RISK CRITERIA AND ML ALGORITHMS FOR THREAT DETECTION IN A CLOUD ENVIRONMENT
DOI:
https://doi.org/10.28925/2663-4023.2026.32.1185Keywords:
machine learning; risk scoring; API/HTTP security; anomaly detection; OWASP Top 10; risk-based alerting; cloud microservices.Abstract
This paper proposes and experimentally validates an ML-oriented pipeline for detecting hazardous events in the API/HTTP traffic of cloud services. The approach combines two numerical channels: (i) a supervised channel based on structured event features for stable separation between benign events and attacks, and (ii) an auxiliary atypical-behavior channel that strengthens the response to rare or novel scenarios that are weakly represented in labeled data. The key methodological idea is to unify heterogeneous model outputs into a common probabilistic risk scale via calibration, temperature scaling, and prior attack-rate adjustment, which enables comparable scores across models of different nature. To achieve controlled management of false-positive activations, the decision threshold is selected under an FPR budget, while group-level score stability is improved through ensembling, including averaging in the additive log-odds domain. After combining channel signals, the final decision is stabilized with operational policies (including hysteresis) to avoid frequent state switching in streaming mode. Model quality is verified both with tabular metrics and visually by analyzing risk-score distributions for benign events and attacks, which helps interpret overlap regions and the impact of the threshold on false alerts. Experiments on a test set show high performance of the supervised channel: for the primary ML ensemble, ROC-AUC = 0.9843, PR-AUC = 0.9511, and F1 = 0.8400 are achieved at an FPR of approximately 0.051, whereas the baseline linear model yields substantially lower F1 values. The auxiliary atypical-behavior channel provides a practically useful signal that complements the supervised channel while maintaining a controlled false-alert rate. The proposed formulation scales to other API types and load profiles because it separates policies (thresholds, weights, calibration parameters) from the main event-processing flow. The results confirm the suitability of the approach for integration into cloud monitoring and incident-response infrastructure with controllable threshold policies and model updates.
Downloads
References
Abibulaiev, A., Pukach, P., & Vovk, M. (2026). Context-aware ML/NLP pipeline for real-time anomaly detection and risk assessment in cloud API traffic. Machine Learning and Knowledge Extraction, 8(1), 25. https://doi.org/10.3390/make8010025
Aldawsari, H., & Kouchay, S. A. (2024). Integrating AI and machine learning algorithms in cloud security frameworks for enhanced proactive threat detection and mitigation. Journal of Engineering and Technology Management, 74, 1042–1058.
Alzoubi, Y. I., Mishra, A., & Topcu, A. E. (2024). Research trends in deep learning and machine learning for cloud computing security. Artificial Intelligence Review, 57, 132–176. https://doi.org/10.1007/s10462-024-10776-5
Belal, M. M., & Sundaram, D. M. (2022). Comprehensive review on intelligent security defences in cloud: Taxonomy, security issues, ML/DL techniques, challenges and future trends. Journal of King Saud University – Computer and Information Sciences, 34, 9102–9131. https://doi.org/10.1016/j.jksuci.2022.08.035
Chornii, V., Martseniuk, Y., Partyka, A., & Harasymchuk, O. (2025). Information security risks associated with the uncontrolled storage of secrets in source code. CEUR Workshop Proceedings, 4042, 250–271.
Gooden, G. (n.d.). AWS prescriptive guidance: Embracing zero trust—A strategy for secure and agile business transformation. https://docs.aws.amazon.com/prescriptive-guidance/latest/strategy-zero-trust-architecture/introduction.html
Komala, R., Arun Kumar, B. R., Mahadeshwara, P., & Shreyas, A. (2024). Smart governance among smart cities for legal consideration to international data migration in cloud using machine learning, NLP and blockchain smart contract. Preprints. https://doi.org/10.20944/preprints202408.1028.v1
Malaiyappan, J. N. A., Prakash, S., Bayani, S. V., & Devan, M. (2024). Enhancing cloud compliance: A machine learning approach. Advanced International Journal of Multidisciplinary Research, 2(2). https://doi.org/10.62127/aijmr.2024.v02i02.1036
Mamidi, S. R. (2024). The role of AI and machine learning in enhancing cloud security. Journal of Artificial Intelligence and General Science, 3, 403–417. https://doi.org/10.60087/jaigs.v3i1.161
Okare, B. P., Omolayo, O., & Aduloju, T. D. (2024). Designing unified compliance intelligence models for scalable risk detection and prevention in SME financial platforms. International Journal of Multidisciplinary Research and Growth Evaluation, 5, 1421–1433. https://doi.org/10.54660/IJMRGE.2024.5.4.1421-1433
Olabanji, S. O., Marquis, Y. A., Adigwe, C. S., Ajayi, S. A., Oladoyinbo, T. O., & Olaniyi, O. O. (2024). AI-driven cloud security: Examining the impact of user behavior analysis on threat detection. Asian Journal of Research in Computer Science, 17, 57–74. https://doi.org/10.9734/AJRCOS/2024/v17i3424
Pham, V. H., & Do, T. T. H. (2023). Enhancing web application security: A deep learning and NLP-based approach for accurate attack detection. Journal of Science, Technology and Information Security, 3, 77–90.
Piskozub, A., & Abibulaiev, A. (2025). Integration of NLP and ML in cloud infrastructure security. CEUR Workshop Proceedings, 4024, 260–275.
Pop, D. (2012). Machine learning and cloud computing: Survey of distributed and SaaS solutions. IEAT Technical Report. https://arxiv.org/abs/1603.08767
Qayyum, A., Ijaz, A., Usama, M., Iqbal, W., Qadir, J., Elkhatib, Y., & Al-Fuqaha, A. (2024). Securing machine learning in the cloud: A systematic review of cloud machine learning security. Frontiers in Big Data, 3, 587139. https://doi.org/10.3389/fdata.2020.587139
Rakgoale, D. M., Kobo, H. I., Mapundu, Z. Z., & Khosa, T. N. (2024). A review of AI/ML algorithms for security enhancement in cloud computing with emphasis on artificial neural networks. In Proceedings of the 4th International Multidisciplinary Information Technology and Engineering Conference (IMITEC 2024) (pp. 329–336). IEEE. https://doi.org/10.1109/IMITEC60221.2024.10851076
Reddy, A. R. P., & Reddy, A. K. (2020). Automating incident response: AI-driven approaches to cloud security incident management. Chelonian Conservation and Biology, 15(2).
Vashishth, T. K., Sharma, V., Kumar, B., & Panwar, R. (2024). Enhancing cloud security: The role of artificial intelligence and machine learning. In Handbook of research on AI and ML in cybersecurity. IGI Global. https://doi.org/10.4018/979-8-3693-1431-9.ch004
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Admin Skladannyi
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
