Klasifikasi Serangan Web Berdasarkan Log Web Application Firewall (WAF) Menggunakan Support Vector Machine (SVM)

Nuroji Nuroji; Tirta  Anhari

doi:10.58602/jaiti.v4i2.262

Nuroji Nuroji ^{(Corresponding Author)} Universitas Muhammadiyah Prof. DR. HAMKA
Tirta Anhari Universitas Muhammadiyah Prof. DR. HAMKA

DOI: https://doi.org/10.58602/jaiti.v4i2.262

Keywords: Web Application Firewall, ModSecurity, Support Vector Machine, SMOTE, Intrusion Detection System

Abstract

Pertumbuhan aplikasi web yang semakin pesat turut meningkatkan risiko ancaman keamanan siber terhadap layanan berbasis internet. Berbagai jenis serangan seperti SQL Injection (SQLi) dan Cross-Site Scripting (XSS) masih menjadi ancaman utama yang dapat mengganggu keamanan maupun ketersediaan sistem web. Penelitian ini bertujuan menerapkan pendekatan machine learning untuk melakukan klasifikasi serangan web menggunakan data log dari Web Application Firewall (WAF) berbasis ModSecurity. Data penelitian diperoleh dari audit log ModSecurity dalam format JSON yang berisi aktivitas request dan response pada web server. Tahapan penelitian meliputi pengumpulan data, preprocessing, ekstraksi fitur, labeling, feature engineering menggunakan TF-IDF, pembagian dataset dengan train-test split, pemodelan menggunakan algoritma Support Vector Machine (SVM), serta evaluasi performa model menggunakan confusion matrix, accuracy, precision, recall, dan F1-score. Dataset yang digunakan terdiri atas 3467 data traffic web dengan kategori SQL Injection, XSS, dan Normal. Berdasarkan hasil pengujian, model SVM mampu menghasilkan tingkat akurasi sebesar 94,52% dalam proses klasifikasi traffic web. Model menunjukkan performa sangat baik pada pendeteksian serangan SQL Injection dengan recall sebesar 1,00 dan nilai F1-score sebesar 0,97. Akan tetapi, performa pada kategori Normal masih relatif rendah karena distribusi data yang tidak seimbang. Hasil penelitian menunjukkan bahwa analisis log ModSecurity yang dipadukan dengan machine learning dapat dimanfaatkan sebagai pendekatan alternatif untuk mendukung deteksi serangan web secara otomatis.

Downloads

Download data is not yet available.

References

W. Wahdana and K. H. Hanif, “Implementasi Keamanan Informasi Menggunakan Metode Web Application Firewall terhadap Serangan SQL Injection,” Jurnal Informatika Polinema, vol. 11, no. 4, pp. 399–406, Aug. 2025, doi: 10.33795/jip.v11i4.7376.

I. Darmawan, A. Nuridwan, A. Rahmatulloh, R. Gunawan, and R. Rizal, “Real-time Web Application Firewall Monitoring uses the OWASP CRS Framework,” in 2024 Ninth International Conference on Informatics and Computing (ICIC), IEEE, Oct. 2024, pp. 1–6. doi: 10.1109/ICIC64337.2024.10956835.

H. A. Gouda, M. A. Ahmed, and M. I. Roushdy, “Optimizing anomaly-based attack detection using classification machine learning,” Neural Comput Appl, vol. 36, no. 6, pp. 3239–3257, Feb. 2024, doi: 10.1007/s00521-023-09309-y.

Arif wicahyanto, N. Nurchim, and W. Wijiyanto, “PENERAPAN ARTIFICIAL NEURAL NETWORK DALAM DETEKSI SERANGAN PADA WEB SERVER APACHE,” Jurnal Informatika dan Rekayasa Elektronik, vol. 8, no. 1, pp. 31–39, Apr. 2025, doi: 10.36595/jire.v8i1.1386.

F. Ramadhan, I. Ruslianto, and S. Bahri, “Klasifikasi Serangan SQL Injection Menggunakan Algoritma Support Vector Machine Pada HTTP Request,” Coding: Jurnal Komputer dan Aplikasi, vol. 13, no. 3, pp. 224–235, Dec. 2025, doi: 10.26418/coding.v13i3.92215.

G. Indrawan, H. Setiawan, and A. Gunadi, “Multi-class SVM Classification Comparison for Health Service Satisfaction Survey Data in Bahasa,” HighTech and Innovation Journal, vol. 3, no. 4, pp. 425–442, Dec. 2022, doi: 10.28991/HIJ-2022-03-04-05.

