Hybrid Machine Learning–Based Intrusion Detection for Zero-Day Attack Prevention in Digital Education Networks

Modern educational institutions increasingly rely on digital infrastructure for learning management systems, online assessments, and campus networks. This digital transformation in education has been accompanied by a surge in cyber-attacks targeting universities and e-learning platforms, as noted by the studies [1, 2]. Higher education institutions face rising threats: recent surveys in the UK have found that 50% of universities experience weekly cyberattacks, with 63% having had at least one successful intrusion. Attackers range from financially motivated ransomware groups to state-sponsored actors who exploit the often-limited cybersecurity measures in educational environments. Zero-day attacks – exploits of previously unknown vulnerabilities – pose a grave risk because traditional defenses cannot recognize them. 82% of schools experienced a cyber incident within 18 months, according to the 2025-k12-cybersecurity-report [3]. Ensuring robust network intrusion detection in this context is paramount to protect sensitive student data, research intellectual property, and the continuity of digital learning. Recent data shows that the education sector has become the most targeted industry for cyber-attacks, experiencing an average of 3,086 attacks per organization per week—a staggering 37% increase year-over-year through mid-2024. According to Check Point research [4], this rapid escalation places education ahead of all other sectors in terms of attack volume.

Conventional intrusion detection systems (IDS) are falling short in this arena. Signature-based IDS (such as Snort) relies on known attack patterns; while effective for known malware or exploits, they cannot detect novel attacks, as highlighted by Guo [5]. In practice, a purely signature-based approach may completely miss new malware or target zero-day exploits – as Guo's survey noted, "the traditional signature-based detection method is not effective in detecting zero-day attacks." On the other hand, anomaly-based IDS aims to flag deviations from normal behavior, potentially catching unknown attacks by design. These systems, however, tend to suffer from high false-positive rates – benign deviations (e.g., a sudden surge in e-learning video traffic during online exams) can be misclassified as attacks, as stated by Wang et al. [6]. Wang et al. [6] highlighted this trade-off: anomaly detection finds new attacks that signatures miss, but it “is prone to false alarms” that reduce its accuracy in practice.

In response, the cybersecurity research community has turned to machine learning (ML) and hybrid techniques as promising solutions, as reported by the studies [7-9]. ML-based IDS can learn complex patterns of legitimate and malicious behavior, potentially detecting subtle intrusions faster and more accurately. For example, recent work by Talukder et al. [9] achieved over 99% accuracy on benchmark IDS datasets by applying ensemble classifiers on engineered features. Deep learning models (e.g., CNNs, RNNs) have shown exceptionally high performance in intrusion detection tasks, often outperforming classical ML; Ali et al. [10] reported that deep models like CNN/LSTM reached ~98% accuracy versus lower rates for SVM or KNN, on a cyber threat dataset. Moreover, hybrid IDS architectures that combine multiple approaches are emerging to balance strengths and weaknesses. Ahmed et al. [7] integrated signature and anomaly detection using a fuzzy clustering-enhanced classifier. Their approach enhanced the detection of specific attack types by utilizing fuzzy logic to handle uncertainty, highlighting the potential of hybrid methods to strengthen security. Similarly, Sajid et al. [8] implemented a hybrid ML/DL model (XGBoost + CNN-LSTM), which achieved high accuracy with a low false acceptance rate, tackling the limitations of single algorithms.

Despite these advances, gaps remain. Many ML-based IDS studies focus on enterprise or IoT networks, and few are tailored to the digital education domain. Campus networks have unique traffic patterns (e.g., heavy use of video conferencing, academic cloud services, BYOD devices) and potentially more open network access policies. Education cybersecurity measures often lag behind those in other sectors, and resource constraints mean that any proposed IDS must be efficient. There is a need for an intrusion detection approach that:

• Detects zero-day attacks effectively.
• Maintains a low false positive rate (FPR) to avoid alert fatigue.
• Lightweight enough for university IT deployments.
• Tuned to the threats and traffic patterns of educational environments.

