Intrusion Detection System (IDS) on Amazon Web Services (AWS) Using Machine Learning

Intrusion Detection Systems (IDS) are critical for maintaining security in cloud computing environments, where dynamic infrastructure and multi-tenancy present unique challenges. This research implements and evaluates a machine learning-based IDS specifically designed for Amazon Web Services (AWS) environments using the CSE-CIC-IDS2018 dataset. Three machine learning algorithms—Isolation Forest, One-Class Support Vector Machine (SVM), and Autoencoder neural networks—were systematically compared based on standard performance metrics including accuracy, precision, recall, F1-score, and Equal Error Rate (EER). The Autoencoder model demonstrated superior performance with 96.8% accuracy and 3.3% EER, significantly outperforming traditional methods. Furthermore, we propose a comprehensive AWS-native deployment architecture that integrates the trained models with cloud services including Amazon SageMaker, Lambda, CloudTrail, and Security Hub, creating a scalable, serverless IDS solution capable of real-time threat detection and automated response. This study contributes to the field of cloud security by providing both empirical validation of machine learning approaches for anomaly detection and practical implementation guidelines for AWS environments.