Journal of Security in Computer Networks and Distributed Systems

Cloud Misconfiguration Threat Detection and Analysis Using Docker, Prowler, ScoutSuite, and YARA

2026-05-06T09:28:21+00:00

Given the presence of cloud computing platforms such as Amazon Web Services (AWS), the interaction of developing and progressive threats, as well as misconfigurations, has become a new standard. That is why realistic and auto-piloted detection and mitigation frameworks are required. In this paper, the author will address and recommend a hybrid multi-model cloud security and threat detection framework using the three most downloaded open-source cloud security tools: Prowler, ScoutSuite and YARA. These will be synchronized and combined with Docker containers, therefore, creating a powerful and scalable cloud security and threat-detecting platform. Windows and Windows Subsystem for Linux (WSL) will be used to implement the offered solution. The proposed solution will address the issues that are present in the field of cloud security and threat detection by offering a possible and scalable framework. The proposed framework will utilize the fact that Prowler will automate compliance auditing using more than 300 controls of the CIS Benchmark and AWS well-architected frameworks. The proposed framework will be created with reference to the functionality of the framework, which probes 15+ services of the AWS attack surface using ScoutSuite. The detection of malware and IoCs will be carried out at the file level and at the log level using YARA.

Detecting Denial of Service Attacks on Simulated IoT Devices Using Python-based Packet Rate Monitoring

2026-05-12T08:37:23+00:00

Internet of Things (IoT) security is one that typically remains unnoticed until something occurs. This project examines the inadequate security in small interconnected devices, specifically in connection to one type of attack, constant request flooding to a device target until the device ceases to respond. The objective was to choose to find out whether the attack under consideration can be found with the help of the simplest set of tools, including a Python script and a network analysis tool. To do it, three elements were created, i.e. (1) a simulated server which simulates an IoT device, (2) a program simulating the attack itself, and (3) a monitor tool that analyses traffic and informs about suspicious activity. The mechanism of notification employed a very simple criterion: the number of packages received within a period of five seconds, and then an alert and a record of the log are issued in case the number received is more than a hundred. An experiment was carried out on Kali Linux OS, and Wireshark was also used in parallel to observe network traffic. Before the commencement of the experiment, traffic was negligible and relatively small, with few packages being dispatched at a time. As the flood started, the number of packages was already over two hundred, thus initiating the process of notification. Every activity was recorded, and timestamps were used, which was also evidence even in cases where there were no individuals to observe the process in action at the time. It appears that the experiment was a success, and all effects can be seen in the terminal output and also in the Wireshark data. The main lesson of this study is the thought that one can apply an easy, zero-dependency detection approach that operates in real-time. It appears that the idea that machine learning and other sophisticated solutions to secure the IoT networks no longer applies.

A Multi-stage Feature Selection and Stacked Ensemble Learning for Efficient Real-time SNMP-based Network Intrusion Detection

2026-05-02T09:34:33+00:00

The significant increase in the number and types of malicious activities in operational network environments in the recent past is due to the growth in the use of high-speed networks and the rise in the usage of the Internet. Intrusion detection system has, therefore, been one of the critical measures used in safeguarding networking resources and infrastructure. Many of the existing IDSs are challenged with low accuracy and high computational costs. This is mainly due to the type of network traffic data used, most of which are cumbersome, resource-intensive and contain redundant and irrelevant features. Also, single-stage feature selection often fails to handle feature irrelevance and redundancy. To address these issues, this study proposes a multi-stage hybrid feature selection process on the SNMP-MIB data for real-time network intrusion detection. The multi-stage feature selection process involves the application of Mutual Information and the Recursive Filtering Elimination. The combined output of both serves as input for the Spearman Correlation Filtering to obtain an optimal feature set. This was tested on a stack ensemble learning using Random Forest, Support Vector Machine and Gradient Boosting algorithms as base learners with Logistic Regression as the meta-learner. The results showed that the Spearman-filtered feature set outperformed all other methods across all metrics and classes and the ensemble tested with the optimised feature set had the highest accuracy at 98.90% and a Macro-average F1-score of 97.31%, outperforming the best base learner by over 3.4%. It also showed that each classifier benefitted from the multi-stage hybrid feature selection techniques.