Leveraging AI for Real-Time Threat Intelligence and Incident Response in Multi-Cloud Environments

Leveraging AI for Real-Time Threat Intelligence and Incident Response in Multi-Cloud Environments

연구 분야: Safety

학회: 2025 International Conference on Networks and Cryptology (NETCRYPT)

In the rapidly evolving multi-cloud environment, organizations are finding it more difficult to safeguard their infrastructures against increasingly sophisticated cyber threats. Traditional, human-driven threat intelligence and incident response processes are often inadequate for the scale and complexity of multi-cloud environments. This research demonstrates how Artificial Intelligence (AI) can aggregate security data from multiple sources—ranging from cloud-native services to third-party threat feeds—and quickly detect anomalies, including zero-day vulnerabilities. Particularly, machine learning approaches of supervised and unsupervised learning offer flexibility compared to fixed signatures, while Convolutional Neural Networks (CNNs) show improved performance, with accuracy, precision, recall, and F1 measures of more than 95%-outperforming Random Forest, Decision Tree, Isolation Forest, and One-Class SVM. Interoperability, standardization, data availability, as well as ethical concerns, however, have to be addressed to realize complete capability of AI in this field. To that end, this paper recommends a comprehensive framework encompassing continuous model training, federated learning for privacy-protective data sharing, and a hybrid combination of automated defense and human monitoring.