Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi)
Anastasya Putri BR, Sophie
Unknown Affiliation
Computer Science & IT Engineering

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Analysis of Backdoor Shells in Web Servers Using Splunk and SPL-Based Machine Learning Sukmaaji, Anjik; Slamet; Anastasya Putri BR, Sophie
Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi) Vol 10 No 1 (2026): February 2026
Publisher : Ikatan Ahli Informatika Indonesia (IAII)

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.29207/resti.v10i1.7215

Abstract

Backdoor shell attacks pose a critical threat to web server security, allowing attackers to bypass authentication and gain persistent, unauthorized control. Conventional signature-based detection methods often fail against these attacks due to their polymorphic and obfuscation techniques. To address this, we propose an integrated detection approach leveraging Splunk as a log management platform combined with Search Processing Language (SPL)-based machine learning (ML) models. This study collected and preprocessed web server log data using SPL queries, transforming it into structured features for classification. We evaluated two supervised learning algorithms, Logistic Regression and Random Forest, on a labeled dataset comprising both normal traffic and simulated backdoor shell attacks. The evaluation showed that while Logistic Regression achieved a solid performance with 93.5% accuracy and 87.8% recall, the Random Forest model significantly outperformed it. Random Forest reached an accuracy of 97.2%, with a precision of 95.8%, recall of 94.1%, and an F1-score of 94.9%. Crucially, it also reduced the false negative rate (FNR) to 2.3% and the false positive rate (FPR) to 3.5%, making it more reliable for real-time applications. Our findings demonstrate that Random Forest, when integrated with Splunk's SPL, provides a highly robust and practical detection mechanism that effectively distinguishes malicious activities. The primary contribution of this research is an end-to-end architecture that combines scalable log management, effective feature engineering, and advanced ML detection, offering a scalable and practical solution for enterprise-level security monitoring.
Co-Authors Anjik Sukmaaji Slamet