<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">ntv</journal-id><journal-title-group><journal-title xml:lang="ru">Научно-технический вестник информационных технологий, механики и оптики</journal-title><trans-title-group xml:lang="en"><trans-title>Scientific and Technical Journal of Information Technologies, Mechanics and Optics</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2226-1494</issn><issn pub-type="epub">2500-0373</issn><publisher><publisher-name>Университет ИТМО</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.17586/2226-1494-2026-26-2-315-323</article-id><article-id custom-type="elpub" pub-id-type="custom">ntv-593</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>КОМПЬЮТЕРНЫЕ СИСТЕМЫ И ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>COMPUTER SCIENCE</subject></subj-group></article-categories><title-group><article-title>Обнаружение сетевых аномалий в среде Интернета вещей с использованием модифицированных статистических критериев и ансамблевых методов</article-title><trans-title-group xml:lang="en"><trans-title>Detection of network anomalies in the Internet of Things environment using modified statistical criteria and ensemble methods</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0009-0009-4820-6132</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Бажаев</surname><given-names>Н.</given-names></name><name name-style="western" xml:lang="en"><surname>Bazhayev</surname><given-names>N.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Бажаев Нуржан — постдокторант; главный инженер-программист</p><p>Астана, 010008</p><p>Астана, 010017</p><p>sc 57170793200</p></bio><bio xml:lang="en"><p>Nurzhan Bazhayev — Postdoctoral Researcher; Chief SoftwareEngineer</p><p>Astana, 010008</p><p>Astana, 010017</p><p>sc 57170793200</p></bio><email xlink:type="simple">nurzhan_nfs@hotmail.com</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Евразийский национальный университет имени Л. Н. Гумилёва; АО «Государственная техническая служба»</institution><country>Казахстан</country></aff><aff xml:lang="en"><institution>L.N. Gumilyov Eurasian National University; Joint Stock Company “State Technical Service”</institution><country>Kazakhstan</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2026</year></pub-date><pub-date pub-type="epub"><day>20</day><month>04</month><year>2026</year></pub-date><volume>26</volume><issue>2</issue><fpage>315</fpage><lpage>323</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Бажаев Н., 2026</copyright-statement><copyright-year>2026</copyright-year><copyright-holder xml:lang="ru">Бажаев Н.</copyright-holder><copyright-holder xml:lang="en">Bazhayev N.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://ntv.elpub.ru/jour/article/view/593">https://ntv.elpub.ru/jour/article/view/593</self-uri><abstract><p>Введение. Рост числа устройств Интернета вещей (Internet of Things, IoT) сопровождается усложнением угроз безопасности, включая атаки типа Distributed Denial of Service, brute-force авторизации и массовую генерацию пакетов. Традиционные статистические методы обнаружения аномалий показывают низкую устойчивость к шуму и не учитывают динамику трафика. Это приводит к росту числа ложноположительных срабатываний и снижению точности идентификации атак. Метод. Предложен гибридный подход к обнаружению аномалий в IoT-трафике, включающий три этапа: предварительную фильтрацию подозрительных пакетов с использованием модифицированной Z-оценки с учетом размера выборки; адаптивную вероятностную оценку риска атаки на основе байесовского классификатора с весовой функцией, усиливающей влияние значимых отклонений; финальную классификацию с применением ансамбля моделей (Random Forest, Support Vector Machine и Long Short-Term Memory), обеспечивающего устойчивость к шуму и выявление нелинейных зависимостей в данных. Основные результаты. Экспериментальная проверка на наборе данных UNSW-NB15, содержащем как нормальный трафик, так и различные типы атак, показала, что предложенный метод достигает Precision = 89,1 %, Recall = 90,3 % и F1-score = 89,9 %. Наилучшие результаты отмечены при анализе временных интервалов сообщений (до 92 % точности), что подтверждает эффективность временных признаков. Метод превзошел классические алгоритмы (Rosner Test, Holt-Winters) и сопоставим по точности с autoencoder, но требует меньших вычислительных ресурсов. Обсуждение. Гибридная архитектура позволяет адаптироваться к различным типам атак и снижает количество ложных тревог за счет сочетания статистической фильтрации и ансамблевой классификации. Устойчивость к шуму и низкая вычислительная сложность делают метод применимым в условиях ограниченных ресурсов IoT-устройств. Перспективы дальнейших исследований будут направлены на интеграцию федеративного обучения для децентрализованного анализа и использования самоподстраивающихся нейросетевых архитектур для прогнозирования сложных сценариев атак.