Pengembangan Alat Bantu Investigasi Serangan Siber Berdasarkan Log Server Web Menggunakan Algoritma K-Means
| No | 18 |
| Year | 2025 |
| Creators | Abid Faiz Saladin; S.Kom., M.Kom., Ph.D. Mahendra Data; S.Kom., M.Kom., Ph.D. Tirana Noor Fatyanosa |
| URI | http://repository.ub.ac.id/id/eprint/254623 |
| Date | 2025-12-24 |
| Keywords | og server web, K-Means clustering, serangan siber, forensik digital, |
| keamanan jaringan, anomali lalu lintas | |
| Type | thesis |
Abstract
he advancement of technology and network infrastructure has made web servers a vital component and a primary target for various cyber attacks, including brute-force, Denial of Service (DoS), and sophisticated malicious injection attempts. The volume of log data generated by high-traffic servers is massive and continuously increasing, rendering manual network security analysis impractical, time-consuming, and prone to human error. Addressing this challenge, this research focuses on developing a system that serves as a cyber investigation tool based on the analysis of web server log big data, employing the K-Means Algorithm (unsupervised learning) technique to perform automatic log data clustering. To enhance the accuracy and meaningfulness of access pattern clustering, this method is optimized by integrating semantic URL feature representation using embedding from the BERT multilingual model, which effectively captures crosslingual semantic similarity, along with other critical contextual features such as access time intervals and HTTP status codes. The main objective of this K-Means clustering is to identify and separate legitimate normal activity patterns from traffic anomalies that indicate an attack. Implementation results on historical log datasets show that the system successfully achieved optimal clustering quality, with a high capability to isolate the majority of anomalous activities (such as SQL Injection and scraping patterns) into one clearly separated data group. The clusters successfully identified as suspicious are then presented via a visualization dashboard, which significantly assists cyber security investigators in prioritizing digital forensic examination only on the data groups with the highest risk, thereby improving incident response and overall cyber investigation efficiency