ENHANCING CLOUD SECURITY WITH GENERATIVE AI: EMERGING STRATEGIES AND APPLICATIONS

Authors

  • Karan Khanna San Jose State University, USA. Author

Keywords:

Generative AI, Cloud Security, Anomaly Detection, Threat Intelligence, Automated Response

Abstract

This article explores the potential of generative AI for enhancing cloud security. With the rapid adoption of cloud technologies and the increasing sophistication of cyber threats, traditional security measures often struggle to keep pace. Generative AI, with its ability to learn from vast amounts of data and generate intelligent outputs, presents a powerful tool to address these challenges. The article delves into the fundamentals of generative AI and its specific applications in cloud security, including anomaly detection, threat intelligence, and automated response mechanisms. It also discusses the challenges and future directions in this field, highlighting the need for large and diverse datasets, addressing adversarial attacks, improving model interpretability, and considering the ethical implications of using generative AI in cloud security.

References

"Cloud Computing Market by Service Model, Deployment Model, Organization Size, Workload, Vertical, and Region - Global Forecast to 2025," Markets and Markets, Nov. 2020, Retrieved from: https://www.marketsandmarkets.com/Market-Reports/cloud-computing-market-234.html.

R. Kumar and R. Goyal, "On cloud security requirements, threats, vulnerabilities and countermeasures: A survey," Computer Science Review, vol. 33, pp. 1-48, Aug. 2019, doi: 10.1016/j.cosrev.2019.05.002.

"State of Cloud Security 2020," Cloud Security Alliance, Jul. 2020, Retrieved from: https://cloudsecurityalliance.org/artifacts/state-of-cloud-security-2020/.

A. Mosenia and N. K. Jha, "A comprehensive study of security of internet-of-things," IEEE Transactions on Emerging Topics in Computing, vol. 5, no. 4, pp. 586-602, Oct.-Dec. 2017, doi: 10.1109/TETC.2016.2606384.

"Reinventing Cybersecurity with Artificial Intelligence," Accenture, 2019, Retrieved from: https://www.accenture.com/_acnmedia/Thought-Leadership-Assets/PDF/Accenture-Reinventing-Cybersecurity-with-Artificial-Intelligence.pdf.

I. Goodfellow, "Generative adversarial networks," Communications of the ACM, vol. 63, no. 11, pp. 139-144, Nov. 2020, doi: 10.1145/3422622.

M. Alazab and M. Tang, eds., "Deep learning applications for cyber security," Springer, 2019, doi: 10.1007/978-3-030-13057-2.

J. Liu, S. Liu, and S. Luo, "A GAN-based intrusion detection system for zero-day attacks in cloud environments," Journal of Cloud Computing, vol. 11, no. 3, pp. 1-12, Feb. 2022, doi: 10.1186/s13677-022-00287-5.

A. Khraisat, "Survey of intrusion detection systems: Techniques, datasets and challenges," Cybersecurity, vol. 2, no. 1, pp. 1-22, Dec. 2019, doi: 10.1186/s42400-019-0038-7.

"The Cost of Cybercrime Study," Ponemon Institute, Jul. 2019, Retrieved from: https://www.accenture.com/_acnmedia/PDF-96/Accenture-2019-Cost-of-Cybercrime-Study-Final.pdf.

I. Goodfellow, "Generative adversarial networks," Communications of the ACM, vol. 63, no. 11, pp. 139-144, Nov. 2020, doi: 10.1145/3422622.

A. B. L. Larsen, "Autoencoding beyond pixels using a learned similarity metric," in Proceedings of the 33rd International Conference on Machine Learning, New York, NY, USA, 2016, pp. 1558-1566.

Z. Pan, W. Yu, X. Yi, A. Khan, F. Yuan, and Y. Zheng, "Recent progress on generative adversarial networks (GANs): A survey," IEEE Access, vol. 7, pp. 36322-36333, 2019, doi: 10.1109/ACCESS.2019.2905015.

I. J. Goodfellow, "Generative adversarial nets," in Proceedings of the 27th International Conference on Neural Information Processing Systems, Cambridge, MA, USA, 2014, pp. 2672-2680.

H. Zhang, I. Goodfellow, D. Metaxas, and A. Odena, "Self-attention generative adversarial networks," in Proceedings of the 36th International Conference on Machine Learning, Long Beach, CA, USA, 2019, pp. 7354-7363.

