Description:BACKGROUND
Field of Invention
[001] Embodiments of the present invention generally relate to a cloud security system and particularly to a system for identification and mitigation of cloud security threats.
Description of Related Art
[002] Cloud computing transformed enterprise IT infrastructure by allowing flexible, on-demand access to computing resources over the internet. It enabled organizations to scale their operations, reduce capital expenditure, and decentralize data access. However, this architectural shift introduced complex security risks, such as unauthorized access, data breaches, malware intrusions, and denial-of-service attacks, which affect the integrity, confidentiality, and availability of data and services.
[003] Traditional cloud security mechanisms operate on static rule-based systems, predefined access control lists, and manual monitoring protocols. These methods offer limited adaptability against rapidly evolving threats and novel attack vectors. Security systems often fail to detect real-time anomalies or advanced persistent threats due to their reliance on known attack signatures or fixed behavioral patterns. This gap leads to delayed threat detection and insufficient response strategies, which expose critical infrastructure to substantial damage.
[004] The emergence of artificial intelligence (AI) in cybersecurity laid the groundwork for dynamic threat analysis. Solutions utilizing AI and its subsets, such as machine learning, deep learning, and reinforcement learning, began to process large datasets, identify anomalies, and initiate preventive actions. Despite this, most existing frameworks lack real-time adaptability, operate in isolated environments, or depend on static models that require frequent manual updates. These limitations prevent full automation and result in inconsistent protection across distributed and multi-cloud systems.
[005] There is thus a need for an improved and advanced system for identification and mitigation of cloud security threats that can administer the aforementioned limitations in a more efficient manner.
SUMMARY
[006] Embodiments in accordance with the present invention provide a system for identification and mitigation of cloud security threats. The system comprising a data ingestion engine configured to receive real-time data from external sources. The system further comprising a processing unit in communication with the data ingestion engine. The processing unit is configured to trigger a threat detection engine to detect the security threats and affected cloud resources corresponding to the received real-time data by performing adaptive threat response decision-making using machine learning models; activate an adversarial simulation engine to simulate attack scenarios by utilizing Generative Adversarial Networks (GANs) upon detection of the security threats by the threat detection engine; perform mitigation actions by activating an automated mitigation orchestrator based on the simulated attack scenarios. The automated mitigation actions are selected from an access revocation, a network segmentation, a patch deployment, a resource isolation, or a combination thereof; and restore disrupted services of the affected cloud resources upon competition of the mitigation actions by activating a self-healing engine to ensure an operational continuity in a cloud ecosystem.
[007] Embodiments in accordance with the present invention further provide a method for identification and mitigation of cloud security threats. The method comprising steps of receiving real-time data from external sources; triggering a threat detection engine to detect the security threats and affected cloud resources corresponding to the received real-time data by performing adaptive threat response decision-making using machine learning models; activating an adversarial simulation engine to simulate attack scenarios by utilizing Generative Adversarial Networks (GANs) upon detection of the security threats by the threat detection engine; performing mitigation actions by activating an automated mitigation orchestrator based on the simulated attack scenarios. The automated mitigation actions are selected from an access revocation, a network segmentation, a patch deployment, a resource isolation, or a combination thereof; and restoring disrupted services of the affected cloud resources, from the simulated attack scenarios by activating a self-healing engine to ensure an operational continuity in a cloud ecosystem.
[008] Embodiments of the present invention may provide a number of advantages depending on their particular configuration. First, embodiments of the present application may provide a system for identification and mitigation of cloud security threats.
[009] Next, embodiments of the present application may provide a system that initiates mitigation actions such as access revocation, network segmentation, and patch deployment without the need for manual intervention, thereby reducing response time and limiting damage.
[0010] Next, embodiments of the present application may provide a system that collects data on threat detection outcomes and mitigation effectiveness. This data feeds back into the AI models to retrain and fine-tune them, allowing the system to evolve with emerging threats and reduce false positives over time.
[0011] Next, embodiments of the present application may provide a system that simulates future attack scenarios, the system prepares itself against zero-day threats and advanced persistent threats. This proactive simulation boosts the robustness of the threat detection models.
