Analysis of Mikrotik Server Log Data Mining for Attack Pattern Analysis with Clustering at Bekangdam II Sriwijaya

Abstract

Research conducted at Bekangdam II Sriwijaya aims to analyze the pattern of attacks carried out by crackers using data mining of logs on Mikrotik. The method employed in this research is the descriptive method. The research directly involves fieldwork because it requires a lengthy analysis. The benefits derived from conducting this research include identifying the techniques launched by crackers against the existing network at Bekangdam II Sriwijaya. Developments in the world of technology have reached the Industrial Era 4.0. In this era, telecommunication networks have undergone many changes, both in wired and wireless networks. The increasing rate of this technological development is inseparable from the growing cybercrime activity. The results of this study indicate that data mining of logs on the Bekangdam II Sriwijaya Server can be analyzed, with the analysis revealing an IP that frequently accesses the server continuously, specifically 103.39.9.81, utilizing the Telnet medium 205 times in a day. The clustering process using K-means resulted in 4 clusters: the first cluster (1) is shown in blue, the second cluster (2) is purple, the third cluster (3) is green, and the fourth cluster is red. The yellow star color indicates the cluster's center point or its centroid point. Based on the access media, the Cluster Center Initialization can be grouped according to the following table. The medium most frequently used to launch this attack is Telnet, with a frequency of 535 times.