ZERO-DAY ATTACK DETECTION IN MULTI-TENANT CLOUD ENVIRONMENTS USING VARIATIONAL AUTOENCODERS

In multi-tenant cloud environments, vulnerabilities that cannot be detected constitute a serious risk. These can result in widespread breaches across otherwise isolated tenants. Intrusion detection systems of the traditional nature rely heavily on signature-based techniques, rendering them less effective against previously unseen attacks. This is particularly true in dynamic and scalable cloud ecosystems. This paper puts forward an unsupervised anomaly detection framework based on Variational Autoencoders (VAEs) in order to make real-time identification of zero-day attacks. According to our system, the behaviours of individual tenants is described by their own normative operation patterns. The deviation from these norms is treated as abnormality. The methodology utilizes a data collection process in the cloud logs and network flows tailored according to tenants. A VAE architecture is engineered to capture non-linear relationships in high-dimensional data streams of cloud activity. The system calculates reconstruction error and applies a dynamic thresholding mechanism to determine any aberrant sessions. Evaluation metrics include Precision, Recall, F1-score, and AUC-ROC. Experiments had been conducted on multi-tenant simulations using two hybrid data sets (CICIDS2017 and Rucia Cloud), obtaining an accuracy rate of over 92%. The false positive ratio is less than 6%. The system has also demonstrated consistent performance in scaling across increasing tenancy loads and much faster detention lags than old-fashioned solutions. This approach enhances significantly the security posture of cloud environments by enabling the early identification of threats that are unknown in nature and appear very scalable. It provides CSPs (Cloud Service Providers) with a feasible solution for implementing in virtualized environments intelligent real-time defenses against new types of cyber threats.