DETEKSI ANOMALI WEBSERVER BERBASIS HYBRID ISOLATION FOREST DAN TRANSFORMER DENGAN WEIGHTED FUSION

Authors

  • Ardian Yusuf Wicaksono Program Studi Informatika, Universitas Telkom, Kampus Surabaya, Surabaya 60231, Jawa Timur
  • Rizky Fenaldo Maulana Program Studi Informatika, Universitas Telkom, Kampus Surabaya, Surabaya 60231, Jawa Timur, Indonesia
  • Irvan Surya Nugraha Program Studi Informatika, Universitas Telkom, Kampus Surabaya, Surabaya 60231, Jawa Timur, Indonesia
  • Yuandytha Fitria Ade Putri Sujiana Program Studi Informatika, Universitas Telkom, Kampus Surabaya, Surabaya 60231, Jawa Timur, Indonesia

DOI:

https://doi.org/10.37792/jukanti.v8i2.1904

Keywords:

Anomaly Detection, Isolation Forest, Time-Series, Transformer, Weighted Fusion

Abstract

ABSTRAK
Penelitian ini mengusulkan sistem deteksi anomali pada webserver dengan mengombinasikan metode Isolation Forest dan Transformer melalui pendekatan Weighted Fusion. Data berupa metrik time-series dari layanan Nginx meliputi penggunaan CPU, memori, dan aktivitas koneksi diproses melalui normalisasi dan pembentukan window sebelum pelatihan. Isolation Forest dimanfaatkan untuk mendeteksi anomali berbasis nilai, sedangkan Transformer menangkap pola temporal yang kompleks guna mengidentifikasi anomali kontekstual. Evaluasi menggunakan 5-fold cross-validation menunjukkan bahwa pendekatan hybrid mencapai kinerja rata-rata F1-score sekitar 77.92% ± 0.63% dan Average Precision (AP) sekitar 84.77% ± 0.69%, lebih baik dibanding penggunaan model tunggal. Stabilitas kinerja memungkinkan sistem mempertahankan keseimbangan antara precision dan recall pada data yang tidak seimbang. Secara praktis, metode ini berpotensi meningkatkan efektivitas pemantauan operasional dan mendukung mitigasi dini terhadap insiden keamanan siber seperti web defacement. Saat ini, sistem bekerja menggunakan pendekatan offline learning, sehingga model perlu dilatih ulang ketika terdapat perubahan pola data. Pengembangan lanjutan dapat diarahkan pada penerapan online learning agar deteksi lebih adaptif terhadap dinamika trafik web secara real-time, serta integrasi sumber data tambahan untuk meningkatkan ketahanan sistem. Dengan demikian, penelitian ini berkontribusi dalam merancang dan mengevaluasi kerangka hybrid berbasis Weighted Fusion yang efektif untuk deteksi anomali pada webserver.
Kata kunci : Deteksi Anomali, Isolation Forest, Transformer, Time-Series, Weighted Fusion

ABSTRACT
This study proposes an anomaly detection system for web servers by combining Isolation Forest and Transformer models through a Weighted Fusion approach. Time-series metrics collected from an Nginx-based service including CPU usage, memory utilization, and connection activity were normalized and formatted into windowed sequences prior to model training. Isolation Forest was employed to detect point anomalies, while the Transformer model captured complex temporal patterns to identify contextual anomalies. Evaluation using 5-fold cross-validation shows that the hybrid model achieves an average F1-score of approximately 77.92% ± 0.63% and an Average Precision (AP) of around 84.77% ± 0.69%, outperforming each standalone model. This balanced performance demonstrates improved stability between precision and recall under imbalanced data conditions. Practically, the proposed method can enhance operational monitoring effectiveness and support early mitigation of cybersecurity incidents, such as web defacement. Currently, the system operates under an offline learning scheme, requiring model retraining when data patterns shift. Future work may explore online learning to enable adaptive real-time detection, as well as integration of additional data sources to improve robustness. Overall, this research contributes an effective hybrid framework with Weighted Fusion for anomaly detection on web servers.
Keywords: Anomaly Detection, Isolation Forest, Time-Series, Transformer, Weighted Fusion

Downloads

Download data is not yet available.

