Adaptive Security Model for E-Learning Platforms Using Multi-Layered Anomaly Detection and Context-Aware Risk Assessment

Ronald M. Hernández; Doris Fuster-Guillen; Luisa Graciela Ponce Maluquish; Miguel Luis Chuquispuma Caycho; Mery Nora Atencio Rivera

doi:10.58346/JISIS.2026.I1.043

Adaptive Security Model for E-Learning Platforms Using Multi-Layered Anomaly Detection and Context-Aware Risk Assessment

Ronald M. Hernández
, Doris Fuster-Guillen
, Luisa Graciela Ponce Maluquish
, Miguel Luis Chuquispuma Caycho
, Mery Nora Atencio Rivera

Research output: Contribution to journal › Original Article › peer-review

Abstract

With the broad use of e-learning platforms in institutions of higher learning and corporate training, the cyber-attack surface has grown considerably, placing the digital learning ecosystem at risk of account takeover, credential stuffing, insider abuse, automated bot attacks, and examination fraud. The conventional rule-based and signature-based security systems cannot identify dynamic and context-sensitive attacks. In this paper, the author presents a recommendation of an Adaptive Security Model of an e-learning platform that combines both Multi-Layered Anomaly Detection and Context-Aware Risk Assessment to enhance detection accuracy and reduce cases of false alarms. The framework integrates behaviour profiling, network traffic analytics, device fingerprinting, and session-based anomaly scoring in a hierarchical structure. A hybrid engine is used to identify known and unknown attacks, combining a Random Forest by using LSTM-based sequential modeling and an Isolation Forest. Dynamic risk scoring takes into consideration contextual parameters such as a deviation of the location of logins, temporal irregularity, frequency of access, patterns of device change, and anomalies of course interaction. Experimental evaluation conducted on a dataset comprising 135,687 user sessions demonstrates that the proposed model achieves 96.8% detection accuracy, 95.4% precision, and 94.9% recall with a 2.7% false positive rate, outperforming single-layer detection systems by 11.3% in F1-score and achieving an AUC of 0.979 and MCC of 0.944. The strength of the improvements in the case of various attack scenarios is statistically tested (p < 0.01). The findings confirm the fact that implementing multi-layer anomaly detection in combination with adaptive context-driven risk assessment can play a critical role in improving security posture without affecting user experience, which offers an intelligent and scalable architecture to present-day e-learning platforms.

Original language	American English
Pages (from-to)	747-759
Number of pages	13
Journal	Journal of Internet Services and Information Security
Volume	16
Issue number	1
DOIs	https://doi.org/10.58346/JISIS.2026.I1.043
State	Indexed - Feb 2026
Externally published	Yes

Bibliographical note

Publisher Copyright:
© 2026, Innovative Information Science and Technology Research Group. All rights reserved.

Keywords

Adaptive Security Model
Behavioural Analytics
Context-Aware Risk Assessment
Cyber Threat Mitigation
E-Learning Platform Security
Intrusion Detection Systems
Multi-Layered Anomaly Detection

Access to Document

10.58346/JISIS.2026.I1.043

Cite this

@article{c257884a06c04e48ad180bf1950ec48b,

title = "Adaptive Security Model for E-Learning Platforms Using Multi-Layered Anomaly Detection and Context-Aware Risk Assessment",

abstract = "With the broad use of e-learning platforms in institutions of higher learning and corporate training, the cyber-attack surface has grown considerably, placing the digital learning ecosystem at risk of account takeover, credential stuffing, insider abuse, automated bot attacks, and examination fraud. The conventional rule-based and signature-based security systems cannot identify dynamic and context-sensitive attacks. In this paper, the author presents a recommendation of an Adaptive Security Model of an e-learning platform that combines both Multi-Layered Anomaly Detection and Context-Aware Risk Assessment to enhance detection accuracy and reduce cases of false alarms. The framework integrates behaviour profiling, network traffic analytics, device fingerprinting, and session-based anomaly scoring in a hierarchical structure. A hybrid engine is used to identify known and unknown attacks, combining a Random Forest by using LSTM-based sequential modeling and an Isolation Forest. Dynamic risk scoring takes into consideration contextual parameters such as a deviation of the location of logins, temporal irregularity, frequency of access, patterns of device change, and anomalies of course interaction. Experimental evaluation conducted on a dataset comprising 135,687 user sessions demonstrates that the proposed model achieves 96.8\% detection accuracy, 95.4\% precision, and 94.9\% recall with a 2.7\% false positive rate, outperforming single-layer detection systems by 11.3\% in F1-score and achieving an AUC of 0.979 and MCC of 0.944. The strength of the improvements in the case of various attack scenarios is statistically tested (p < 0.01). The findings confirm the fact that implementing multi-layer anomaly detection in combination with adaptive context-driven risk assessment can play a critical role in improving security posture without affecting user experience, which offers an intelligent and scalable architecture to present-day e-learning platforms.",

keywords = "Adaptive Security Model, Behavioural Analytics, Context-Aware Risk Assessment, Cyber Threat Mitigation, E-Learning Platform Security, Intrusion Detection Systems, Multi-Layered Anomaly Detection",

author = "Hern{\'a}ndez, \{Ronald M.\} and Doris Fuster-Guillen and Maluquish, \{Luisa Graciela Ponce\} and Caycho, \{Miguel Luis Chuquispuma\} and Rivera, \{Mery Nora Atencio\}",

year = "2026",

month = feb,

doi = "10.58346/JISIS.2026.I1.043",

language = "American English",

volume = "16",

pages = "747--759",

journal = "Journal of Internet Services and Information Security",

issn = "2182-2069",

publisher = "Innovative Information Science and Technology Research Group",

number = "1",

}

Adaptive Security Model for E-Learning Platforms Using Multi-Layered Anomaly Detection and Context-Aware Risk Assessment. / Hernández, Ronald M.; Fuster-Guillen, Doris; Maluquish, Luisa Graciela Ponce et al.
In: Journal of Internet Services and Information Security, Vol. 16, No. 1, 02.2026, p. 747-759.

