<![CDATA[Abstrak - Penelitian ini mengembangkan sistem logging berbasis website dengan kemampuan deteksi anomali menggunakan metode K-Means Clustering. Data log yang dianalisis berasal dari dua sumber, yaitu sistem reservasi bioskop yang dibangun menggunakan Flask dan data eksternal NASA HTTP log. Setiap aktivitas dicatat dalam bentuk IP Address, Timestamp, Username, Role, Action, Status Code, dan URL, kemudian dikonversi menjadi fitur numerik seperti req_count, unique_urls, pct_errors, dan login_failed. Proses clustering menghasilkan nilai K terbaik sebesar 8 berdasarkan Silhouette Score tertinggi. Analisis centroid menunjukkan adanya cluster dengan perilaku anomali, seperti req_count sebesar 16.67925, unique_urls sebesar 12.79245, dan pct_errors mencapai 99.29356. Skor anomali dihitung berdasarkan jarak titik ke centroid, dengan ambang batas ditentukan pada persentil ke-99 yaitu 1.2429. Dari hasil evaluasi, sistem berhasil mengidentifikasi 233 aktivitas anomali, termasuk aktivitas mencurigakan dari IP eksternal seperti wormhole.ctp.com dengan anomaly score tertinggi sebesar 12.752941. Hasil ini membuktikan bahwa pendekatan clustering tanpa pengawasan (unsupervised) dapat diterapkan secara efektif dalam mendeteksi potensi serangan, seperti DDoS, dengan memanfaatkan pola aktivitas pengguna yang terekam dalam sistem logging.Kata kunci : Logging Web; K-Means Clustering; Deteksi Anomali; Analisis Log; Abstract - This study develops a website-based logging system with anomaly detection capabilities using the K-Means Clustering method. The analyzed log data comes from two sources, namely a cinema reservation system built using Flask and external NASA HTTP log data. Each activity is recorded in the form of IP Address, Timestamp, Username, Role, Action, Status Code, and URL, then converted into numeric features such as req_count, unique_urls, pct_errors, and login_failed. The clustering process produces the best K value of 8 based on the highest Silhouette Score. Centroid analysis shows the presence of clusters with anomalous behavior, such as req_count of 16.67925, unique_urls of 12.79245, and pct_errors reaching 99.29356. The anomaly score is calculated based on the distance of the point to the centroid, with a threshold determined at the 99th percentile of 1.2429. From the evaluation results, the system successfully identified 233 anomalous activities, including suspicious activities from external IPs such as wormhole.ctp.com with the highest anomaly score of 12.752941. These results prove that the unsupervised clustering approach can be applied effectively in detecting potential attacks, such as DDoS, by utilizing user activity patterns recorded in the logging system.Keywords: Web Logging; K-Means Clustering; Anomaly Detection; Log Analysis;]]>
Copyrights © 2025
