Nusantara, Adetiya Bagus (2025) Deteksi Anomali Otomatis pada Log Aplikasi Berbasis Rule dan Attention Mechanism Enhanced of LSTM. Masters thesis, Institut Teknologi Sepuluh Nopember.
![[thumbnail of 6025231077-Master_Thesis.pdf]](http://repository.its.ac.id/style/images/fileicons/text.png) |
Text
6025231077-Master_Thesis.pdf - Accepted Version Restricted to Repository staff only Download (7MB) | Request a copy |
Abstract
Deteksi anomali pada aplikasi memainkan peran penting dalam memastikan keamanan dan keandalan sistem informasi dalam sebuah organisasi. Berbagai aktivitas mencurigakan dan potensi anomali tersebut dapat diidentifikasi dari log aplikasi yang merekam jejak setiap interaksi dan proses dalam sistem. Pendekatan konvensional yang hanya mengandalkan metode deteksi berbasis rule sering kali kurang adaptif terhadap pola serangan baru yang lebih kompleks. Penelitian ini bertujuan untuk mengatasi keterbatasan tersebut dengan menerapkan deteksi anomali berbasis rule ke dalam platform Elasticsearch, Logstash, Kibana (ELK), sekaligus memanfaatkan kekuatan deep learning untuk meningkatkan akurasi deteksi. Pada penelitian ini, agent dipasang pada setiap aplikasi yang dimonitor, yang kemudian mengirimkan log ke ELK sehingga memungkinkan pengumpulan log secara otomatis dan menghasilkan dataset. Dataset tersebut mencakup berbagai jenis kejadian, di mana setiap entri dilabeli berdasarkan apakah sebagai anomali user, anomali sistem, atau normal. Dataset yang telah dilabeli kemudian digunakan sebagai input untuk melatih model deep learning berbasis LSTM yang dimodifikasi untuk mendeteksi anomali pada log aplikasi. Modifikasi pada model LSTM mencakup penerapan attention mechanism untuk membantu model fokus pada informasi penting dalam data sekuensial, serta penambahan dense layer di bagian akhir untuk meningkatkan kemampuan model dalam klasifikasi pola anomali. Hasil eksperimen menunjukkan bahwa model LSTM yang dimodifikasi dengan penambahan attention mechanism berhasil mencapai performa tertinggi, dengan akurasi sebesar 97,15%, presisi 98,03%, recall 97,15%, dan F1-score sebesar 97,41%. Performa model ini dibandingkan dengan beberapa metode lain, yaitu RNN, GRU, dan LSTM standar, dan hasilnya menunjukkan bahwa model LSTM dengan attention mechanism secara konsisten melampaui ketiganya dalam deteksi anomali.
===================================================================================================================================
Anomaly detection in application plays a crucial role in ensuring the security and reliability of an organization's information systems. Various suspicious activities and potential anomalies can be identified from application logs that record traces of every interaction and process within the system. Traditional methods that rely only on rule-based detection are often insufficient in adapting to new, more c omplex attack patterns. This study aims to address these limitations by integrating rule-based detection into the ELK (Elasticsearch, Logstash, Kibana) platform while leveraging the power of deep learning to enhance detection accuracy. In this research, agents are deployed on each monitored application or server, which then transmit logs to ELK, enabling automated log collection and the generation of datasets for analysis. The dataset includes various types of events, with each entry labeled as either normal, system anomalies, or user anomalies. The labeled dataset is then used as input to train a deep learning model based on a modified Long Short-Term Memory (LSTM) architecture for anomaly detection in application logs. Modifications to the LSTM model include the implementation of an attention mechanism to help the model focus on important information in the sequential data, as well as the addition of a dense layer at the end to improve the model's ability to classify anomalous patterns. Experimental results show that the LSTM model modified with an attention mechanism achieved the highest performance, with an accuracy of 97.15%, precision of 98.03%, recall of 97.15%, and an F1-score of 97.41%. The model's performance was compared with several other methods, namely RNN, GRU, and standard LSTM, and the results indicate that the LSTM with attention mechanism consistently outperformed all three in the task of anomaly detection.
| Item Type: | Thesis (Masters) |
|---|---|
| Uncontrolled Keywords: | Attention Mechanism, Deep Learning, Deteksi Anomali, ELK Stack (Elasticsearch, Logstash, Kibana), Keamanan Siber, Log Aplikasi, Long Short Term Memory, Rule-Based Detection |
| Subjects: | T Technology > T Technology (General) T Technology > T Technology (General) > T57.5 Data Processing |
| Divisions: | Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Informatics Engineering > 55101-(S2) Master Thesis |
| Depositing User: | Adetiya Bagus Nusantara |
| Date Deposited: | 30 Jul 2025 06:49 |
| Last Modified: | 30 Jul 2025 06:49 |
| URI: | http://repository.its.ac.id/id/eprint/123448 |
Actions (login required)
 |
View Item |