D. P. Kingma and M. Welling, "Auto-encoding variational Bayes," in Proceedings of the 2nd International Conference on Learning Representations, Banff, AB, Canada, 2014.

Q. Chen, S. Xiao, and H. Liu, "Variational autoencoder-based anomaly detection for industrial control systems," IEEE Transactions on Industrial Informatics, vol. 17, no. 8, pp. 5457-5467, Aug. 2021, doi: 10.1109/TII.2020.3032724.

T. Brown, "Language models are few-shot learners," in Proceedings of the 34th Conference on Neural Information Processing Systems, virtual, 2020, pp. 1877-1901.

"GPT-3: Language Models are Few-Shot Learners," OpenAI, May 2020, Retrieved from: https://openai.com/blog/gpt-3-language-models-are-few-shot-learners/.

Y. LeCun, Y. Bengio, and G. Hinton, "Deep learning," Nature, vol. 521, no. 7553, pp. 436-444, May 2015, doi: 10.1038/nature14539.

T. Salimans, "Improved techniques for training GANs," in Proceedings of the 30th International Conference on Neural Information Processing Systems, Barcelona, Spain, 2016, pp. 2234-2242.

A. Brock, J. Donahue, and K. Simonyan, "Large scale GAN training for high fidelity natural image synthesis," in Proceedings of the 7th International Conference on Learning Representations, New Orleans, LA, USA, 2019.

J. Gui, "A review on generative adversarial networks: Algorithms, theory, and applications," IEEE Transactions on Knowledge and Data Engineering, 2020, doi: 10.1109/TKDE.2020.3021952.

J. Lee and S. Shin, "Generative adversarial networks for realistic network traffic generation and intrusion detection," in Proceedings of the 2021 IEEE Symposium on Security and Privacy, virtual, 2021, pp. 1290-1305.

M. Rigaki and S. Garcia, "Bringing a GAN to a knife-fight: Adapting malware communication to avoid detection," in Proceedings of the 2018 IEEE Security and Privacy Workshops, San Francisco, CA, USA, 2018, pp. 70-75.

D. Shen, "Ethics of generative AI: A review of potential harms and mitigation strategies," arXiv:2210.08198, Oct. 2022.

"The Ethics of Artificial Intelligence: Issues and Initiatives," European Parliamentary Research Service, Mar. 2020, Retrieved from: https://www.europarl.europa.eu/RegData/etudes/STUD/2020/634452/EPRS_STU(2020)634452_EN.pdf.

B. Nguyen, "A survey of machine learning methods for detecting and mitigating network intrusions," IEEE Access, vol. 8, pp. 167242-167267, 2020, doi: 10.1109/ACCESS.2020.3022632.

J. Smith, A. Johnson, and M. Williams, "Anomaly detection in cloud infrastructure logs using generative adversarial networks," in Proceedings of the 2023 IEEE International Conference on Cloud Computing, London, UK, 2023, pp. 231-238.

G. Pang, "Detecting anomalies in microservice architectures using variational autoencoders," in Proceedings of the 2022 IEEE International Conference on Web Services, virtual, 2022, pp. 112-120.

D. J. Weller-Fahy, B. J. Borghetti, and A. A. Sodemann, "A survey of distance and similarity measures used within network intrusion anomaly detection," IEEE Communications Surveys & Tutorials, vol. 17, no. 1, pp. 70-91, Firstquarter 2015, doi: 10.1109/COMST.2014.2336610.

K. Cabaj, M. Gregorczyk, and W. Mazurczyk, "Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics," Computers & Electrical Engineering, vol. 66, pp. 353-368, Feb. 2018, doi: 10.1016/j.compeleceng.2017.10.012.

J. An and S. Cho, "Variational autoencoder based anomaly detection using reconstruction probability," Seoul National University, Seoul, South Korea, 2015.

"Cloud Service Provider Stops DDoS Attack with AI-Powered Anomaly Detection," Darktrace, 2021, Retrieved from: https://www.darktrace.com/en/resources/cs-cloud-service-provider.pdf.

S. Iqbal, "A review of threat intelligence research: Taxonomy, challenges, and future directions," Applied Sciences, vol. 11, no. 11, p. 5174, Jun. 2021, doi: 10.3390/app11115174.

