Abstract. The increasing number of information security incidents in higher education underscores the urgent need for robust cybersecurity measures. This paper proposes a comprehensive framework designed to analyze the illegal use of internet resources in university networks in Kazakhstan. The subject of this article is the detection and mitigation of cybercriminal activities using university networks in Kazakhstan. The goal is to develop a comprehensive framework that integrates multiple educational organizations to enhance collaborative security efforts by monitoring network activity and categorizing texts using machine learning techniques. The tasks to be solved are: to formalize the procedure of integrating multiple educational organizations into a collaborative cybersecurity framework; developing a log analysis tool tailored for monitoring network activities within university networks; creating a novel dictionary of extremist terms in the Kazakh language for text categorization; to implement advanced machine learning models for network traffic classification. The methods used are: log analysis tools for real-time monitoring and anomaly detection in network activities, Natural language processing (NLP) techniques to develop a specialized dictionary of extremist terms in Kazakh, Machine learning models to classify network traffic and detect potential cyber threats, and collaborative architecture design to integrate network security efforts across multiple institutions. The following results were obtained: a comprehensive log analysis tool was developed and implemented, providing real-time monitoring of network activities in university networks; a dictionary of extremist terms in Kazakh was created, facilitating the categorization and analysis of texts related to potential security threats; advanced machine learning models were successfully applied to classify network traffic, enhancing the detection and mitigation of cyber threats; and an experimental architecture integrating multiple educational organizations was established, fostering collaborative efforts in cybersecurity. Conclusions. The scientific novelty of the results obtained is as follows: 1) a robust framework for collaborative cybersecurity in educational institutions was developed, leveraging log analysis and machine learning techniques; 2) the creation of a specialized dictionary of extremist terms in Kazakh significantly improved the accuracy of text categorization related to cybersecurity; 3) the application of advanced machine learning models to network traffic classification provided a methodological approach to effectively managing and securing network infrastructure effectively; 4) the experimental architecture demonstrated the potential for enhanced security through collaboration among educational organizations, offering strategic recommendations for improving information security in academic environments. The outcomes of this research contribute to the broader cybersecurity field by providing a structured approach to detecting and mitigating cyber threats in educational contexts. The proposed framework has potential applications extending to global security frameworks, aiming to foster a safer internet usage environment and reduce the risks associated with cyber threats and unauthorized data access.