Analisis Log Server dengan Data Mining untuk Deteksi Aktifitas Malicious
DOI:
https://doi.org/10.53842/juki.v8i1.2318Keywords:
log server, data mining, SVM, intrusion detection, malicious activityAbstract
Web server security is a primary concern amid the rising wave of cyber threats. Every user interaction with a web application is recorded in server logs, which contain valuable information including IP addresses, request methods, response status codes, and data sizes. This study leverages server log data from January to July 2019 collected from an educational institution to detect malicious activities using a data mining approach. After preprocessing and rule-based labeling into three classes Safe, Suspicious, and Dangerous dimensionality reduction was applied via Linear Discriminant Analysis (LDA) before classification using five algorithms: SVM-RBF, SVM-Linear, SVM-Polynomial, K-NN via GridSearch, and Decision Tree. Results show that SVM-RBF delivers the most stable performance, achieving a training accuracy of 88% and testing accuracy of 86%. However, class imbalance affects recall scores for certain categories. This study confirms the effectiveness of combining LDA and SVM-RBF as a basis for log-based intrusion detection systems, while also highlighting the need for further development through data balancing techniques and additional feature engineering.
Downloads
References
M. Khan, “Advanced System Log Analyzer for Anomaly Detection and Cyber Forensic Investigations Using LSTM and Transformer Networks,” Journal of Cloud Computing, vol. 14, no. 1, p. 60, 2025, doi: 10.1186/s13677-025-00789-y.
A. R. Nisa, A. D. Wijayanto, A. P. J. Priana, and A. Setiawan, “Analisis Log Server untuk Mendeteksi Serangan DDoS pada Keamanan Jaringan di Website,” Journal of Internet and Software Engineering, vol. 1, no. 3, p. 17, 2024, doi: 10.47134/pjise.v1i3.2612.
A. H. Shah, D. Pasha, E. Habib Zadeh, and S. Konur, “Automated Log Analysis and Anomaly Detection Using Machine Learning,” in Fuzzy Systems and Data Mining VIII, vol. 358, in Frontiers in Artificial Intelligence and Applications, vol. 358. , IOS Press, 2022, pp. 137–147. doi: 10.3233/FAIA220378.
I. Khaerani and L. Budi Handoko, “IMPLEMENTASI DAN ANALISA HASIL DATA MINING UNTUK KLASIFIKASI SERANGAN PADA INTRUSION DETECTION SYSTEM (IDS) DENGAN ALGORITMA C4.5,” 2015.
K. A. Cahyanto, M. Anis, A. Hilmi, and M. Mustamiin, “PENGUJIAN RULE-BASED PADA DATASET LOG SERVER MENGGUNAKAN SUPPORT VECTOR MACHINE BERBASIS LINEAR DISCRIMINAT ANALYSIS UNTUK DETEKSI MALICIOUS ACTIVITY,” vol. 9, no. 2, pp. 245–254, 2022, doi: 10.25126/jtiik.202294107.
A. R. Saputro, Nurchim, and V. Atina, “Identifikasi Anomali Keamanan Server Nginx Menggunakan Algoritma Isolation Forest,” JATI (Jurnal Mahasiswa Teknik Informatika), vol. 9, no. 2, 2025, doi: 10.36040/jati.v9i2.13110.
S. P. Thirimanne, L. Jayawardana, L. Yasakethu, P. Liyanaarachchi, and C. Hewage, “Deep Neural Network Based Real-Time Intrusion Detection System,” SN Comput. Sci., vol. 3, no. 2, p. 145, 2022, doi: 10.1007/s42979-022-01031-1.
M. Injadat, A. Moubayed, A. B. Nassif, and A. Shami, “Multi-Stage Optimized Machine Learning Framework for Network Intrusion Detection,” IEEE Transactions on Network and Service Management, vol. 18, no. 2, pp. 1803–1816, 2021, doi: 10.1109/TNSM.2020.3014929.
H. Hindy et al., “A Taxonomy of Network Threats and the Effect of Current Datasets on Intrusion Detection Systems,” IEEE Access, vol. 8, pp. 104650–104675, 2020, doi: 10.1109/ACCESS.2020.3000179.
M. Landauer, F. Skopik, M. Wurzenberger, W. Hotwagner, and A. Rauber, “A Framework for Cyber Threat Intelligence Extraction from Raw Log Data,” in 2019 IEEE International Conference on Big Data (Big Data), IEEE, 2019, p. 3. doi: 10.1109/BigData47090.2019.9006328.
H. Kaur, H. S. Pannu, and A. K. Malhi, “A Systematic Review on Imbalanced Data Challenges in Machine Learning: Applications and Solutions,” ACM Comput. Surv., vol. 52, no. 4, pp. 1–36, 2019, doi: 10.1145/3343440.
M. Ring, S. Wunderlich, D. Scheuring, D. Landes, and A. Hotho, “A Survey of Network-based Intrusion Detection Data Sets,” Comput. Secur., vol. 86, pp. 147–167, 2019, doi: 10.1016/j.cose.2019.06.005.
A. Pamuji, “Prediksi Otorisasi Pengguna Sistem Berkas pada Algoritma Klasifikasi dengan Teknik Naïve Bayes,” Infomatek: Jurnal Informatika, Manajemen dan Teknologi, vol. 24, no. 1, 2022, doi: 10.23969/infomatek.v24i1.4604.
I. A. S. Dewi Paramitha, G. M. A. Sasmita, and I. M. S. Raharja, “Analisis Data Log IDS Snort dengan Algoritma Clustering Fuzzy C-Means,” Majalah Ilmiah Teknologi Elektro, vol. 19, no. 1, pp. 95–100, 2020, doi: 10.24843/MITE.2020.v19i01.P14.
X. Xu, J. Li, Y. Yang, and F. Shen, “Toward Effective Intrusion Detection Using Log-Cosh Conditional Variational Autoencoder,” IEEE Internet Things J., vol. 8, no. 8, pp. 6187–6196, 2021, doi: 10.1109/JIOT.2020.3034621.
M. Landauer, M. Wurzenberger, F. Skopik, G. Settanni, and P. Filzmoser, “Dynamic Log File Analysis: An Unsupervised Cluster Evolution Approach for Anomaly Detection,” Comput. Secur., vol. 79, pp. 94–116, 2018, doi: 10.1016/j.cose.2018.08.009.
F. Nova, M. D. Pratama, and D. Prayama, “Wazuh sebagai Log Event Management dan Deteksi Celah Keamanan pada Server dari Serangan DoS,” JITSI: Jurnal Ilmiah Teknologi Sistem Informasi, vol. 3, no. 1, pp. 1–7, 2022, doi: 10.62527/jitsi.3.1.59.
R. S. Miani, G. D. G. Bernardo, G. W. Cassales, H. Senger, and E. R. de Faria, “A Survey of Data Stream-Based Intrusion Detection Systems,” IEEE Access, vol. 13, pp. 72953–72983, 2025, doi: 10.1109/ACCESS.2025.3561105.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Muhammad Anis Al Hilmi, Kurnia Adi Cahyanto, Azhar Al Afghani, Badrudin Hadibrata
This work is licensed under a Creative Commons Attribution 4.0 International License.