This paper proposes an ML-based network IDS for preventing zero-day attacks in digital education. The core contribution is a hybrid IDS framework that combines anomaly-based detection (using an ML model to learn normal campus network behavior) with signature-based techniques. In our design, a deep autoencoder network continuously learns the baseline patterns of e-learning traffic (such as Moodle LMS usage, video streaming, and IoT sensors in smart classrooms). It raises an alert when traffic deviates significantly from this baseline, enabling the detection of novel attacks in real time. Simultaneously, known attack signatures (for malware, DoS tools, etc.) are monitored via a lightweight rules engine, ensuring we do not miss any known threats. We also introduce new features derived from the educational context – for example, features that capture sudden changes in a student's online activity or abnormal access to academic databases – to enhance the detection of credential compromise and lateral movement attacks specific to universities. This combination of techniques and features is novel in the context of educational cybersecurity: it leverages the accuracy of ML and the precision of signature checks, all optimized for the academic network setting.

The proposed method offers several advantages: (a) It provides a broader detection coverage and can identify previously unseen attacks (a capability traditional IDS lack) – as will be shown, our system detected >95% of zero-day attack instances in tests, whereas a pure signature IDS detected 0%. (b) Through careful threshold tuning and feature selection, our IDS achieves a low false alarm rate (under 1%), addressing the over-sensitivity problem of anomaly detectors. (c) It is computationally efficient – using ensemble tree models and an autoencoder with modest complexity, it runs in real-time on typical campus network hardware (we demonstrate sub-millisecond per-packet processing). (d) Importantly, it is validated on a university network dataset, aligning with real-world digital education scenarios, unlike many works that only use generic datasets. By explicitly focusing on the digital education context, we align our contributions with the needs of that sector. In summary, this work bridges a gap between advanced intrusion detection research and practical cybersecurity for education, offering a solution that improves upon conventional methods in both theory and practice.

Organization of this paper: Section 2 reviews related work and conventional IDS methods, highlighting their drawbacks in detecting zero-day attacks and securing educational networks. Section 3 presents our proposed hybrid ML-based IDS in detail, including the system architecture, algorithms, and theoretical justification for its design. Section 4 describes the experimental setup and datasets used to evaluate the system, followed by performance results with comparisons to baseline methods (including confusion matrix and receiver operating characteristic (ROC) analyses). Section 5 discusses the results, comparative advantages, and limitations. Finally, Section 6 concludes the paper by summarizing our contributions and outlining future research directions.

Overview of the Hybrid IDS Architecture: The proposed system comprises two main modules that operate in sequence, as illustrated in Figure 1.

(1) A Signature Detection Module.

(2) An Anomaly Detection Module powered by ML.

tu_pian_1.png

Figure 1. Proposed system workflow

Incoming network traffic flows through the signature module, which utilizes a database of known attack signatures (similar to Snort rules but optimized for the educational domain) to flag any matching malicious patterns immediately. This module is lightweight – it is essentially pattern-matching – and very fast. Traffic that does not match any known bad signature is then handed to the ML-based anomaly detector. This second module extracts a feature vector $x\text{ }\!\!~\!\!\text{ }\epsilon \text{ }\!\!~\!\!\text{ }{{R}^{n}}$ for each flow or packet (depending on the detection granularity; in our implementation, we used flow-level features aggregated over short time windows). The feature set includes standard network features (e.g., packet counts, byte counts, protocol, port numbers) as well as education-specific features (e.g., a one-hot encoding of whether the destination is an academic server or external site, time-of-day indicators aligned with class schedules, etc.). The anomaly detector then determines if $x$ is "normal" or "suspicious" by computing a reconstruction error using an autoencoder and/or classification with a trained ML model.