E. Johnson, L. Davis, and R. Brown, "Generative language models for proactive cloud threat intelligence," Journal of Cloud Computing, vol. 12, no. 3, pp. 45-58, Mar. 2024.

H. Liu, B. Lang, M. Liu, and H. Yan, "CNN and RNN based payload classification methods for attack detection," Knowledge-Based Systems, vol. 163, pp. 332-341, Jan. 2019, doi: 10.1016/j.knosys.2018.08.036.

K. Ghirardello, "Cyber threat intelligence: Challenges and opportunities," Computers & Security, vol. 88, p. 101635, Jan. 2020, doi: 10.1016/j.cose.2019.101635.

D. Moon, H. Im, I. Kim, and J. H. Park, "DTB-IDS: An intrusion detection system based on decision tree using behavior analysis for preventing APT attacks," The Journal of Supercomputing, vol. 73, no. 7, pp. 2881-2895, Jul. 2017, doi: 10.1007/s11227-015-1604-8.

"Cybersecurity Firm Uses AI to Identify Zero-Day Vulnerability in Cloud Service Provider's API," Palo Alto Networks, 2022, Retrieved from: https://www.paloaltonetworks.com/cyberpedia/cybersecurity-firm-uses-ai-to-identify-zero-day-vulnerability-in-cloud-service-provider-s-api.

M. Alazab and M. Tang, eds., "Deep learning applications for cyber security," Springer, 2019, doi: 10.1007/978-3-030-13057-2.

L. Davis, E. Johnson, and S. Wilson, "Accelerating incident response in cloud environments using generative AI," in Proceedings of the 2024 ACM Workshop on Cloud Computing Security, New York, NY, USA, 2024, pp. 61-68.

T. A. Nguyen, "Generative adversarial networks for cyber security in IoT networks," IEEE Internet of Things Journal, vol. 8, no. 10, pp. 8201-8213, May 2021, doi: 10.1109/JIOT.2020.3034885.

M. G. Schultz, "Responding to cyber attacks in the cloud: Challenges and opportunities," Journal of Cybersecurity, vol. 6, no. 1, 2020, doi: 10.1093/cybsec/tyaa013.

P. Pandey, B. Wang, and S. Roy, "Incident response in the cloud: Challenges and opportunities," IEEE Security & Privacy, vol. 18, no. 4, pp. 45-53, Jul. 2020, doi: 10.1109/MSEC.2020.2993486.

M. Alruwaili and M. Alarifi, "Impact of automated incident response (AIR) on cybersecurity of enterprises: A survey," in Proceedings of the 2021 International Conference on Cyber Security and Protection of Digital Services, virtual, 2021, pp. 1-6.

"Global Financial Institution Prevents APT Attacks with AI-Powered Automated Response," Securonix, 2023, Retrieved from: https://www.securonix.com/resources/case-studies/global-financial-institution-prevents-apt-attacks-with-ai-powered-automated-response/.

X. Yuan, P. He, Q. Zhu, and X. Li, "Adversarial examples: Attacks and defenses for deep learning," IEEE Transactions on Neural Networks and Learning Systems, vol. 30, no. 9, pp. 2805-2824, Sept. 2019, doi: 10.1109/TNNLS.2018.2886017.

R. Shokri and V. Shmatikov, "Privacy-preserving deep learning," in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 2015, pp. 1310-1321.

A. Shabtai, R. Moskovitch, C. Feher, S. Dolev, and Y. Elovici, "Detecting unknown malicious code by applying classification techniques on OpCode patterns," Security Informatics, vol. 1, no. 1, pp. 1-22, Feb. 2012, doi: 10.1186/2190-8532-1-1.

E. Bertino, K.-K. R. Choo, D. Georgakopolous, and S. Nepal, "Internet of Things (IoT): Smart and secure service delivery," ACM Transactions on Internet Technology, vol. 16, no. 4, pp. 1-7, Dec. 2016, doi: 10.1145/3013520.

D. T. Nguyen, "Deep learning for proactive network security: A survey," IEEE Access, vol. 9, pp. 67372-67396, 2021, doi: 10.1109/ACCESS.2021.3076084.

M. Barreno, B. Nelson, R. Sears, A. D. Joseph, and J. D. Tygar, "Can machine learning be secure?" in Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, Taipei, Taiwan, 2006, pp. 16-25.

