ABSTRACT Enterprises can use cloud computing, in terms of scaling services, without having to purchase a large physical infrastructure owing to elastic storage and computing. The network security threats are higher the more the resources are interconnected. Mass heterogeneous data streams of cloud platforms are generated by firewalls, host logs, IDS, and application monitoring technologies. Separated feeds complicate the operation of coordinated detection and response of assault. Event correlation Crossover The existing network security solutions lack event correlation across contexts. This contributes to false alarms, less visibility of the threats and inability to respond to novel attack vectors. The cloud infrastructure here is multi‐tenant and large and most of such systems lack scalability. The Cloud Security Fusion and Intelligent Analysis Framework (CSFIAF) solves these types of problems. The framework includes multi‐source data fusion where different logs and alerts are combined into a single threat perspective, machine learning (ML) based anomaly detection where anomalies can be identified and unknown patterns of attacks can be identified, and adaptive reasoning. CSFIAF framework presents more data sources by means of adaptive fusion mechanism and intelligent analysis to address the weaknesses of traditional single‐source or fixed‐rule frameworks of cloud security monitoring. It suggests dynamical weighting of feature, hierarchical correlation of event and PCA‐noise reduction to identify complex and multi‐vector attacks more efficiently. Compared to other historical multi‐source fusion plans, CSFIAF contains more situational awareness because it is able to match network traffic with system logs and user behavior in real time and thus detecting more accurately but false positives are reduced.
Liu et al. (Thu,) studied this question.