AI-Driven Security Graphs for Real-Time Breach Containment in Hybrid Cloud Environments
DOI:
https://doi.org/10.63282/3050-9416.IJAIBDCMS-V3I4P113Keywords:
Cybersecurity, Artificial Intelligence, Graph Neural Networks, Lateral Movement Detection, Breach Containment, Hybrid Cloud Security, Adversarial Machine Learning, Concept Drift, Zero Trust ArchitectureAbstract
Modern cyberattacks increasingly leverage lateral movement to compromise critical assets. We propose an AI-driven security graph framework for real-time detection and automated containment of threats in hybrid cloud environments. The system constructs a dynamic graph representing workloads, users, and assets, performs behavior-based anomaly detection using Graph Neural Networks, prioritizes high-risk attack paths, and enforces automated micro-segmentation. We evaluate the framework using large-scale simulations with 10,000 workloads and 50 adversarial attack scenarios, demonstrating 84% reduction in detection latency (2.9 min vs 18.4 min), 73% reduction in blast radius, and 91% lateral movement prevention rate compared to signature- based systems. Our approach achieves AUC of 0.95 with 7% false positive rate. Formal probabilistic analysis provides containment guarantees, and computational complexity analysis demonstrates linear scalability to 100,000+ nodes. The system maintains 89% detection rate against adversarial attacks including mimicry, low-and-slow, and graph poisoning. Online learning with concept drift detection reduces false positives from 21% to 7% over six months.
References
[1] M. Roesch, "Snort - Lightweight Intrusion Detection for Networks," in Proc. USENIX LISA, 1999.
[2] V. Julisch, "Suricata IDS/IPS Engine," Open Information Security Foundation, 2020.
[3] K. Scarfone and P. Mell, "Guide to Intrusion Detection and Prevention Systems," NIST Special Publication 800-94, 2007.
[4] S. Axelsson, "The Base-Rate Fallacy and Its Implications for Intrusion Detection," in Proc. ACM CCS, 2000.
[5] M. Vinayakumar et al., "Deep Learning Approach for Intelligent Intrusion Detection System," IEEE Access, vol. 7, pp. 41525-41550, 2019.
[6] J. Ullrich et al., "Graph-Based Intrusion Detection Using Network Flow Data," IEEE Trans. Dependable and Secure Computing, vol. 19, no. 4, pp. 2456-2471, 2022.
[7] D. King et al., "UNICORN: Unified Provenance for Cloud- Native Forensics," in Proc. USENIX Security Symposium, 2021.
[8] Ghafir et al., "Detection of Advanced Persistent Threat Using Machine Learning," in Proc. ACM SIGMETRICS, 2018.
[9] Robbins et al., "BloodHound: Six Degrees of Domain Admin," presented at DEF CON 24, Las Vegas, NV, 2016.
[10] S. Rose et al., "Zero Trust Architecture," NIST Special Publication 800-207, 2020.
[11] R. Ward and B. Beyer, "BeyondCorp: A New Approach to Enterprise Security," USENIX ;login, vol. 39, no. 6, 2014.
[12] W. Wang et al., "Malware Traffic Classification Using Convolutional Neural Networks," in Proc. ACM CCS, 2017.
[13] Y. Kim et al., "RNN-based Intrusion Detection System," in Proc. NDSS, 2016.
[14] M. Sakurada and T. Yairi, "Anomaly Detection Using Autoencoders with Nonlinear Dimensionality Reduction," in Proc. ACM SIGKDD Workshop, 2014.
[15] H. Alauthaman et al., "Graph Neural Networks for Malware Detection and Classification," in Proc. IEEE Symp. Security and Privacy, 2020.
[16] C. Manzoor et al., "Graph Neural Networks for Botnet Detection in IoT Networks," in Proc. ACSAC, 2021.
[17] F. Callegati et al., "Automated Security Policy Generation Using Machine Learning," in Proc. IEEE INFOCOM, 2019.
[18] W. Hamilton, Z. Ying, and J. Leskovec, "Inductive Representation Learning on Large Graphs," in Proc. NeurIPS, 2017.
[19] Y. Dong et al., "Heterogeneous Graph Neural Network," in Proc. ACM SIGKDD, 2020.
