Enhancing Security in Serverless Cloud Computing Using AI-Based Intrusion and Anomaly Detection: A Comprehensive Review

Abstract

Serverless computing has become popular for cloud computing mainly because it makes scaling easier, costs less, and calls for less managing of infrastructures. These days though there are a lot of security issues with serverless that limit its broader adoption. And usually, traditional security methods don\'t really work well with serverless architectures, given their dynamic and distributed nature. Because of this, the need for intelligent systems, which can not only detect but also identify sophisticated cyber threats hidden through intrusion and anomaly detection, is rising. AI and ML are the latest technologies holding potential for improving security at serverless cloud environments Mostly in threat detection and behavioral analysis. This study analyzes 40 research articles from 2020 to 2026, among them are serverless security, intrusion detection systems based on cloud, anomaly detection techniques, machine learning and deep learning methods, Explainable Artificial Intelligence (XAI), federated learning, adversarial machine learning, cloud-native security setups, and self-supervised learning. As the literature that has been examined, behavioral pattern analysis in cloud telemetry, execution logs, and network traffic allows AI-driven techniques to effectively detect attacks. Besides, advanced AI-based methods such as deep learning, self-supervised learning, federated learning, and explainable AI do drastically enhance detection accuracy scalability adaptability, and trustworthiness in serverless cloud systems. The review has also pointed out some research problems that have not been solved so far, including the shortage of labeled datasets, the requirement for large-scale real-time monitoring, the ability to be fooled by adversarial attacks, concerns about model interpretability, and privacy issues. At the end of the paper, research gaps are identified as well as future theoretical development directions for secure, intelligent, and resilient serverless cloud computing environments.

Introduction

Cloud computing provides on-demand access to computing resources over the internet, offering flexibility, scalability, and cost efficiency. Its three primary service models are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). These services have enabled digital transformation across sectors such as healthcare, finance, education, and e-commerce. However, the rapid growth of cloud computing has increased concerns regarding data security, resource management, and cyber threats.

Serverless computing is an advanced cloud model where cloud providers manage infrastructure, scaling, and maintenance, allowing developers to focus solely on application logic. Platforms such as AWS Lambda, Azure Functions, and Google Cloud Functions support event-driven applications, microservices, and cloud-native systems. While serverless computing improves scalability and reduces operational costs, it introduces unique security challenges due to its dynamic, distributed, and short-lived execution environment.

Major security threats in serverless environments include unauthorized access, privilege escalation, vulnerable third-party libraries, data leaks, function hijacking, misconfigurations, resource abuse, and denial-of-wallet attacks. Traditional security mechanisms and signature-based Intrusion Detection Systems (IDS) often fail to detect sophisticated and previously unknown attacks in these environments.

To address these challenges, Artificial Intelligence (AI), Machine Learning (ML), and Deep Learning (DL) are increasingly used for intrusion and anomaly detection. These technologies can analyze large volumes of cloud data, identify abnormal behavior, improve detection accuracy, reduce false alarms, and adapt to evolving cyber threats. Emerging approaches include self-supervised learning, federated learning, explainable AI (XAI), cloud-native security architectures, and AI-driven anomaly detection systems.

The paper's main objectives are to review modern AI-based security techniques for serverless computing, analyze existing intrusion and anomaly detection methods, identify security gaps, and explore the integration of cloud-native security tools, observability frameworks, federated learning, and explainable AI. It also examines future trends such as Zero Trust Architecture, intelligent security services, and scalable AI-powered security solutions.

The background section explains serverless computing fundamentals, highlighting benefits such as automatic scaling, pay-per-use pricing, and efficient resource utilization, while noting challenges like limited visibility, vendor lock-in, dependency management, and security vulnerabilities. It also discusses Intrusion Detection Systems (IDS), including signature-based, anomaly-based, and hybrid approaches, as well as Host-Based IDS (HIDS) and Network-Based IDS (NIDS) used in cloud environments.

