034/jsisfotek.v2i4.32.


DDoS, IDS, Network Forensics, NIST, Snort.