Behind the rapid development of the internet in today’s era, various types of crime are also targeting vital players in the internet industry. With many online crime types rampant, an antidote is also needed to suppress internet crime. Therefore, the researcher proposes a solution in the form of a Keris, namely the hypertext transfer protocol (HTTP) intrusion detection system (IDS) that runs on the server where our website is running. Keris works by detecting rampant intrusions that attack servers or websites. When an intrusion is detected, Keris will notify the system admin using the Keris Telegram chatbot or an alternative Keris mobile application with firebase cloud messaging (FCM) technology. The research was conducted by comparing the results of one-way delay (OWD) between Telegram Webhook and FCM with the help of the open web application security project (OWASP) zed attack proxy (ZAP) test tool. From the results of the tests, OWD against directory brute force attacks on Telegram Webhook for 0.72 seconds and on FCM for 0.44 seconds. In this case, FCM is more suitable for real-time notifications if we need a very responsive notification.

cyber attack; HTTP IDS; intrusion; OWASP ZAP; Telegram Bot;