ASPECTS OF DETECTING CYBER THREATS IN UNIVERSITY NETWORK TRAFFIC

Authors

  • Lakhno Valeriy National University of Life and Environmental Sciences of Ukraine image/svg+xml
  • Mamchenko Sergii National University of Life and Environmental Sciences of Ukraine image/svg+xml
  • Matiievskyi Volodymyr National University of Life and Environmental Sciences of Ukraine image/svg+xml

DOI:

https://doi.org/10.31548/itees.2025.01.073

Keywords:

network traffic, network, university, behavioral analysis, Bayesian network, clustering, machine learning, method, cybersecurity

Abstract

Modern cyber threats to telecommunications systems and networks are characterized by a high degree of concealment, adaptability, and diversity. This complicates their rapid detection in network traffic, particularly at universities. Given the changing nature of cyberattacks, traditional methods based on signature analysis and fixed rules are proving insufficiently effective for identifying new or modified threats. In this regard, the development of intelligent hybrid approaches is becoming increasingly important. Such methods are capable of analyzing the behavioral characteristics of university traffic and adapting to its changes. The article presents a method for detecting cyber threats based on a combination of ensemble clustering and Bayesian probabilistic modeling methods. At the first stage, machine learning is used to identify hidden behavioral features of network connections in the university network based on various clustering algorithms. The resulting behavior embeddings are then used as input data for constructing a Bayesian network that describes the probabilistic dependencies between behavior parameters and anomaly features. The proposed approach not only allows detecting deviations from normal traffic behavior, but also ensures the interpretability of decisions in the field of information security. The practical value of the method lies in its potential for use in network traffic monitoring systems in corporate networks.

References

1. Lakhno, V., Yerbolat, K., Bagdat, Y., Kryvoruchko, O., Desiatko, A., Tsiutsiura, S., & Tsiutsiura, M. (2022). Model zakhystu lokalnoi merezhi navchalnoho zakladu servernoi systemy virtualizatsii [Model for protecting the local network of an educational institution’s server virtualization system]. Kiberbezpeka: Osvita, Nauka, Tekhnika [Cybersecurity: Education, Science, Technique], 2(18), 6–23. https://doi.org/10.28925/2663-4023.2022.18.623 (in Ukrainian).

2. Korpan, Y. V. (2015). Klasyfikatsiia zahroz informatsiinii bezpetsi v kompiuternykh systemakh pry viddalenii obrobtsi danykh [Classification of information security threats in computer systems during remote data processing]. Reiestratsiia, Zberihannia i Obrobka Danykh [Registration, Storage and Processing of Data], 17(2), 39–46 (in Ukrainian).

3. Ilyenko, A., Ilyenko, S., Diana, K., & Mazur, Y. (2023). Praktychni pidkhody shchodo vyiavlennia vrazlyvostei v informatsiino-telekomunikatsiinykh merezhakh [Practical approaches to identifying vulnerabilities in information and telecommunication networks]. Kiberbezpeka: Osvita, Nauka, Tekhnika [Cybersecurity: Education, Science, Technique], 3(19), 96–108. https://doi.org/10.28925/2663-4023.2023.19.96108 (in Ukrainian).

4. Makarenko, O., & Yanko, A. (2022). Kontseptsiia systemy vyiavlennia ta zapobihannia vtorhnen do merezhi [Concept of a network intrusion detection and prevention system]. Systemy Upravlinnia, Navihatsii ta Zviazku [Control, Navigation and Communication Systems], 2(68), 59–67. https://doi.org/10.26906/SUNZ.2022.2.059 (in Ukrainian).

5. Trokoz, Ye. M., Pokotylo, O. A., & Shchur, N. O. (2024). Modeliuvannia zahroz kanalnoho rivnia v OWASP Threat Dragon z rozrobkoiu stratehii zakhystu [Modeling data link layer threats in OWASP Threat Dragon with the development of a protection strategy]. Tekhnichna Inzheneriia [Technical Engineering], 1(93), 246–254. https://doi.org/10.26642/ten-2024-1(93)-246-254 (in Ukrainian).