References

Badan Siber dan Sandi Negara (BSSN), “Langkah-Langkah Penanggulangan Insiden Web Defacement.” [Online]. Available: https://www.bssn.go.id/langkah-langkah-penanggulangan-insiden-web-defacement-judi-online-2/

CNN Indonesia, “Polisi Sebut Sindikat Judol Kamboja Retas 855 Situs Pemerintah RI.” [Online]. Available: https://www.cnnindonesia.com/nasional/20240712201314-12-1120710/polisi-sebut-sindikat-judol-kamboja-retas-855-situs-pemerintah-ri

CSIRT Tangerang Kota, “Analisa Web Defacement: Judi Online.” [Online]. Available: https://csirt.tangerangkota.go.id/berita/analisa-web-defacement

Detikcom, “Sindikat Judol Raup Rp 170 M dari Sewakan Situs Pemerintah yang Diretas.” [Online]. Available: https://news.detik.com/berita/d-7436294/sindikat-judol-raup-rp-170-m-dari-sewakan-situs-pemerintah-yang-diretasnya

A. Farzad and T. A. Gulliver, “Unsupervised log message anomaly detection,” ICT Express, vol. 6, no. 3, pp. 229–237, 2020, doi: 10.1016/j.icte.2020.06.003.

M. S. Lakshmi, G. Rajavikram, V. Dattatreya, B. S. Jyothi, S. Patil, and M. Bhavsingh, “Evaluating the Isolation Forest Method for Anomaly Detection in Software-Defined Networking Security,” Journal of Electrical Systems, vol. 19, no. 4, pp. 279–297, 2023, doi: 10.52783/jes.639.

D. B. Santoso and Y. Wahyuni, “SESTEM LOG WEB SERVER SEBAGAI PENDETEKSI ANOMALI MENGGUNAKAN ISOLATION FOREST — Web Server Log System as an Anomaly Detector Using Isolation Forest,” JUBIKOM: Jurnal Aplikasi Bisnis dan Komputer, vol. 4, no. 3, pp. 90–96, 2024, [Online]. Available: https://journal.unpak.ac.id/index.php/jubikom/article/view/10941

V. Aschepkov, “The use of the Isolation Forest model for anomaly detection in measurement data,” Innovative Technologies and Scientific Solutions for Industries, no. 1(27), pp. 236–245, 2024, doi: 10.30837/itssi.2024.27.236.

H. Xiang and others, “OptIForest: Optimal Isolation Forest for Anomaly Detection,” in Proceedings of the IJCAI, 2023, pp. 2379–2387. doi: 10.24963/ijcai.2023/264.

L. A. Muhammed, “Anomaly Detection in Streaming Data using Isolation Forest Tree,” 2024. [Online]. Available: https://www.researchgate.net/publication/383022377

S. Fatemifar, M. Awais, A. Akbari, and J. Kittler, “Developing a Generic Framework for Anomaly Detection,” Pattern Recognit, vol. 124, p. 108500, 2022, doi: 10.1016/j.patcog.2021.108500.

F. Hang, W. Guo, H. Chen, L. Xie, C. Zhou, and Y. Liu, “Logformer: Cascaded Transformer for System Log Anomaly Detection,” Computer Modeling in Engineering & Sciences, vol. 136, no. 1, pp. 517–529, 2023, doi: 10.32604/cmes.2023.025774.

H. Kenji, “Real-Time Anomaly Detection Using Transformer-Based Architectures in Cloud Traffic,” 2025. [Online]. Available: https://www.researchgate.net/publication/391768629

M. Orabi, K. P. Tran, P. Egger, and S. Thomassey, “Anomaly detection in smart manufacturing: An Adaptive Adversarial Transformer-based model,” J Manuf Syst, vol. 77, pp. 591–611, 2024, doi: 10.1016/j.jmsy.2024.09.021.

W. Sakong, J. Kwon, K. Min, S. Wang, and W. Kim, “Anomaly Transformer Ensemble Model for Cloud Data Anomaly Detection,” IEEE Transactions on Cloud Computing, vol. 12, no. 4, pp. 1305–1313, 2024, doi: 10.1109/TCC.2024.3466174.

F. Zeng, M. Chen, C. Qian, Y. Wang, Y. Zhou, and W. Tang, “Multivariate time series anomaly detection with adversarial transformer architecture in the Internet of Things,” Future Generation Computer Systems, vol. 144, pp. 244–255, 2023, doi: 10.1016/j.future.2023.02.015.