[0012] Next, embodiments of the present application may provide a system that is designed for seamless integration with micro-services, serverless functions, and containerized cloud environments. Its lightweight, distributed framework ensures minimal performance overhead while maintaining strong security coverage across scalable cloud infrastructures.
[0013] Next, embodiments of the present application may provide a system that automatically triggers recovery procedures such as resource rollback, patch reapplication, and service restoration. This self-healing ability minimizes service disruption and ensures continuous operation of cloud-based applications.
[0014] These and other advantages will be apparent from the present application of the embodiments described herein.
[0015] The preceding is a simplified summary to provide an understanding of some embodiments of the present invention. This summary is neither an extensive nor exhaustive overview of the present invention and its various embodiments. The summary presents selected concepts of the embodiments of the present invention in a simplified form as an introduction to the more detailed description presented below. As will be appreciated, other embodiments of the present invention are possible utilizing, alone or in combination, one or more of the features set forth above or described in detail below.
BRIEF DESCRIPTION OF THE DRAWINGS
[0016] The above and still further features and advantages of embodiments of the present invention will become apparent upon consideration of the following detailed description of embodiments thereof, especially when taken in conjunction with the accompanying drawings, and wherein:
[0017] FIG. 1A illustrates a schematic block diagram of a system for identification and mitigation of cloud security threats, according to an embodiment of the present invention;
[0018] FIG. 1B illustrates a data flow diagram of a threat detection engine, according to an embodiment of the present invention;
[0019] FIG. 1C illustrates a data flow diagram of an automated mitigation orchestrator, according to an embodiment of the present invention;
[0020] FIG. 1D illustrates a data flow diagram of a feedback loop and continuous learning engine, according to an embodiment of the present invention; and
[0021] FIG. 2 depicts a flowchart of a method for identification and mitigation of cloud security threats, according to an embodiment of the present invention.
[0022] The headings used herein are for organizational purposes only and are not meant to be used to limit the scope of the description or the claims. As used throughout this application, the word "may" is used in a permissive sense (i.e., meaning having the potential to), rather than the mandatory sense (i.e., meaning must). Similarly, the words “include”, “including”, and “includes” mean including but not limited to. To facilitate understanding, like reference numerals have been used, where possible, to designate like elements common to the figures. Optional portions of the figures may be illustrated using dashed or dotted lines, unless the context of usage indicates otherwise.
DETAILED DESCRIPTION
[0023] The following description includes the preferred best mode of one embodiment of the present invention. It will be clear from this description of the invention that the invention is not limited to these illustrated embodiments but that the invention also includes a variety of modifications and embodiments thereto. Therefore, the present description should be seen as illustrative and not limiting. While the invention is susceptible to various modifications and alternative constructions, it should be understood, that there is no intention to limit the invention to the specific form disclosed, but, on the contrary, the invention is to cover all modifications, alternative constructions, and equivalents falling within the scope of the invention as defined in the claims.
[0024] In any embodiment described herein, the open-ended terms "comprising", "comprises”, and the like (which are synonymous with "including", "having” and "characterized by") may be replaced by the respective partially closed phrases "consisting essentially of", “consists essentially of", and the like or the respective closed phrases "consisting of", "consists of”, the like.
[0025] As used herein, the singular forms “a”, “an”, and “the” designate both the singular and the plural, unless expressly stated to designate the singular only.
[0026] FIG. 1A illustrates a schematic block diagram of a system 100 for identification and mitigation of cloud security threats, according to an embodiment of the present invention. The system 100 may be adapted to inspect and monitor a cloud ecosystem for threats and cyber-attacks. The system 100 may further combat and mitigate the threats and cyber-attacks. The system 100 may provide near real-time threat event detection and mitigation, along with a self-managing capability to learn, adapt, and evolve security processes proactively and continuously. The system 100 may be adapted to enable proactive detection and mitigation of threats and cyber-attacks, such as, but not limited to, advanced persistent threats (APTs), Distributed Denial-of-Service (DDoS) attacks, zero-day vulnerabilities, unauthorized access attempts, and so forth. Embodiments of the present invention are intended to include or otherwise cover any type of the threats and cyber-attacks, including known, related art, and/or later developed technologies. The system 100 may be deployed in scalable and dynamic environments and hybrid cloud infrastructures that may further be a cloud-native security framework built for the power of microservices, serverless functions, containerized environments, and so forth.
