AI-Enhanced Intrusion Detection Systems for Cloud-Native Applications

Abstract

Cloud-native applications—built with microservices, containers, and orchestration platforms—have revolutionized modern computing but also introduced novel security challenges. Traditional intrusion detection systems (IDS) often fall short in dynamic, distributed cloud environments where attack surfaces continuously shift. Artificial Intelligence (AI) and Machine Learning (ML) offer powerful adaptive capabilities to detect complex and evolving threats in such systems.

Pre-2021 research reveals that ML and AI techniques—ranging from classical models (Random Forests, Support Vector Machines, Artificial Neural Networks) to deep learning architectures (CNNs, LSTMs, Autoencoders)— substantially improve detection accuracy, lower false positives, and adapt to changing workloads in cloud-native contexts. Techniques such as multi-stage optimized frameworks reduce computational complexity while maintaining over 99% detection accuracy on modern datasets like CICIDS2017 and UNSW-NB15 . Taxonomy surveys of shallow and deep learning IDS demonstrate how feature selection and model complexity impact performance and scalability.

Hybrid models integrating ML with Software Defined Networking (SDN) enable centralized packet analysis and real-time network policy adjustments, delivering improved flexibility and visibility . In cloud environments, deep learning (e.g., CNNs) combined with preprocessing steps like SMOTE oversampling and feature selection produce robust intrusion detection pipelines.

This survey synthesizes pre-2021 findings to outline AI-driven IDS strategies tailored for cloud-native systems. It highlights methodologies, design workflows, trade-offs, and practical challenges, providing a foundation for developing resilient, accurate, and scalable intrusion detection solutions in dynamic cloud-native infrastructures.