Identification and Classification of Cyber Attacks on ELDIRU UNSOED using Random Forest Algorithm

Justicio Caesario; Nofiyati; Dwi Kurnia Wibowo

doi:10.52436/1.jutif.2025.6.4.5239

Authors

Justicio Caesario Informatics, Universitas Jenderal Soedirman, Indonesia
Nofiyati Informatics, Universitas Jenderal Soedirman, Indonesia
Dwi Kurnia Wibowo Informatics, Universitas Jenderal Soedirman, Indonesia

DOI:

https://doi.org/10.52436/1.jutif.2025.6.4.5239

Keywords:

Cyber Security, Machine Learning, Random Forest, Web Application, Web Application Firewall

Abstract

Academic information systems, such as Eldiru Unsoed, function as vital digital assets vulnerable to cyberattacks, while conventional rule-based Web Application Firewalls exhibit detection weaknesses. Empirical testing in this study shows that the standard ModSecurity with Core Rule Set (CRS) system achieves a recall of only 5.34%, meaning it fails to identify the majority of actual attacks and creates a significant security gap. To address this problem, this research designs a detection system based on the Random Forest algorithm using Nginx server log data, validated with the public CSIC 2010 dataset. The model was developed by engineering hybrid features that include lexical analysis, CRS rule context, and N-grams to classify web traffic. Evaluation results show the proposed Machine Learning-Random Forest (ML-RF) model successfully increases recall from 5.34% to 72.00% and the F1-Score from 10.10% to 80.00%. This improvement in metrics, while maintaining a precision of 91.00%, proves that machine learning integration yields a more balanced and reliable cybersecurity defense mechanism. This research underscores the importance of implementing MLOps workflows for continuous model calibration and retraining to maintain detection effectiveness against evolving threats.

Downloads

Download data is not yet available.

References

E. Budi, D. Wira, and A. Infantono, “Strategi Penguatan Cyber Security Guna Mewujudkan Keamanan Nasional di Era Society 5.0,” Pros. Semin. Nas. Sains Teknol. dan Inov. Indones., vol. 3, no. November, pp. 223–234, 2021, doi: 10.54706/senastindo.v3.2021.141.

R. Ali, A. Ali, F. Iqbal, A. M. Khattak, and S. Aleem, “A Systematic Review of Artificial Intelligence and Machine Learning Techniques for Cyber Security,” Commun. Comput. Inf. Sci., vol. 1210 CCIS, no. October, pp. 584–593, 2020, doi: 10.1007/978-981-15-7530-3_44.

A. K. B. Arnob, R. R. Chowdhury, N. A. Chaiti, S. Saha, and A. Roy, “A comprehensive systematic review of intrusion detection systems: emerging techniques, challenges, and future research directions,” J. Edge Comput., vol. 4, no. 1, pp. 73–104, 2025, doi: 10.55056/jec.885.

D. Oktareza, A. Noor, E. Saputra, and ..., “Transformasi Digital 4.0: Inovasi yang Menggerakkan Perubahan Global,” CENDEKIA J. Hukum, Sos. Hum., vol. 2, no. 3, pp. 661–672, 2024, [Online]. Available: https://journal.lps2h.com/cendekia/article/view/98%0Ahttps://journal.lps2h.com/cendekia/article/download/98/78

R. Yandra, Mahfudnurnajamuddin, and Suriyanti, “Implementasi Teknologi dalam Manajemen Pemasaran Pendidikan: Tantangan dan Peluang,” J. Educ. Res., vol. 5, no. 2, pp. 2008–2024, 2024, doi: 10.37985/jer.v5i2.1071.

M. F. Aska, D. P. Putta, and C. J. M. Sinambela, “Strategi Efektif Untuk Implementasi Keamanan Siber di Era Digital,” J. Inf. Inf. Secur., vol. 5, no. 2, pp. 187–200, 2024, [Online]. Available: http://ejurnal.ubharajaya.ac.id/index.php/jiforty

M. E. Durmu, “Web application firewall based on machine learning models,” no. July, 2025, doi: 10.7717/peerj-cs.2975.

R. Z. Muttaqin and D. Sudiana, “Design of Realtime Web Application Firewall on Deep Learning-Based to Improve Web Application Security,” J. Penelit. Pendidik. IPA, vol. 10, no. 12, pp. 11121–11129, 2025, doi: 10.29303/jppipa.v10i12.8346.