Conclusion

In this review article, a detailed examination of forty research works related to serverless cloud security, intrusion detection systems, anomaly detection methods, artificial intelligence, machine learning, federated learning, explainable AI, and cloud-native security systems was performed. The gathered literature was divided into five main topics: serverless security issues, cloud-based intrusion detection systems, AI and machine learning-based anomaly detection, anomaly detection in serverless environments, and security models for serverless and cloud-native architectures. This division helps to understand, in a more organized way, how modern security solutions are developed in response to the increasing complexity of cloud-native and serverless computing environments. Some articles dealt with potential security risks of serverless computing, raising issues such as unauthorized access, data leakage, denial-of-service attacks, and function-level breaches while also outlining possible countermeasures. The authors Ahmadi [1] and Marin et al. [7], Li et al. [20], Janumpally [21], and Escaleira et al. [27] argued that it is necessary to create security structures to be exact, tailored to serverless environments. The implementation of intrusion detection systems using machine learning and deep learning models in cloud infrastructures has been explored by Mahendar and Shivakanth [2], Othman et al. [3], Al-Ghuwairi et al. [5], Xu et al. [10], Alhusseini et al. [11], and Al-Husseini [13] indicate that these methods could be highly beneficial in detecting various forms of cyber-attacks in cloud systems. Besides, the study of abnormality detection techniques by Darban et al. [12], Islam et al. [17], Zhong et al. [23], Paparrizos et al. [29], Borges et al. [37], and Dkmak et al. [38] also unravel the strong potential of AI-enabled methods to discover irregularities and failures in cloud infrastructures at a large scale. In the security domain of serverless computing, several security architecture proposals have emerged. Jegan et al. [19] suggested SecLambda to ensure security for serverless applications, whereas Li et al. [18] came up with the FaaSMT system, which is capable of lightweight intrusion detection. Also, Yan et al. [26] created the Intelligent Security Service System (ISSF), Shin et al. [36] introduced the Bambda runtime verification setup, and Li et al. [40] came up with the SAFE self-supervised anomaly detection system. Innovative technologies such as Explainable Artificial Intelligence, as covered by Mendes and Rios [30] and Rjoub et al., are discussed. [31], Federated Learning as developed by Khraisat et al. [32] and Agrawal et al. [33], and Zero Trust architectures as advocated by Arora and Hastings [39] confirm the increasing importance of smart and flexible security mechanisms in cloud environments. But, behind great progress, the literature also reveals several problems to which solutions have not yet been found. For instance, most of the present intrusion detection systems are characterized by a high false-positive rate, lack of explainability, unavailability of serverless-specific datasets, privacy issues, and susceptibility to adversarial attacks. Also, the bulk of the offered solutions continues to concentrate on conventional cloud infrastructures, leaving the peculiarities of serverless computing--such as its transient and stateless nature--inadequately covered. Taking into account all of what I just said, the research that is to be done in the future should center on the creation of lightweight serverless-specific intrusion detection systems, real-time anomaly detection systems, security models based on explainable AI, privacy-preserving learning methods, adversarially robust architectures, and fully integrated cloud-native security systems. Artificial intelligence coupled with cloud observability, federated learning, and Zero Trust security principles represents a good opportunity for enhancing the security, scalability, and reliability of next-generation serverless cloud applications.

