Article

Web Attack Detection Using Machine Learning on AWS CloudWatch Network Traffic Logs 

---

Abstract

The increasing frequency and sophistication of web-based cyberattacks have made securing cloud infrastructures such as Amazon Web Services (AWS) a critical challenge. Traditional signature-based intrusion detection systems often fail to recognize novel or evolving attack patterns, necessitating the adoption of intelligent and adaptive detection approaches. This study proposes a machine learning-based framework for detecting web attacks using AWS CloudWatch network traffic logs. Two supervised learning algorithms—Random Forest and XGBoost were developed to classify traffic as either normal or malicious based on network flow attributes, including bytes transferred, protocol type, and source IP country. The experimental results revealed that the Random Forest model achieved an accuracy of 67%, while the XGBoost model achieved 65%, both demonstrating strong recall values for attack detection but limited precision for normal traffic due to dataset imbalance. Feature importance analysis identified src_ip_country_code, bytes_out, and bytes_in as the most influential indicators of attack behavior, highlighting the role of traffic origin and data transfer volume in detecting anomalous activities. These findings confirm the effectiveness of integrating AWS CloudWatch monitoring data with machine learning algorithms for proactive intrusion detection in cloud-based environments. Future work will focus on improving classification performance through deep learning architectures and real-time adaptive models to enable scalable and autonomous cloud security systems.

Keywords: Machine Learning, Web Attack Detection, AWS Cloudwatch, Network Traffic, Cloud Security

How to Cite:

Sumiati, A., (2026) “Web Attack Detection Using Machine Learning on AWS CloudWatch Network Traffic Logs ”, Journal of Cyber Law 2(1). doi: https://doi.org//JCL.152