Anomaly Detection in IaC Scripts to Prevent Cloud Misconfigurations Using Unsupervised Learning

Abstract

Poorly configured Infrastructure as Code (IaC) is still a major problem in cloud security, particularly because conventional rule-based tools may frequently fail to see hidden, sophisticated, or even entirely novel risks. We present four unsupervised machine-learningalgorithms in this work, which are meant to identify suspicious or unsafe patterns in Terraform configuration files, specifically AWS S3 security. The system identifies and processes each Terraform file by extracting 22 features related to security, and these features are used by four different anomaly-detection models, including Isolation Forest, One-Class SVM, Autoencoder, and Local Outlier Factor. Their results are then pooled together to form an ensemble and ensure the conclusion becomes more accurate. Our findings reveal that, besides performing well, particularly with the autoencoder and the ensemble, this method is also more efficient in detecting problems than the traditional tools of the trade in the field of static analysis. The framework gives clear and explainable feedback to enable the developers to know the reason why something was flagged. On the whole, the research demonstrates that the concept of unsupervised learning can provide a viable and scalable means of identifying IaC misconfigurations prior to their manifestation in actual security issues in the real world.