3.1 Autoencoder anomaly detector

At the heart of the anomaly module is a deep autoencoder neural network ${{f}_{\theta }}:\text{ }\!\!~\!\!\text{ }{{R}^{n}}\to {{R}^{n}}\text{ }\!\!~\!\!\text{ }$ with parameters θ. During training, this autoencoder receives numerous examples of normal network traffic feature vectors (we ensure the training data is free of known attacks by filtering with the signature module and using periods of network activity with no security incidents). It is trained to output a reconstruction $\hat{x}\text{ }\!\!~\!\!\text{ }=\text{ }\!\!~\!\!\text{ }{{f}_{\theta }}\text{ }\!\!~\!\!\text{ }\left( x \right)$ that closely approximates the input $x$. The training objective is to minimize the average reconstruction error $L\left( \theta  \right)=E\left[ \parallel x-{{f}_{\theta }}\left( x \right){{\parallel }^{2}} \right]$ over standard samples. By doing so, the autoencoder learns the manifold of normal network behavior. If a new input $x$ (from live traffic) is similar to the training distribution, the autoencoder will reconstruct it with low error. However, if $x$ corresponds to an attack (especially a zero-day attack that introduces novel patterns), it will likely lie outside the learned manifold, yielding a higher reconstruction error. We define a threshold τ such that if $\parallel {{x}^{\text{*}}}-{{f}_{\theta }}\left( {{x}^{\text{*}}} \right){{\parallel }^{2}}>\text{ }\!\!~\!\!\text{ }\tau $, the flow is flagged as anomalous (potential intrusion). This approach has a theoretical basis in outlier detection: under fairly general assumptions, it can become a "universal approximator" for the normal data distribution as the autoencoder capacity increases. Anything not well-approximated (i.e., with high error) can be considered an outlier with some statistical significance. We calibrated τ on a validation set to achieve a target FPR (using extreme value theory to model the tail of reconstruction errors of standard data).

Also, the labeled data was given as input to train different models (RF, KNN, Naïve Bayes, AdaBoost), shown in Figure 2. Once the models were trained, they were evaluated and checked for correctness using metrics like accuracy, precision, recall, and F1-score, as shown in Table 1. Several helpful metrics for assessing models are computed using true and false positives and negatives. The cost of various misclassifications, whether the dataset is balanced or imbalanced, and the model and task all influence which assessment metrics are most significant. RF was chosen to provide another view for intrusion detection based on the results obtained.

tu_pian_2.png

Figure 2. Selection of the best-performing ML model

Table 1. Various models with metric values on the given dataset

Feature selection employed a mutual information criterion to rank each network feature’s relevance to the attack label, retaining only the top-ranked attributes (such as packet size and flow duration) for modeling. The anomaly detector (autoencoder) then uses a decision threshold $\tau$, which is tuned via cross-validation on held-out data to balance detection sensitivity and false positives. Our studies yielded an FPR < 1% since $\tau$ is tuned on validation splits to seek a low FPR. These actions greatly increase detection accuracy and overall efficiency by concentrating the model on the most discriminative inputs and creating a strong decision boundary.

3.2 Random Forest classifier

In parallel with the autoencoder, we also train an RF classifier on labeled data (when available) to provide another perspective on intrusion detection. The RF operates on the same feature vector $x$. The theoretical justification for using RF is its ensemble nature – it constructs multiple decision trees ${{h}_{1}}\left( x \right),\text{ }\!\!~\!\!\text{ }{{h}_{2}}\left( x \right),\ldots ,{{h}_{M}}\left( x \right)\text{ }\!\!~\!\!\text{ }$and averages their votes. By the law of large numbers, an ensemble of weak (noisy) classifiers can yield a strong classifier, reducing variance and avoiding overfitting. Each tree in our forest is trained on a bootstrap sample of the data with a random subset of features (this is the standard Breiman’s RF algorithm). This ensemble approach is known to have high accuracy and resilience to outliers or variance in the data. Ali et al. [10] found that an RF achieved the highest accuracy (99.9%) on one intrusion dataset, surpassing deep neural nets – underscoring that ensemble trees remain highly competitive for structured data. Our RF is trained to output a probability $P(y=\operatorname{attack} \mid x)$ for each input. We set a threshold on this probability (> 0.5) to classify an instance as malicious.

3.3 Combining the modules

The hybrid decision logic is as follows. If the signature module flags an input, it is immediately classified as an attack (ideally, the connection can be terminated by a network action). For inputs not caught by signatures:

(1) The autoencoder computes reconstruction error $E\text{ }\!\!~\!\!\text{ }=\text{ }\!\!~\!\!\text{ }\parallel x-\hat{x}{{\parallel }^{2}}$.

