Evidence Detection in Cloud Forensics: Classifying Cyber-Attacks in IaaS Environments using machine learning

Authors

DOI:

https://doi.org/10.56294/dm2025699

Keywords:

Cloud, Cloud Forensics, Machine Learning, Classifiers, CPU, Attack

Abstract

Introduction: Cloud computing is considered a remarkable paradigm shift in Information Technology (IT), offering scalable and virtualized resources to end users at a low cost in terms of infrastructure and maintenance. These resources offer an exceptional degree of flexibility and adhere to established standards, formats, and networking protocols while being managed by several management entities. However, the existence of flaws and vulnerabilities in underlying technology and outdated protocols opens the door for malicious network attacks.
Methods: This study addresses these vulnerabilities by introducing a method for classifying attacks in Infrastructure as a Service (IaaS) cloud environments, utilizing machine learning methodologies within a digital forensics framework. Various machine learning algorithms are employed to automatically identify and categorize cyber-attacks based on metrics related to process performance. The dataset is divided into three distinct categories—CPU usage, memory usage, and disk usage—to assess each category’s impact on the detection of attacks within cloud computing systems.
Results: Decision Tree and Neural Network models are recommended for analyzing disk-related features due to their superior performance in detecting attacks with an accuracy of 90% and 87.9%, respectively. Neural Network is deemed more suitable for identifying CPU behavior, achieving an accuracy of 86.2%. For memory-related features, K-Nearest Neighbor (KNN) demonstrates the best False Negative Rate (FNR) value of 1.8%.
Discussion: Our study highlights the significance of customizing the selection of classifiers based on the specific system feature and the intended focus of detection. By tailoring machine learning models to particular system features, the detection of malicious activities in IaaS cloud environments can be enhanced, offering practical insights into effective attack classification. 

References

[1] M. I. Ghafoor, M. S. Roomi, M. Aqeel, U. Sadiq, S. U. Bazai, “Multi-features classification of smd screen in smart cities using randomised machine learning algorithms,” 2nd International Informatics and Software Engineering Conference (IISEC), pp. 1–5, 2021. DOI: 10.1109/IISEC54230.2021.9672380

[2] S. R. Seelam, M. Shobana, S. V. P. R. Pulagurla, N. A. Kundeti, “Securecloud guardian: Machine learning-driven privilege escalation detection and mitigation for cloud environments,” Tech. rep., EasyChair (2024). https://easychair.org/publications/preprint/JHg8

[3] G. Ziheng, G. Jiang, “A novel intrusion detection mechanism in cloud computing environments based on artificial neural network and genetic algorithm,” Telecommunications and Radio Engineering, pp. 51-64, 2024. DOI: 10.1615/TelecomRadEng.2024048769

[4] M. Dawood, S. Tu, C. Xiao, H. Alasmary, M. Waqas, S. U. Rehman, “Cyberattacks and security of cloud computing: a complete guideline,” Symmetry, vol. 15, no. 11, 2023. https://doi.org/10.3390/sym15111981

[5] S. Ayyub, P. Kaushik, “Secure searchable image encryption in cloud using hyper chaos,” The International Arab Journal of Information Technology (IAJIT), vol.16, no. 2, 251-259, 2019.

[6] L. Hasimi, D. Zavantis, E. Shakshuki, A. Yasar, “Cloud computing security and deep learning: An ANN approach,” Procedia Computer Science, vol. 231, pp. 40-47, 2024. https://doi.org/10.1016/j.procs.2023.12.155

[7] T. Beucler, I. Ebert-Uphoff, S. Rasp, M. Pritchard, P. Gentine, “Machine learning for clouds and climate,” Clouds and their climatic impacts: Radiation, circulation, and precipitation, pp. 325–345, 2023. https://doi.org/10.1002/9781119700357.ch16

