Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal Jurnal Nasional Komputasi dan Teknologi Informasi
Zahrul Maizi
Universitas Muhammadiyah Aceh
Aerospace Engineering Automotive Engineering Computer Science & IT Control & Systems Engineering Decision Sciences, Operations Research & Management Electrical & Electronics Engineering Engineering Neuroscience Transportation

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Analisis Log Akses Server Web untuk Mendeteksi Anomali dan Serangan Siber Menggunakan Metode Kuantitatif dan Kualitatif Zahrul Maizi; Munawir Munawir; Zulfan Zainal
Jurnal Nasional Komputasi dan Teknologi Informasi (JNKTI) Vol 8, No 3 (2025): Juni 2025
Publisher : Program Studi Teknik Komputer, Fakultas Teknik. Universitas Serambi Mekkah

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.32672/jnkti.v8i3.9335

Abstract

Abstrak - Log akses server web merupakan sumber informasi yang sangat penting dalam pemantauan keamanan siber. Penelitian ini menganalisis file access_log dari sebuah server web menggunakan pendekatan kualitatif dan kuantitatif untuk mengidentifikasi pola aktivitas, jenis serangan, dan anomali. Metode kuantitatif melibatkan perhitungan total permintaan, frekuensi alamat IP, dan distribusi kode status HTTP. Sementara itu, metode kualitatif berfokus pada identifikasi pola serangan seperti XML External Entity (XXE), SQL Injection, Cross-Site Scripting (XSS), Directory Traversal, dan Command Injection melalui analisis isi permintaan. Hasil analisis data file log akses (access_log) dari server web yang diteliti menunjukkan total 190.742 permintaan, dengan sebagian besar (98,79%) menghasilkan kode status error (4xx atau 5xx). Anomali signifikan terdeteksi dari IP 192.168.168.1 yang bertanggung jawab atas 85,22% permintaan dan mayoritas upaya serangan XXE (162.787 kejadian) yang menghasilkan kode status 400 (Bad Request). Selain itu, berbagai jenis serangan lain juga terdeteksi, menunjukkan server menjadi target pemindaian dan serangan yang beragam. Evaluasi keamanan menunjukkan perlunya penguatan konfigurasi parser XML, implementasi Web Application Firewall (WAF), dan pemantauan log secara berkelanjutan untuk mitigasi risiko.Kata kunci: Server Web; Log Akses Server Web; Analisis Keamanan; Deteksi Anomali; Serangan Siber; XXE.Abstract - Web server access logs are a crucial source of information for cybersecurity monitoring. This study analyzes access_log files from a web server using qualitative and quantitative approaches to identify activity patterns, attack types, and anomalies. The quantitative method involves calculating total requests, IP address frequency, and HTTP status code distribution. Meanwhile, the qualitative method focuses on identifying attack patterns such as XML External Entity (XXE), SQL Injection, Cross-Site Scripting (XSS), Directory Traversal, and Command Injection through analysis of request content. The results of the access_log file analysis from the examined web server show a total of 190,742 requests, with the majority (98.79%) resulting in error status codes (4xx or 5xx). Significant anomalies were detected from IP 192.168.168.1, which was responsible for 85.22% of requests and the majority of XXE attack attempts (162,787 occurrences) that yielded a 400 (Bad Request) status code. Furthermore, various other types of attacks were also detected, indicating the server was a target of diverse scans and attacks. The security evaluation highlights the need for strengthening XML parser configurations, implementing Web Application Firewalls (WAF), and continuous log monitoring for risk mitigation.Keywords: Web Server; Web Server Access Log; Security Analysis; Anomaly Detection; Cyber Attack; XXE.
Co-Authors Munawir Munawir Zulfan Zulfan