</p></abstract><trans-abstract xml:lang="en"><p>The rapid growth of Internet of Things (IoT) devices is accompanied by increasingly sophisticated security threats, including DDoS attacks, brute-force authentication attempts, and large-scale packet flooding. Traditional statistical methods for anomaly detection exhibit low robustness to noise and fail to account for the dynamic nature of IoT traffic. This results in a higher rate of false positives and reduced accuracy in attack identification. This paper proposes a hybrid approach to IoT traffic anomaly detection consisting of three stages: preliminary filtering of suspicious packets using a modified Z-score adjusted for sample size; adaptive probabilistic attack risk assessment based on a Bayesian classifier with a weighting function that amplifies the impact of significant deviations; final classification using an ensemble of models (Random Forest, SVM, and LSTM), which ensures robustness to noise and enables the identification of nonlinear dependencies in the data. Experimental evaluation on the UNSW-NB15 dataset, which includes both normal traffic and diverse attack scenarios, demonstrated that the proposed method achieved Precision = 89.1 %, Recall = 90.3 %, and F1-score = 89.9 %. The best results were observed in the analysis of message interval anomalies (up to 92 % accuracy), confirming the effectiveness of temporal features. The method outperformed classical algorithms (Rosner Test, Holt- Winters) and achieved comparable accuracy to autoencoder while requiring significantly fewer computational resources. The hybrid architecture enables adaptation to diverse attack types and reduces false alarms through the combination of statistical filtering and ensemble classification. Its noise resilience and low computational complexity make the method suitable for deployment in resource-constrained IoT environments. Future research directions include the integration of federated learning for decentralized anomaly detection and the use of self-adaptive neural architectures for predicting complex attack scenarios.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>информационная безопасность</kwd><kwd>сети Интернета вещей</kwd><kwd>обнаружение аномалий</kwd><kwd>выявление атак</kwd><kwd>модифицированная Z-оценка</kwd><kwd>байесовский классификатор</kwd><kwd>ансамблевое обучение</kwd><kwd>машинное обучение</kwd><kwd>мониторинг трафика</kwd></kwd-group><kwd-group xml:lang="en"><kwd>information security</kwd><kwd>IoT security</kwd><kwd>IoT networks</kwd><kwd>anomaly detection</kwd><kwd>intrusion detection</kwd><kwd>modified Z-score</kwd><kwd>Bayesian classifier</kwd><kwd>ensemble learning</kwd><kwd>machine learning</kwd><kwd>traffic monitoring</kwd></kwd-group><funding-group><funding-statement xml:lang="ru">Работа выполнена при финансовой поддержке Комитета науки Министерства науки и высшего образования Республики Казахстан (грант № AP25794699).</funding-statement><funding-statement xml:lang="en">This research has been funded by the Committee of Science of the Ministry of Science and Higher Education of the Republic of Kazakhstan (Grant No. AP25794699).</funding-statement></funding-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Stetsiuk M., Anikin V., Pyrch O., Kozelskiy O., Salem A.B.M. Method of detecting anomalies in IoT device traffic based on statistical analysis using the modified Z score // CEUR Workshop Proceedings. 2025. V. 3963. P. 284–298.</mixed-citation><mixed-citation xml:lang="en">Stetsiuk M., Anikin V., Pyrch O., Kozelskiy O., Salem A.B.M. Method of detecting anomalies in IoT device traffic based on statistical analysis using the modified Z score // CEUR Workshop Proceedings. 2025. V. 3963. P. 284–298.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Wang J., Yu L., Lui J.C.S., Luo X. Modern DDoS threats and countermeasures: insights into emerging attacks and detection strategies // arXiv. 2025. arXiv:2502.19996. https://doi.org/10.48550/arXiv.2502.19996</mixed-citation><mixed-citation xml:lang="en">Wang J., Yu L., Lui J.C.S., Luo X. Modern DDoS threats and countermeasures: insights into emerging attacks and detection strategies // arXiv. 