LogSense: A Comparative Anomaly Detection Platform on Web Server Access Logs Using Multiple Algorithms

Abstract

This study introduces LogSense, a platform developed for anomaly detection in large-scale web server access logs through a comparative analysis of machine learning algorithms. Three unsupervised approaches; k-Means, DBSCAN, and Isolation Forest were implemented to identify irregular patterns and abnormal traffic behaviors within server activity data. The platform establishes an end-to-end analytical workflow that includes parsing and cleaning log files, performing feature engineering, normalizing features, applying multiple algorithms, and visualizing anomalies through interpretable outputs such as SSD histograms and t-SNE projections. Experimental results show that k-Means is effective in detecting cluster-based outliers, DBSCAN identifies density-related irregularities with high clustering quality, and Isolation Forest isolates diverse anomalies with superior runtime performance. A subsequent cross-validation phase confirmed that anomalies consistently detected by multiple algorithms are highly reliable. Overall, this study underscores the value of proactive anomaly detection in web server security and highlights the complementary strengths of clustering, density, and ensemble-based learning approaches.