[8] D. C. Le, N. Zincir-Heywood, M. I. Heywood, “Analyzing data granularity levels for insider threat detection using machine learning,” IEEE Transactions on Network and Service Management, vol. 17, no.1, pp. 30–44, 2020. DOI: 10.1109/TNSM.2020.2967721

[9] Q. K. Kadhim, O. F. Alwan, I. Y. Khudhair, “Deep learning methods to prevent various cyberattacks in cloud environment,” Revue d’Intelligence Artificielle, vol. 38, no. 3, pp. 893-900, 2024. DOI: https://doi.org/10.18280/ria.380316

[10] A. Sarosh, “Machine learning based hybrid intrusion detection forvirtualized infrastructures in cloud computing environments,” Journal of Physics: Conference Series, vol. 2089, pp. 012072, 2021. DOI: 10.1088/1742-6596/2089/1/012072

[11] U. Bhatta, “How to integrate cloud service, data analytic and machine learning technique to reduce cyber risks associated with the modern cloud based infrastructure,” arXiv preprint arXiv:2405.11601, DOI:10.48550/arXiv.2405.11601

[12] I. AlSaleh, A. Al-Samawi, L. Nissirat, “Novel machine learning approach for ddos cloud detection: Bayesian-based cnn and data fusion enhancements,” Sensors, vol. 24, no. 5, 2024. https://doi.org/10.3390/s24051418

[13] M. Bakro, R. R. Kumar, A. Alabrah, Z. Ashraf, M. N. Ahmed, M. Shameem, A. Abdelsalam, “An improved design for a cloud intrusion detection system using hybrid features selection approach with ml classifier,” IEEE Access, vol. 11, pp. 64228–64247, 2023. DOI:10.1109/ACCESS.2023.3289405

[14] M. Mayuranathan, S. Saravanan, B. Muthusenthil, A. Samydurai, “An efficient optimal security system for intrusion detection in cloud computing environment using hybrid deep learning technique,” Advances in Engineering Software, vol. 173, no. 3, pp. 103236, 2022. DOI:10.1016/j.advengsoft.2022.103236

[15] J.-H. Park, S.-H. Na, J.-Y. Park, E.-N. Huh, C.-W. Lee, H.-C. Kim, “A study on cloud forensics and challenges in saas application environment,” IEEE 18th International Conference on High Performance Computing and Communications; IEEE 14th International Conference on Smart City; IEEE 2nd International Conference on Data Science and Systems (HPCC/SmartCity/DSS), pp. 734–740, 2016. DOI:10.1109/HPCC-SmartCity-DSS.2016.0107

[16] M. Brundage, S. Avin, J. Clark, H. Toner, P. Eckersley, B. Garfinkel, A. Dafoe, P. Scharre, T. Zeitzoff, B. Filar, et al., “The malicious use of artificial intelligence: Forecasting, prevention, and mitigation,” arXiv preprint arXiv:1802.07228, 2018 DOI:10.48550/arXiv.1802.07228

[17] S. B. Kotsiantis, “Decision trees: a recent overview,” Artificial Intelligence Review, vol. 39, pp. 261–283, 2013. DOI:10.1007/s10462-011-9272-4

[18] I. Steinwart, A. Christmann, “Support vector machines,” Springer Science & Business Media, 2008.

[19] D. G. Kleinbaum, K. Dietz, M. Gail, M. Klein, M. Klein, Logistic regression, Springer, 2002.

[20] K. P. Murphy, et al., “Naive bayes classifiers,” University of British Columbia, vol. 18, no. 60, pp. 1–8, 2006.

[21] L. E. Peterson, “K-nearest neighbor,” Scholarpedia, vol. 4, no. 2, 2009.

