GRAPH-BASED METHODOLOGY FOR DETECTION AND LOCALIZATION OF CYBER THREATS IN CLOUD ENVIRONMENTS WITH INTEGRATED IOT COMPONENTS
DOI:
https://doi.org/10.28925/2663-4023.2025.29.938Keywords:
cloud environment, cloud services, Internet of Things (IoT), countermeasures, cyber incident, edge computing, infrastructure, sensor networks, information security, graph, cyber resilience, model, threats, integrationAbstract
This paper proposes a methodology for detecting and localizing cyber threats in cloud environments integrated with IoT components. The approach relies on two complementary models: the Cyber-Threat Detection Graph (CTDG), which captures the multi-layered structure of attacks while accounting for risk, latency, and propagation potential; and the Cyberattack Alert Mapping Graph (CAMG), which models temporal–causal dependencies among events to reveal complex and combined threats. CAMG enables the construction of sequential event chains from telemetry, logs, and behavioral anomalies, integrating data from cloud services and IoT devices. This makes it possible not only to identify individual incidents but also to forecast the evolution of multi-stage attacks. To select response options, a generalized evaluation metric is applied that considers the effectiveness of threat localization, service continuity, and the time required to restore system trust. This supports the prioritization of countermeasures while minimizing the impact on critical resources. The proposed methodology blends classical and intelligent threat-analysis techniques, provides proactive monitoring, and remains adaptable under the high dynamism of cloud infrastructures. The solution targets deployment in mission-critical computing systems, industrial data centers, IoT networks, and cloud platforms, where maintaining a balance among security, performance, and infrastructure resilience is essential.
Downloads
References
• Hulak, H. M., Zhyltsov, O. B., Kyrychok, R. V., Korshun, N. V., & Skladannyi, P. M. (2023). Enterprise information and cyber security [Textbook]. Kyiv: Borys Grinchenko Kyiv Metropolitan University.
• Sáez-de-Cámara, X., Flores, J. L., Arellano, C., Urbieta, A., & Zurutuza, U. (2023). Clustered federated learning architecture for network anomaly detection in large scale heterogeneous IoT networks. Computers & Security, 131, 103299. https://doi.org/10.1016/j.cose.2023.103299
• Kostiuk, Y., Dovzhenko, N., Mazur, N., Skladannyi, P., & Rzaieva, S. (2025). Методика захисту GRID-середовища від шкідливого коду під час виконання обчислювальних завдань [Methodology for protecting GRID environment from malicious code during computational tasks]. Cybersecurity: Education, Science, Technique, 3(27), 22–40. https://doi.org/10.28925/2663-4023.2025.27.710
• Amarnath, L., Shah, P., Chandramouli, H., & Arun, S. (2019). Trustworthy cloud services for IoT security: Triple integration of security, privacy and reputation. International Journal of Engineering and Advanced Technology, 8, 3280–3283. https://doi.org/10.35940/ijeat.F9536.088619
• Yang, Y.-M., Chang, K.-C., & Luo, J.-N. (2025). Hybrid neural network-based intrusion detection system: Leveraging LightGBM and MobileNetV2 for IoT security. Symmetry, 17(3), 314. https://doi.org/10.3390/sym17030314
• Dovzhenko, N., Mazur, N., Skladannyi, P., Kostiuk, Y., & Rzaieva, S. (2024). Інтеграція ІоТ та штучного інтелекту в інтелектуальні транспортні системи [Integration of IoT and artificial intelligence into intelligent transport systems]. Cybersecurity: Education, Science, Technique, 2(26), 430–444. https://doi.org/10.28925/2663-4023.2024.26.708
• Popovska, H., Dimovski, T., & Popovski, F. (2024). The role of cloud providers in IoT services. International Journal of Computer Science and Information Technology, 16, 85–95. https://doi.org/10.5121/ijcsit.2024.16407
• Gulfam, U. H., Iqra, Y., Muhammad, A., Tehseen, M., Khan, M., Ines, J., & Habib, H. (2025). Energy-efficient deep learning-based intrusion detection system for edge computing: A novel DNN-KDQ model. Journal of Cloud Computing, 14. https://doi.org/10.1186/s13677-025-00762-9
• Kostiuk, Y. V., Skladannyi, P. M., Bebeshko, B. T., Khorolska, K. V., Rzaieva, S. L., & Vorokhob, M. V. (2025). Information and communication systems security [Textbook]. Kyiv: Borys Grinchenko Kyiv Metropolitan University.
• Engr, Z., Mushtaher, U., Ahsan, H. M., Aribah, M., Syed, H., & Chaman, B. (2025). AI-driven cybersecurity for IoT-cloud ecosystems. Physical Education Health and Social Sciences, 3, 63–76. https://doi.org/10.5281/zenodo.17079810
• Dovzhenko, N., Ivanichenko, Y., Skladannyi, P., & Ausheva, N. (2024). Інтеграція безпеки та відмовостійкості сенсорних мереж на основі аналізу енергоспоживання та трафіку [Integration of security and fault tolerance of sensor networks based on energy consumption and traffic analysis]. Cybersecurity: Education, Science, Technique, 1(25), 390–400. https://doi.org/10.28925/2663-4023.2024.25.390400
• Mallidi, S. K. R., & Ramisetty, R. R. (2025). A multi-level intrusion detection system for industrial IoT using bowerbird courtship-inspired feature selection and hybrid data balancing. Discover Computing, 28, 109. https://doi.org/10.1007/s10791-025-09632-z
• Prasad, A., Alenazy, W., Ahmad, N., Ali, G., Abdallah, H., & Ahmad, S. (2025). Optimizing IoT intrusion detection with cosine similarity-based dataset balancing and hybrid deep learning. Scientific Reports, 15. https://doi.org/10.1038/s41598-025-15631-3
• Barabash, O., Ausheva, N., Skladannyi, P., Ivanichenko, Y., & Dovzhenko, N. (2024). Технічні аспекти побудови відмовостійкої інфраструктури сенсорної мережі [Technical aspects of building a fault-tolerant sensor network infrastructure]. Cybersecurity: Education, Science, Technique, 4(24), 185–195. https://doi.org/10.28925/2663-4023.2024.24.185195
• Kostiuk, Y. V., Skladannyi, P. M., Hulak, H. M., Bebeshko, B. T., Khorolska, K. V., & Rzaieva, S. L. (2025). Information security systems [Textbook]. Kyiv: Borys Grinchenko Kyiv Metropolitan University.
• Rampone, G., Ivaniv, T., & Rampone, S. (2025). A hybrid federated learning framework for privacy-preserving near-real-time intrusion detection in IoT environments. Electronics, 14(7), 1430. https://doi.org/10.3390/electronics14071430
• Kikissagbe, B. R., & Adda, M. (2024). Machine learning-based intrusion detection methods in IoT systems: A comprehensive review. Electronics, 13(18), 3601. https://doi.org/10.3390/electronics13183601
• Wang, Y., Han, Z., Du, Y., Li, J., & He, X. (2025). BS-GAT: A network intrusion detection system based on graph neural network for edge computing. Cybersecurity, 8. https://doi.org/10.1186/s42400-024-00296-8
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Надія Довженко, Євген Іваніченко, Юлія Костюк
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
