Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal Sinkron : Jurnal dan Penelitian Teknik Informatika
Adrian, Aurell Zulfa Angger
Unknown Affiliation
Computer Science & IT

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Hybrid Multilayer Architecture Integrating Suricata, Wazuh, and Cyber Threat Intelligence for Drive-by-Download Malvertising Detection Adrian, Aurell Zulfa Angger; Megantara, Rama Aria; Al Zami, Farrikh
Sinkron : jurnal dan penelitian teknik informatika Vol. 10 No. 1 (2026): Article Research January 2026
Publisher : Politeknik Ganesha Medan

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.33395/sinkron.v10i1.15616

Abstract

Malvertising has emerged as a serious cybersecurity threat, leveraging legitimate advertising networks to deliver malware through drive-by-download techniques without requiring user interaction. Existing standalone network- or host-based detection solutions provide limited protection because they lack integrated visibility and contextual validation across detection layers. However, no existing research has specifically evaluated the integration of Suricata, Wazuh, and VirusTotal for endpoint-focused malvertising detection, creating a critical gap in multi-layer defense strategies. This study proposes a hybrid multilayer architecture combining Suricata as a Network Intrusion Detection System, Wazuh as a Host-based Intrusion Detection and Prevention System, and VirusTotal as an external Cyber Threat Intelligence source to provide correlated threat detection and automated mitigation. The system was evaluated in a controlled virtual laboratory consisting of attacker, victim, and SIEM environments replicating real malvertising scenarios. The results show that the proposed architecture successfully detected malicious payloads and completed an end-to-end detection-to-mitigation cycle in approximately 5-7 seconds while maintaining zero false positives under non-malicious conditions. This research contributes a practical and reproducible architecture for endpoint-based malvertising detection, demonstrating effective multi-layer correlation and rapid autonomous response. The limitation of this study lies in its reliance on signature-based detection and external API communication, which may reduce effectiveness against zero-day threats or offline deployments.
Co-Authors Al zami, Farrikh Megantara, Rama Aria