Research output: Contribution to journal › Original Article › peer-review

TY - JOUR

T1 - Adaptive Security Model for E-Learning Platforms Using Multi-Layered Anomaly Detection and Context-Aware Risk Assessment

AU - Hernández, Ronald M.

AU - Fuster-Guillen, Doris

AU - Maluquish, Luisa Graciela Ponce

AU - Caycho, Miguel Luis Chuquispuma

AU - Rivera, Mery Nora Atencio

PY - 2026/2

Y1 - 2026/2

N2 - With the broad use of e-learning platforms in institutions of higher learning and corporate training, the cyber-attack surface has grown considerably, placing the digital learning ecosystem at risk of account takeover, credential stuffing, insider abuse, automated bot attacks, and examination fraud. The conventional rule-based and signature-based security systems cannot identify dynamic and context-sensitive attacks. In this paper, the author presents a recommendation of an Adaptive Security Model of an e-learning platform that combines both Multi-Layered Anomaly Detection and Context-Aware Risk Assessment to enhance detection accuracy and reduce cases of false alarms. The framework integrates behaviour profiling, network traffic analytics, device fingerprinting, and session-based anomaly scoring in a hierarchical structure. A hybrid engine is used to identify known and unknown attacks, combining a Random Forest by using LSTM-based sequential modeling and an Isolation Forest. Dynamic risk scoring takes into consideration contextual parameters such as a deviation of the location of logins, temporal irregularity, frequency of access, patterns of device change, and anomalies of course interaction. Experimental evaluation conducted on a dataset comprising 135,687 user sessions demonstrates that the proposed model achieves 96.8% detection accuracy, 95.4% precision, and 94.9% recall with a 2.7% false positive rate, outperforming single-layer detection systems by 11.3% in F1-score and achieving an AUC of 0.979 and MCC of 0.944. The strength of the improvements in the case of various attack scenarios is statistically tested (p < 0.01). The findings confirm the fact that implementing multi-layer anomaly detection in combination with adaptive context-driven risk assessment can play a critical role in improving security posture without affecting user experience, which offers an intelligent and scalable architecture to present-day e-learning platforms.

AB - With the broad use of e-learning platforms in institutions of higher learning and corporate training, the cyber-attack surface has grown considerably, placing the digital learning ecosystem at risk of account takeover, credential stuffing, insider abuse, automated bot attacks, and examination fraud. The conventional rule-based and signature-based security systems cannot identify dynamic and context-sensitive attacks. In this paper, the author presents a recommendation of an Adaptive Security Model of an e-learning platform that combines both Multi-Layered Anomaly Detection and Context-Aware Risk Assessment to enhance detection accuracy and reduce cases of false alarms. The framework integrates behaviour profiling, network traffic analytics, device fingerprinting, and session-based anomaly scoring in a hierarchical structure. A hybrid engine is used to identify known and unknown attacks, combining a Random Forest by using LSTM-based sequential modeling and an Isolation Forest. Dynamic risk scoring takes into consideration contextual parameters such as a deviation of the location of logins, temporal irregularity, frequency of access, patterns of device change, and anomalies of course interaction. Experimental evaluation conducted on a dataset comprising 135,687 user sessions demonstrates that the proposed model achieves 96.8% detection accuracy, 95.4% precision, and 94.9% recall with a 2.7% false positive rate, outperforming single-layer detection systems by 11.3% in F1-score and achieving an AUC of 0.979 and MCC of 0.944. The strength of the improvements in the case of various attack scenarios is statistically tested (p < 0.01). The findings confirm the fact that implementing multi-layer anomaly detection in combination with adaptive context-driven risk assessment can play a critical role in improving security posture without affecting user experience, which offers an intelligent and scalable architecture to present-day e-learning platforms.

KW - Adaptive Security Model

KW - Behavioural Analytics

KW - Context-Aware Risk Assessment

KW - Cyber Threat Mitigation

KW - E-Learning Platform Security

KW - Intrusion Detection Systems

KW - Multi-Layered Anomaly Detection

UR - https://www.scopus.com/pages/publications/105033794689

U2 - 10.58346/JISIS.2026.I1.043

DO - 10.58346/JISIS.2026.I1.043

M3 - Original Article

AN - SCOPUS:105033794689

SN - 2182-2069

VL - 16

SP - 747

EP - 759

JO - Journal of Internet Services and Information Security

JF - Journal of Internet Services and Information Security

IS - 1

ER -

Adaptive Security Model for E-Learning Platforms Using Multi-Layered Anomaly Detection and Context-Aware Risk Assessment

Abstract

Bibliographical note

Keywords

Access to Document

Fingerprint

Cite this