References

[1] S. Ahmadi, “Challenges and Solutions in Network Security for Serverless Computing,” International Journal of Current Science Research and Review, vol. 7, no. 1, pp. 218–229, Jan. 2024, doi: 10.47191/IJCSRR/V7-i1-23. [2] K. Mahendar and G. Shivakanth, “A Survey of Intrusion Detection Systems Based on Machine Learning for Cloud Security,” International Journal of Electrical and Electronics Engineering, vol. 12, no. 5, pp. 226–242, 2025, doi: 10.14445/23488379/IJEEE-V12I5P119. [3] S. M. Othman, A. Y. Al-Mutawkkil, and A. M. Alnashi, “Survey of Intrusion Detection Techniques in Cloud Computing,” Sana\'a University Journal of Applied Sciences and Technology, vol. 2, no. 4, pp. 363–374, 2024, doi: 10.59628/jast.v2i4.970. [4] D. Michael, “Cloud-based Intrusion Detection Systems: Challenges and Best Practices,” Jul. 2025. [Online]. Available: https://www.researchgate.net/publication/393801749_Cloud-based_Intrusion_Detection_Systems_Challenges_and_Best_Practices [5] A.-R. Al-Ghuwairi, Y. Sharrab, D. Al-Fraihat, M. AlElaimat, A. Alsarhan, and A. Algarni, “Intrusion Detection in Cloud Computing Based on Time Series Anomalies Utilizing Machine Learning,” Journal of Cloud Computing, vol. 12, no. 1, article 127, Aug. 2023, doi: 10.1186/s13677-023-00491-x. [6] C. Nguyen, E. Elmroth, and M. Bhuyan, “Silent Failures in Stateless Systems: Rethinking Anomaly Detection for Serverless Computing,” in Proc. IEEE Int. Conf. Service-Oriented System Engineering (SOSE), Tucson, AZ, USA, 2025, pp. 8–19, doi: 10.1109/SOSE67019.2025.00006. [7] E. Marin, D. Perino, and R. Di Pietro, “Serverless Computing: A Security Perspective,” arXiv preprint arXiv:2107.03832, 2022, doi: 10.48550/arXiv.2107.03832. [8] M. Dorsett, S. Mann, J. Chowdhury, and A. Mahmood, “A Comprehensive Review of Denial of Wallet Attacks in Serverless Architectures,” arXiv preprint arXiv:2508.19284, 2025, doi: 10.48550/arXiv.2508.19284. [9] D. Lavi, O. Brodt, D. Mimran, Y. Elovici, and A. Shabtai, “Detection of Compromised Functions in a Serverless Cloud Environment,” arXiv preprint arXiv:2408.02641, 2024, doi: 10.48550/arXiv.2408.02641. [10] Z. Xu, Y. Wu, S. Wang, J. Gao, T. Qiu, Z. Wang, H. Wan, and X. Zhao, “Deep Learning-based Intrusion Detection Systems: A Survey,” ACM Computing Surveys, vol. 58, no. 1, article 1, pp. 1–38, Oct. 2025. [11] M. M. Alhusseini, A. Rouhi, and M.-R. Feizi-Derakhshi, “AI-Powered Hybrid Intrusion Detection Framework for Cloud Security Using Novel Metaheuristic Optimization,” arXiv preprint arXiv:2601.01134, 2026, doi: 10.48550/arXiv.2601.01134. [12] Z. Z. Darban, G. I. Webb, S. Pan, C. C. Aggarwal, and M. Salehi, “Deep Learning for Time Series Anomaly Detection: A Survey,” ACM Computing Surveys, vol. 57, no. 11, article 338, pp. 1–42, 2024, doi: 10.1145/3691338. [13] M. M. Al-Husseini, “A Hybrid Intrusion Detection System with a New Approach to Protect the Cybersecurity of Cloud Computing,” arXiv preprint arXiv:2506.19934, 2025, doi: 10.48550/arXiv.2506.19934. [14] L. P. Siqueira, C. L. Batista, P. H. Lui, J. F. Kazienko, S. E. Quincozes, V. E. Quincozes, D. Welfer, and S. Nomura, “A Comprehensive Survey on Intrusion Detection Systems for Healthcare 5.0: Concepts, Challenges, and Practical