EXPERIMENTAL EVALUATION OF THE EFFECTIVENESS OF HYBRID METHODS FOR DIGITAL FOOTPRINT ANALYSIS IN DETECTING ATYPICAL BEHAVIOR IN INFORMATION AND EDUCATIONAL SYSTEMS
DOI:
https://doi.org/10.28925/2663-4023.2026.32.1109Keywords:
digital footprints; information and educational system; anomaly detection; hybrid methods; machine learning; XGBoost; Isolation Forest; behavioral analysis; cybersecurity; higher education institutionAbstract
Abstract. The relevance of this study is driven by the need to strengthen the security of information and educational systems (IES) of higher education institutions (HEIs), which, under martial law and widespread distance learning, have also become targets of cyberattacks. Existing IES protection methods and tools based on static signatures and access control policies have lost their effectiveness against insider threats and behavioral anomalies, such as account compromise, academic misconduct, and unauthorized delegation of privileges. The aim of this work is an experimental evaluation of the effectiveness of the developed information technology for detecting atypical user activity through hybrid analysis of their digital footprints (DF). The study is based on the hypothesis that combining structural–hierarchical modeling of business processes with ensemble machine learning (ML) methods makes it possible to significantly reduce Type I and Type II errors. To verify the proposed solutions, a series of computational experiments was conducted on a real-world dataset formed from LMS Moodle log files (over 30,000 interaction events). A comparative analysis of the developed hybrid method with classical algorithms-XGBoost gradient boosting and Isolation Forest-was performed. Experimental results demonstrate that the proposed hybrid method, which employs weighted ensemble () learning, exhibits higher discriminative power and stability. The integral quality metric ROC-AUC reached 0,956, while the balanced F1-score achieved 0,858, exceeding the baseline XGBoost performance by 4,6%. Analysis of the Precision–Recall curves confirmed the robustness of the method to class imbalance, with the area under the curve (AP) equal to 0,889. The results of the study confirm that the implementation of the proposed technology enables higher education institutions to provide flexible protection of their information and educational systems by forming a clear separation between legitimate and atypical user behavior, while minimizing the risk of blocking bona fide users.
Downloads
References
Dolliver, D. S., Ghazi-Tehrani, A. K., & Poorman, K. T. (2021). Building a robust cyberthreat profile for institutions of higher education: An empirical analysis of external cyberattacks against a large university’s computer network. International Journal of Law, Crime and Justice, 66, 100484. https://doi.org/10.1016/j.ijlcj.2021.100484
Lakhno, M. (2025). System analysis of digital footprints in the information and educational system of a university [Systemnyi analiz tsyfrovykh slidiv u informatsiino-osvitnii systemi universytetu]. Cybersecurity: Education, Science, Technique, 3(27), 72–86. https://doi.org/10.28925/2663-4023.2025.27.709
Lakhno, M. V. (2025). Contextual characteristics of digital footprints and their impact on university information security. Central Ukrainian Scientific Bulletin. Technical Sciences, 11(42, Pt. II), 11–22. https://doi.org/10.32515/2664-262X.2025.11(42).2.11-22
Lakhno, M. V. (2025). Method of multilevel analysis of digital footprints in information and educational systems [Metod bahatorivnevoho analizu tsyfrovykh slidiv v informatsiino-osvitnikh systemakh]. Technical Sciences and Technologies, 3(41), 193–202.
Shkarupylo, V. V., & Lakhno, M. V. (2025). Model of digital footprint analysis in secure information and educational systems. Electronic Modeling, 47(4), 113–125. https://doi.org/10.15407/emodel.47.04.113
Buitrago-Ropero, M. E., Ramírez-Montoya, M. S., & Laverde, A. C. (2023). Digital footprints (2005–2019): A systematic mapping of studies in education. Interactive Learning Environments, 31(2), 876–889. https://doi.org/10.1080/10494820.2020.1817509
Azcona, D., Hsiao, I. H., & Smeaton, A. F. (2019). Detecting students-at-risk in computer programming classes with learning analytics from students’ digital footprints. User Modeling and User-Adapted Interaction, 29, 759–788. https://doi.org/10.1007/s11257-019-09227-7
Sun, L., Versteeg, S., Boztaş, S., & Rao, A. (2016). Detecting anomalous user behavior using an extended isolation forest algorithm: An enterprise case study. arXiv. https://arxiv.org/abs/1609.06676
Shi, L., Qian, C., & Guo, F. (2022). Real-time driving risk assessment using deep learning with XGBoost. Accident Analysis & Prevention, 178, 106836. https://doi.org/10.1016/j.aap.2022.106836
Folino, G., Otranto Godano, C., & Pisani, F. S. (2023). An ensemble-based framework for user behaviour anomaly detection and classification for cybersecurity. The Journal of Supercomputing, 79(11), 11660–11683. https://doi.org/10.1007/s11227-023-05230-9
Alaca, Y., Çelik, Y., & Goel, S. (2023). Anomaly detection in cyber security with graph-based LSTM in log analysis. Chaos Theory and Applications, 5(3), 188–197.
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Мирослав Лахно
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
