Analisis Komparatif Respons Insiden DDoS: Efisiensi MTTR pada Penanganan Manual Versus Otomatis Berbasis SIEM dan SOAR


  • I Nyoman Darmayoga * Mail University of Technology Yogyakarta, Yogyakarta, Indonesia
  • Rodhiyah Mardhiyyah University of Technology Yogyakarta, Yogyakarta, Indonesia
    • (*) Corresponding Author
DOI: https://doi.org/10.47065/tin.v6i8.8972
Keywords: DDoS; MTTR; SIEM; SOAR; SYRA; Automated Response

Abstract

The increasing use of digital services in Indonesia has been accompanied by a growing number of cybersecurity threats, particularly DDoS attacks that target service availability. One real-world incident occurred on the news website Suara.com, which experienced a large-scale DDoS attack that was handled manually by the technical team. The manual handling of this incident revealed limitations in terms of the speed and measurability of the initial response, as not all response stages were systematically documented. This study aims to compare the mechanisms and speed of initial responses between manual handling of the DDoS incident on Suara.com and automated responses using the SYRA system. SYRA is a web-based security system developed to support automated detection and response to cyber incidents through the integration of SIEM and SOAR. The research method used is a comparative study that utilizes public data from the chronology of the Suara.com incident as a representation of manual response, as well as data from DDoS attack testing on the SYRA system conducted in a controlled environment as a representation of automated response. The main parameter used in the analysis is MTTR as an indicator of initial response speed. The results show that the SYRA system is able to execute initial responses consistently with an average MTTR value of 42.97 seconds, allowing initial mitigation actions to be carried out in less than one minute after the attack is detected. These findings indicate that the implementation of automated response plays an important role in maintaining the continuity of digital services, particularly in the media and public service sectors that are highly dependent on system availability.

Downloads

Download data is not yet available.

References

Aditya, R., Muhyidin, Y., & Singasatia, D. (2024). Implementasi Security Information And Event Management (SIEM) Untuk Monitoring Keamanan Server Menggunakan Wazuh. Merkurius: Jurnal Riset Sistem Informasi Dan Teknik Informatika, 2(5), 137–144. https://doi.org/https://doi.org/10.61132/merkurius.v2i5.289

Anggraini, I., & Widhiantoro, D. (2025). Mengenal SIEM dan SOAR: Pilar Utama Keamanan Informasi Modern. Prosiding Seminar Nasional Inovasi Vokasi 2025, 1166–1174. https://prosiding.pnj.ac.id/index.php/sniv/article/view/4170/2279

Anugrah, M. R., Ramadhan, E., & Sutabri, T. (2025). Serangan Siber dan Dampaknya Terhadap Infrastruktur Digital. Kohesi: Jurnal Multidisiplin Saintek, 10(7). https://doi.org/10.8734/Kohesi.v1i2.365

Aska, M. F., Putta, D. pratama, & Sinambela, C. J. M. (2025). Strategi Efektif Untuk Implementasi Keamanan Siber di Era Digital. Journal of Information and Information Security (JIFORTY), 5(2), 187–200. https://doi.org/https://doi.org/10.31599/fzg80847

Diana, B. A., & Sari, J. A. (2024). Dampak Transformasi Digitalisasi terhadap Perubahan Perilaku Masyarakat Pedesaan. JURNAL PEMERINTAHAN DAN POLITIK, 9(2), 94. https://doi.org/10.36982/jpg.v9i2.3896

Dwivedi, S., Rajendran, B., Akshay, P. V., Acha, A., Ampatt, P., & Sudarsan, S. D. (2025). IntelliSOAR: Intelligent Alert Enrichment Using Security Orchestration Automation and Response (SOAR). In R. K. Patil, V. T.; Krishnan, R.; Shyamasundar (Ed.), Lecture Notes in Computer Science (LNCS) (pp. 453–462). Springer. https://doi.org/https://doi.org/10.1007/978-3-031-80020-7_27

Edwards, J. (2025). The Cybersecurity Control Playbook: From Fundamentals to Advanced Strategies (First). John Wiley & Sons Ltd. https://www.google.co.id/books/edition/The_Cybersecurity_Control_Playbook/UVVQEQAAQBAJ?hl=id&gbpv=1&dq=MTTR+(Mean+Time+to+Respond)+in+cybersecurity&pg=PA274&printsec=frontcover

Fahmi, R. N., Hartono, R., & Anwar, D. S. (2025). Intergrasi Wazuh SIEM dengan Modsecurity dan Virus Total Menggunakan NIST Framerwork untuk Mendeteksi Serangan Website. JATI (Jurnal Mahasiswa Teknik Informatika), 9(4), 6583. https://doi.org/10.36040/jati.v9i4.13804

Hafiz, M., & Soewito, B. (2022). Information Security Systems Design Using SIEM, SOAR, and Honeypot. Jurnal Pendidikan Tambusai, 6(2), 15527–15541. https://doi.org/https://doi.org/10.31004/jptam.v6i2.4850

Heluka, H. D., & Sulistyo, W. (2023). Perancangan dan Implementasi Security Information and Event Management (SIEM) pada Layanan Virtual Server. Progresif: Jurnal Ilmiah Komputer, 912–922. https://doi.org/10.35889/progresif.v19i2.1353