Applications,” Sensors, vol. 25, no. 20, article 6261, 2025, doi: 10.3390/s25206261. [15] A. Babaei, P. M. Kebria, M. M. Dalvand, and S. Nahavandi, “A Review of Machine Learning-based Security in Cloud Computing,” arXiv preprint arXiv:2309.04911, 2023, doi: 10.48550/arXiv.2309.04911. [16] J. Whitman, A. El-Karim, P. Nandakumar, F. Ortega, and L. Zheng, “Machine Learning for Anomaly Detection in Serverless Cloud Computing,” Oct. 2024. [Online]. Available: https://www.researchgate.net/publication/391498025_Machine_Learning_for_Anomaly_Detection_in_Serverless_Cloud_Computing [17] M. S. Islam, M. S. Rakha, W. Pourmajidi, J. Sivaloganathan, J. Steinbacher, and A. Miranskyy, “Anomaly Detection in Large-Scale Cloud Systems: An Industry Case and Dataset,” in Proc. 2025 IEEE/ACM 47th Int. Conf. Software Engineering: Software Engineering in Practice (ICSE-SEIP), Ottawa, ON, Canada, 2025, doi: 10.1109/ICSE-SEIP66354.2025.00039. [18] C. Li, L. Huang, D. He, Y. Wen, G. Liu, and L. Duan, “FaaSMT: Lightweight Serverless Framework for Intrusion Detection Using Merkle Tree and Task Inlining,” arXiv preprint arXiv:2503.06532, 2025, doi: 10.48550/arXiv.2503.06532. [19] D. S. Jegan, L. Wang, S. Bhagat, T. Ristenpart, and M. Swift, “Guarding Serverless Applications with SecLambda,” arXiv preprint arXiv:2011.05322, 2020, doi: 10.48550/arXiv.2011.05322. [20] X. Li, X. Leng, and Y. Chen, “Securing Serverless Computing: Challenges, Solutions, and Opportunities,” arXiv preprint arXiv:2105.12581, 2021, doi: 10.48550/arXiv.2105.12581. [21] [B. K. R. Janumpally, “A Review on Data Security and Privacy in Serverless Computing: Key Strategies, Emerging Challenges,” International Journal of Innovative Science and Research Technology, vol. 10, no. 3, pp. 118–126, Mar. 2025, doi: 10.38124/ijisrt/25mar023. [22] S. Lata and D. Singh, “Intrusion Detection System in Cloud Environment: Literature Survey & Future Research Directions,” International Journal of Information Management Data Insights, vol. 2, no. 2, article 100134, Nov. 2022, doi: 10.1016/j.jjimei.2022.100134. [23] Z. Zhong, Q. Fan, J. Zhang, M. Ma, S. Zhang, Y. Sun, Q. Lin, Y. Zhang, and D. Pei, “A Survey of Time Series Anomaly Detection Methods in the AIOps Domain,” arXiv preprint arXiv:2308.00393, 2023, doi: 10.48550/arXiv.2308.00393. [24] S. Kumar, “Overcoming Security Obstacles in Serverless Function-as-a-Service (FaaS) for Healthcare Insurance,” International Journal of Computer Trends and Technology, vol. 72, no. 10, pp. 86–93, Oct. 2024, doi: 10.14445/22312803/IJCTT-V72I10P114. [25] K. Ni, S. K. Mondal, H. M. D. Kabir, T. Tan, and H.-N. Dai, “Toward Security Quantification of Serverless Computing,” Journal of Cloud Computing, vol. 13, no. 1, article 140, pp. 1–27, 2024, doi: 10.1186/s13677-024-00703-y. [26] Y. Yan, K. Huang, and M. Siegel, “ISSF: The Intelligent Security Service Framework for Cloud-Native Operation,” arXiv preprint arXiv:2403.01507, 2024, doi: 10.48550/arXiv.2403.01507. [27] P. Escaleira, V. A. Cunha, J. P. Barraca, D. Gomes, and R. L. Aguiar, “A Systematic Review on Security Mechanisms for Serverless Computing,” Cluster Computing, vol. 28, art. no. 465, 2025, doi: 10.1007/s10586-025-05371-4. [28] C. Pathade, V. Dhimam, S. Ahmad, and I. Lareb, “Serverless AI Security: Attack Surface Analysis and Runtime Protection Mechanisms for FaaS-Based Machine Learning,” arXiv preprint arXiv:2601.11664, 2026, doi: 10.48550/arXiv.2601.11664. [29] J. Paparrizos, P. Boniol, Q. Liu, and T. Palpanas, “Advances in Time-Series Anomaly Detection: Algorithms, Benchmarks, and Evaluation Measures,” in Proc. 