[0027] According to the embodiments of the present invention, the system 100 may incorporate non-limiting hardware components to enhance the processing speed and efficiency such as the system 100 may comprise a data ingestion engine 102, a threat detection engine 106, an adversarial simulation engine 108, an automated mitigation orchestrator 110, a self-healing engine 112, and a feedback loop and continuous learning engine 114. In an embodiment of the present invention, the hardware components of the system 100 may be integrated with computer-executable instructions for overcoming the challenges and the limitations of the existing systems.
[0028] In an embodiment of the present invention, the data ingestion engine 102 may be configured to receive and normalize real-time data from external sources. The external sources may be, but not limited to, cloud logs, application logs, network traffic, access metadata, threat intelligence feeds, and so forth. Embodiments of the present invention are intended to include or otherwise cover any type of the external sources, including known, related art, and/or later developed technologies. In an embodiment of the present invention, the data ingestion engine 102 may be configured to normalize real-time data for disparate cloud resources allocation and subsequent analysis. The data ingestion engine 102 may be configured to enrich the normalized real-time data by addition of meta-information. The meta information may be, but not limited to, date, time, attack type, ecosystem, platforms, devices, and so forth. Embodiments of the present invention are intended to include or otherwise cover any type of the meta information, including known, related art, and/or later developed technologies.
[0029] In an embodiment of the present invention, the processing unit 104 may be adapted to be in communication with the data ingestion engine 102. The processing unit 104 may be configured to receive the real-time data from the data ingestion engine 102. The processing unit 104 may be configured to preprocess the received real-time data by execution of techniques such as, but not limited to, a data normalization, a data aggregation, a feature extraction, a feature selection, a data enrichment, and so forth.
[0030] The processing unit 104 may further be configured to execute computer-executable instructions to generate an output relating to the system 100. According to embodiments of the present invention, the processing unit 104 may be, but not limited to, a Programmable Logic Control (PLC) unit, a microprocessor, a development board, and so forth. Embodiments of the present invention are intended to include or otherwise cover any type of the processing unit 104 including known, related art, and/or later developed technologies.
[0031] In an embodiment of the present invention, the processing unit 104 may be configured to trigger the threat detection engine 106 to detect security threats and affected cloud resources corresponding to the received real-time data by performing adaptive threat response decision-making using machine learning models. In an embodiment of the present invention, the threat detection engine 106 may be adapted to incorporate supervised learning models 106a (as shown in FIG. 1B) for signature-based detection, unsupervised learning models 106b (as shown in the FIG. 1B) for anomaly detection, and reinforcement learning models 106c (as shown in FIG. 1B) for adaptive threat response decision-making. The supervised learning models 106a may include Support Vector Machines (SVM), Decision Trees, Random Forests, and Deep Neural Networks (DNNs) trained on historical attack data. The unsupervised learning models 106b may comprise K-Means clustering, DBSCAN, and Auto-encoders configured to detect behavioral deviations indicative of new or unknown threats. The reinforcement learning models 106c may dynamically adjust security policies in response to threat outcomes using a reward-based model. In an embodiment of the present invention, the threat detection engine 106 may further be explained in conjunction with the FIG. 1B.
[0032] In an embodiment of the present invention, the processing unit 104 may be configured to activate the adversarial simulation engine 108. The adversarial simulation engine 108 may be adapted to simulate attack scenarios by utilizing Generative Adversarial Networks (GANs) upon detection of the security threats by the threat detection engine 106. The adversarial simulation engine 108 may be adapted to utilize Generative Adversarial Networks (GANs) for generating synthetic attack scenarios to train the threat detection engine 106. The adversarial simulation engine 108 may continuously generate the synthetic attack scenarios including simulated zero-day attacks to train and evaluate the threat detection engine 106.