M. O. Musa and T. Victor-Ime, “Improving Internet Firewall Using Machine Learning Techniques,” Am. J. Comput. Sci. Technol., no. June, 2023, doi: 10.11648/j.ajcst.20230604.14.

N. A. Widiyono and U. Y. Oktiawati, “Implementasi Web Application Firewall (WAF) pada Aplikasi Fishku Berbasis Google Cloud Armor,” J. Internet Softw. Eng., vol. 5, no. 2, pp. 75–85, 2024, doi: 10.22146/jise.v5i2.9980.

A. Rosyida Zain, I. Muhamad, M. Matin, and D. K. Kautsar, “Analisis Implementasi Modsecurity dan Reverse Proxy Untuk Pencegahan Serangan Keamanan DDoS pada Web Server,” SNIV Semin. Nas. Inov. Vokasi, vol. 2, no. 1, pp. 118–127, 2023.

A. Blozva et al., “IoT devices Integration and Protection in Available Infrastructure of a University Computer Network,” J. Theor. Appl. Inf. Technol., vol. 99, no. 8, pp. 1820–1833, 2021.

Z. Y. Gunibala, S. N. Maharani, and S. Pujiningsih, “Dampak Finansial Serangan Siber Terhadap Kinerja Korporasi: Scoping Review,” J. Daya Saing, vol. 11, no. 2, pp. 493–501, 2025, doi: 10.35446/dayasaing.v11i2.2245.

Faizal, “Pengaruh Serangan Siber Ransomware yang Menyerang Pusat Data Nasional Terhadap Persepsi dan Kepercayaan Masyarakat Kota Semarang pada Kominfo,” 2025.

I. Ahmad, Q. E. U. Haq, M. Imran, M. O. Alassafi, and R. A. Alghamdi, “An Efficient Network Intrusion Detection and Classification System,” Mathematics, vol. 10, no. 3, pp. 1–15, 2022, doi: 10.3390/math10030530.

L. Demetrio, A. Valenza, G. Costa, and G. Lagorio, “WAF-A-MoLE: Evading web application firewalls through adversarial machine learning,” Proc. ACM Symp. Appl. Comput., pp. 1745–1752, 2020, doi: 10.1145/3341105.3373962.

Amirah and F. Karimah, “Preliminary Study for Cyber Intrusion Detection Using Machine Learning Approach,” J. Sist. Inf. dan Tek. Inform., vol. 1, no. 1, pp. 28–33, 2023, doi: 10.70356/jafotik.v1i1.4.

G. Floris et al., “ModSec-AdvLearn: Countering Adversarial SQL Injections With Robust Machine Learning,” IEEE Trans. Inf. Forensics Secur., vol. 20, pp. 6693–6705, 2025, doi: 10.1109/TIFS.2025.3583234.

V. Lakhno et al., “Experimental Studies of the Features of Using WAF To Protect Internal Services in the Zero Trust Structure,” J. Theor. Appl. Inf. Technol., vol. 100, no. 3, pp. 705–721, 2022.

Z. Benamor, Z. A. Seghir, M. Djezzar, and M. Hemam, “A comparative study of machine learning algorithms for intrusion detection in IoT networks,” Rev. d’Intelligence Artif., vol. 37, no. 3, pp. 567–576, 2023, doi: 10.18280/ria.370305.

K. H. Hamzah, M. Z. Osman, T. Anthony, M. A. Ismail, Z. Abdullah, and A. Alanda, “Comparative Analysis of Machine Learning Algorithms for Cross-Site Scripting (XSS) Attack Detection,” Int. J. Informatics Vis., vol. 8, no. 3–2, pp. 1678–1685, 2024, doi: 10.62527/joiv.8.3-2.3451.

Z. Azam, M. M. Islam, and M. N. Huda, “Comparative Analysis of Intrusion Detection Systems and Machine Learning-Based Model Analysis Through Decision Tree,” IEEE Access, vol. 11, no. August, pp. 80348–80391, 2023, doi: 10.1109/ACCESS.2023.3296444.