(2) The RF computes a classification score (vote or probability). We then combine these two signals. A simple AND/OR logic can be applied for implementation, labeled an input as an attack if either (a) the RF classifier votes attack (majority of trees) AND the autoencoder error E is above threshold τ, or (b) E is far above τ (extreme anomaly) even if RF is unsure. Rationale: We require both the supervised and unsupervised indicators to agree on moderate anomalies to reduce false alarms, but we trust the autoencoder alone for extremely anomalous events. This rule was chosen to minimize false positives while catching novel attacks that the RF (trained only on known attacks) might not recognize. Theoretical underpinning here is akin to an ensemble of experts – one trained on known patterns, one detecting deviations – combined logically. We could formalize it as a weighted decision score, but the result is binary.

The Autoencoder models common benign behaviors (and thus identifying anything outside them), while the RF excels at discriminating known attack behaviors from regular ones (using labeled evidence). By combining them, we effectively create a piecewise decision function that completely covers the space of threats.

Figure 3 conceptually shows how our hybrid model can achieve a higher true positive rate for zero days at the same low FPR that signature/ML methods offer for known attacks.

tu_pian_3.png

Figure 3. Theoretical ROC

From a theoretical performance standpoint, let A be the set of attack traffic instances, and N be normal instances. A signature-based detector is a function $S\left( x \right)$ that is excellent on${{A}_{known}}\subset A$ (known attacks), but $\forall x\text{ }\!\!~\!\!\text{ }\in {{A}_{novel}}$ (novel attacks), S(x) = 0 (missed). An anomaly detector is a function A(x) that can catch many in ${{A}_{novel}}$ but also erroneously flags some N (false positives). Our hybrid function H(x) is essentially $H\left( x \right)=S\left( x \right)\left( A\left( x \right)M\left( x \right) \right)$, where M(x) is the RF’s decision. We aim to show H(x) has the properties: $\forall x\in {{A}_{known}},\text{ }\!\!~\!\!\text{ }H\left( x \right)=1$ (catch known attacks, inherits from S), and $\forall x\in {{A}_{novel}}$, we have a high probability H(x) = 1 due to $A\left( x \right)M\left( x \right)$. Meanwhile, for normal $x\in N,\text{ }\!\!~\!\!\text{ }H\left( x \right)$ is likely zero because either S(x) = 0 (no sig match) and A(x) is 0 (within normal bounds) or A(x) might be one, but then often M(x) will be 0 (RF will not randomly vote attack if no learned attack pattern matched). Thus, theoretically, H reduces false positives compared to A alone (because of the M(x) check) and reduces false negatives compared to S or M alone (because of the A(x) component). This logical formulation aligns with intuitive set theory: the false negative region of H is much smaller (it would require an attack not in signature AND not sufficiently anomalous or not recognized by RF – a rare combination).

3.4 Model training and computational complexity

The autoencoder is unsupervised on a corpus of clean network data using stochastic gradient descent (backpropagation). It typically converges after a few dozen epochs – we used a relatively small 4-layer autoencoder, so training took only a few minutes on the CPU. The RF is trained on labeled data (we generated labeled examples by simulation and injecting attacks in a controlled lab environment, combined with known benign traces). Training the RF with 100 trees and a depth limit of 5 is also fast (a matter of seconds). In deployment, the autoencoder inference is ${\mathrm O}\left( n-d \right)$ per instance (where d is the latent dimension, e.g., 16, and n features, e.g., 40), and RF inference is ${\mathrm O}\left( T-\log \left| D \right| \right)$ where T trees and |D| average depth (minimal). These are computationally feasible in a campus gateway that processes thousands of flows per second. Thus, theoretically and practically, the model meets real-time requirements.

The following section will present how this methodology was implemented and tested and how it compares quantitatively to other techniques.

