A Model for representing weighted multi-label dependencies for detecting rare anomalous events in information security tasks
Abstract
A Model for representing weighted multi-label dependencies for detecting rare anomalous events in information security tasks
Incoming article date: 12.09.2025This paper proposes a novel model of computer network behavior that incorporates weighted multi-label dependencies to identify rare anomalous events. The model accounts for multi-label dependencies not previously encountered in the source data, enabling a "preemptive" assessment of their potential destructive impact on the network. An algorithm for calculating the potential damage from the realization of a multi-label dependency is presented. The proposed model is applicable for analyzing a broad spectrum of rare events in information security and for developing new methods and algorithms for information protection based on multi-label patterns. The approach allows for fine-tuning the parameters of multi-label dependency accounting within the model, depending on the specific goals and operating conditions of the computer network.
Keywords: multi-label classification, multi-label dependency, attribute space, computer attacks, information security, network traffic classification, attack detection, attribute informativeness, model, rare anomalous events, anomalous events