Methods for detection and analysis of misconfiguration-based attacks in cloud services

Authors

DOI:

https://doi.org/10.17721/ISTS.2025.9.26-31

Keywords:

мisconfiguration, cloud services, attack detection, security, vulnerability analysis, machine learning, monitoring

Abstract

Background. With the advancement of cloud technologies, an increasing number of organizations are transitioning to the use of cloud services for data storage and computations. However, incorrect configuration (misconfiguration) of cloud services has become one of the main causes of vulnerabilities that can be exploited by malicious actors to carry out attacks. Misconfigurations can lead to unauthorized access to confidential data, system compromises, and other serious security consequences. The aim of this work is to investigate methods for detecting and analyzing attacks arising from misconfigurations in cloud services, as well as to develop recommendations for enhancing security levels.
Methods. The study analyzes existing approaches to detecting misconfigurations, including the use of automated scanning tools, analysis of event logs, and the application of machine learning methods for anomaly detection. A hybrid method is proposed that combines static configuration analysis with dynamic monitoring of network traffic. A specialized algorithm has been developed to identify potential vulnerabilities and assess their criticality. Simulations of various types of attacks were conducted to evaluate the effectiveness of the proposed method.
Results. The research results showed that the proposed hybrid method allows for highly effective detection of misconfigurations that can lead to attacks. Using the hybrid method increased the accuracy of anomaly detection by 23% compared to traditional methods. Analysis of real attack cases confirmed the method's effectiveness in detecting and preventing threats. The developed recommendations for configuration adjustments help reduce the risk of successful misconfiguration-based attacks.
Conclusions. The proposed methods for detecting and analyzing misconfiguration-based attacks in cloud services demonstrated high effectiveness and can be integrated into organizations' security systems. They enable timely identification of vulnerabilities, prevention of potential attacks, and enhancement of the overall security level of cloud infrastructures. Further development of these methods, particularly the improvement of machine learning algorithms, will contribute to more effective protection against new types of threats.

Downloads

Download data is not yet available.

References

Breiman, L. (2001). Random Forests. Machine Learning, 45(1), 5–32. https://doi.org/10.1023/A:1010933404324.

Butt, U. A., Mehmood, M., Shah, S. B. H., Amin, R., Shaukat, M. W., Raza, S. M., Suh, D. Y., & Piran, M. J. (2020). A Review of Machine Learning Algorithms for Cloud Computing Security. Electronics, 9(9), 1379. https://doi.org/10.3390/electronics9091379.

CIS. (2020). CIS Controls® Version 7.1. Center for Internet Security. https://www.cisecurity.org/controls/v7-1.

Fotiadou, K., Velivassaki, T.-H., Voulkidis, A., Skias, D., Tsekeridou, S., & Zahariadis, T. (2021). Network Traffic Anomaly Detection via Deep Learning. Information, 12(5), 215. https://doi.org/10.3390/info12050215.

He, Z., & Lee, R. B. (2021). CloudShield: Real-time Anomaly Detection in the Cloud [Preprint]. arXiv. https://doi.org/10.48550/arXiv.2108.08977.

Landauer, M., Onder, S., & Skopik, F. (2023). Deep learning for anomaly detection in log data: A survey, 6–8. https://doi.org/10.1016/j.mlwa.2023.100470.

Liu, F. T., Ting, K. M., & Zhou, Z.-H. (2008). Isolation Forest. 2008 Eighth IEEE International Conference on Data Mining (рр. 413–422). https://doi.org/10.1109/ICDM.2008.17.

MacQueen, J. (1967). Some Methods for Classification and Analysis of Multivariate Observations. Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability, 1, 281–297.

NIST. (2011). Guide for Security-Focused Configuration Management of Information Systems (SP 800-128). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-128.

Paxson, V. (1999). Bro: A System for Detecting Network Intruders in Real-Time. Computer Networks, 31(23–24), 2435–2463. https://doi.org/10.1016/S1389-1286(99)00112-7.

Quiao, Y., Jin, P., & Wu, K. (2021). Efficient Anomaly Detection for High-Dimensional Sensing Data With One-Class Support Vector Machine (рр. 13–15). https://dx.doi.org/10.1109/TKDE.2021.3077046.

Tsai, C.-F., Hsu, Y.-F., Lin, C.-Y., & Lin, W.-Y. (2009). Intrusion Detection by Machine Learning: A Review. Expert Systems with Applications, 36(10), 11994–12000. https://doi.org/10.1016/j.eswa.2009.05.029.

Zhang, J., Piskac, R., Zhai, E., & Xu, T. (2021). Static Detection of Silent Misconfigurations with Deep Interaction Analysis. Proceedings of the ACM on Programming Languages, 5(OOPSLA), 140, 1–30. https://doi.org/10.1145/3485517.

Zhao, Y., Nasrullah, Z., & Li, Z. (2019). PyOD: A Python Toolbox for Scalable Outlier Detection. Journal of Machine Learning Research, 20(96), 1–7. https://doi.org/10.48550/arXiv.1901.01588.

Downloads

Published

2025-08-29

Issue

Vol. 1 No. 9 (2025): Information systems and technologies security

Section

Cybersecurity and information protection

License

Copyright (c) 2025 Information systems and technologies security

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Methods for detection and analysis of misconfiguration-based attacks in cloud services. (2025). Information Systems and Technologies Security, 1(9), 26-31. https://doi.org/10.17721/ISTS.2025.9.26-31

Most read articles by the same author(s)