International Journal of Open Information Technologies

The relationship between the empirical threshold of the classical Otsu method and the decision rule of the Bayesian maximum a posteriori (MAP) classifier is investigated. It is established that strict equivalence of the two thresholds holds under two conditions: equal class variances and equal prior probabilities. When the equal-priors condition is relaxed (with homoscedasticity preserved), the thresholds diverge by an analytically expressed quantity proportional to the logarithm of the ratio of prior probabilities. In the general heteroscedastic case, the MAP classifier defines a quadratic boundary that cannot be represented by a single scalar threshold, and the Otsu method remains its linear approximation. Thus, the thresholds coincide only in the special case; outside of it, an analytical expression for the magnitude of the deviation has been obtained. The obtained result allows the application of the Otsu method to the task of information security event detection to be considered a theoretically grounded procedure rather than a heuristic, and establishes the connection between the empirical criterion and the probabilistic model of the observed features.

Otsu N. A Threshold Selection Method from Gray-Level Histograms // IEEE Transactions on Systems, Man, and Cybernetics. 1979. Vol. 9, No. 1. P. 62–66. doi: 10.1109/TSMC.1979.4310076

Duda R.O., Hart P.E., Stork D.G. Pattern Classification. 2nd ed. New York: Wiley, 2001. 654 p.

Kurita T., Otsu N., Abdelmalek N. Maximum likelihood thresholding based on population mixture models // Pattern Recognition. 1992. Vol. 25, No. 10. P. 1231–1240. doi: 10.1016/0031-3203(92)90024-D

Kittler J., Illingworth J. Minimum error thresholding // Pattern Recognition. 1986. Vol. 19, No. 1. P. 41–47. doi: 10.1016/0031-3203(86)90030-0

Sahoo P.K., Soltani S., Wong A.K.C. A survey of thresholding techniques // Computer Vision, Graphics, and Image Processing. 1988. Vol. 41, No. 2. P. 233–260. doi: 10.1016/0734-189X(88)90022-9

Sezgin M., Sankur B. Survey over image thresholding techniques and quantitative performance evaluation // Journal of Electronic Imaging. 2004. Vol. 13, No. 1. P. 146–168. doi: 10.1117/1.1631315

Buchaev A.YA., Begaev A.N., Komarov I.I. Metod avtomaticheskogo obnaruzheniya anomalij v prostranstve sobytij informacionnoj bezopasnosti // Promyshlennye ASU i kontrollery. 2024. № 2. S. 31–41.

Buchaev A.YA. Metod avtomaticheskogo formirovaniya informativnogo prostranstva dlya vyyavleniya sobytij informacionnoj bezopasnosti v korporativnyh komp'yuternyh setyah // Nauchno-tekhnicheskij vestnik informacionnyh tekhnologij, mekhaniki i optiki [Scientific and Technical Journal of Information Technologies, Mechanics and Optics] -2026. - T. 26. - № 2. - S. 287–294

Xu X., Xu S., Jin L., Song E. Characteristic analysis of Otsu threshold and its applications // Pattern Recognition Letters. 2011. Vol. 32, No. 7. P. 956–961. doi: 10.1016/j.patrec.2011.01.021

Sharafaldin I., Lashkari A.H., Ghorbani A.A. Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization // Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP 2018). Funchal, Madeira, Portugal: SciTePress, 2018. P. 108–116. doi: 10.5220/0006639801080116.

Tavallaee M., Bagheri E., Lu W., Ghorbani A.A. A Detailed Analysis of the KDD CUP 99 Data Set // 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA). Ottawa, ON, Canada: IEEE, 2009. P. 1–6. doi: 10.1109/CISDA.2009.5356528.

Moustafa N., Slay J. UNSW-NB15: A Comprehensive Data Set for Network Intrusion Detection Systems (UNSW-NB15 Network Data Set) // 2015 Military Communications and Information Systems Conference (MilCIS). Canberra, ACT, Australia: IEEE, 2015. P. 1–6. doi: 10.1109/MilCIS.2015.7348942.

Cabaj K., Plamowski S., Chaber P., Ławryńczuk M., Marusak P., Nebeluk R., Wojtulewicz A., Zarzycki K. Cyber4OT dataset: Network traces for cyber-security vulnerability evaluation in industrial control systems // SoftwareX. 2025. Vol. 31, article 102196. doi: 10.1016/j.softx.2025.102196

Mirsky Y., Doitshman T., Elovici Y., Shabtai A. Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection // NDSS. 2018. doi: 10.14722/ndss.2018.23204

NFStream: a Flexible Network Data Analysis Framework [Elektronnyj resurs]. URL: https://github.com/nfstream/nfstream (data obrashcheniya: 15.03.2026)

Lashkari A.H., Draper-Gil G., Mamun M.S.I., Ghorbani A.A. Characterization of Tor Traffic Using Time Based Features // ICISSP. 2017. P. 253–262. doi: 10.5220/0006105602530262