Cloud Security Leveraging AI: A Fusion-Based AISOC for Malware and Log Behaviour Detection

• URL: http://arxiv.org/abs/2512.14935v1
• Date: Tue, 16 Dec 2025 21:56:11 GMT
• Title: Cloud Security Leveraging AI: A Fusion-Based AISOC for Malware and Log Behaviour Detection
• Authors: Nnamdi Philip Okonkwo, Lubna Luxmi Dhirani,
• Abstract summary: Cloud Security Operations Center (SOC) enable cloud governance, risk and compliance by providing insights visibility and control.<n>We implement an AI-Augmented Security Operations Center (AISOC) on AWS that combines cloud-native instrumentation with ML-based detection.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Cloud Security Operations Center (SOC) enable cloud governance, risk and compliance by providing insights visibility and control. Cloud SOC triages high-volume, heterogeneous telemetry from elastic, short-lived resources while staying within tight budgets. In this research, we implement an AI-Augmented Security Operations Center (AISOC) on AWS that combines cloud-native instrumentation with ML-based detection. The architecture uses three Amazon EC2 instances: Attacker, Defender, and Monitoring. We simulate a reverse-shell intrusion with Metasploit, and Filebeat forwards Defender logs to an Elasticsearch and Kibana stack for analysis. We train two classifiers, a malware detector built on a public dataset and a log-anomaly detector trained on synthetically augmented logs that include adversarial variants. We calibrate and fuse the scores to produce multi-modal threat intelligence and triage activity into NORMAL, SUSPICIOUS, and HIGH\_CONFIDENCE\_ATTACK. On held-out tests the fusion achieves strong macro-F1 (up to 1.00) under controlled conditions, though performance will vary in noisier and more diverse environments. These results indicate that simple, calibrated fusion can enhance cloud SOC capabilities in constrained, cost-sensitive setups.

