Electronics and information technologies / Електроніка та інформаційні технології

Background. In modern monitoring of information and communication systems (ICS), a key challenge remains the timely detection of anomalies while maintaining a low false positive rate. Classical machine learning or deep learning methods often show a trade-off between high precision and the ability to detect most anomalies, limiting their efficiency in dynamic network environments.

Materials and Methods. This study proposes the Hybrid Adaptive Monitoring Method with Multi-level Anomaly Validation (HAM-MAV), which combines a deep autoencoder for anomaly detection (unsupervised) with a Random Forest classifier (supervised) and an adaptive threshold mechanism. In the first stage, the autoencoder identifies suspicious samples based on reconstruction error. These samples are then refined by the Random Forest, reducing false positives. The threshold is updated dynamically according to the statistics of the latest observation window. The experiments used the NSL-KDD (Network Security Laboratory – Knowledge Discovery in Databases) dataset with preprocessing steps including normalization, one-hot encoding, and feature selection based on correlation criteria.

Results and Discussion. Experimental results show that HAM-MAV achieves Precision of 96.92%, Recall of 62.67%, F1-score of 76.12%, and ROC-AUC (Receiver Operating Characteristic – Area Under Curve) of 0.8003, outperforming Autoencoder, Random Forest, and Isolation Forest in most metrics. The method reduces false positives while improving anomaly detection capability, maintaining a fast processing time. HAM-MAV’s key advantage is its balanced performance between precision and recall, which is critical for continuous ICS monitoring.

Conclusion. HAM-MAV provides an optimal combination of precision, recall, and execution speed, outperforming traditional methods in real-time conditions. Its architecture allows effective operation in environments with changing traffic characteristics, making it a promising approach for cybersecurity applications, particularly in automated intrusion detection systems.

Keywords: anomaly detection, deep learning, random forest, adaptive threshold, intrusion detection, NSL-KDD.

1. Senyk, A., Klymash, M., Pyrih, Y., Tsybulyak, B., Penyukh, B., & Shuvar, R. (2024). Improving the cybersecurity monitoring algorithms efficiency using neural networks. In 2024 IEEE 17th International Conference on Advanced Trends in Radioelectronics, Telecommunications and Computer Engineering (TCSET) (pp. 428–431). IEEE. https://doi.org/10.1109/TCSET64720.2024.10755520.
2. Klymash, M., Senyk, A., & Pyrih, Y. (2024). Investigation of a context-sensitive cyber security monitoring algorithm based on recurrent neural networks. ICTEE, 4(1), 1–9. https://doi.org/10.23939/ictee2024.01.001.
3. Feng, S., Yang, Z., Huang, M., & Wu, Y. (2021). Big data analysis of intellectual property service agencies. In 2021 4th International Conference on Pattern Recognition and Artificial Intelligence (PRAI) (pp. 326–330). IEEE. https://doi.org/10.1109/PRAI53619.2021.9551058.
4. Cai, J., Xie, L., Yao, S., & Gao, Y. (2025). Algorithm application and optimization in intellectual property management. In 2025 International Conference on Digital Analysis and Processing, Intelligent Computation (DAPIC) (pp. 458–463). IEEE. https://doi.org/10.1109/DAPIC66097.2025.00091.
5. Y, A. F., Sundaram, A., & Ruby Helen, F. (2025). Analyzing social media data misuse and intellectual property rights: A dual legal-empirical analysis approach in the digital landscape. In 2025 6th International Conference on Mobile Computing and Sustainable Informatics (ICMCSI) (pp. 1803–1810). IEEE. https://doi.org/10.1109/ICMCSI64620.2025.10883512.
6. Wu, B., Zheng, S., & Han, M. (2024). Innovation efficiency and influencing factors of high-tech industries: An analysis from the intellectual property perspective. In 2024 IEEE International Conference on Industrial Engineering and Engineering Management (IEEM) (pp. 1480–1484). IEEE. https://doi.org/10.1109/IEEM62345.2024.10857198.
7. Xiang, D., & Wu, Y. (2022). Analysis and research of internet user behaviors under the context of big data. In 2022 International Conference on Big Data, Information and Computer Network (BDICN) (pp. 243–247). IEEE. https://doi.org/10.1109/BDICN55575.2022.00054.
8. Qiu, B., Liu, D., Cao, S., Mu, C., Yan, S., & Liu, Y. (2024). Risk analysis and protection suggestions for artificial intelligence data security. In 2024 IEEE 9th International Conference on Data Science in Cyberspace (DSC) (pp. 392–398). IEEE. https://doi.org/10.1109/DSC63484.2024.00059.
9. Wang, Y., Sun, J., Lu, X., Chen, C., & Yang, F. (2024). Research on data privacy calculation and data traceability technology for power monitoring system. In 2024 Asia-Pacific Conference on Software Engineering, Social Network Analysis and Intelligent Computing (SSAIC) (pp. 867–871). IEEE. https://doi.org/10.1109/SSAIC61213.2024.00175.
10. Zhang, L., Li, Y., Qiu, B., Zhang, J., & Liang, W. (2021). Design of communication power centralized remote monitoring system based on big data technology. In 2021 International Conference on Electronics, Circuits and Information Engineering (ECIE) (pp. 46–49). IEEE. https://doi.org/10.1109/ECIE52353.2021.00017.
11. Lai, S., Pan, Z., Ren, Q., Wang, P., Zhao, J., & Chen, H. (2024, October). IoT-Based Site Safety Monitoring and Early Warning System. In 2024 3rd International Conference on Data Analytics, Computing and Artificial Intelligence (ICDACAI) (pp. 870-874). IEEE. https://doi.org/10.1109/ICDACAI65086.2024.00164.