DETEKSI ANOMALI WEBSERVER BERBASIS HYBRID ISOLATION FOREST DAN TRANSFORMER DENGAN WEIGHTED FUSION

Ardian Yusuf Wicaksono; Rizky Fenaldo Maulana; Irvan Surya Nugraha; Yuandytha Fitria Ade Putri Sujiana

doi:10.37792/jukanti.v8i2.1904

Penulis

Ardian Yusuf Wicaksono Program Studi Informatika, Universitas Telkom, Kampus Surabaya, Surabaya 60231, Jawa Timur, Indonesia
Rizky Fenaldo Maulana Program Studi Informatika, Universitas Telkom, Kampus Surabaya, Surabaya 60231, Jawa Timur, Indonesia
Irvan Surya Nugraha Program Studi Informatika, Universitas Telkom, Kampus Surabaya, Surabaya 60231, Jawa Timur, Indonesia
Yuandytha Fitria Ade Putri Sujiana Program Studi Informatika, Universitas Telkom, Kampus Surabaya, Surabaya 60231, Jawa Timur, Indonesia

DOI:

https://doi.org/10.37792/jukanti.v8i2.1904

Kata Kunci:

Deteksi Anomali, Isolation Forest, Transformer, Time-Series, Weighted Fusion

Abstrak

ABSTRAK
Penelitian ini mengusulkan sistem deteksi anomali pada webserver dengan mengombinasikan metode Isolation Forest dan Transformer melalui pendekatan Weighted Fusion. Data berupa metrik time-series dari layanan Nginx meliputi penggunaan CPU, memori, dan aktivitas koneksi diproses melalui normalisasi dan pembentukan window sebelum pelatihan. Isolation Forest dimanfaatkan untuk mendeteksi anomali berbasis nilai, sedangkan Transformer menangkap pola temporal yang kompleks guna mengidentifikasi anomali kontekstual. Evaluasi menggunakan 5-fold cross-validation menunjukkan bahwa pendekatan hybrid mencapai kinerja rata-rata F1-score sekitar 77.92% ± 0.63% dan Average Precision (AP) sekitar 84.77% ± 0.69%, lebih baik dibanding penggunaan model tunggal. Stabilitas kinerja memungkinkan sistem mempertahankan keseimbangan antara precision dan recall pada data yang tidak seimbang. Secara praktis, metode ini berpotensi meningkatkan efektivitas pemantauan operasional dan mendukung mitigasi dini terhadap insiden keamanan siber seperti web defacement. Saat ini, sistem bekerja menggunakan pendekatan offline learning, sehingga model perlu dilatih ulang ketika terdapat perubahan pola data. Pengembangan lanjutan dapat diarahkan pada penerapan online learning agar deteksi lebih adaptif terhadap dinamika trafik web secara real-time, serta integrasi sumber data tambahan untuk meningkatkan ketahanan sistem. Dengan demikian, penelitian ini berkontribusi dalam merancang dan mengevaluasi kerangka hybrid berbasis Weighted Fusion yang efektif untuk deteksi anomali pada webserver.
Kata kunci : Deteksi Anomali, Isolation Forest, Transformer, Time-Series, Weighted Fusion

ABSTRACT
This study proposes an anomaly detection system for web servers by combining Isolation Forest and Transformer models through a Weighted Fusion approach. Time-series metrics collected from an Nginx-based service including CPU usage, memory utilization, and connection activity were normalized and formatted into windowed sequences prior to model training. Isolation Forest was employed to detect point anomalies, while the Transformer model captured complex temporal patterns to identify contextual anomalies. Evaluation using 5-fold cross-validation shows that the hybrid model achieves an average F1-score of approximately 77.92% ± 0.63% and an Average Precision (AP) of around 84.77% ± 0.69%, outperforming each standalone model. This balanced performance demonstrates improved stability between precision and recall under imbalanced data conditions. Practically, the proposed method can enhance operational monitoring effectiveness and support early mitigation of cybersecurity incidents, such as web defacement. Currently, the system operates under an offline learning scheme, requiring model retraining when data patterns shift. Future work may explore online learning to enable adaptive real-time detection, as well as integration of additional data sources to improve robustness. Overall, this research contributes an effective hybrid framework with Weighted Fusion for anomaly detection on web servers.
Keywords: Anomaly Detection, Isolation Forest, Time-Series, Transformer, Weighted Fusion

Unduhan

Data unduhan tidak tersedia.

