Abstract—The existing cloud security technologies have serious problems covering the management of the altered cyber threats, so the necessity to raise the Internet Protocol Reputation (IPR) validation and more efficient threat detection tools. There are traditional IPR validation techniques that prospectively consider the defining concept of fixed blocklists and rule-based detection techniques, which generate an astronomic number of False Positives (FP) and fail to differentiate between legitimate and malicious traffic. The proposed paper will introduce a hybrid Machine-Learning (ML) system on inference of the IPR in the Amazon Web Services (AWS) cloud infrastructure, which will contribute to the improvement of the automated defence and threat intelligence. The proposed framework implies using both of the following types of logs such as GuardDuty logs, as well as Security Operations Centre (SOC) and Web Application Firewall (WAF) security logs, to be able to identify threats in real-time. A Hybrid ML advanced model with Random Forest (RF), Support Vector Machine (SVM), Logistic Regression (LR), K-Nearest Neighbor (KNN) and eXtreme Gradient Boosting (XGBoost) are used to determine the intensity of IP threats and automatically created blocking policies in AWS WAF. Its architecture is capable of adaptive IP-list management and live threat learning (blocking). The experimental validation of weighted F1−Scores of benign traffic classification and attacker detection is 0.97 and 0.98, respectively, with the highest accuracy of 98.04 of RF Model. The Synthetic Minority Over-Sampling Technique (SMOTE) methodology would only be used on training data, with realistic imbalanced distributions in test data being retained to ensure realistic evaluation of performance.

 

Cite: Nanayakkara Wawage Chanaka Lasantha, Madduma Wellalage Pasan Maduranga, and Ruvan Abeysekara, “Dynamic Threat Prevention in Cloud Firewalls Using Hybrid Machine Learning for IP Reputation Intelligence," Journal of Communications, vol. 21, no. 3, pp. 372-388, 2026.

Copyright © 2026 by the authors. This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).