C. Scano et al., “ModSec-Learn: Boosting ModSecurity with Machine Learning,” Jun. 2024, doi: 10.1007/978-3-031-76459-2_3.

M. A. Elseddig and M. Mejri, “Incident Detection Based on Differential Analysis,” Journal of Information Security, vol. 15, no. 03, pp. 378–409, 2024, doi: 10.4236/jis.2024.153022.

M. A. Owaid and A. S. Hammoodi, “Evaluating Machine Learning and Deep Learning Models for Enhanced DDoS Attack Detection,” Mathematical Modelling of Engineering Problems, vol. 11, no. 2, pp. 493–499, Feb. 2024, doi: 10.18280/mmep.110221.

K. A. Cahyanto, M. A. al Hilmi, and M. Mustamiin, “Pengujian Rule-Based pada Dataset Log Server Menggunakan Support Vector Machine Berbasis Linear Discriminat Analysis untuk Deteksi Malicious Activity,” Jurnal Teknologi Informasi dan Ilmu Komputer, vol. 9, no. 2, pp. 245–254, Feb. 2022, doi: 10.25126/jtiik.2022924107.

A. Riverol, G. Betarte, R. Martínez, and Á. Pardo, “Capturing the security expert knowledge in feature selection for web application attack detection,” Jul. 2024.

A.-R. Al-Ghuwairi, Y. Sharrab, D. Al-Fraihat, M. AlElaimat, A. Alsarhan, and A. Algarni, “Intrusion detection in cloud computing based on time series anomalies utilizing machine learning,” Journal of Cloud Computing, vol. 12, no. 1, p. 127, Aug. 2023, doi: 10.1186/s13677-023-00491-x.

A. Shaheed and M. H. D. B. Kurdy, “Web Application Firewall Using Machine Learning and Features Engineering,” Security and Communication Networks, vol. 2022, pp. 1–14, Jun. 2022, doi: 10.1155/2022/5280158.

W. B. Demilie and F. G. Deriba, “Detection and prevention of SQLI attacks and developing compressive framework using machine learning and hybrid techniques,” J Big Data, vol. 9, no. 1, p. 124, Dec. 2022, doi: 10.1186/s40537-022-00678-0

M. Mujahid et al., “Data oversampling and imbalanced datasets: an investigation of performance for machine learning and feature engineering,” J Big Data, vol. 11, no. 1, p. 87, Jun. 2024, doi: 10.1186/s40537-024-00943-4.

L. G. Cilento, P. S. G. de Mattos Neto, and D. C. Cunha, “A Framework for Efficient Pre-Processing of HTTP Requests Using Machine Learning-Based Web Application Firewalls,” in Anais do XXV Simpósio Brasileiro de Cibersegurança (SBSeg 2025), Sociedade Brasileira de Computação - SBC, Sep. 2025, pp. 18–31. doi: 10.5753/sbseg.2025.9793.

Md. A. Talukder et al., “A dependable hybrid machine learning model for network intrusion detection,” Journal of Information Security and Applications, vol. 72, p. 103405, Feb. 2023, doi: 10.1016/j.jisa.2022.103405.

S. Abbas et al., “Artificial intelligence framework for heart disease classification from audio signals,” Sci Rep, vol. 14, no. 1, p. 3123, Feb. 2024, doi: 10.1038/s41598-024-53778-7.

R. F. Rahmat et al., “Classifying Indonesian Cyber Crime Cases under ITE Law Using a Hybrid of Mutual Information and Support Vector Machine,” International Journal of Safety and Security Engineering, vol. 13, no. 5, pp. 835–844, Nov. 2023, doi: 10.18280/ijsse.130507.

H. C. Husada and A. S. Paramita, “Analisis Sentimen Pada Maskapai Penerbangan di Platform Twitter Menggunakan Algoritma Support Vector Machine (SVM),” Teknika, vol. 10, no. 1, pp. 18–26, Feb. 2021, doi: 10.34148/teknika.v10i1.311.

N. I. Jabbar, “Support Vector Machine Prediction a Man in the Middle Attack on Traffic Networking,” Al-Nahrain Journal for Engineering Sciences, vol. 28, no. 3, pp. 330–335, Sep. 2025, doi: 10.29194/NJES.28030330.

A. BaniMustafa, M. Baklizi, and K. Khatatneh, “Machine Learning for Securing Traffic in Computer Networks,” International Journal of Advanced Computer Science and Applications, vol. 13, no. 12, 2022, doi: 10.14569/IJACSA.2022.0131252.