ASPECTS OF DETECTING CYBER THREATS IN UNIVERSITY NETWORK TRAFFIC

Abstract

Modern cyber threats to telecommunications systems and networks are characterized by a high degree of concealment, adaptability, and diversity. This complicates their rapid detection in network traffic, particularly at universities. Given the changing nature of cyberattacks, traditional methods based on signature analysis and fixed rules are proving insufficiently effective for identifying new or modified threats. In this regard, the development of intelligent hybrid approaches is becoming increasingly important. Such methods are capable of analyzing the behavioral characteristics of university traffic and adapting to its changes. The article presents a method for detecting cyber threats based on a combination of ensemble clustering and Bayesian probabilistic modeling methods. At the first stage, machine learning is used to identify hidden behavioral features of network connections in the university network based on various clustering algorithms. The resulting behavior embeddings are then used as input data for constructing a Bayesian network that describes the probabilistic dependencies between behavior parameters and anomaly features. The proposed approach not only allows detecting deviations from normal traffic behavior, but also ensures the interpretability of decisions in the field of information security. The practical value of the method lies in its potential for use in network traffic monitoring systems in corporate networks.