From single-cloud to cross-cloud
Research-1 emphasized LSTM-based intrusion detection in serverless contexts. Research-2 adds explicit AWS, Azure, and Google Cloud coordination with cloud-agnostic policy and event-routing layers.
Research Delta
What changed in Research-2
Research-2 extends the original serverless intelligent firewall into a multi-cloud and policy-orchestrated security system. The core contribution is SIF-CCA: a serverless security model that combines hybrid AI detection with a unified cross-cloud zero-trust control plane.
Hybrid detection engine
The proposed model fuses XGBoost feature learning with BiGRU temporal modeling. The hybrid layer improves separability over RF, standalone XGBoost, CNN, and LSTM baselines.
Deployment realism
Beyond model quality, this version emphasizes latency, cold-start behavior, policy propagation speed, and consistency across clouds, making the research easier to map into production constraints.
Primary contributions
- Unified zero-trust control plane for consistent policy propagation across cloud providers.
- Cross-cloud serverless orchestration with low-latency event-driven threat response.
- Hybrid XGBoost plus BiGRU detection with 98% performance across key metrics.
- Cost-aware serverless execution with approximate per-10K invocation cost near $0.25.
Practical intent: this artifact is designed as a research portal first, but now includes graph-rich analytics and implementation guidance so teams can directly map results into real-world rollouts.
Researcher Focus
MD ANISUR RAHMAN CHOWDHURY and core works
This section highlights your signature contributions and links visitors directly to your most important research assets, publications, and technical profiles.
Serverless Intelligent Firewall (Research-1)
Foundation artifact introducing the AI-driven firewall concept with LSTM-centered intrusion detection and zero-trust positioning in serverless systems.
Open Research-1 websiteSIF-CCA Cross-Cloud Firewall (Research-2)
Extended artifact integrating hybrid AI detection, cross-cloud adaptation, and unified zero-trust policy orchestration with graph-rich technical reporting.
Explore Research-2 analyticsProfiles and public channels
Centralized links to your GitHub, LinkedIn, Google Scholar, Portfolio, and ResearchGate for visibility, collaboration, and verification of authorship.
Open profile hubOverview video and dissemination
Public walkthrough video and website-first communication flow for reviewers, collaborators, and readers requesting controlled access to encrypted artifacts.
Watch overview videoResearch Continuity
Strong linkage: Research-1 to Research-2
Research-2 is not an isolated system. It is the direct evolution of Research-1, expanding detection quality into real multi-cloud orchestration and unified zero-trust governance.
Capability evolution chart
Research bridge highlights
| Dimension | Research-1 | Research-2 |
|---|---|---|
| Core model | LSTM IDS | XGBoost + BiGRU |
| Cloud scope | Single-cloud oriented | AWS + Azure + GCP |
| Policy control | Zero-trust concept | Unified control plane |
| Avg response latency | N/A | 135 ms |
| Policy consistency | N/A | 99.6% |
Feature maturity radar
Direct links to Research-1
Use these links to move between both artifacts. The combined documentation and implementation blueprint are structured to keep conceptual and technical continuity.
Overview Video
Walkthrough and demonstration
The overview video is now presented as a compact technical briefing module. Use chapter jumps to move directly through motivation, architecture, hybrid AI model flow, and real-time cross-cloud enforcement.
Technical coverage in this video
The session explains why a static firewall is insufficient for serverless workloads and demonstrates how SIF-CCA combines AI-driven detection with cloud-agnostic zero-trust orchestration.
- Problem framing: identity sprawl, ephemeral workloads, fragmented policy.
- Architecture explanation: ingestion, detection, orchestration, policy loops.
- Model reasoning: Research-1 baseline versus Research-2 hybrid upgrades.
- Operational view: latency, consistency, and deployment realism.
Use the chapter controls below to jump directly to the most relevant technical segment.
Intro and motivation
Explains the core security gap in serverless and why Research-2 extends Research-1 into cross-cloud zero-trust enforcement.
Problem
Architecture
Model
Cloud Runtime
Implementation
Architecture
Cross-cloud adaptive security flow
This section is now compact but deeper: switch architecture views, inspect each stage, and read implementation-oriented descriptions without scrolling through oversized static blocks.
SIF-CCA joins AI detection, serverless response orchestration, and a unified zero-trust control plane across AWS, Azure, and GCP.
Hybrid AI core
Cross-cloud runtime
Unified policy plane
Architecture brief
SIF-CCA operates as a closed loop: telemetry ingestion, model-driven classification, provider-specific response, and policy enforcement feedback. This design keeps runtime security adaptive while preserving auditable governance.
Unlike a static firewall chain, each decision is context-aware and identity-aware. The control plane remains vendor-agnostic so policy continuity survives provider failover and workload migration.
Logical architecture view
The system is organized into four stable layers: ingestion, detection, orchestration, and policy. Each layer can evolve independently without breaking the full security loop.
- Layered separation keeps the platform maintainable.
- Detection quality can improve without policy rewrites.
- Policy enforcement remains cloud-agnostic and centralized.
Stage-by-stage interactive explorer
Traffic ingestion and context capture
Stream network telemetry and function-level events into the SIF pipeline while preserving cloud-origin metadata for policy-aware downstream analysis.
- Collect flow features and invocation metadata.
- Attach cloud provider and identity context.
