Volume 1 - Issue 4, November - December 2025

Cloud control-plane APIs manage critical cloud resources and therefore represent a high-impact attack surface when misused through stolen credentials or policy abuse. Traditional intrusion detection systems are largely ineffective against such attacks because they rely on network signatures or isolated events rather than behavioral context. This paper presents a design-level analytical study of a hybrid detection framework for control-plane API attacks using log-based analytics. The proposed approach combines rule-based SIEM detection with a BiGRU-CNN model to conceptually capture both known misuse patterns and temporal anomalies from simulated AWS CloudTrail logs. The paper analytically examines expected detection behavior and design trade-offs, while practical implementation and empirical validation are deferred to future work