Skip to content

bytemonkk/FusionThreatNet

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

FusionThreatNet

A hybrid cybersecurity framework integrating Transformer-based Variational Autoencoders, attention-driven ensemble learning, and unsupervised anomaly detection for attack detection, risk assessment, and alert generation.

FusionThreatNet

Developed as part of the Machine Learning Trainee Program – Software & Systems Security Bootcamp

National Institute of Technology Karnataka (NITK), Surathkal
Industry Partner: Saviynt

A hybrid Transformer-VAE and Attention-Based Ensemble Framework for Cyber Attack Detection, Risk Assessment, and Alert Prioritization. Guided by Prof. Panigrahi Srikanth Department of Artificial Intelligence and Machine Learning (AI & ML)

A hybrid anomaly detection and cybersecurity risk assessment framework that combines Transformer-based Variational Autoencoders (Transformer-VAE), Attention Fusion Networks, and multiple unsupervised anomaly detection models for intelligent cyber attack detection, risk scoring, and alert prioritization.

FusionThreatNet

Hybrid Transformer-VAE and Attention-Based Ensemble Framework for Cyber Attack Detection and Risk Assessment


Overview

FusionThreatNet is a hybrid anomaly detection framework designed to identify malicious activities and abnormal behavioral patterns in cybersecurity environments.

The framework integrates:

  • Transformer-Based Variational Autoencoder (VAE)
  • Attention Fusion Network
  • Isolation Forest
  • One-Class Support Vector Machine (OCSVM)
  • Local Outlier Factor (LOF)
  • Latent Space Feature Learning
  • Reconstruction Error Analysis
  • Risk Scoring Engine
  • Alert Prioritization System
  • Ensemble-Based Anomaly Detection

The proposed framework combines deep representation learning with traditional anomaly detection techniques to improve attack detection, risk estimation, and decision support for cybersecurity monitoring systems.


Academic & Industry Context

This project was developed during the Machine Learning Trainee – Software & Systems Security Bootcamp organized by NITK Surathkal with Saviynt as the industry partner.

The work focuses on applying machine learning, anomaly detection, representation learning, and cybersecurity risk analytics to detect malicious activities, assess risk levels, and prioritize security alerts in enterprise environments.


Dataset Information

This project was developed as part of the Machine Learning Trainee Program – Software & Systems Security Bootcamp conducted by NITK Surathkal in collaboration with Saviynt.

To evaluate the proposed FusionThreatNet framework, a synthetic cybersecurity dataset comprising 10,000 samples was generated to emulate realistic enterprise security environments, authentication activities, system monitoring events, and anomalous attack scenarios commonly encountered in modern cybersecurity infrastructures.

The dataset contains structured cybersecurity records including:

  • Network Traffic Records
  • User Authentication and Activity Logs
  • Security Events and Alerts
  • System Monitoring Metrics
  • Mixed Numerical and Categorical Features

Each sample is associated with a binary target label:

Label Description
0 Normal Activity
1 Attack / Anomalous Activity

The dataset was specifically designed to evaluate:

  • Unsupervised Anomaly Detection
  • Transformer-VAE Feature Learning
  • Attention-Based Fusion
  • Risk Assessment
  • Alert Prioritization

The generated data incorporates both normal operational behavior and simulated attack patterns to support cybersecurity analytics and anomaly detection research.

Due to repository size limitations, the complete dataset is not included in this repository.


Traditional Anomaly Detection Models

The framework evaluates multiple unsupervised anomaly detection algorithms:

  • Isolation Forest
  • One-Class SVM
  • Local Outlier Factor (LOF)

Each model generates anomaly scores that are subsequently fused through an attention-based ensemble mechanism.


Transformer-VAE Feature Learning

The Transformer-based Variational Autoencoder learns latent representations from cybersecurity data while preserving long-range feature dependencies.

Key components:

  • Transformer Encoder
  • Variational Latent Space
  • Transformer Decoder
  • Reconstruction Error Analysis

Proposed Architecture

The proposed FusionThreatNet architecture consists of:

  1. Data Preprocessing
  2. Traditional Anomaly Detection
  3. Attention-Based Fusion
  4. Transformer-VAE Feature Learning
  5. Latent Space Anomaly Detection
  6. Risk Scoring Engine
  7. Alert Generation and Prioritization

Risk Scoring Strategy

The framework converts anomaly scores into actionable cybersecurity intelligence.

Risk Score

Risk Score = Probability × 100

Alert Levels

Alert Level Risk Score Range
LOW 0 – 39
MEDIUM 40 – 64
HIGH 65 – 84
CRITICAL 85 – 100

Evaluation Metrics

The framework evaluates performance using:

  • Accuracy
  • Precision
  • Recall
  • F1-Score
  • ROC-AUC
  • PR-AUC
  • Confusion Matrix
  • Classification Report

Output Files

all_models_risk_alerts.csv

Contains:

  • entity_id
  • model
  • risk_probability
  • risk_score
  • alert_level

model_alert_statistics.csv

Contains:

  • Total Samples
  • Critical Alerts
  • High Alerts
  • Medium Alerts
  • Low Alerts
  • Average Risk
  • Maximum Risk

Project Structure

FusionThreatNet/
│
├── assets/
│   ├── interface.png
│   ├── architecture.png
│   ├── workflow.png
│   ├── transformer_vae.png
│   └── anomaly_models.png
│
├── datasets/
│
├── checkpoints/
├── notebooks/
├── src/
│
├── outputs/
│
├── train.py
├── evaluate.py
├── inference.py
│
├── requirements.txt
├── setup.py
├── .gitignore
├── LICENSE
└── README.md

Technologies Used

  • Python
  • PyTorch
  • TensorFlow
  • NumPy
  • Pandas
  • Scikit-Learn
  • Transformer Networks
  • Variational Autoencoders
  • Attention Mechanisms
  • Cybersecurity Analytics
  • Anomaly Detection
  • Risk Assessment

Key Features

  • Transformer-Based Variational Autoencoder
  • Attention-Based Ensemble Fusion
  • Isolation Forest Integration
  • One-Class SVM Integration
  • Local Outlier Factor Integration
  • Latent Space Feature Learning
  • Reconstruction Error Analysis
  • Risk Probability Estimation
  • Alert Prioritization Framework
  • Explainable Risk Scoring

Why FusionThreatNet?

Modern cybersecurity environments generate massive volumes of heterogeneous data where malicious activities are often rare, evolving, and difficult to identify using traditional rule-based systems.

FusionThreatNet addresses these challenges through a hybrid learning strategy that combines Transformer-VAE representation learning with multiple anomaly detection algorithms and attention-guided ensemble fusion. The framework not only detects attacks but also quantifies risk and prioritizes alerts, enabling more effective security monitoring and decision-making.


Acknowledgement

Special thanks to Alwyn Roshan Pais, NITK Surathkal, for initiating and organizing the Machine Learning Trainee – Software & Systems Security Bootcamp in collaboration with Saviynt.

The knowledge, guidance, and industry exposure provided through this program played a significant role in inspiring and shaping the development of FusionThreatNet.


Goal

Detect malicious activities accurately, assess cybersecurity risks, prioritize alerts, and provide actionable intelligence through a hybrid Transformer-VAE and Attention Fusion framework.

About

A hybrid cybersecurity framework integrating Transformer-based Variational Autoencoders, attention-driven ensemble learning, and unsupervised anomaly detection for attack detection, risk assessment, and alert generation.

Topics

Resources

Stars

5 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors