Klasifikasi dan Pengalihan Serangan Siber dengan Honeypot Menggunakan Pendekatan Pembelajaran Mesin di Lingkungan Kubernetes

Sukmana, Iftala Zahri (0026) Klasifikasi dan Pengalihan Serangan Siber dengan Honeypot Menggunakan Pendekatan Pembelajaran Mesin di Lingkungan Kubernetes. Other thesis, Institut Teknologi Sepuluh Nopember.

[thumbnail of 5025221002-Undergraduate-Thesis.pdf] Text
5025221002-Undergraduate-Thesis.pdf
Restricted to Repository staff only
Download (4MB) | Request a copy

Abstract

Keamanan siber menjadi aspek yang semakin krusial seiring meningkatnya ketergantungan industri terhadap infrastruktur berbasis \emph{cloud}. Serangan injeksi pada lapisan aplikasi web seperti \emph{SQL Injection}, \emph{Cross-Site Scripting}, dan \emph{Command Injection} secara konsisten menempati peringkat teratas dalam \emph{OWASP Top 10} dan dapat menyebabkan pencurian data, kerusakan sistem, hingga pengambilalihan kendali penuh atas \emph{server}. Penelitian ini merancang dan mengimplementasikan sistem WAF berbasis pembelajaran mesin yang dijalankan sebagai kontainer \emph{sidecar} pada Kubernetes, diintegrasikan dengan \emph{honeypot} dan \emph{Detection Engine} dalam satu arsitektur terpadu. Model klasifikasi dibangun menggunakan algoritma XGBoost dengan rekayasa fitur numerik yang diekstraksi dari \emph{payload} HTTP. \emph{Dataset} pelatihan dikumpulkan dari berbagai sumber publik serta \emph{payload} dari alat otomasi. Arsitektur sistem dipisahkan secara logikal di mana WAF \emph{sidecar} berperan sebagai \emph{reverse proxy} yang melakukan klasifikasi setiap permintaan yang masuk, dan kemudian mengalihkan lalu lintas berbahaya secara transparan ke \emph{honeypot} yang mereplikasi aplikasi target dengan data palsu. Hasil evaluasi menunjukkan model klasifikasi mencapai akurasi 98,12\%, \emph{macro F1-score} 0,9741, dan \emph{False Positive Rate} 0,85\%, melampaui seluruh ambang keberhasilan yang ditetapkan. WAF mencapai deteksi sempurna pada kelas SQLi dan XSS (35/35) serta 97,30\% pada CMDi, jauh melampaui ModSecurity CRS yang hanya mencapai 83,78\% pada kelas yang sama. Pengujian fungsional \emph{end-to-end} mengonfirmasi seluruh lalu lintas berbahaya berhasil dialihkan secara transparan ke \emph{honeypot}, dengan konsumsi memori \emph{sidecar} stabil pada 178~MiB dan \emph{overhead} inferensi hanya 0,392--0,560~ms.
===============================================================================================================================
Cybersecurity has become an increasingly critical aspect as industries grow more dependent on cloud-based infrastructure. Web application layer injection attacks such as SQL Injection, Cross-Site Scripting, and Command Injection consistently rank among the top entries in the OWASP Top 10 and can lead to data theft, system damage, and full server takeover. This research designs and implements a machine learning-based WAF system deployed as a sidecar container on Kubernetes, integrated with a honeypot and Detection Engine within a unified architecture. The classification model is built using the XGBoost algorithm with numerical feature engineering extracted from HTTP payloads. The training dataset is collected from various public sources as well as payloads from automation tools. The system architecture is logically separated, where the WAF sidecar acts as a reverse proxy that classifies every incoming request and transparently redirects malicious traffic to a honeypot that replicates the target application with fabricated data. The evaluation results show that the classification model achieves 98.12\% accuracy, a 0.9741 macro F1-score, and a 0.85\% False Positive Rate, exceeding all predefined success thresholds. The WAF reaches perfect detection on the SQLi and XSS classes (35/35) and 97.30\% on CMDi, substantially outperforming ModSecurity CRS which only reaches 83.78\% on the same classes. End-to-end functional testing confirms that all malicious traffic is transparently redirected to the honeypot, with a stable sidecar memory footprint of 178~MiB and an inference overhead of only 0.392--0.560~ms.

Item Type: Thesis (Other)
Uncontrolled Keywords: Honeypot, Klasifikasi, Kubernetes, Pembelajaran Mesin, Pengalihan Serangan, Web Application Firewall, XGBoost Honeypot, Classification, Kubernetes, Machine Learning, Attack Redirection, Web Application Firewall, XGBoost
Subjects: T Technology > T Technology (General)
T Technology > TH Building construction > TH9737 Electronic security systems
Divisions: Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Informatics Engineering > 55201-(S1) Undergraduate Thesis
Depositing User: Iftala Zahri Sukmana
Date Deposited: 24 Jun 2026 01:41
Last Modified: 24 Jun 2026 01:41
URI: http://repository.its.ac.id/id/eprint/134004

Actions (login required)

View Item View Item