Intelligent Threat Detection In Cloud-Native Web Applications: A Systematic Literature Review

Cloud-native architectures have significantly expanded the attack surface of web applications, rendering traditional signature-based defenses insufficient against evolving threats such as SQL injection (SQLi), cross-site scripting (XSS), and broken access control. This paper presents a Systematic Literature Review (SLR) following the Kitchenham protocol and PRISMA 2020 guidelines. From 261 records retrieved across IEEE Xplore, ACM Digital Library, and Scopus, 76 studies were included after multi-phase screening. Results confirm the dominance of deep learning and hybrid approaches for injection detection (61/76 studies), a scarcity of UEBA-oriented solutions for access control, and four systematic gaps: dataset standardization, generalization, methodological comparability, and absence of integrated multi-capability architectures. The primary contribution of this paper is the evidence synthesis itself. The identified gaps and design requirements are directed toward AthenAI—a proposed multi-layer intelligent detection architecture for cloud-native environments whose detailed specification, prototype implementation, and empirical evaluation constitute the next stage of this research programme.