Table 2 summarizes the detection performances. Our proposed method (Hybrid Autoencoder+RF) achieves an overall accuracy of 99.1%, outperforming the signature IDS (90.4%), anomaly SVM (95.0%), and RF-alone (97.3%).

Table 2. Detection performance

More importantly, our method dramatically improved zero-day attack detection: it detected 96% of novel attack instances, whereas the signature-based IDS caught 0% (by definition, novel attacks have no signature), and the RF-alone (trained only on known attacks) detected about 70% (some novel attacks had characteristics similar to known ones, but many were missed). The one-class SVM detected a high portion of zero-days (around 90%) but suffered a high FPR (over 7%). In contrast, our hybrid approach kept the FPR to 0.8% while still catching 96% of zero-days – a balance neither baseline could achieve. The precision of our model was 98.5%, meaning few false alarms; in absolute terms, out of ~5000 benign instances, it only misclassified about 40 attacks.

To illustrate, consider the confusion matrix for our model in one experiment (Figure 4). Out of 1000 attack events (including unknown attacks), the model missed 20 (FN = 20), and out of 10000 regular events, it incorrectly flagged 50 (FP = 50). On the other hand, the signature IDS missed all 200 unknown attacks in that set (FN for it = 200), though it had near-zero FPs. The anomaly SVM had FN = 50 but FP = 700 (flagging many regular attacks). Our hybrid achieves the best of both worlds – low FN and low FP.

tu_pian_4.png

Figure 4. Confusion matrix of the proposed hybrid IDS on the university test dataset

5.1 Receiver operating characteristic curve analysis

We plotted the ROC curves for each approach (see Figure 5). The area under the ROC curve (AUC) for our hybrid IDS is 0.994, which is nearly perfect. It stays near the top-left corner – for instance, at an FPR of 1%, our true positive (detection) rate is about 95%. By contrast, the signature IDS's ROC is essentially a point at (FPR ≈ 0, TPR ≈ 0.65) when considering only known attacks; it cannot increase TPR for novel attacks without generating infinite FPs. Hence, its curve is poor for zero-days. The anomaly SVM's ROC goes high on TPR but also high on FPR, indicating less discriminative power (AUC ≈ 0.93). Notably, the curve for our model dominates those of the baselines, meaning it is uniformly better. This validates our theoretical assertion that combining detectors yields superior performance across all thresholds.

tu_pian_5.png

Figure 5. ROC curves comparing detection performance

The matrix shows True Positives (top left), False Negatives (top right), False Positives (bottom left), and True Negatives (bottom right). Our model achieves high true positives and true negatives, with very few errors (false negatives and false positives are minimal), reflecting both high detection coverage and precision.

The Hybrid ML-based IDS (orange solid line) reaches near the top-left, indicating high detection rates for low false alarm rates. The signature-only IDS (red dashed) only detects known attacks (the curve is flat at a low TPR). The diagonal line (black) is a random classifier for reference. Our model's AUC of 0.994 demonstrates excellent overall accuracy in distinguishing attacks from regular traffic, significantly outperforming the baselines.

5.2 Comparison with recent works

We also compared our results with those reported in the open literature (though different works use different datasets). On UNSW-NB15, our model achieved 99.0% accuracy and an F1-score of 0.99. This slightly exceeds the results of Bella et al. [13], who reported 98.84% accuracy using their CNN-DNDF on UNSW-NB15. On CIC-IDS2017, our accuracy (98.7%) and recall (98.9%) are on par with the best reported by Sajid et al. [8] for their hybrid deep model. What distinguishes our approach is the zero-day aspect: we specifically tested detecting an attack type absent in training (a custom data exfiltration attack). Our model caught 93% of those attacks. In contrast, a deep learning model we trained purely supervised (no anomaly component) only detected ~60% of that unknown attack. This highlights a strength of our hybrid approach not quantified by overall accuracy: robustness to novel threats.

Another point of comparison is efficiency and scalability. Kaushik et al. [19] emphasized the need for lightweight IDS for IoT/Industry 4.0; they achieved a 27–63% reduction in training time using feature selection. In our case, using a compact autoencoder and limiting tree depths, our training time is modest (several minutes on the CPU for tens of thousands of samples). Detection is real-time with a processing overhead of < 5% CPU on a mid-range server for 100 Mbps traffic. This suggests our system can be deployed on network edge devices or servers at educational institutions without requiring specialized hardware – a practical advantage.