[0033] In an embodiment of the present invention, the processing unit 104 may be configured to perform mitigation actions by activating the automated mitigation orchestrator 110. The automated mitigation orchestrator 110 may be adapted to perform automated mitigation actions such as, but not limited to, access revocation, network segmentation, patch deployment, resource isolation, and so forth without human intervention. The automated mitigation orchestrator 110 may comprise a real-time alert system 110a (as shown in FIG. 1C). The automated mitigation orchestrator 110 may comprise a dynamic orchestration controller 110b (as shown in FIG. 1C) for resource isolation. The automated mitigation orchestrator 110 may comprise an automated rollback and patch deployment functionality. The automated mitigation orchestrator 110 may comprise a self-healing logic (not shown) configured to restore service uptime post-attack. In an embodiment of the present invention, the automated mitigation orchestrator 110 may further be explained in conjunction with the FIG. 1C.
[0034] In an embodiment of the present invention, the processing unit 104 may be configured to restore disrupted services of the affected cloud resources upon competition of the mitigation actions by activating the self-healing engine 112 to ensure an operational continuity in a cloud ecosystem.
[0035] In an embodiment of the present invention, the feedback loop and continuous learning engine 114 may be adapted to engage a retraining engine 114b (as shown in FIG. 1D) adapted to retrain the threat detection engine 106 based on the mitigation actions corresponding to the simulated attack scenarios. The feedback loop and continuous learning engine 114 may be adapted to retrain the threat detection engine 106 based on an outcome analysis engine 114a. The outcome analysis engine 114a may be adapted to monitor effectiveness, detect accuracy, point out false positives, optimize response time, and so forth.
[0036] The feedback loop and continuous learning engine 114 may be adapted to track performance indicators of the performed mitigation actions a false positive rate, a detection latency, a mitigation success metrics, and so forth to optimize the threat detection engine 106. In an embodiment of the present invention, the feedback loop and continuous learning engine 114 may be configured to integrate the system 100 with microservices, serverless functions, compliance monitoring tools, or a combination thereof while strengthening a security buffer. In an embodiment of the present invention, the feedback loop and continuous learning engine 114 may further be explained in conjunction with the FIG. 1D.
[0037] FIG. 1B illustrates a data flow diagram 116 of the threat detection engine 106, according to an embodiment of the present invention. In an embodiment of the present invention, the threat detection engine 106 may ingest the real-time data for predicting anomalies and triggering threat responses in actionable formats. The real-time data processed in this threat detection engine 106 may come from various sources, such as cloud logs, network traffic patterns, authentication attempts, external threat intelligence feeds, and so forth. Further, the threat detection engine 106 may extract desired features, normalize the streaming data formats, and discard noise to inject quality data into the adversarial simulation engine 108.
[0038] In an embodiment of the present invention, the threat detection engine 106 may be a hybrid threat detection, combining several artificial intelligence approaches. In an embodiment of the present invention, the supervised learning models 106a may use already trained machine learning models and may identify data patterns of known attacked signatures from past data logs. This guarantees correctly identifying documented threats like brute-force attacks, malware infections, denial-of-service patterns, and so forth.
[0039] Simultaneously, the unsupervised anomaly detection models may constantly track a behavior of the system 100, spotting anomalies that may represent a new class of attack or risk. By revealing behavior that may not fit typical operating characteristics, clustering algorithms, and autoencoders may expose abnormal patterns in previously unseen attack vectors. For further adaptivity, the unsupervised anomaly detection models may change detection threshold and mitigation approach dynamically using reinforcement learning based on previous very recent-related feedback/experiences through rewards/penalties.
[0040] Moreover, reinforcement learning agents may be trained to identify patterns in threat behaviors and subsequent actions that may best mitigate the risks. The reinforcement learning agents allows the system 100 to improve detection quality over time and minimize false positives or negatives.