[22] S. Dreiseitl, L. Ohno-Machado, “Logistic regression and artificial neural network classification models: a methodology review,” Journal of Biomedical Informatics, vol. 35, no. 5-6, pp. 352–359, 2002. https://doi.org/10.1016/S1532-0464(03)00034-0

[23] M. Mohamed, K. Alosman, “A comprehensive machine learning framework for robust security management in cloud-based internet of things systems,” Jurnal Kejuruteraan, vol. 36, no. 3, pp. 1055–1065, 2024. https://doi.org/10.17576/jkukm-2024-36(3)-18

[24] J. N. A. Malaiyappan, S. Prakash, S. V. Bayani, M. Devan, “Enhancing cloud compliance: A machine learning approach,” AIJMR-Advanced International Journal of Multidisciplinary Research, vol. 2, no. 2, 2024. https://doi.org/10.62127/aijmr.2024.v02i02.1036

[25] R. Senthilkumar, S. Yasotha, P. Manochithra, J. Senthil, G. Sivakumar, “An efficient investigation of cloud computing security with machine learning algorithm,” International Conference on Inventive Computation Technologies (ICICT), pp. 678–683, 2024. DOI:10.1109/ICICT60155.2024.10544578

[26] S. R. Mamidi, The role of AI and machine learning in enhancing cloud security, Journal of Artificial Intelligence General science (JAIGS), vol. 3, no. 1, pp. 403–417, 2024. DOI: https://doi.org/10.60087/jaigs.v3i1.161

[27] G. Vijayan, K. Dharun, M. Dhinesh, S. Mahalakshmi, “Establishing cloud security using modern learning approaches,” International Conference on Inventive Computation Technologies (ICICT), pp. 1283–1286, 2024. DOI:10.1109/ICICT60155.2024.10544686

[28] M. Dhinakaran, M. Sundhari, S. Ambika, V. Balaji, R. T. Rajasekaran, “Advanced machine learning techniques for enhancing data security in cloud computing systems,” IEEE International Conference on Computing, Power and Communication Technologies (IC2PCT), Vol. 5, 2024, pp. 1598–1602, 2024.

[29] P. Khatarkar, D. P. Singh, A. Sharma, “Machine learning protocols for enhanced cloud network security,” IEEE International Conference on ICT in Business Industry & Government (ICTBIG), pp. 1–6, 2023. DOI:10.1109/ICTBIG59752.2023.10456016

[30] H. Nasir, A. Ayaz, S. Nizamani, S. Siraj, S. Iqbal, M. K. Abid, “Cloud computing security via intelligent intrusion detection mechanisms,” International Journal of Information Systems and Computer Technologies, vol. 3, no. 1, pp. 84–92, 2024. DOI: https://doi.org/10.58325/ijisct.003.01.0082

[31] S. Kavitha, S. Gadde, R. Thatikonda, S. A. Vaddadi, E. Naresh, P. K. Pareek, “Enhancing data security in cloud computing with optimized feature selection and machine learning for intrusion detection,” 2023. DOI:10.21203/rs.3.rs-3572347/v1

[32] K. R. Alla, G. Thangarasu, “Performance evaluation of evolutionary under sampling and machine learning techniques for network security in cloud environment,” Asia Simulation Conference, pp. 270–278, 2023.

[33] S. R. Mamidi, The role of AI and machine learning in enhancing cloud security, vol. 3, no. 1, 2024. (2024). doi:10.60087/jaigs.v3i1.161.

[34] J. N. A. Malaiyappan, S. Prakash, S. V. Bayani, M. Devan, Enhancing cloud compliance: A machine learning approach, vol. 2, no. 2, 2024.doi:10.62127/aijmr.2024.v02i02.1036.

