Intelligent Threat Hunting in Cloud Environments Using Machine Learning-Based Cybersecurity Techniques
Keywords:
Cybersecurity, Cloud Computing,Abstract
As cloud security has grown with a rapid increase in cloud computing, more developed cybersecurity
threats have emerged, necessitating sophisticated defence mechanisms. Conventional security systems
such as signature-based intrusion detection and rule-based anomaly detection are ineffective in the face
of zero-day attacks and multi-vector cyber intrusions. In contrast to this, this work introduces a hybrid
deep learning paradigm that combines Convolutional Neural Networks (CNNs) and Transformers in a
smart threat hunting scheme for cloud environments. The model proposed is trained and tested on the
BCCC-cPacket-Cloud-DDoS-dataset, a practical dataset with 26 attack and benign traffic labels and
more than 300 extracted features. Data preprocessing involves Min-Max normalization for the scaling
of features and Principal Component Analysis (PCA) for reducing dimensions, maintaining
computational efficiency while preserving key network features. The hybrid system combines CNN's
feature extraction ability and the Transformer's self-attention mechanism and thereby develops an
efficient system for anomaly detection. Performance comparison of the hybrid model with individual
CNN and Transformer models reveals better performance in all major metrics. The Hybrid CNN-
Transformer model has 92-97% accuracy, 92-98% recall, and 91-97% F1-score, surpassing individual
CNN and Transformer models. It also has an optimal execution speed of 20-70ms, lowering the
computational cost of using Transformers while increasing detection efficiency. The findings support a
dramatic real-time cloud security analytics improvement with reduced false positives and proactive
mitigation of threats. This work extends the state of AI-based cybersecurity through a cloud-scalable,
low-resource, and smart threat detection system for clouds. The developed hybrid model can be
effectively implemented in real-time cybersecurity applications and enhances anomaly detection,
intrusion detection, and network forensics.