C. Lu, Y. Cao, and Z. Wang, “Research on Intrusion Detection Based on an Enhanced Random Forest Algorithm,” Appl. Sci., vol. 14, no. 2, 2024, doi: 10.3390/app14020714.

A. Yudhistira and Y. Fitrisia, “Monitoring Log Server Dengan Elasticsearch, Logstash Dan Kibana (ELK),” Rabit J. Teknol. dan Sist. Inf. Univrab, vol. 8, no. 1, pp. 124–134, 2023, doi: 10.36341/rabit.v8i1.2975.

Rio Pradana Aji, “Analisis Log Serangan Bruteforce Terhadap Web Server Nginx Pada Dasbor Sistem Pencatatan Log Teroptimasi Menggunakan Metode Investigasi Forensik,” Univ. Islam Indones., pp. 4–95, 2022.

NIST SP800-53, “Security and Privacy Controls for Information Systems and Organizations,” NIST Spec. Publ., p. 465, 2020, [Online]. Available: https://doi.org/10.6028/NIST.SP.800-53r5

M. Fahri, “Penerapan Algoritma Random Forest untuk Deteksi Phishing pada Website,” J. Ilm. Teknol. Sist. Inf., vol. 6, no. 2, pp. 186–194, 2025, doi: 10.62527/jitsi.6.2.472.

A. D. Purwanto, K. Wikantika, A. Deliar, and S. Darmawan, “Decision Tree and Random Forest Classification Algorithms for Mangrove Forest Mapping in Sembilang National Park, Indonesia,” Remote Sens., vol. 15, no. 1, 2023, doi: 10.3390/rs15010016.

S. Amini, M. Saber, H. Rabiei-Dastjerdi, and S. Homayouni, “Urban Land Use and Land Cover Change Analysis Using Random Forest Classification of Landsat Time Series,” Remote Sens., vol. 14, no. 11, pp. 1–23, 2022, doi: 10.3390/rs14112654.

J. Svoboda, P. Štych, J. Laštovička, D. Paluba, and N. Kobliuk, “Random Forest Classification of Land Use, Land-Use Change and Forestry (LULUCF) Using Sentinel-2 Data—A Case Study of Czechia,” Remote Sens., vol. 14, no. 5, 2022, doi: 10.3390/rs14051189.

M. S. Chowdhury, “Comparison of accuracy and reliability of random forest, support vector machine, artificial neural network and maximum likelihood method in land use/cover classification of urban setting,” Environ. Challenges, vol. 14, no. October 2023, p. 100800, 2024, doi: 10.1016/j.envc.2023.100800.

E. Fevid, C. Walsh, and L. Russo, “Zero-Day Ransomware Detection via Assembly Language Bytecode Analysis and Random Forest Classification,” 2024.

H. Dabiri, V. Farhangi, M. J. Moradi, M. Zadehmohamad, and M. Karakouzian, “Applications of Decision Tree and Random Forest as Tree-Based Machine Learning Techniques for Analyzing the Ultimate Strain of Spliced and Non-Spliced Reinforcement Bars,” Appl. Sci., vol. 12, no. 10, pp. 1–13, 2022, doi: 10.3390/app12104851.

H. A. Salman, A. Kalakech, and A. Steiti, “Random Forest Algorithm Overview,” Babylonian J. Mach. Learn., vol. 2024, pp. 69–79, 2024, doi: 10.58496/bjml/2024/007.

M. M. Abualhaj, M. Al-Zyoud, A. Alsaaidah, A. Abu-Shareha, and S. Al-Khatib, “Enhancing Malware Detection through Self-Union Feature Selection Using Firefly Algorithm with Random Forest Classification,” Int. J. Intell. Eng. Syst., vol. 17, no. 4, pp. 376–389, 2024, doi: 10.22266/IJIES2024.0831.29.

J. L. Solorio-Ramírez, R. Jiménez-Cruz, Y. Villuendas-Rey, and C. Yáñez-Márquez, “Random forest Algorithm for the Classification of Spectral Data of Astronomical Objects,” Algorithms, vol. 16, no. 6, 2023, doi: 10.3390/a16060293.

H. Fei et al., “Cotton Classification Method at the County Scale Based on Multi-Features and Random Forest Feature Selection Algorithm and Classifier,” Remote Sens., vol. 14, no. 4, 2022, doi: 10.3390/rs14040829.