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD \'25), Toronto, ON, Canada, Aug. 2025, pp. 6151–6161, doi: 10.1145/3711896.3736565. [30] C. F. D\'Almeida e Mendes and T. N. Rios, “Explainable Artificial Intelligence and Cybersecurity: A Systematic Literature Review,” arXiv preprint arXiv:2303.01259, 2023, doi: 10.48550/arXiv.2303.01259. [31] G. Rjoub, J. Bentahar, O. Abdel Wahab, R. Mizouni, A. Song, R. Cohen, H. Otrok, A. Mourad, and D. R. Cheriton, “A Survey on Explainable Artificial Intelligence for Cybersecurity,” arXiv preprint arXiv:2303.12942, 2023, doi: 10.48550/arXiv.2303.12942. [32] A. Khraisat, A. Alazab, S. Singh, T. Jan, and A. J. Gomez, “Survey on Federated Learning for Intrusion Detection System: Concept, Architectures, Aggregation Strategies, Challenges, and Future Directions,” ACM Computing Surveys, vol. 57, no. 1, article 7, pp. 1–38, Oct. 2024, doi: 10.1145/3687124. [33] S. Agrawal, S. Sarkar, O. Aouedi, G. Yenduri, K. Piamrat, S. Bhattacharya, P. K. R. Maddikunta, and T. R. Gadekallu, “Federated Learning for Intrusion Detection System: Concepts, Challenges and Future Directions,” arXiv preprint arXiv:2106.09527, 2021, doi: 10.48550/arXiv.2106.09527. [34] E. Alhajjar, P. Maxwell, and N. D. Bastian, “Adversarial Machine Learning in Network Intrusion Detection Systems,” arXiv preprint arXiv:2004.11898, 2020, doi: 10.48550/arXiv.2004.11898. [35] S. Ennaji, F. De Gaspari, D. Hitaj, A. K. Bidi, and L. V. Mancini, “Adversarial Challenges in Network Intrusion Detection Systems: Research Insights and Future Prospects,” arXiv preprint arXiv:2409.18736, 2024, doi: 10.48550/arXiv.2409.18736. [36] C. Shin, B. Kim, and S. Lee, “Bambda: A Real-Time Verification Framework for Serverless Computing,” IEEE Access, vol. 13, pp. 1–1, 2025, doi: 10.1109/ACCESS.2025.3572729. [37] M. C. Borges, J. Bauer, and S. Werner, “OXN -- Automated Observability Assessments for Cloud-Native Applications,” in Proc. 21st IEEE International Conference on Software Architecture (ICSA), Poster Track, 2024, doi: 10.1109/ICSA-C63560.2024.00035. [38] G. Dkmak, B. Can, O. Sevinc, C. B. Egeli, F. Baday, and B. Cetintav, “AI-Driven Anomaly Detection in Cloud-Native Microservices: The Night’s Watch Algorithm,” Applied Sciences, vol. 15, no. 23, article 12762, 2025, doi: 10.3390/app152312762. [39] S. Arora and J. Hastings, “Microsegmented Cloud Network Architecture Using Open-Source Tools for a Zero Trust Foundation,” in Proc. IEEE International Conference on Security of Information and Networks (SIN), 2024, doi: 10.1109/SIN63213.2024.10871361. [40] E. Li, Z. Shang, O. Gungor, and T. Rosing, “SAFE: Self-Supervised Anomaly Detection Framework for Intrusion Detection,” arXiv preprint arXiv:2502.07119, 2025, doi: 10.48550/arXiv.2502.07119.

Copyright

Copyright © 2026 Mr. Aditya Bhogale, Dr. Suhas Rautmare. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.