6. Ahmed, M., Mahmood, A. N., & Hu, J. (2016). A survey of network anomaly detection techniques. Journal of Network and Computer Applications, 60, 19–31. https://doi.org/10.1016/j.jnca.2015.11.016.

7. Jeffrey, N., Tan, Q., & Villar, J. R. (2023). A review of anomaly detection strategies to detect threats to cyber-physical systems. Electronics, 12(15), Article 3283. https://doi.org/10.3390/electronics12153283.

8. Aslan, Ö., Aktuğ, S. S., Ozkan-Okay, M., Yilmaz, A. A., & Akin, E. (2023). A comprehensive review of cyber security vulnerabilities, threats, attacks, and solutions. Electronics, 12(6), Article 1333. https://doi.org/10.3390/electronics12061333.

9. Samrin, R., & Vasumathi, D. (2017, December). Review on anomaly based network intrusion detection system. In 2017 International Conference on Electrical, Electronics, Communication, Computer, and Optimization Techniques (ICEECCOT) (pp. 141–147). IEEE. https://doi.org/10.1109/ICEECCOT.2017.8284615.

10. Yang, Z., Liu, X., Li, T., Wu, D., Wang, J., Zhao, Y., & Han, H. (2022). A systematic literature review of methods and datasets for anomaly-based network intrusion detection. Computers & Security, 116, 102675. https://doi.org/10.1016/j.cose.2022.102675.

11. Alshamrani, A., Myneni, S., Chowdhary, A., & Huang, D. (2019). A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities. IEEE Communications Surveys & Tutorials, 21(2), 1851–1877. https://doi.org/10.1109/COMST.2019.2891891.

12. Bereziński, P., Jasiul, B., & Szpyrka, M. (2015). An entropy-based network anomaly detection method. Entropy, 17(4), 2367–2408. https://doi.org/10.3390/e17042367.

13. Xie, J., Girshick, R., & Farhadi, A. (2016, June). Unsupervised deep embedding for clustering analysis. In Proceedings of the 33rd International Conference on Machine Learning (pp. 478–487). PMLR. https://proceedings.mlr.press/v48/xieb16.html. https://doi.org/10.48550/arXiv.1511.06335.

14. Jiang, Z., Zheng, Y., Tan, H., Tang, B., & Zhou, H. (2016). Variational deep embedding: An unsupervised and generative approach to clustering. arXiv. https://arxiv.org/abs/1611.05148. https://doi.org/10.48550/arXiv.1611.05148.

15. Lienkov, S. V., Dzhulii, V. M., Bernaz, N. M., & Bozhuk, S. O. (2017). Analiz isnuiuchykh metodiv ta alhorytmiv vyiavlennia atak v bezdrotovykh merezhakh peredachi danykh [Analysis of existing methods and algorithms for detecting attacks in wireless data transmission networks]. Zbirnyk Naukovykh Prats Viiskovoho Instytutu Kyivskoho Natsionalnoho Universytetu imeni Tarasa Shevchenka [Collection of Scientific Works of the Military Institute of Taras Shevchenko Kyiv National University], 56, 124–132.

16. Holubenko, O. I., Lemeshko, A. V., Tsvyk, O. S., & Mishkur, Yu. V. (2023). Zabezpechennia informatsiinoi bezpeky v lokalnykh merezhakh za dopomohoiu kontroliu trafiku [Ensuring information security in local networks using traffic control]. ITSynergy, 2, 44–51. https://doi.org/10.53920/ITS-2023-2-3 (in Ukrainian).

Downloads

Published

2025-08-10

Issue

No. 1 (2025)

Section

All articles from the issue

License

Copyright (c) 2025 Information technologies in economics and environmental sciences

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.