2025. arXiv:2502.19996. https://doi.org/10.48550/arXiv.2502.19996</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Alam M.N., Laxmi V., Sharma A., Dangi S. Machine learning: key algorithms, practical applications, and current research directions // International Journal of Electrical and Electronics Engineering. 2025. V. 12. N 4. P. 12–46. https://doi.org/10.14445/23488379/ijeeev12i4p102</mixed-citation><mixed-citation xml:lang="en">Alam M.N., Laxmi V., Sharma A., Dangi S. Machine learning: key algorithms, practical applications, and current research directions // International Journal of Electrical and Electronics Engineering. 2025. V. 12. N 4. P. 12–46. https://doi.org/10.14445/23488379/ijeeev12i4p102</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Chen Y., Peng Y., Tang J., Camilleri T., Camilleri K., Kong W., et al. EEG-based affective brain-computer interfaces: recent advancements and future challenges // Journal of Neural Engineering. 2025. V. 22. N 3. P. 031004. https://doi.org/10.1088/1741-2552/ade290</mixed-citation><mixed-citation xml:lang="en">Chen Y., Peng Y., Tang J., Camilleri T., Camilleri K., Kong W., et al. EEG-based affective brain-computer interfaces: recent advancements and future challenges // Journal of Neural Engineering. 2025. V. 22. N 3. P. 031004. https://doi.org/10.1088/1741-2552/ade290</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Thakur P., Kaur N., Aggarwal N., Singh S. A comprehensive review of unimodal and multimodal emotion detection: datasets, approaches, and limitations // Expert Systems. 2025. V. 42. N 9. P. e70103. https://doi.org/10.1111/exsy.70103</mixed-citation><mixed-citation xml:lang="en">Thakur P., Kaur N., Aggarwal N., Singh S. A comprehensive review of unimodal and multimodal emotion detection: datasets, approaches, and limitations // Expert Systems. 2025. V. 42. N 9. P. e70103. https://doi.org/10.1111/exsy.70103</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Rai N., Grover J. Analysis of crypto module in RIOT OS using Frama-C // The Journal of Supercomputing. 2024. V. 80. N 13. P. 18521–18543. https://doi.org/10.1007/s11227-024-06171-0</mixed-citation><mixed-citation xml:lang="en">Rai N., Grover J. Analysis of crypto module in RIOT OS using Frama-C // The Journal of Supercomputing. 2024. V. 80. N 13. P. 18521–18543. https://doi.org/10.1007/s11227-024-06171-0</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Dymova H. Study of cryptographic security of computer networks // Computer-Integrated Technologies: Education, Science, Production. 2025. N 57. P. 15–19. https://doi.org/10.36910/6775-2524-0560-2024-57-02</mixed-citation><mixed-citation xml:lang="en">Dymova H. Study of cryptographic security of computer networks // Computer-Integrated Technologies: Education, Science, Production. 2025. N 57. P. 15–19. https://doi.org/10.36910/6775-2524-0560-2024-57-02</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Alaba F.A., Othman M., Hashem I.A.T., Alotaibi F. Internet of Things security: a survey // Journal of Network and Computer Applications. 2017. V. 88. P. 10–28. https://doi.org/10.1016/j.jnca.2017.04.002</mixed-citation><mixed-citation xml:lang="en">Alaba F.A., Othman M., Hashem I.A.T., Alotaibi F. Internet of Things security: a survey // Journal of Network and Computer Applications. 2017. V. 88. P. 10–28. https://doi.org/10.1016/j.jnca.2017.04.002</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Sicari S., Rizzardi A., Grieco L.A., Coen-Porisini A. Security, privacy and trust in Internet of Things: the road ahead // Computer Networks. 2015. V. 76. P. 146–164. https://doi.org/10.1016/j.comnet.2014.11.008</mixed-citation><mixed-citation xml:lang="en">Sicari S., Rizzardi A., Grieco L.A., Coen-Porisini A. Security, privacy and trust in Internet of Things: the road ahead // Computer Networks. 2015. V. 76. P. 146–164. https://doi.org/10.1016/j.comnet.2014.11.008</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Roman R., Najera P., Lopez J. Securing the Internet of Things // Computer. 2011. V. 44. N 9. P. 51–58. https://doi.org/10.1109/mc.2011.291</mixed-citation><mixed-citation xml:lang="en">Roman R., Najera P., Lopez J. Securing the Internet of Things // Computer. 2011. V. 44. N 9. P. 51–58. https://doi.org/10.1109/mc.2011.291</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Jing Q., Vasilakos A.V., Wan J., Lu J., Qiu D. Security of the Internet of Things: perspectives and challenges // Wireless Networks. 