AI-BASED ANOMALY DETECTION IN CLOUD DATABASES FOR INSIDER THREATS

With cloud computing evolving, insider threats are now a major concern for organizations that depend on cloud-based databases. Insider cyber threats arise from people within the organization who have normal access, so they can be difficult to uncover by following predetermined rules or signature patterns. This research studies how artificial intelligence (AI) tools can be used to recognize insider threats in the context of cloud databases. It relies on the Large Anomaly Vulnerability Dataset (2024) which contains in-depth information on various anomalies, activities of users, types of threats and risk scores identified in the cloud. The data went through significant preprocessing such as managing missing values, normalizing the data and adding features to find factors related to access frequency, sudden logins and attempts to gain higher privileges. Various supervised machine learning methods such as Random Forest, XGBoost and Logistic Regression were tested to identify insider threats based on unusual behavior. Models were evaluated using important metrics such as accuracy, precision, recall, F1-score and ROC-AUC. According to studies, AI helps reveal unusual user interactions that are not easily picked up by traditional means. The Random Forest model achieved the highest accuracy and recall rate, so it is useful for identifying possible insider threats. Specifically, the analysis points out higher vulnerability levels and log-in attempts not during business hours as strong signs of suspicious activity. This study supports the progress of intelligent cloud security systems since it provides an effective and data-based approach to managing insider threats. It reveals that AI helps secure the cloud by dealing with risks quickly and protecting networks ahead of any problems.