CLOUD INFRASTRUCTURE MISCONFIGURATION SCANNER

Abstract

Infrastructure-as-Code (IaC) has revolutionized
cloud resource management by enabling faster deployment
and improved consistency. However, this advancement has
also introduced significant security risks, particularly cloud
infrastructure misconfigurations, which are a major cause
of data breaches. Existing rule-based static analysis tools
often struggle to handle the complexity of modern cloud
environments, resulting in high false-positive rates and
limited contextual understanding.This paper proposes a
novel two-stage framework that leverages Large Language
Models (LLMs) to address these challenges. In the first stage,
a code embedding and classification model is utilized to
accurately detect misconfigurations in Terraform code,
significantly reducing false positives compared to
traditional approaches. In the second stage, a fine-tuned
generative LLM is employed to automatically generate
secure and syntactically correct remediation code. The
proposed system is evaluated using a custom dataset
containing both vulnerable and corrected IaC snippets.
Experimental results demonstrate that the detection model
outperforms existing tools such as tfsec and Checkov in
terms of accuracy and reliability. Additionally, the
remediation model successfully produces high-quality fixes,
contributing to automated and efficient security
management. Overall, this research highlights the potential
of LLM-based solutions to move beyond simple vulnerability
detection and enable intelligent, context-aware, and
automated security mechanisms, paving the way for selfhealing
cloud infrastructures in modern computing
environments.