Anomaly Detection in Using Isolation Forest for Enhanced Security: A case study of Digital Locker Systems in Education Sector

In the evolving landscape of digital infrastructure, ensuring data security in cloud-based and IoT-integrated platforms like Digital Lockers is increasingly critical. This study presents a machine learning-based approach for detecting anomalous user activities that may indicate potential security threats, such as unauthorized access, malicious behaviour, account compromise, and suspicious usage patterns. A synthetic dataset simulating activity logs from a digital locker system was analysed using the Isolation Forest algorithm — an unsupervised anomaly detection method well-suited for identifying outliers in high-dimensional behavioural data.

The raw activity logs were pre-processed by extracting relevant time-based and categorical features such as action type, IP address, login time, and location. These were encoded and used as input for the Isolation Forest model. In the absence of labelled attack data, we assumed normal activity for baseline comparison. The model achieved an effective detection accuracy of 94.8%, identifying approximately 5.2% of the data as potential anomalies. These anomalies may correspond to security-relevant behaviours, including access from unknown locations or unusual access times.

The approach demonstrates the feasibility and value of applying unsupervised machine learning techniques to detect threats in real-time, particularly when labeled data is scarce. This methodology enhances proactive monitoring and strengthens the security posture of educational and governmental digital locker systems. Future work may involve integrating rule-based detection, supervised learning, and explainable AI to further refine anomaly classification and minimize false positives.