[35] Al Sharah A, Owida HA, Alnaimat F, Abuowaida S. Application of machine learning in chemical engineering: outlook and perspectives. Int J Artif Intell. 2024 Mar;13(1):619-30.‏ http://doi.org/10.11591/ijai.v13.i1.pp619-630

[36] Owida HA, Moh’d BA, Turab N, Al-Nabulsi J, Abuowaida S. The Evolution and Reliability of Machine Learning Techniques for Oncology. International Journal of Online & Biomedical Engineering. 2023 Aug 1;19(8). doi: https://doi.org/10.3991/ijoe.v19i08.39433

[37] Alshdaifat, N., Osman, M. A., & Talib, A. Z. (2022). An improved multi-object instance segmentation based on deep learning. Kuwait Journal of Science, 49(2).‏ doi: https://doi.org/10.48129/kjs.10879

[38] Abuowaida, S. F. A., Chan, H. Y., Alshdaifat, N. F. F., & Abualigah, L. (2021). A novel instance segmentation algorithm based on improved deep learning algorithm for multi-object images. Jordanian Journal of Computers and Information Technology (JJCIT), 7(01).‏ doi: 10.5455/jjcit.71-1603701313

[39] Abuowaida, S. F., & Chan, H. Y. (2020). Improved deep learning architecture for depth estimation from single image. Jordanian Journal of Computers and Information Technology, 6(4).‏ doi: 10.5455/jjcit.71-1593368945

[40] Alshdaifat, N., & Rahman, M. N. A. (2024). The effect of technological context on smart home adoption in Jordan. Indonesian Journal of Electrical Engineering and Computer Science, 33(2), 1186-1195.‏, doi: 10.11591/ijeecs.v33.i2.pp1186-1195.

[41] Alomoush, A., Alkhawaldeh, A., ALBashtawy, M., Hamaideh, S., Abdelkader, R., Mohammad, K., ... & Al-Qudah, M. (2024). Self-Medication and its Associated Factors among University Students: A Cross-Sectional Study. Iranian Journal of Nursing and Midwifery Research, 29(2), 268-271.‏ ‏, doi: 10.4103/ijnmr.ijnmr_123_23

[42] Alkhawaldeh, A., Alsaraireh, M., ALBashtawy, M., Rayan, A., Khatatbeh, M., Alshloul, M., ... & Alhroub, N. (2024). Assessment of cognitive impairment and related factors among elderly people in Jordan. Iranian Journal of Nursing and Midwifery Research, 29(1), 120-124.‏ ‏, doi: 10.4103/ijnmr.ijnmr_456_22.

[43] H. Khafajeh, "Cyberbullying Detection in Social Networks Using Deep Learning", The International Arab Journal of Information Technology (IAJIT) ,Volume 21, Number 06, pp. 1054 - 1063, November 2024, doi: 10.34028/iajit/21/6/9.

[44] R. Alazaidah, (2023, December). A Comparative Analysis of Discretization Techniques in Machine Learning. In 2023 24th International Arab Conference on Information Technology (ACIT) (pp. 1-6). IEEE.‏ doi: 10.1109/ACIT58888.2023.10453749.

[45] H. A. Owida, J. I. Al-Nabulsi, N. M. Turab, M. Al-Ayyad, R. Alazaidah, & N. Alshdaifat (2025). Progression of polymeric nanostructured fibres for pharmaceutical applications. Bulletin of Electrical Engineering and Informatics, 14(1), 409-420.‏ doi: 10.11591/eei.v14i1.7315.

[46] H. M. Turki, E. Al Daoud, G. Samara, R. Alazaidah, M. H. Qasem, M. Aljaidi, ... & N. Alshdaifat. (2025). Arabic fake news detection using hybrid contextual features. International Journal of Electrical & Computer Engineering (2088-8708), 15(1).‏ doi: http://doi.org/10.11591/ijece.v15i1.pp836-845

[47] Mohammad, A.A.S., Shelash, S.I., Saber, I.T., Vasudevan, A., Darwazeh, R.N., Almajali, R., & Fei, A. (2025). Internal Audit Governance Factors and their effect on the Risk-Based Auditing Adoption of Commercial Banks in Jordan. Data and Metadata, 4, 464.

[48] Mohammad, A.A.S., Al-Hawary, S.I.S., Hindieh, A., Vasudevan, A., Al-Shorman, H.M., Al-Adwan, A.S., Alshurideh, M.T., & Ali, I. (2025). Intelligent Data-Driven Task Offloading Framework for Internet of Vehicles Using Edge Computing and Reinforcement Learning. Data and Metadata, 4, 521.

