Detecting User Sign-in Anomalies in Cloud-based Logs Using Machine Learning Techniques

Aisha Alqahtani, Zayed University
Fatma Taher, Zayed University

Document Type

Conference Proceeding

Source of Publication

International Conference on Communication Computing Networking and Control in Cyber Physical Systems Ccncps 2025

Publication Date

9-5-2025

Abstract

Brute-force is a simple yet effective cyberattack that can hurdle the business continuity of a company. To identify the attack's occurrence, Security Operations Center analysts are to review huge volumes of logs, which can be rather cumbersome and might even result in missing out on some important details of attack attempts. Analysts would usually spend some time looking at sign-in locations, timings, IP addresses and even extend their analysis to the audit logs of a user or a group of users. In this light we propose a Machine Learning system that monitors Cloud-based logs to identify user anomalies and indications of a cybersecurity attack attempt. For the development of our model, we utilized the unsupervised Machine Learning algorithm: Isolation Forest, which has proved to be effective in measuring anomalies in Cloud-based sign-in logs. Our log analysis process involved the use of.csv sign-in records from a simulated Microsoft Azure environment dedicated for this research, where attacks have been manually issued on the said environment from multiple applications. Our original logs have been expanded to a bigger dataset of around 13 thousand records in a synthesized manner. Our Isolation Forest Machine Learning model achieved an overall calculated accuracy of 99.36%, a precision rate of 99.93%, a recall rate of 99.27%, an F1-Score of 99.60%, and an AUC-ROC score of 99.24%.

ISBN

[9798331597139]

Publisher

IEEE

First Page

132

Last Page

138

Disciplines

Computer Sciences

Keywords

Anomaly Detection, Cloud Security, Cybersecurity, Log Analysis, Machine Learning, User Behavior Analysis

Scopus ID

105016521435

Indexed in Scopus

yes

Open Access

no

Link to Full Text

Share

COinS