[0041] In an embodiment of the present invention, the adversarial simulation engine 108 may be converted into a detection process to enhance detection. The adversarial simulation engine 108 may involve simulation of many types of cyberattacks through the Generative Adversarial Networks (GANs), resulting in stress testing of detection models. In an exemplary scenario, the specific Artificial Intelligence (AI) algorithms may not automatically create or recognize sophisticated attacks, providing the Artificial Intelligence (AI) algorithms with many synthetic attack scenarios is similar to exposing children to an increased variety of threat vectors/circumstances/forces that they have to cope with. This may allow the Artificial Intelligence (AI) algorithms to learn complex threats long before those threats materialize in a real world.
[0042] Above explained technique may improve the threat detection engine 106 to ensure a continuous functional state of the cloud ecosystem under new and/or silent attack methods. This may be achieved through an iterative and closed-loop mechanism, where the results from detection and actions taken for mitigation may be analyzed by the system 100, and the Artificial Intelligence (AI) algorithms may be retrained. The threat detection engine 106 may update based on the new anomalies detected over time, that may enable the threat detection engine 106 to evolve along with the threat patterns since the cloud is a highly dynamic environment. The threat detection engine 106 may be essential for proactive security, faster response times, and adaptive defenses to protect cloud-based deployments.
[0043] FIG. 1C illustrates a data flow diagram 118 of the automated mitigation orchestrator 110, according to an embodiment of the present invention. In an embodiment of the present invention, the automated mitigation orchestrator 110 may perform automated threat response and remediation instantaneously. As soon as possible, a security threat may be detected via the threat detection engine 106, and the automated mitigation orchestrator 110 may respond by containing and neutralizing the risk. The containment and neutralization may start with the real-time alert system 110a that may notify an administrator and a security team in real-time when the threats may be detected. The real-time alert system 110a may be adapted to transmit real-time alerts to administrators indicating an initiation, a conduction, and a closure of the mitigation actions. The administrator and the security team may be advised of essential incidents while the automatic response process begins with required counter steps. The automated mitigation orchestrator 110 may comprise the dynamic orchestration controller 110b for the resource isolation.
[0044] In an embodiment of the present invention, the automated mitigation orchestrator 110 may designed to point and shoot. The automated mitigation orchestrator 110 may take automation actions to mitigate, heal, or remediate from the threat without human manual input. The automated mitigation orchestrator 110 may dynamically integrate security policies; quarantine compromised resources, cloud environments, and so forth before the attack may spread laterally. Network segmentation may be enforced to limit unintended access, and access control rules may be modified to deny bad actors. The impacted containers, virtual machines, or applications may automatically be quarantined when malware or unauthorized intrusions occur. The self-healing capability, a significant aspect of the automated mitigation orchestrator 110 may ensure seamless recovery of cloud services following a security event. If the attack causes a resource to fail or remain temporarily unavailable, the automated mitigation orchestrator 110 may automatically trigger rollback procedures, patch deployment, and service restoration. Machining learning algorithms may evaluate the effectiveness of remediation actions and adapt responses in the future for higher efficiency. By constantly honing and developing counter-response strategies, the system 100 reduces time things that may be disrupted and returns the situation to normal in minimal time.
[0045] In an embodiment of the present invention, the automated mitigation orchestrator 110 may interact with external sources to run off countermeasures that may oppose upcoming threats. When a new form of attack may be recognized, security policies may automatically be revised to prevent infiltration in future. The feedback loop and continuous learning engine 114 may assess mitigation action effectiveness and input data into the threat detection engine 106. The need for consistent learning optimizes the accuracy of responses, lowers false positives, and improves the cloud security, and reliability. The automated mitigation orchestrator 110 may be a key to cloud security with automated decision-making, real-time remediation, and self-healing capabilities. The automated mitigation orchestrator 110 may mitigate data loss and system 100 may compromise by ensuring timely responses to security automation incidents.
[0046] FIG. 1D illustrates a data flow diagram 120 of the feedback loop and continuous learning engine 114, according to an embodiment of the present invention.