Related papers

• Cloud-OpsBench: A Reproducible Benchmark for Agentic Root Cause Analysis in Cloud Systems [51.2882705779387]
  Cloud-OpsBench is a large-scale benchmark that employs a State Snapshot Paradigm to construct a deterministic digital twin of the cloud.<n>It features 452 distinct fault cases across 40 root cause types spanning the full stack.
  arXiv  Detail & Related papers  (2026-02-28T05:04:42Z)
• Serverless AI Security: Attack Surface Analysis and Runtime Protection Mechanisms for FaaS-Based Machine Learning [0.0]
  This paper presents the first comprehensive security analysis of machine learning workloads in serverless environments.<n>We characterize the attack surface across five categories: function-level vulnerabilities, model-specific threats, infrastructure attacks, supply chain risks, and IAM complexity.<n>We propose Serverless AI Shield (SAS), a multi-layered defense framework providing pre-deployment validation, runtime monitoring, and post-execution forensics.
  arXiv  Detail & Related papers  (2026-01-15T23:32:37Z)
• A Practical Honeypot-Based Threat Intelligence Framework for Cyber Defence in the Cloud [0.3714118205123091]
  We introduce an automated defense framework that dynamically update firewall rules in real time.<n>The framework integrates deception sensors (Cowrie), Azure-native automation tools (Monitor, Sentinel, Logic Apps), and MITRE ATT&CK-aligned detection.
  arXiv  Detail & Related papers  (2025-12-04T23:39:25Z)
• Cloud Investigation Automation Framework (CIAF): An AI-Driven Approach to Cloud Forensics [0.0]
  We introduce the Cloud Investigation Automation Framework (CIAF), a framework that systematically investigates cloud forensic logs.<n>CIAF standardizes user inputs through semantic validation, eliminating ambiguity and ensuring consistency in log interpretation.<n>Results show significant improvement in ransomware detection, achieving precision, recall, and F1 scores of 93 percent.
  arXiv  Detail & Related papers  (2025-10-01T03:05:47Z)
• Reducing False Positives with Active Behavioral Analysis for Cloud Security [2.4631419586608225]
  Rule-based cloud security posture management (CSPM) solutions are known to produce a lot of false positives.<n>This paper introduces a validation-driven methodology that integrates active behavioral testing in cloud security posture management solution(s) to evaluate the exploitability of policy violations in real time.
  arXiv  Detail & Related papers  (2025-08-18T02:39:02Z)
• LLM Meets the Sky: Heuristic Multi-Agent Reinforcement Learning for Secure Heterogeneous UAV Networks [57.27815890269697]
  This work focuses on maximizing the secrecy rate in heterogeneous UAV networks (HetUAVNs) under energy constraints.<n>We introduce a Large Language Model (LLM)-guided multi-agent learning approach.<n>Results show that our method outperforms existing baselines in secrecy and energy efficiency.
  arXiv  Detail & Related papers  (2025-07-23T04:22:57Z)
• DRIFT: Dynamic Rule-Based Defense with Injection Isolation for Securing LLM Agents [52.92354372596197]
  Large Language Models (LLMs) are increasingly central to agentic systems due to their strong reasoning and planning capabilities.<n>This interaction also introduces the risk of prompt injection attacks, where malicious inputs from external sources can mislead the agent's behavior.<n>We propose a Dynamic Rule-based Isolation Framework for Trustworthy agentic systems, which enforces both control and data-level constraints.
  arXiv  Detail & Related papers  (2025-06-13T05:01:09Z)
• CANTXSec: A Deterministic Intrusion Detection and Prevention System for CAN Bus Monitoring ECU Activations [53.036288487863786]
  We propose CANTXSec, the first deterministic Intrusion Detection and Prevention system based on physical ECU activations.<n>It detects and prevents classical attacks in the CAN bus, while detecting advanced attacks that have been less investigated in the literature.<n>We prove the effectiveness of our solution on a physical testbed, where we achieve 100% detection accuracy in both classes of attacks while preventing 100% of FIAs.
  arXiv  Detail & Related papers  (2025-05-14T13:37:07Z)
• Let the Noise Speak: Harnessing Noise for a Unified Defense Against Adversarial and Backdoor Attacks [31.291700348439175]
  Malicious data manipulation attacks against machine learning jeopardize its reliability in safety-critical applications.<n>We propose NoiSec, a reconstruction-based intrusion detection system.<n>NoiSec disentangles the noise from the test input, extracts the underlying features from the noise, and leverages them to recognize systematic malicious manipulation.
  arXiv  Detail & Related papers  (2024-06-18T21:44:51Z)
• Efficient Adversarial Training in LLMs with Continuous Attacks [99.5882845458567]
  Large language models (LLMs) are vulnerable to adversarial attacks that can bypass their safety guardrails. We propose a fast adversarial training algorithm (C-AdvUL) composed of two losses. C-AdvIPO is an adversarial variant of IPO that does not require utility data for adversarially robust alignment.
  arXiv  Detail & Related papers  (2024-05-24T14:20:09Z)
• Alioth: A Machine Learning Based Interference-Aware Performance Monitor for Multi-Tenancy Applications in Public Cloud [15.942285615596566]
  Multi-tenancy in public clouds may lead to co-location interference on shared resources, which possibly results in performance degradation. We propose a novel machine learning framework, Alioth, to monitor the performance degradation of cloud applications. Alioth achieves an average mean absolute error of 5.29% offline and 10.8% when testing on applications unseen in the training stage.
  arXiv  Detail & Related papers  (2023-07-18T03:34:33Z)
• FCOS: A simple and strong anchor-free object detector [111.87691210818194]
  We propose a fully convolutional one-stage object detector (FCOS) to solve object detection in a per-pixel prediction fashion. Almost all state-of-the-art object detectors such as RetinaNet, SSD, YOLOv3, and Faster R-CNN rely on pre-defined anchor boxes. In contrast, our proposed detector FCOS is anchor box free, as well as proposal free.
  arXiv  Detail & Related papers  (2020-06-14T01:03:39Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.