A Hybrid Self-Healing Framework Using Network Motif Discovery and Machine Learning With Blockchain Integration for Proactive Cyber-Attack Detection in Financial Networks

In the evolving landscape of cyber threats targeting Automated Teller Machine (ATM) networks, anomaly detection systems must move beyond reactive alerts toward proactive, interpretable, and adaptive defense mechanisms. This study presents a hybrid anomaly detection and mitigation framework that integrates network motif-based traffic analysis, machine learning, blockchain-based forensic logging, and a conceptual self-healing mechanism. Motif patterns were extracted from the CICIDS2017 Friday dataset using NetworkX to reveal latent structural behaviors in network flows. Initially, a One-Class Support Vector Machine (OC-SVM) was applied but yielded suboptimal results due to class imbalance, achieving only 29.6% precision, 59.4% recall, 39.5% F1-score, and 90.92% accuracy. Consequently, the study transitioned to a supervised SVM model. Without SMOTE, this model achieved 96.34% accuracy, 82.01% precision, 48.66% F1-score, and 35.00% recall. To improve minority class detection, SMOTE was introduced, leading to increased recall (81.20%) but reduced precision (27.45%), demonstrating the inherent trade-offs of resampling. Confirmed anomalies were logged immutably on a private Ethereum blockchain via Solidity smart contracts, deployed using Remix IDE, ensuring forensic traceability and tamper-proof records. The framework, called Efficient Self-Healing Secure Framework for Enhanced Cyber-resilience in ATM Networks (Eshsfec-A), includes a semi-automated whitelist-based response mechanism to support healing processes. Principal Component Analysis (PCA) validated the feature separability, and the system flagged over 300 attack vectors in real time. This work demonstrates a viable path toward future self-resilient cybersecurity solutions for financial infrastructures.