Pengembangan Alat Pendukung Investigasi Serangan Siber Berdasarkan Log Server Web Menggunakan Algoritma SBERT all-MiniLM-L6-v2 dan Agglomerative Clustering
| No | 32 |
| Year | 2026 |
| Creators | Abdullah Hilal Adi Sumarno; S.Kom., M.Kom., Ph.D. Mahendra Data |
| URI | http://repository.ub.ac.id/id/eprint/254618 |
| Date | 2026-01-09 |
| Keywords | Log server web, deteksi anomali, Agglomerative Clustering, SBERT, |
| investigasi siber. | |
| Type | thesis |
Abstract
Cyber attacks on web applications continue to increase as institutions rely on digital services. Web server logs are vital sources of digital evidence recording activity traces, but manual analysis of millions of log lines is often ineffective and prone to error. This study aims to develop an automated investigation tool using Unsupervised Learning methods. The system implements the Agglomerative Clustering algorithm to group attack patterns. The main challenge in log clustering is the representation of unstructured URL text data. Therefore, this study proposes hybrid feature extraction combining rule-based features from Sigma Rules and semantic features using the SBERT all-MiniLM-L6-v2 model. Based on hyperparameter tuning results in the range of K=10 to K=15, the Average Linkage method with 12 clusters (K=12) proved to be the most optimal. External evaluation showed a Homogeneity Score of 0.992 and a Completeness Score of 0.309. High homogeneity demonstrates the system’s ability to separate normal and anomalous activities with high purity, while the formed cluster granularity is able to separate specific attack variants such as SQL Injection and Sensitive File Exposure to facilitate cyberattack analysis.