Referensi

Badan Siber dan Sandi Negara (BSSN), “Langkah-Langkah Penanggulangan Insiden Web Defacement.” [Online]. Available: https://www.bssn.go.id/langkah-langkah-penanggulangan-insiden-web-defacement-judi-online-2/

CNN Indonesia, “Polisi Sebut Sindikat Judol Kamboja Retas 855 Situs Pemerintah RI.” [Online]. Available: https://www.cnnindonesia.com/nasional/20240712201314-12-1120710/polisi-sebut-sindikat-judol-kamboja-retas-855-situs-pemerintah-ri

CSIRT Tangerang Kota, “Analisa Web Defacement: Judi Online.” [Online]. Available: https://csirt.tangerangkota.go.id/berita/analisa-web-defacement

Detikcom, “Sindikat Judol Raup Rp 170 M dari Sewakan Situs Pemerintah yang Diretas.” [Online]. Available: https://news.detik.com/berita/d-7436294/sindikat-judol-raup-rp-170-m-dari-sewakan-situs-pemerintah-yang-diretasnya

A. Farzad and T. A. Gulliver, “Unsupervised log message anomaly detection,” ICT Express, vol. 6, no. 3, pp. 229–237, 2020, doi: 10.1016/j.icte.2020.06.003.

M. S. Lakshmi, G. Rajavikram, V. Dattatreya, B. S. Jyothi, S. Patil, and M. Bhavsingh, “Evaluating the Isolation Forest Method for Anomaly Detection in Software-Defined Networking Security,” Journal of Electrical Systems, vol. 19, no. 4, pp. 279–297, 2023, doi: 10.52783/jes.639.

D. B. Santoso and Y. Wahyuni, “SESTEM LOG WEB SERVER SEBAGAI PENDETEKSI ANOMALI MENGGUNAKAN ISOLATION FOREST — Web Server Log System as an Anomaly Detector Using Isolation Forest,” JUBIKOM: Jurnal Aplikasi Bisnis dan Komputer, vol. 4, no. 3, pp. 90–96, 2024, [Online]. Available: https://journal.unpak.ac.id/index.php/jubikom/article/view/10941

V. Aschepkov, “The use of the Isolation Forest model for anomaly detection in measurement data,” Innovative Technologies and Scientific Solutions for Industries, no. 1(27), pp. 236–245, 2024, doi: 10.30837/itssi.2024.27.236.

H. Xiang and others, “OptIForest: Optimal Isolation Forest for Anomaly Detection,” in Proceedings of the IJCAI, 2023, pp. 2379–2387. doi: 10.24963/ijcai.2023/264.

L. A. Muhammed, “Anomaly Detection in Streaming Data using Isolation Forest Tree,” 2024. [Online]. Available: https://www.researchgate.net/publication/383022377

S. Fatemifar, M. Awais, A. Akbari, and J. Kittler, “Developing a Generic Framework for Anomaly Detection,” Pattern Recognit, vol. 124, p. 108500, 2022, doi: 10.1016/j.patcog.2021.108500.

F. Hang, W. Guo, H. Chen, L. Xie, C. Zhou, and Y. Liu, “Logformer: Cascaded Transformer for System Log Anomaly Detection,” Computer Modeling in Engineering & Sciences, vol. 136, no. 1, pp. 517–529, 2023, doi: 10.32604/cmes.2023.025774.