S. Zia, N. Bibi, S. Alhazmi, N. Muhammad, and A. Alhazmi, “Enhanced Anomaly Detection in IoT Through Transformer-Based Adversarial Perturbations Model,” Electronics (Basel), vol. 14, no. 6, 2025, doi: 10.3390/electronics14061094.

K. Xu, M. Xia, X. Mu, W. Chen, and B. Ni, “EnsembleLens: Ensemble-based Visual Exploration of Anomaly Detection Algorithms with Multidimensional Data,” IEEE Trans Vis Comput Graph, vol. 25, no. 1, pp. 109–119, 2019, doi: 10.1109/TVCG.2018.2864886.

A. D. Vibhute and V. Nakum, “Deep learning-based network anomaly detection and classification in an imbalanced cloud environment,” in Procedia Computer Science, 2024, pp. 1636–1645. doi: 10.1016/j.procs.2024.01.161.

A. Haque and H. Soliman, “A Transformer-Based Autoencoder with Isolation Forest and XGBoost for Malfunction and Intrusion Detection in Wireless Sensor Networks for Forest Fire Prediction,” Future Internet, vol. 17, no. 4, 2025, doi: 10.3390/fi17040164.

S. Nazat and others, “Ensemble Learning Framework for Anomaly Detection in VANETs,” Sensors, vol. 25, no. 16, p. 5105, 2025, doi: 10.3390/s25165105.

H. He and others, “Isolation Forest-voting Fusion-multioutput: A Stroke Risk Prediction Model,” Comput Methods Programs Biomed, 2024, doi: 10.1016/j.cmpb.2024.108500.

S. Wang, R. Jiang, Z. Wang, and Y. Zhou, “Deep Learning-based Anomaly Detection and Log Analysis for Time Series Data,” arXiv preprint, 2024.

Downloads

Published

2025-11-30

Issue

Vol. 8 No. 2 (2025): JURNAL PENDIDIKAN TEKNOLOGI INFORMASI (JUKANTI) EDISI NOPEMBER 2025

Section

Artikel

License

Copyright (c) 2025 Ardian Yusuf Wicaksono, Rizky Fenaldo Maulana, Irvan Surya Nugraha, Yuandytha Fitria Ade Putri Sujiana

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

JUKANTI Journal License

JUKANTI (Jurnal Pendidikan Teknologi Informasi) is committed to supporting open access and the dissemination of scholarly knowledge. All articles published in JUKANTI are distributed under the Creative Commons Attribution 4.0 International License (CC BY 4.0).

Creative Commons Attribution 4.0 International License (CC BY 4.0)

Under this license, users are permitted to read, download, copy, distribute, print, search, link to, remix, transform, adapt, and build upon the published work for any lawful purpose, including commercial purposes, provided that appropriate credit is given to the original author(s) and the original publication in JUKANTI, a link to the license is provided, and any changes made are indicated.

Author Rights

Authors retain the copyright of their articles and grant JUKANTI the right of first publication. Authors are also permitted to deposit and share the published version of their articles in institutional repositories, subject repositories, personal websites, and academic networks, provided that the original publication in JUKANTI is properly cited and linked.

Author Obligations

Authors publishing with JUKANTI are responsible for ensuring that their work is original, does not infringe any copyright, and complies with applicable ethical and legal standards. Authors must obtain permission for any third-party material included in their manuscript when required.

License Information

License: Creative Commons Attribution 4.0 International License (CC BY 4.0)
License URL: https://creativecommons.org/licenses/by/4.0/

Commitment to Open Access Standards

JUKANTI is committed to maintaining transparent editorial policies, clear licensing terms, and open access publishing practices in accordance with international scholarly publishing standards.

For further questions or clarifications regarding this license, please contact the JUKANTI editorial office at edu@ucb.ac.id

How to Cite

DETEKSI ANOMALI WEBSERVER BERBASIS HYBRID ISOLATION FOREST DAN TRANSFORMER DENGAN WEIGHTED FUSION. (2025). Jurnal Pendidikan Teknologi Informasi (JUKANTI), 8(2), 302-317. https://doi.org/10.37792/jukanti.v8i2.1904