[0047] In an embodiment of the present invention, the feedback loop and continuous learning engine 114 may be essential in improving the cloud security reproducible and scalable nature and efficiency. Every detected threat, the mitigation action taken, and the overall security outcome may be extracted and analyzed using the outcome analysis engine 114a to continually update and improve the system 100 threat detection and response mechanisms. The system 100 may evolve gradually by the retraining engine 114b by incorporating new data to detect, prevent, and respond to security threats to cloud environments more effectively. The evolution may start with the outcome analysis engine 114a of the feedback loop and continuous learning engine 114, analyzing how well the mitigation actions that the system 100 may have taken have yielded results. This part identifies if the applied security practices prevented the threat from spreading and ecosystem from being more affected and repeating itself. The false favorable rates, response times, attack severity, Key Performance Indicators (KPI), and so forth are fed into the retraining engine 114b to enhance the system 100. The system 100 may be adapted to modify response mechanisms when an applied mitigation strategy has proven ineffective and needs to function better in the future.
[0048] The feedback loop and continuous learning engine 114 may retrain components, using the retraining engine 114b, that may refine the machine learning models based on recent threat intelligence. The feedback loop and continuous learning engine 114 may gather data from previous security incidents, refresh training datasets, and retrain detection algorithms for better accuracy. The feedback loop and continuous learning engine 114 may learn the best decisions based on successful and failed mitigation actions taken in the past utilizing reinforcement learning. Through this iterative learning process, the feedback loop and continuous learning engine 114 may adapt to the new attack vectors by ensuring that the false alarms take the least to none and that the accurate alerts are detected with a higher precision. The feedback loop and continuous learning engine 114 may improve ability to identify and respond to new cyber threats by integrating constantly updated information from trusted sources using an update engine 114c. The update engine 114c may incorporate new threat data and intelligence feed into the feedback loop and continuous learning engine 114, that may further be relayed to the threat detection engine 106. Upon identification of a zero-day attack or an advanced persistent threat, the update engine 114c may dynamically update security policies and detection rules, that may create instant protection against the newly recognized threat. Such integration by the update engine 114c may ensure that the system 100 may continuously be proactive when defending cloud environments rather than reactive.
[0049] The feedback loop and continuous learning engine 114 allow for automatic policy refinement, meaning that security protocols and configurations are refined according to changing threat landscapes. If some security controls seem too restrictive or ineffective, they are adjusted to better balance security and performance of the system 100. Such dynamic optimization strengthens the cloud security framework while ensuring minimum disruption to actual user activities. Through the iterative improvement of the threat detection model, optimization of mitigation techniques, and incorporation of real-time threat intelligence, the feedback loop and continuous learning architecture strengthen the resilience of cloud security in a significant manner. By constantly assessing itself and how it is performing, learning from new cyber threats as they emerge and adapt, the feedback loop and continuous learning engine 114 may always be an up-to-date and ever-improving solution for the need to better secure cloud environments.
[0050] FIG. 2 depicts a flowchart of a method 200 for identification and mitigation of the cloud security threats, according to an embodiment of the present invention.
[0051] At step 202, the system 100 may receive and normalize the real-time data from the external sources.
[0052] At step 204, the system 100 may trigger the threat detection engine 106 to detect the security threats and the affected cloud resources corresponding to the received real-time data by performing the adaptive threat response decision-making by utilizing the machine learning models.
[0053] At step 206, the system 100 may activate the adversarial simulation engine 108 to simulate attack scenarios by utilizing the Generative Adversarial Networks (GANs) upon detection of the security threats by the threat detection engine 106.
[0054] At step 208, the system 100 may perform the mitigation actions by activating the automated mitigation orchestrator 110 based on the simulated attack scenarios.
[0055] At step 210, the system 100 may restore the disrupted services of the affected cloud resources upon competition of the mitigation actions by activating the self-healing engine 112 to ensure the operational continuity in the cloud ecosystem.
[0056] At step 212, the system 100 may analyze the mitigation outcomes and retrain the threat detection engine 106 using the feedback loop and continuous learning engine 114.
[0057] At step 214, the system 100 may update the security policies and the threat detection engine 106 in the real-time based on the external sources.
[0058] While the invention has been described in connection with what is presently considered to be the most practical and various embodiments, it is to be understood that the invention is not to be limited to the disclosed embodiments, but on the contrary, is intended to cover various modifications and equivalent arrangements included within the scope of the appended claims.