H. Kenji, “Real-Time Anomaly Detection Using Transformer-Based Architectures in Cloud Traffic,” 2025. [Online]. Available: https://www.researchgate.net/publication/391768629

M. Orabi, K. P. Tran, P. Egger, and S. Thomassey, “Anomaly detection in smart manufacturing: An Adaptive Adversarial Transformer-based model,” J Manuf Syst, vol. 77, pp. 591–611, 2024, doi: 10.1016/j.jmsy.2024.09.021.

W. Sakong, J. Kwon, K. Min, S. Wang, and W. Kim, “Anomaly Transformer Ensemble Model for Cloud Data Anomaly Detection,” IEEE Transactions on Cloud Computing, vol. 12, no. 4, pp. 1305–1313, 2024, doi: 10.1109/TCC.2024.3466174.

F. Zeng, M. Chen, C. Qian, Y. Wang, Y. Zhou, and W. Tang, “Multivariate time series anomaly detection with adversarial transformer architecture in the Internet of Things,” Future Generation Computer Systems, vol. 144, pp. 244–255, 2023, doi: 10.1016/j.future.2023.02.015.

S. Zia, N. Bibi, S. Alhazmi, N. Muhammad, and A. Alhazmi, “Enhanced Anomaly Detection in IoT Through Transformer-Based Adversarial Perturbations Model,” Electronics (Basel), vol. 14, no. 6, 2025, doi: 10.3390/electronics14061094.

K. Xu, M. Xia, X. Mu, W. Chen, and B. Ni, “EnsembleLens: Ensemble-based Visual Exploration of Anomaly Detection Algorithms with Multidimensional Data,” IEEE Trans Vis Comput Graph, vol. 25, no. 1, pp. 109–119, 2019, doi: 10.1109/TVCG.2018.2864886.

A. D. Vibhute and V. Nakum, “Deep learning-based network anomaly detection and classification in an imbalanced cloud environment,” in Procedia Computer Science, 2024, pp. 1636–1645. doi: 10.1016/j.procs.2024.01.161.

A. Haque and H. Soliman, “A Transformer-Based Autoencoder with Isolation Forest and XGBoost for Malfunction and Intrusion Detection in Wireless Sensor Networks for Forest Fire Prediction,” Future Internet, vol. 17, no. 4, 2025, doi: 10.3390/fi17040164.

S. Nazat and others, “Ensemble Learning Framework for Anomaly Detection in VANETs,” Sensors, vol. 25, no. 16, p. 5105, 2025, doi: 10.3390/s25165105.

H. He and others, “Isolation Forest-voting Fusion-multioutput: A Stroke Risk Prediction Model,” Comput Methods Programs Biomed, 2024, doi: 10.1016/j.cmpb.2024.108500.

S. Wang, R. Jiang, Z. Wang, and Y. Zhou, “Deep Learning-based Anomaly Detection and Log Analysis for Time Series Data,” arXiv preprint, 2024.

DETEKSI ANOMALI WEBSERVER BERBASIS HYBRID ISOLATION FOREST DAN TRANSFORMER DENGAN WEIGHTED FUSION

Penulis

DOI:

Kata Kunci:

Abstrak

Unduhan

Referensi

Unduhan

Diterbitkan

Terbitan

Bagian

Lisensi

Lisensi Jurnal JUKANTI

Creative Commons Attribution 4.0 International License (CC BY 4.0)

Hak Penulis

Kewajiban Penulis

Informasi Lisensi

Komitmen terhadap Standar Akses Terbuka

Cara Mengutip

Artikel Serupa

Bahasa

Kirim Naskah

templatejurnal

Informasi

indexing

Abstracting & Discovery

stat

Visitor Statistics

Terbitan Terkini

e-issn

sinta

sertifikatakreditasi

fb

Penerbit

Kantor Editorial

Tautan Institusi