A GENERALIZED MODEL OF AN INTELLIGENT SYSTEM FOR FORECASTING AND ANOMALY DETECTION IN CYBERINFRASTRUCTURE BASED ON DEEP LEARNING

Abstract

This paper proposes a generalized intelligent system for forecasting and detecting anomalies in cyberinfrastructures. The aim is to improve the effectiveness of cyber-threat detection by integrating modern deep learning methods (autoencoders and multilayer perceptrons) with an adaptive event-criticality analysis mechanism. The key innovation is a semantic attribution module for cyber incidents with XAI explanations and integrated risk scoring: it performs deep content analysis of traffic, forms vector representations, matches events against a case base, estimates attribution confidence, and passes the resulting risk score to the criticality module. The proposed system not only identifies anomalous events in real time but also forecasts possible deviations based on historical data, strengthening preventive capabilities. The architecture comprises modular subsystems for telemetry collection, behavior reconstruction, forecasting, anomaly aggregation, semantic attribution and risk scoring, criticality assessment, response, and self-learning; their interaction is implemented as an end-to-end processing pipeline with a feedback loop. The solution is scalable and compatible with SDN, IoT, cloud environments, and enterprise SIEM/SOAR platforms. Empirical evaluations in simulated network-attack scenarios (DoS, port scanning, brute-force, botnet activity) demonstrated high classification performance (F1 = 0.89), confirming the practical effectiveness and reliability of the approach. The conclusions highlight the promise of deploying the system amid increasing cyber-threat complexity and its ability to adapt without full model retraining.