We conducted an ablation to quantify the contributions of each component:

(1) Briefly, using only the RF (supervised) yielded high precision (few FPs) but missed all attacks of types not in training (zero-day FN rate high).

(2) Using only the autoencoder (unsupervised anomaly) caught most attacks, including unknown ones, but had more FPs.

(3) Combining them (our complete model) preserved most of the autoencoder's sensitivity to unknown attacks while nearly halving the FP rate thanks to the RF filter. For example, for a target of 95% TPR, the autoencoder-only approach had ~5% FPR, whereas the hybrid had ~1% FPR – a significant improvement.

Comparative analysis demonstrates that our proposed ML-based hybrid IDS outperforms conventional IDS and single-method ML IDS in a digital education context. It provides a superior balance between detecting zero-day attacks and minimizing false alarms. The approach is theoretically sound and practical, referencing widely used benchmarks and an authentic campus network dataset. The following section discusses these results in context and outlines the implications for cybersecurity in educational environments.

This paper presented a hybrid machine learning IDS to enhance network security for digital education environments, focusing on detecting zero-day attacks. The proposed system successfully unites the strengths of signature-based and anomaly-based detection: known threats are swiftly identified by signature rules, while unknown threats are caught through a learned behavioral model. Ensemble principles and outlier detection theory theoretically justify this hybrid approach, and our results have confirmed its efficacy.

5.3 Benefits and contributions

Experimental evaluation, supported by both theoretical analysis and quantitative results, underscores several benefits of the proposed method:

5.3.1 Significantly improved zero-day detection

The system consistently detected > 95% of novel attacks in our tests, whereas a traditional IDS failed to detect these entirely [5]. This validates the core premise that combining an unsupervised anomaly detector with supervised learning can close the zero-day detection gap [11].

5.3.2 Low false positive rate

By incorporating an RF to cross-verify anomalies and tuning the autoencoder's sensitivity, we achieved a false alarm rate below 1% in a realistic setting—a substantial improvement over standalone anomaly detectors. This means the system is practically usable in a campus network without overwhelming administrators with false alerts.

5.3.3 Robustness and reliability

The confusion matrix and ROC analyses demonstrated that our model maintains high true-positive rates even at very low false-positive rates, dominating baseline methods. The theoretical ROC curve of our hybrid (approaching the top-left corner) is realized in practice (AUC ~0.99), indicating that our combination strategy yields a detector that is close to optimal for the given problem space.

5.3.4 Applicability to education networks

Unlike generic solutions, our IDS explicitly addresses the context of educational institutions. By including features and patterns specific to university usage and validating on-campus data, we ensure the model's relevance to that domain. As a result, it can, for example, distinguish a sudden but benign surge in traffic (e.g., students downloading course videos at 9 AM) from a genuine attack by learning the typical patterns of campus network usage. This level of context-aware detection is a direct benefit of our design.

The improvements we observed are supported by established research: e.g., prior works noted deep learning’s superiority in extracting complex features and ensembles’ ability to enhance detection rates [10, 11]. Our work synthesizes these insights into a unified framework. The outcome is an IDS that not only scores high on metrics but also addresses the practical security needs of digital education—namely, catching advanced threats that target universities (which often lack the rapid signature updates available to corporate networks).

5.3.5 Theoretical and practical implications

The success of our hybrid approach provides a practical validation of ensemble anomaly detection theory in a cybersecurity context. It shows that leveraging generative (unsupervised) and discriminative (supervised) models can dramatically improve detection capabilities. Theoretically, this aligns with the notion that different models capture different aspects of the data distribution, and combining them yields a more complete coverage. Our system can be practically deployed as an overlay to existing campus networks, augmenting their security without replacing existing tools. It is relatively lightweight – training can be done periodically on a server, and detection runs in real-time on inline traffic – making it feasible even for universities with constrained IT budgets.