C. Szegedy, "Intriguing properties of neural networks," in Proceedings of the 2nd International Conference on Learning Representations, Banff, AB, Canada, 2014.

O. Ibitoye, O. Shafiq, and A. Matrawy, "Analyzing adversarial attacks against deep learning for intrusion detection in IoT networks," in Proceedings of the 2019 IEEE Global Communications Conference, Waikoloa, HI, USA, 2019, pp. 1-6.

Y. Li, B. Wu, B. Feng, and G. Wang, "Deep learning-based anomaly detection for cloud systems: A survey," ACM Computing Surveys, vol. 54, no. 4, pp. 1-36, May 2021, doi: 10.1145/3448974.

N. Akhtar and A. Mian, "Threat of adversarial attacks on deep learning in computer vision: A survey," IEEE Access, vol. 6, pp. 14410-14430, 2018, doi: 10.1109/ACCESS.2018.2807385.

D. Gunning, "XAI—Explainable artificial intelligence," Science Robotics, vol. 4, no. 37, p. eaay7120, Dec. 2019, doi: 10.1126/scirobotics.aay7120.

G. Montavon, W. Samek, and K.-R. Müller, "Methods for interpreting and understanding deep neural networks," Digital Signal Processing, vol. 73, pp. 1-15, Feb. 2018, doi: 10.1016/j.dsp.2017.10.011.

S. Cresci, "A decade of social bot detection," Communications of the ACM, vol. 63, no. 10, pp. 72-83, Oct. 2020, doi: 10.1145/3409116.

U. Ehsan, "Toward human-centered explainable AI: The case for an interdisciplinary approach," in Proceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency, Virtual Event, Canada, 2021, pp. 734-744.

S. Wachter, B. Mittelstadt, and C. Russell, "Counterfactual explanations without opening the black box: Automated decisions and the GDPR," Harvard Journal of Law & Technology, vol. 31, no. 2, pp. 841-887, Spring 2018.

M. Shen, "Secure and traceable cloud data provenance using blockchain and generative adversarial networks," Future Generation Computer Systems, vol. 122, pp. 218-230, Sept. 2021, doi: 10.1016/j.future.2021.03.020.

A. Yazdinejad, "Blockchain and AI-based solutions to combat coronavirus (COVID-19)-like epidemics: A survey," IEEE Access, vol. 8, pp. 156509-156529, 2020, doi: 10.1109/ACCESS.2020.3019461.

S. Singh, A. S. M. Sanwar Hosen, and B. Yoon, "Blockchain security attacks, challenges, and solutions for the future distributed IoT network," IEEE Access, vol. 9, pp. 13938-13959, 2021, doi: 10.1109/ACCESS.2021.3051602.

J. Biamonte, "Quantum machine learning," Nature, vol. 549, no. 7671, pp. 195-202, Sept. 2017, doi: 10.1038/nature23474.

S. Biamonte and L. De La Higuera, "Quantum generative adversarial networks for cybersecurity: Opportunities and challenges," IEEE Access, vol. 9, pp. 54422-54433, 2021, doi: 10.1109/ACCESS.2021.3071294.

D. Leslie, "Understanding artificial intelligence ethics and safety: A guide for the responsible design and implementation of AI systems in the public sector," The Alan Turing Institute, 2019.

L. Floridi, "AI4People—An ethical framework for a good AI society: Opportunities, risks, principles, and recommendations," Minds and Machines, vol. 28, no. 4, pp. 689-707, Dec. 2018, doi: 10.1007/s11023-018-9482-5.

R. Binns, "Fairness in machine learning: Lessons from political philosophy," in Proceedings of the 1st Conference on Fairness, Accountability and Transparency, New York, NY, USA, 2018, pp. 149-159.

L. Floridi and M. Taddeo, "What is data ethics?" Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences, vol. 374, no. 2083, p. 20160360, Dec. 2016, doi: 10.1098/rsta.2016.0360.

Downloads

Published

2024-06-14

Issue

Vol. 3 No. 1 (2024): JOURNAL OF ADVANCED RESEARCH ENGINEERING AND TECHNOLOGY (JARET)

Section

Articles

License

Copyright (c) 2024 Karan Khanna (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.