A hybrid cybersecurity framework integrating Transformer-based Variational Autoencoders, attention-driven ensemble learning, and unsupervised anomaly detection for attack detection, risk assessment, and alert generation.
Developed as part of the Machine Learning Trainee Program – Software & Systems Security Bootcamp
National Institute of Technology Karnataka (NITK), Surathkal
Industry Partner: SaviyntA hybrid Transformer-VAE and Attention-Based Ensemble Framework for Cyber Attack Detection, Risk Assessment, and Alert Prioritization. Guided by Prof. Panigrahi Srikanth Department of Artificial Intelligence and Machine Learning (AI & ML)
A hybrid anomaly detection and cybersecurity risk assessment framework that combines Transformer-based Variational Autoencoders (Transformer-VAE), Attention Fusion Networks, and multiple unsupervised anomaly detection models for intelligent cyber attack detection, risk scoring, and alert prioritization.
Hybrid Transformer-VAE and Attention-Based Ensemble Framework for Cyber Attack Detection and Risk Assessment
FusionThreatNet is a hybrid anomaly detection framework designed to identify malicious activities and abnormal behavioral patterns in cybersecurity environments.
The framework integrates:
- Transformer-Based Variational Autoencoder (VAE)
- Attention Fusion Network
- Isolation Forest
- One-Class Support Vector Machine (OCSVM)
- Local Outlier Factor (LOF)
- Latent Space Feature Learning
- Reconstruction Error Analysis
- Risk Scoring Engine
- Alert Prioritization System
- Ensemble-Based Anomaly Detection
The proposed framework combines deep representation learning with traditional anomaly detection techniques to improve attack detection, risk estimation, and decision support for cybersecurity monitoring systems.
This project was developed during the Machine Learning Trainee – Software & Systems Security Bootcamp organized by NITK Surathkal with Saviynt as the industry partner.
The work focuses on applying machine learning, anomaly detection, representation learning, and cybersecurity risk analytics to detect malicious activities, assess risk levels, and prioritize security alerts in enterprise environments.
This project was developed as part of the Machine Learning Trainee Program – Software & Systems Security Bootcamp conducted by NITK Surathkal in collaboration with Saviynt.
To evaluate the proposed FusionThreatNet framework, a synthetic cybersecurity dataset comprising 10,000 samples was generated to emulate realistic enterprise security environments, authentication activities, system monitoring events, and anomalous attack scenarios commonly encountered in modern cybersecurity infrastructures.
The dataset contains structured cybersecurity records including:
- Network Traffic Records
- User Authentication and Activity Logs
- Security Events and Alerts
- System Monitoring Metrics
- Mixed Numerical and Categorical Features
Each sample is associated with a binary target label:
| Label | Description |
|---|---|
| 0 | Normal Activity |
| 1 | Attack / Anomalous Activity |
The dataset was specifically designed to evaluate:
- Unsupervised Anomaly Detection
- Transformer-VAE Feature Learning
- Attention-Based Fusion
- Risk Assessment
- Alert Prioritization
The generated data incorporates both normal operational behavior and simulated attack patterns to support cybersecurity analytics and anomaly detection research.
Due to repository size limitations, the complete dataset is not included in this repository.
The framework evaluates multiple unsupervised anomaly detection algorithms:
- Isolation Forest
- One-Class SVM
- Local Outlier Factor (LOF)
Each model generates anomaly scores that are subsequently fused through an attention-based ensemble mechanism.
The Transformer-based Variational Autoencoder learns latent representations from cybersecurity data while preserving long-range feature dependencies.
Key components:
- Transformer Encoder
- Variational Latent Space
- Transformer Decoder
- Reconstruction Error Analysis
The proposed FusionThreatNet architecture consists of:
- Data Preprocessing
- Traditional Anomaly Detection
- Attention-Based Fusion
- Transformer-VAE Feature Learning
- Latent Space Anomaly Detection
- Risk Scoring Engine
- Alert Generation and Prioritization
The framework converts anomaly scores into actionable cybersecurity intelligence.
Risk Score = Probability × 100
| Alert Level | Risk Score Range |
|---|---|
| LOW | 0 – 39 |
| MEDIUM | 40 – 64 |
| HIGH | 65 – 84 |
| CRITICAL | 85 – 100 |
The framework evaluates performance using:
- Accuracy
- Precision
- Recall
- F1-Score
- ROC-AUC
- PR-AUC
- Confusion Matrix
- Classification Report
Contains:
- entity_id
- model
- risk_probability
- risk_score
- alert_level
Contains:
- Total Samples
- Critical Alerts
- High Alerts
- Medium Alerts
- Low Alerts
- Average Risk
- Maximum Risk
FusionThreatNet/
│
├── assets/
│ ├── interface.png
│ ├── architecture.png
│ ├── workflow.png
│ ├── transformer_vae.png
│ └── anomaly_models.png
│
├── datasets/
│
├── checkpoints/
├── notebooks/
├── src/
│
├── outputs/
│
├── train.py
├── evaluate.py
├── inference.py
│
├── requirements.txt
├── setup.py
├── .gitignore
├── LICENSE
└── README.md- Python
- PyTorch
- TensorFlow
- NumPy
- Pandas
- Scikit-Learn
- Transformer Networks
- Variational Autoencoders
- Attention Mechanisms
- Cybersecurity Analytics
- Anomaly Detection
- Risk Assessment
- Transformer-Based Variational Autoencoder
- Attention-Based Ensemble Fusion
- Isolation Forest Integration
- One-Class SVM Integration
- Local Outlier Factor Integration
- Latent Space Feature Learning
- Reconstruction Error Analysis
- Risk Probability Estimation
- Alert Prioritization Framework
- Explainable Risk Scoring
Modern cybersecurity environments generate massive volumes of heterogeneous data where malicious activities are often rare, evolving, and difficult to identify using traditional rule-based systems.
FusionThreatNet addresses these challenges through a hybrid learning strategy that combines Transformer-VAE representation learning with multiple anomaly detection algorithms and attention-guided ensemble fusion. The framework not only detects attacks but also quantifies risk and prioritizes alerts, enabling more effective security monitoring and decision-making.
Special thanks to Alwyn Roshan Pais, NITK Surathkal, for initiating and organizing the Machine Learning Trainee – Software & Systems Security Bootcamp in collaboration with Saviynt.
The knowledge, guidance, and industry exposure provided through this program played a significant role in inspiring and shaping the development of FusionThreatNet.
Detect malicious activities accurately, assess cybersecurity risks, prioritize alerts, and provide actionable intelligence through a hybrid Transformer-VAE and Attention Fusion framework.



