Deteksi Dini Malware Dengan Urutan Peristiwa Sysmon Menggunakan LSTM Dan Transformer

Wivanto, Muhammad Revel (2026) Deteksi Dini Malware Dengan Urutan Peristiwa Sysmon Menggunakan LSTM Dan Transformer. Other thesis, Institut Teknologi Sepuluh Nopember.

Text 5025211233-Undregraduate_Thesis.pdf Restricted to Repository staff only Download (3MB) | Request a copy

Abstract

Seiring dengan meningkatnya kompleksitas ancaman siber, deteksi dini malware pada sistem operasi Windows menjadi sebuah kebutuhan krusial. Penelitian ini bertujuan untuk membandingkan performa dua arsitektur deep learning sekuensial, yaitu LSTM dan Transformer, dalam mengklasifikasikan urutan event dari Sysmon untuk mengidentifikasi aktivitas berbahaya. Data event log dari Sysmon, yang kaya akan informasi temporal, diproses menjadi format sekuensial untuk menangkap pola perilaku proses dari waktu ke waktu. Model LSTM dengan dirancang untuk memproses dependensi jangka pendek, sementara model berbasis Transformer memanfaatkan mekanisme self-attention untuk menangkap hubungan global antar event secara paralel. Kinerja kedua model dievaluasi secara komparatif menggunakan metrik standar seperti akurasi, presisi, recall, dan F1-score. Hasil eksperimen menunjukkan bahwa model Transformer mengungguli LSTM dengan mencapai Skor F1 optimal sebesar 0,7750 pada 20 event pertama eksekusi, yang diidentifikasi sebagai fase krusial persistence. Temuan ini mengonfirmasi bahwa pendekatan berbasis atensi (Self-Attention) lebih efektif dalam menangkap ketergantungan kontekstual jangka panjang pada log sistem dibandingkan mekanisme rekurensi, sekaligus membuktikan bahwa deteksi akurat dapat dicapai secara efisien sebelum fase infeksi lanjut terjadi
============================================================================================================================
As the complexity of cyber threats continues to increase, early malware detection on the Windows operating system has become a crucial necessity. This research aims to compare the performance of two sequential deep learning architectures, namely LSTM and Transformer, in classifying Sysmon event sequences to identify malicious activities. Sysmon event log data, which is rich in temporal information, is processed into a sequential format to capture the behavioral patterns of processes over time. AnLSTM model is designed to process short-term dependencies, while the Transformer-based model utilizes a self-attention mechanism to capture global relationships between events in parallel. The performance of both models is comparatively evaluated using standard metrics such as accuracy, precision, recall, and F1-score. The experimental results show that the Transformer model outperforms LSTM by achieving an optimal F1 Score of 0,7750 within the first 20 events, which is identified as the crucial phase of persistence. This finding confirms that the attention-based approach (Self-Attention) is more effective in capturing long-term contextual dependencies in system logs compared to the recurrence mechanism, while also proving that accurate detection can be achieved efficiently before the advanced infection phase occurs.

Item Type:	Thesis (Other)
Uncontrolled Keywords:	Deteksi Malware, Sysmon, Deep Learning, LSTM, Transformer, Analisis Sekuensial, Malware Detection, Sysmon, Deep Learning, LSTM, Transformer, Sequential Analysis.
Subjects:	T Technology > T Technology (General) > T57.5 Data Processing
Divisions:	Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Informatics Engineering > 55201-(S1) Undergraduate Thesis
Depositing User:	Muhammad Revel Wivanto
Date Deposited:	04 Feb 2026 01:07
Last Modified:	04 Feb 2026 01:07
URI:	http://repository.its.ac.id/id/eprint/131946

Actions (login required)

View Item