Hnamte, V., Najar, A. A., Nhung-Nguyen, H., Hussain, J., & Sugali, M. N. (2024). DDoS attack detection and mitigation using deep neural network in SDN environment. Computers & Security, 138. https://doi.org/https://doi.org/10.1016/j.cose.2023.103661

Hugo, V., & Proust, M. (2022). Integrating Firewalls with SIEM and SOAR Platforms for Automated Threat Response. International Journal of Trend in Scientific Research and Development (IJTSRD), 6(3), 2315–2323. https://docs.google.com/viewerng/viewer?url=https://www.ijtsrd.com/papers/ijtsrd49651.pdf

Iswinarno, C. (2025). Situs Suara.com Kena Serangan Siber, Tidak Bisa Diakses Selama 1,5 Jam. Suara.Com. https://www.suara.com/news/2025/04/15/202213/situs-suaracom-kena-serangan-siber-tidak-bisa-diakses-selama-15-jam

Karimi, B. I., & Yusuf, A. R. (2025). Kebocoran Datadan Distributed Denial of Service(DDoS)dalam Cloud Computing: Systematic Literature Review. Integrative Perspectives of Social and Science Journal (IPSSJ), 2(3), 3871–3879. https://ipssj.com/index.php/ojs/article/view/502/469

Khan, W. (2023). Improving Incident Response Times Through Efficient Security Operations Center (SOC) Management: Techniques To Reduce The Mean Time To Detect And Respond (MTTD/MTTR). International Journal of Core Engineering & Management (IJCEM), 7(6), 115–132. https://ijcem.in/wp-content/uploads/IMPROVING-INCIDENT-RESPONSE-TIMES-THROUGH-EFFICIENT-SECURITY-OPERATIONS-CENTER-SOC-MANAGEMENT-TECHNIQUES-TO-REDUCE-THE-MEAN-TIME-TO-DETECT-AND-RESPOND.pdf

Martinez, R. (2022). Incident Response with Threat Intelligence (First Edit). Packt Publishing. https://books.google.co.id/books?hl=id&lr=&id=BK5wEAAAQBAJ&oi=fnd&pg=PP1&dq=SOAR+n8n&ots=Joeb9M8ntf&sig=GDpcmFCtASyXCIpo-pJHiI0fAaI&redir_esc=y#v=onepage&q=SOAR n8n&f=false

Nakavisute, I., & Sincharoonsak, T. (2025). Optimizing the Automation Process With n8n. TPM, 32(S8), 1786–1793. https://tpmap.org/submission/index.php/tpm/article/view/3011/2249

Nisa, A. R., Wijayanto, A. D., Priana, A. P. J., & Setiawan, A. (2024). Analisis Log Server untuk mendeteksi Serang DDoS pada Keamaan Jaringan di Website. Journal of Internet and Software Engineering, 1(3), 1–17. https://doi.org/https://doi.org/10.47134/pjise.v1i3.2612

Rahman, R., & Odja, G. R. . (2024). Analisis dan Pencegahan Serangan DDoS Pada Jaringan Skala Besar. Technology Sciences Insights Journal, 1(2), 37–43. https://journal.midpublisher.com/index.php/tsij/article/view/73

Syaputra, A. E., Kristiawan, H., Nugroho, A. Y., Apriadi, E. A., Martono, Alamin, Z., Aliyah, Arisandi, D., Siswanto, L., Pramana, H. J., Jufri, M. T., Chandra, N. A., Nugroho, P. A., Dahlan, Setiawan, R., Fitri, N. A., Abdulghani, T., Bustomi, Y., Isminarti, & Saptadi, N. T. S. (2025). Keamanan Jaringan Komputer. PT Sada Kurnia Pustaka. https://www.google.co.id/books/edition/Keamanan_Jaringan_Komputer/n69jEQAAQBAJ?hl=id&gbpv=1&dq=Perusahaan+swasta,+lembaga+pendidikan,+hingga+individu&pg=PA44&printsec=frontcover

Zewail, A., Abdulghany, Y., & Samy, M. (2025). Reducing Mean Time To Respond Using Large Language Model-Driven Incident Response with the Aid of Reactively Retrieved Threat Intelligence. Intelligent Methods, Systems, and Applications (IMSA), 322–327. https://doi.org/10.1109/IMSA65733.2025.11167573

Żurawski, S., Chrząszcz, A., Ciekanowski, Z., Pauliuchuk, Y., Pietrzyk, S., & Wyrzykowska, B. (2025). Effectiveness of Information Security Incident Management Systems: Identifying Practices, Challenges and Development Perspectives. European Research Studies Journal, XXVIII(I), 575–588. https://doi.org/10.35808/ersj/3922


Bila bermanfaat silahkan share artikel ini

Berikan Komentar Anda terhadap artikel Analisis Komparatif Respons Insiden DDoS: Efisiensi MTTR pada Penanganan Manual Versus Otomatis Berbasis SIEM dan SOAR

Dimensions Badge
Article History
Published: 2026-01-11
Abstract View: 392 times
PDF Download: 242 times
Issue
Vol 6 No 8 (2026): January 2026
Pages: 1261-1269
Section
Articles

Copyright (c) 2026 I Nyoman Darmayoga, Rodhiyah Mardhiyyah

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under Creative Commons Attribution 4.0 International License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (Refer to The Effect of Open Access).