[49] Alhalalmeh, M.I., Al Sarayreh, A., Al-Ayed, S.I., Al-Tit, A.A., Alqahtani, M.M., Hunitie, M.F.A., & Mohammad, A.A.S. (2025). The Impact of Dynamic Capabilities on Entrepreneurial Performance: An Empirical Study of SMEs. In intelligence-driven circular economy: regeneration towards sustainability and social responsibility (pp. 465-479). Cham: Springer Nature Switzerland.

[50] Salameh, W.E.M.K.B., Mohammad, A.A.S., Alshurideh, M.T., Alolayyan, M.N., Hunitie, M.F.A., Rababah, M.W., & Al-hawajreh, K.M. (2025). Evaluation of Applying the PDCA Cycle on Medication Administration in the Emergency Departments. In intelligence-driven circular economy: regeneration towards sustainability and social responsibility (pp. 319-330). Cham: Springer Nature Switzerland.

[51] Mohammad, A.A.S., Alolayyan, M.N., Al-Daoud, K.I., Al Nammas, Y.M., Vasudevan, A., & Mohammad, S.I. (2024). Association between Social Demographic Factors and Health Literacy in Jordan. Journal of Ecohumanism, 3(7), 2351-2365.

[52] Mohammad, A.A.S., Khanfar, I.A., Al-Daoud, K.I., Odeh, M., Mohammad, S.I., & Vasudevan, A. (2024). Impact of perceived brand dimensions on Consumers' Purchase Choices. Journal of Ecohumanism, 3(7), 2341-2350.

[53] Mohammad, A.A.S., Khanfa, I.A., Al Oraini, B., Vasudevan, A., Mohammad, S.I., & Ala'a, M. (2024). User acceptance of health information technologies (HIT): an application of the theory of planned behavior. Data and Metadata, 3, 394-394.

[54] Mohammad, A.A.S., Khanfar, I.A., Al Oraini, B., Vasudevan, A., Mohammad, S.I., & Fei, Z. (2024). Predictive analytics on artificial intelligence in supply chain optimization. Data and Metadata, 3, 395-395.

[55] Mohammad, A.A.S., Alolayyan, M. N., Al-Daoud, K. I., Al Nammas, Y. M., Vasudevan, A., & Mohammad, S. I. (2024). Association between Social Demographic Factors and Health Literacy in Jordan. Journal of Ecohumanism, 3(7), 2351-2365.

[56] Mohammad, A.A.S., Khanfar, I. A., Al Oraini, B., Vasudevan, A., Mohammad, S. I., & Fei, Z. (2024). Predictive analytics on artificial intelligence in supply chain optimization. Data and Metadata, 3, 395-395.

[57] Mohammad, A.A.S., Alshebel, M., Al Oraini, B., Vasudevan, A., Mohammad, S.I.S., Jiang, H., & Al Sarayreh, A. (2024). Research on Multimodal College English Teaching Model Based on Genetic Algorithm. Data and Metadata, 3, 421.

[58] Mohammad, A.A.S., Al-Daoud, K.I., Al Oraini, B., Mohammad, S.I.S., Vasudevan, A., Zhang, J., & Hunitie, M.F.A. (2024). Using Digital Twin Technology to Conduct Dynamic Simulation of Industry-Education Integration. Data and Metadata, 3, 422.

Downloads

Published

2025-02-10

Issue

Section

Original

How to Cite

1.
Abuowaida S, Abu Owida H, Shelash Mohammad SI, Alshdaifat N, Abu Elsoud E, Alazaidah R, et al. Evidence Detection in Cloud Forensics: Classifying Cyber-Attacks in IaaS Environments using machine learning. Data and Metadata [Internet]. 2025 Feb. 10 [cited 2025 Mar. 20];4:699. Available from: https://dm.ageditor.ar/index.php/dm/article/view/699