<![CDATA[ABSTRAK Penelitian ini mengusulkan sistem deteksi anomali pada webserver dengan mengombinasikan metode Isolation Forest dan Transformer melalui pendekatan Weighted Fusion. Data berupa metrik time-series dari layanan Nginx meliputi penggunaan CPU, memori, dan aktivitas koneksi diproses melalui normalisasi dan pembentukan window sebelum pelatihan. Isolation Forest dimanfaatkan untuk mendeteksi anomali berbasis nilai, sedangkan Transformer menangkap pola temporal yang kompleks guna mengidentifikasi anomali kontekstual. Evaluasi menggunakan 5-fold cross-validation menunjukkan bahwa pendekatan hybrid mencapai kinerja rata-rata F1-score sekitar 77.92% ± 0.63% dan Average Precision (AP) sekitar 84.77% ± 0.69%, lebih baik dibanding penggunaan model tunggal. Stabilitas kinerja memungkinkan sistem mempertahankan keseimbangan antara precision dan recall pada data yang tidak seimbang. Secara praktis, metode ini berpotensi meningkatkan efektivitas pemantauan operasional dan mendukung mitigasi dini terhadap insiden keamanan siber seperti web defacement. Saat ini, sistem bekerja menggunakan pendekatan offline learning, sehingga model perlu dilatih ulang ketika terdapat perubahan pola data. Pengembangan lanjutan dapat diarahkan pada penerapan online learning agar deteksi lebih adaptif terhadap dinamika trafik web secara real-time, serta integrasi sumber data tambahan untuk meningkatkan ketahanan sistem. Dengan demikian, penelitian ini berkontribusi dalam merancang dan mengevaluasi kerangka hybrid berbasis Weighted Fusion yang efektif untuk deteksi anomali pada webserver. Kata kunci : Deteksi Anomali, Isolation Forest, Transformer, Time-Series, Weighted Fusion ABSTRACT This study proposes an anomaly detection system for web servers by combining Isolation Forest and Transformer models through a Weighted Fusion approach. Time-series metrics collected from an Nginx-based service including CPU usage, memory utilization, and connection activity were normalized and formatted into windowed sequences prior to model training. Isolation Forest was employed to detect point anomalies, while the Transformer model captured complex temporal patterns to identify contextual anomalies. Evaluation using 5-fold cross-validation shows that the hybrid model achieves an average F1-score of approximately 77.92% ± 0.63% and an Average Precision (AP) of around 84.77% ± 0.69%, outperforming each standalone model. This balanced performance demonstrates improved stability between precision and recall under imbalanced data conditions. Practically, the proposed method can enhance operational monitoring effectiveness and support early mitigation of cybersecurity incidents, such as web defacement. Currently, the system operates under an offline learning scheme, requiring model retraining when data patterns shift. Future work may explore online learning to enable adaptive real-time detection, as well as integration of additional data sources to improve robustness. Overall, this research contributes an effective hybrid framework with Weighted Fusion for anomaly detection on web servers. Keywords: Anomaly Detection, Isolation Forest, Time-Series, Transformer, Weighted Fusion]]>
Copyrights © 2025
