Saved in:
Bibliographic Details
Main Authors: Okonkwo, Nnamdi Philip, Dhirani, Lubna Luxmi
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2512.14935
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866908717658669056
author Okonkwo, Nnamdi Philip
Dhirani, Lubna Luxmi
author_facet Okonkwo, Nnamdi Philip
Dhirani, Lubna Luxmi
contents Cloud Security Operations Center (SOC) enable cloud governance, risk and compliance by providing insights visibility and control. Cloud SOC triages high-volume, heterogeneous telemetry from elastic, short-lived resources while staying within tight budgets. In this research, we implement an AI-Augmented Security Operations Center (AISOC) on AWS that combines cloud-native instrumentation with ML-based detection. The architecture uses three Amazon EC2 instances: Attacker, Defender, and Monitoring. We simulate a reverse-shell intrusion with Metasploit, and Filebeat forwards Defender logs to an Elasticsearch and Kibana stack for analysis. We train two classifiers, a malware detector built on a public dataset and a log-anomaly detector trained on synthetically augmented logs that include adversarial variants. We calibrate and fuse the scores to produce multi-modal threat intelligence and triage activity into NORMAL, SUSPICIOUS, and HIGH\_CONFIDENCE\_ATTACK. On held-out tests the fusion achieves strong macro-F1 (up to 1.00) under controlled conditions, though performance will vary in noisier and more diverse environments. These results indicate that simple, calibrated fusion can enhance cloud SOC capabilities in constrained, cost-sensitive setups.
format Preprint
id arxiv_https___arxiv_org_abs_2512_14935
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Cloud Security Leveraging AI: A Fusion-Based AISOC for Malware and Log Behaviour Detection
Okonkwo, Nnamdi Philip
Dhirani, Lubna Luxmi
Cryptography and Security
Machine Learning
Cloud Security Operations Center (SOC) enable cloud governance, risk and compliance by providing insights visibility and control. Cloud SOC triages high-volume, heterogeneous telemetry from elastic, short-lived resources while staying within tight budgets. In this research, we implement an AI-Augmented Security Operations Center (AISOC) on AWS that combines cloud-native instrumentation with ML-based detection. The architecture uses three Amazon EC2 instances: Attacker, Defender, and Monitoring. We simulate a reverse-shell intrusion with Metasploit, and Filebeat forwards Defender logs to an Elasticsearch and Kibana stack for analysis. We train two classifiers, a malware detector built on a public dataset and a log-anomaly detector trained on synthetically augmented logs that include adversarial variants. We calibrate and fuse the scores to produce multi-modal threat intelligence and triage activity into NORMAL, SUSPICIOUS, and HIGH\_CONFIDENCE\_ATTACK. On held-out tests the fusion achieves strong macro-F1 (up to 1.00) under controlled conditions, though performance will vary in noisier and more diverse environments. These results indicate that simple, calibrated fusion can enhance cloud SOC capabilities in constrained, cost-sensitive setups.
title Cloud Security Leveraging AI: A Fusion-Based AISOC for Malware and Log Behaviour Detection
topic Cryptography and Security
Machine Learning
url https://arxiv.org/abs/2512.14935