2014. V. 20. N 8. P. 2481–2501. https://doi.org/10.1007/s11276-014-0761-7</mixed-citation><mixed-citation xml:lang="en">Jing Q., Vasilakos A.V., Wan J., Lu J., Qiu D. Security of the Internet of Things: perspectives and challenges // Wireless Networks. 2014. V. 20. N 8. P. 2481–2501. https://doi.org/10.1007/s11276-014-0761-7</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Yang Y., Wu L., Yin G., Li L., Zhao H. A survey on security and privacy issues in Internet-of-Things // IEEE Internet of Things Journal. 2017. V. 4. N 5. P. 1250–1258. https://doi.org/10.1109/JIOT.2017.2694844</mixed-citation><mixed-citation xml:lang="en">Yang Y., Wu L., Yin G., Li L., Zhao H. A survey on security and privacy issues in Internet-of-Things // IEEE Internet of Things Journal. 2017. V. 4. N 5. P. 1250–1258. https://doi.org/10.1109/JIOT.2017.2694844</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Granjal J., Monteiro E., Silva J.S. Security for the Internet of Things: a survey of existing protocols and open research issues // IEEE Communications Surveys &amp; Tutorials. 2015. V. 17. N 3. P. 1294– 1312. https://doi.org/10.1109/COMST.2015.2388550</mixed-citation><mixed-citation xml:lang="en">Granjal J., Monteiro E., Silva J.S. Security for the Internet of Things: a survey of existing protocols and open research issues // IEEE Communications Surveys &amp; Tutorials. 2015. V. 17. N 3. P. 1294– 1312. https://doi.org/10.1109/COMST.2015.2388550</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Weber R.H. Internet of Things – New security and privacy challenges // Computer Law &amp; Security Review. 2010. V. 26. N 1. P. 23–30. https://doi.org/10.1016/j.clsr.2009.11.008</mixed-citation><mixed-citation xml:lang="en">Weber R.H. Internet of Things – New security and privacy challenges // Computer Law &amp; Security Review. 2010. V. 26. N 1. P. 23–30. https://doi.org/10.1016/j.clsr.2009.11.008</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Mosenia A., Jha N.K. A comprehensive study of security of Internetof- Things // IEEE Transactions on Emerging Topics in Computing. 2017. V. 5. N 4. P. 586–602. https://doi.org/10.1109/TETC.2016.2606384</mixed-citation><mixed-citation xml:lang="en">Mosenia A., Jha N.K. A comprehensive study of security of Internetof- Things // IEEE Transactions on Emerging Topics in Computing. 2017. V. 5. N 4. P. 586–602. https://doi.org/10.1109/TETC.2016.2606384</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Khan M.A., Salah K. IoT security: review, blockchain solutions, and open challenges // Future Generation Computer Systems. 2018. V. 82. P. 395–411. https://doi.org/10.1016/j.future.2017.11.022</mixed-citation><mixed-citation xml:lang="en">Khan M.A., Salah K. IoT security: review, blockchain solutions, and open challenges // Future Generation Computer Systems. 2018. V. 82. P. 395–411. https://doi.org/10.1016/j.future.2017.11.022</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">Savenko O., Lysenko S., Kryschuk A. Multi-agent based approach of botnet detection in computer systems // Communications in Computer and Information Science. 2012. V. 291. P. 171–180. https://doi.org/10.1007/978-3-642-31217-5_19</mixed-citation><mixed-citation xml:lang="en">Savenko O., Lysenko S., Kryschuk A. Multi-agent based approach of botnet detection in computer systems // Communications in Computer and Information Science. 2012. V. 291. P. 171–180. https://doi.org/10.1007/978-3-642-31217-5_19</mixed-citation></citation-alternatives></ref><ref id="cit18"><label>18</label><citation-alternatives><mixed-citation xml:lang="ru">Dong Z. Artificial Intelligence for Multimodal Data Analysis and Applications: Ph.D. Dissertation. State University of New York at Stony Brook. 2025.</mixed-citation><mixed-citation xml:lang="en">Dong Z. Artificial Intelligence for Multimodal Data Analysis and Applications: Ph.D. Dissertation. State University of New York at Stony Brook. 2025.</mixed-citation></citation-alternatives></ref><ref id="cit19"><label>19</label><citation-alternatives><mixed-citation xml:lang="ru">Ahmed M., Mahmood A.N., Hu J. A survey of network anomaly detection techniques // Journal of Network and Computer Applications. 2016. V. 60. P. 19–31. https://doi.org/10.1016/j.jnca.2015.11.016</mixed-citation><mixed-citation xml:lang="en">Ahmed M., Mahmood A.N., Hu J. A survey of network anomaly detection techniques // Journal of Network and Computer Applications. 2016. V. 60. P. 19–31. https://doi.org/10.1016/j.jnca.2015.11.016</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
