Portal system networks are vital for education, governance, and corporate operations, but face growing risks from evolving cyber threats. This study proposes a hybrid anomaly detection framework that combines the Enhanced Modified Lion Optimization Algorithm (EMLOA) with One-Class Support Vector Machines (OCSVM) to enhance threat detection in such environments. Unlike traditional rule-based or statistical methods, which lack adaptability, or conventional machine learning techniques that demand extensive labeled data and computational power, the EMLOA-OCSVM model achieves high accuracy (99.9%), low training latency (3.05 seconds), and scalability in dynamic settings. The framework employs a sigmoid function-based strategy to dynamically optimize hyperparameters (γ and ν), enhancing convergence speed and detection performance. Evaluations using the UNSW-NB15 dataset (reflecting modern attack patterns) and real-world logs from Lagos State University of Education (LASUED) demonstrate the model’s practical relevance. Key innovations include dynamic threshold tuning and improved interpretability, reducing false positives without sacrificing efficiency. Robust performance is confirmed through accuracy, precision, recall, F1-score, and ROC-AUC metrics. Future research should prioritize lightweight, explainable hybrid models capable of countering advanced threats while maintaining system performance
