Anomaly Detection in User Behaviour Using Machine Learning For Cloud Platforms

Authors

  • Purushottam Perapu St. Mary’s Group of Institution Computer Information System Hyderabad, India Author

DOI:

https://doi.org/10.32628/CSEIT25113343

Keywords:

Anomaly detection, user behavior analytics, machine learning, cloud se- curity, supervised learning, unsupervised learning, semi-supervised learning, One-Class SVM, Isolation Forest, Autoencoders, behavioral profiling, fea- ture engineering, SIEM integration, real-time detection, data privacy, SHAP, LIME, dimensionality reduction, PCA, t-SNE, CASB, SOAR, cyber threat detection, cloud log analysis, pattern recognition, insider threats, account takeover, adaptive security

Abstract

In the era of rapid digital transformation, cloud platforms have become the backbone of modern computing infrastructure, offering scalability, flexibil- ity, and cost-efficiency. However, their widespread adoption has also made them prime targets for sophisticated cyber threats, especially those involv- ing anomalous user behavior. Detecting anomalies in user activities is critical for identifying potential insider threats, account takeovers, privilege misuse, and other malicious actions that may evade traditional rule-based security systems. This research paper explores the implementation of machine learn- ing techniques for real-time anomaly detection in user behavior across cloud platforms, providing a proactive approach to cloud security. The study emphasizes the limitations of static rule-based systems and tra- ditional SIEM (Security Information and Event Management) tools, which often fail to adapt to evolving behavioral patterns and generate high false- positive rates. By leveraging supervised, unsupervised, and semi-supervised machine learning models, we propose an intelligent system capable of learn- ing normal usage patterns and identifying deviations indicative of threats. Key algorithms such as Isolation Forest, One-Class SVM, Autoencoders, and clustering techniques like DBSCAN and K-Means are examined for their ef- fectiveness in identifying anomalies in large-scale, multidimensional datasets generated by user activity logs, API calls, access records, and system meta- data. Our methodology involves the preprocessing of cloud log data, feature engineering for behavior profiling, and training models on both labeled and unlabeled data. The study also incorporates techniques for dimensionality re- duction (e.g., PCA, t-SNE) and explains model interpretability using SHAP and LIME to foster trust among cybersecurity teams. Performance metrics such as precision, recall, F1-score, and ROC-AUC are used to evaluate de- tection capabilities, with a focus on reducing false alarms while maintaining high detection accuracy. Additionally, the paper addresses the challenges of real-time deployment, scalability, data privacy, and the integration of anomaly detection modules with existing cloud security architectures like SIEM, SOAR, and CASB. A case study simulating behavioral anomalies on a public cloud environment (e.g., Microsoft Azure or AWS) demonstrates the practical applicability of the proposed solution. By integrating intelligent, adaptive anomaly detection systems, organiza- tions can significantly enhance their cloud security posture, respond proac- tively to emerging threats, and reduce dwell time of malicious actors. This research contributes to the evolving field of AI-driven cybersecurity and lays the foundation for future advancements in autonomous threat detection for dynamic cloud ecosystems.

Downloads

Download data is not yet available.

References

Ahmed, M., Mahmood, A. N., & Hu, J. (2016). A survey of network anomaly detection techniques. Journal of Network and Computer Ap- plications, 60, 19–31.

Breunig, M. M., Kriegel, H. P., Ng, R. T., & Sander, J. (2000). LOF: Identifying density-based local outliers. Proceedings of the ACM SIG- MOD, 93–104.

Chandola, V., Banerjee, A., & Kumar, V. (2009). Anomaly detection: A survey. ACM Computing Surveys (CSUR), 41(3), 1–58.

Yerra, S. (2025). Reducing ETL processing time with SSIS optimizations for large-scale data pipelines. International Journal of Data Science and Machine Learning, 5(1), f61–f68. https://doi.org/10.55640/ ijdsml-05-01-12

Erfani, S. M., Rajasegarar, S., Karunasekera, S., & Leckie, C. (2016). High-dimensional and large-scale anomaly detection using a linear one- class SVM with deep learning. Pattern Recognition, 58, 121–134.

Gavai, G., Sricharan, K., Gunning, D., Hanley, J., Singhal, M., & Rolle- ston, R. (2015). Detecting insider threats using RADISH: A system for real-time anomaly detection in heterogeneous data streams. IEEE Se- curity and Privacy Workshops, 63–70.

Yerra, S. (2025). Optimizing supply chain efficiency using AI-driven pre- dictive analytics in logistics. Retrieved from https://ijsrcseit.com/ index.php/home/article/view/CSEIT25112475

Yerra, S. (2025). Enhancing inventory management through real-time Power BI dashboards and KPI tracking. Retrieved from https:// ijsrcseit.com/index.php/home/article/view/CSEIT25112458

Kim, G., Lee, S., & Kim, S. (2014). A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Systems with Applications, 41(4), 1690–1700.

Yerra, S. (2025). Leveraging Azure DevOps for backlog management and sprint planning in supply chain. Journal of Information Sys- tems Engineering and Management, 10(36), f1019–f1023. https:// jisem-journal.com/index.php/journal/article/view/6629

Hochreiter, S., & Schmidhuber, J. (1997). Long short-term memory. Neural Computation, 9(8), 1735–1780.

Yerra, S., & Middae, V. L. (2025). Intelligent workload readjustment of serverless functions in cloud to edge environment. International Journal of Data Science and Machine Learning. https://doi.org/10.55640/ ijdsml-05-01-18

Liu, F. T., Ting, K. M., & Zhou, Z. H. (2008). Isolation Forest. IEEE International Conference on Data Mining, 413–422.

Yerra, S. (2024). Improving customer satisfaction with predictive analyt- ics in logistics and delivery systems. Retrieved from https://romanpub. com/resources/SMCS%20-%20May%202024.pdf

Mirsky, Y., Doitshman, T., Elovici, Y., & Shabtai, A. (2018). Kitsune: An ensemble of autoencoders for online network intrusion detection. NDSS.

Ruff, L., Vandermeulen, R. A., G¨ornitz, N., et al. (2018). Deep One- Class Classification. Proceedings of the 35th International Conference on Machine Learning (ICML).

Yerra, S. (2024). The impact of AI-driven data cleansing on supply chain data accuracy and master data management. Retrieved from https://romanpub.com/resources/SMCS%20Feb%202024.pdf

Shone, N., Ngoc, T. N., Phai, V. D., & Shi, Q. (2018). A deep learning approach to network intrusion detection. IEEE Transactions on Emerg- ing Topics in Computational Intelligence, 2(1), 41–50.

Yadav, S., & Selvakumar, S. (2015). Detection of application layer DDoS attack by feature learning using stacked autoencoder. Neurocomputing, 172, 385–393.

Middae, V. L., Appachikumar, A. K., Lakhamraju, M. V., & Yerra, S. (2024). AI-powered Fraud Detection in Enterprise Lo- gistics and Financial Transactions: A Hybrid ERP-integrated Ap- proach. Retrieved from https://computerfraudsecurity.com/index. php/journal/article/view/673/455

Middae, V. L. (2025). Enhancing Cloud Security with AI-Driven Big Data Analytics. Retrieved from https://theamericanjournals.com/ index.php/tajet/article/view/6204

Downloads

Published

26-05-2025

Issue

Vol. 11 No. 3 (2025): May-June

Section

Research Articles

License

Copyright (c) 2025 International Journal of Scientific Research in Computer Science, Engineering and Information Technology

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.