Instruments and Systems: Monitoring, Control, and Diagnostics Annotation << Back Formalized Method for Automatic Classification of Information Security Events in a Corporate Computer Network A.YA. BUCHAEV, I.I. KOMAROV A two-component method for the automatic classification of information security events is proposed, which operates without any training sample or labeled data. The basic component implements a modified Otsu criterion with two-level validation: by a separability coefficient and by a standardized deviation. The weighting component adjusts the estimates produced by the basic component, taking into account the dynamics of transitions between device states. On the Cyber4OT dataset containing a trace of a multi-stage attack aimed at seizing a programmable logic controller, the method detects the attack no later than the analogues Kitsune/AfterImage, NFStream, and CICFlowMeter, while producing 30 % fewer false positives during the normal operating phase. These properties make the method suitable for industrial information security monitoring. Keywords: device state vector, information security, Otsu method, unsupervised anomaly detection, network traffic, sliding window. DOI: 10.25791/pribor.6.2026.1683 Pp. 41-47.