[0059] This written description uses examples to disclose the invention, including the best mode, and also to enable any person skilled in the art to practice the invention, including making and using any devices or systems and performing any incorporated methods. The patentable scope of the invention is defined in the claims, and may include other examples that occur to those skilled in the art. Such other examples are intended to be within the scope of the claims if they have structural elements that do not differ from the literal language of the claims, or if they include equivalent structural elements within substantial differences from the literal languages of the claims. , Claims:CLAIMS
I/We Claim:
1. A system (100) for mitigating cloud security threats, the system (100) comprising:
a data ingestion engine (102) configured to receive real-time data from external sources; and
a processing unit (104) in communication with the data ingestion engine (102), characterized in that the processing unit (104) is configured to:
trigger a threat detection engine (106) to detect the security threats and affected cloud resources corresponding to the received real-time data by performing adaptive threat response decision-making using machine learning models;
activate an adversarial simulation engine (108) to simulate attack scenarios by utilizing Generative Adversarial Networks (GANs) upon detection of the security threats by the threat detection engine (106);
perform mitigation actions by activating an automated mitigation orchestrator (110) based on the simulated attack scenarios; wherein the automated mitigation actions are selected from an access revocation, a network segmentation, a patch deployment, a resource isolation, or a combination thereof; and
restore disrupted services of the affected cloud resources upon competition of the mitigation actions by activating a self-healing engine (112) to ensure an operational continuity in a cloud ecosystem.
2. The system (100) as claimed in claim 1, comprising a feedback loop and continuous learning engine (114) adapted to track performance indicators of the performed mitigation actions, wherein the performance indicators are selected from a false positive rate, a detection latency, a mitigation success metrics, or a combination thereof to optimize the threat detection engine (106).
3. The system (100) as claimed in claim 1, comprising the feedback loop and continuous learning engine (114) adapted to retrain the threat detection engine (106) based on the mitigation actions corresponding to the simulated attack scenarios.
4. The system (100) as claimed in claim 1, wherein the machine learning models are selected from supervised learning models (106a) for a signature-based detection, unsupervised learning models (106b) for anomaly detection, and reinforcement learning models (106c) for adaptive threat response decision-making.
5. The system (100) as claimed in claim 1, wherein the adversarial simulation engine (108) is configured to continuously generate the attack scenarios including simulated zero-day attacks to train and evaluate the threat detection engine (106).
6. The system (100) as claimed in claim 1, wherein the external sources are selected from cloud logs, application logs, network traffic, access metadata, threat intelligence feeds, or a combination thereof.
7. The system (100) as claimed in claim 1, wherein the processing unit (104) is configured to preprocess the received real-time data by execution of techniques selected from a data normalization, a data aggregation, a feature extraction, a feature selection, a data enrichment, or a combination thereof.
8. The system (100) as claimed in claim 1, wherein the automated mitigation orchestrator (110) is adapted to transmit real-time alerts to administrators indicating an initiation, a conduction, and a closure of the mitigation actions.
9. The system (100) as claimed in claim 1, wherein the processing unit (104) is configured to integrate the system (100) with microservices, serverless functions, compliance monitoring tools, or a combination thereof while strengthening a security buffer.
10. A method (200) for identification and mitigation of cloud security threats, the method (200) is characterized by steps of:
receiving real-time data from external sources;
triggering a threat detection engine (106) to detect security threats and affected cloud resources corresponding to the received real-time data by performing adaptive threat response decision-making using machine learning models;
activating an adversarial simulation engine (108) to simulate attack scenarios by utilizing Generative Adversarial Networks (GANs) upon detection of the security threats by the threat detection engine (106);
performing mitigation actions by activating an automated mitigation orchestrator (110) based on the simulated attack scenarios; wherein the automated mitigation actions are selected from an access revocation, a network segmentation, a patch deployment, a resource isolation, or a combination thereof; and
restoring disrupted services of the affected cloud resources, from the simulated attack scenarios by activating a self-healing engine (112) to ensure an operational continuity in a cloud ecosystem.
Date: May 02, 2025
Place: Noida

Nainsi Rastogi
Patent Agent (IN/PA-2372)
Agent for the Applicant