- Forward normalized records into detection modules.
Interactive Test
SIF-CCA Test Lab
This browser-based simulator lets visitors test the research output without a backend deployment. It is an explainable approximation of the published decision logic, not the exact training artifact.
Simulate a cross-cloud event
Enter representative traffic and policy signals, or load one of the preset scenarios.
This test is deterministic and runs locally in the browser.
16
risk score / 100
Predicted class
Benign / low risk
Enforcement decision
Allow
Recommended action
Allow traffic and keep continuous verification active.
Cross-cloud route
AWS Lambda receives the event first, then forwards policy state to Azure and GCP.
Evaluation and Analytics
Graph-rich performance dashboard
This dashboard now includes multiple chart modes: bar chart, line graph, pie chart, radar chart, and scatter graph to make the results more realistic and interactive for reviewers.
Model comparison bar chart
Cloud performance bar chart
Accuracy trend line graph
Attack mix pie chart
Policy health radar chart
Latency vs cost scatter graph
Real-time rollout phase chart
Classification metrics
| Model | Accuracy | Precision | Recall | F1 |
|---|---|---|---|---|
| RF | 94.85% | 94.47% | 94.98% | 94.22% |
| XGBoost | 95.41% | 95.02% | 95.81% | 95.91% |
| CNN | 95.56% | 95.25% | 95.93% | 95.09% |
| LSTM | 96.14% | 96.92% | 96.65% | 96.78% |
| SIF-CCA | 98.00% | 98.00% | 98.00% | 98.00% |
Serverless latency and cost
| Platform | Avg. latency | Cold start | Cost / 10K |
|---|---|---|---|
| AWS Lambda | 135 ms | 221 ms | $0.24 |
| Azure Functions | 142 ms | 263 ms | $0.27 |
| Google Cloud Functions | 135 ms | 249 ms | $0.25 |
| Cross-cloud avg. | 135 ms | 244 ms | $0.25 |
Zero-trust enforcement snapshot
| Scope | Policy delay | Identity latency | Consistency |
|---|---|---|---|
| AWS | 88 ms | 110 ms | 99.6% |
| Azure | 92 ms | 116 ms | 99.4% |
| GCP | 85 ms | 108 ms | 99.7% |
| Cross-cloud avg. | 88.3 ms | 111.3 ms | 99.6% |
Real-time Deployment Blueprint
How to implement the Serverless Intelligent Firewall in production
The guide below combines Research-1 and Research-2 into an actionable implementation path. It starts from the proven IDS baseline and evolves into cross-cloud adaptive enforcement.
Baseline IDS layer (Research-1)
Train and validate LSTM detection, establish feature pipeline quality, and expose model scoring through an event-driven serverless endpoint.
Hybrid detection upgrade (Research-2)
Add XGBoost plus BiGRU fusion for stronger static and temporal attack coverage, and calibrate thresholds for lower operational false positives.
Cross-cloud orchestration
Deploy handlers on AWS Lambda, Azure Functions, and GCP Functions with normalized event schema, queue routing, and unified telemetry.
Unified zero-trust control plane
Implement policy-as-code and identity abstraction to keep enforcement consistent across all providers during runtime and failover conditions.
Graphical implementation guidance
For detailed architecture diagrams, step-by-step cloud mapping, rollout checklist, and combined documentation from both research phases, open the dedicated guide page.
# Simplified real-time orchestration sequence
ingest_event() -> score_with_hybrid_model()
if threat_detected:
trigger_cloud_response(provider)
evaluate_zero_trust_policy()
enforce_allow_or_block()
log_decision_to_unified_telemetry()Protected Manuscript
Public first-page preview only
The site intentionally exposes only the paper cover and abstract summary. The full conference PDF and source package are provided through encrypted downloads after the policy gate.
IEEE SmartCloud 2026 submission
SIF-CCA
Towards a Serverless Intelligent Firewall: Integrating Cross-Cloud Adaptation, AI-Driven Security, and Zero-Trust Architectures
Department of Computer and Information Science, Gannon University, USA
Abstract
SIF-CCA addresses identity sprawl, fragmented cloud management, and cloud-native attack paths by combining a unified zero-trust control plane, multi-cloud serverless orchestration, and hybrid AI-driven detection.
The model reports 98% accuracy and a 0.990 ROC-AUC on a thoroughly preprocessed CIC-IDS2017 pipeline, outperforming standalone XGBoost, CNN, RF, and LSTM baselines.
Highlights
Cross-cloud experiments across AWS, Azure, and Google Cloud show low-latency intrusion detection near 135 ms, linear scalability under heavy workloads, and 99.6% policy consistency under unified enforcement.
The full manuscript, PDF package, and LaTeX sources are password-protected and distributed as encrypted archives.
Preview access is intentionally limited to this first-page summary. Use the secure download gate to request the encrypted paper bundle.
Research Assets
Portal resources
This version now contains stronger inter-links between both research artifacts, expanded graphs, and practical implementation documentation.
Interactive HTML report
A web-native report that expands the manuscript into readable sections for reviewers, students, and practitioners while keeping the protected files encrypted.
Open reportCombined implementation guide
Graphical and practical guidance to implement the Serverless Intelligent Firewall in real-time by combining lessons from Research-1 and Research-2.
Open guideOverview poster page
A poster-style summary for quick review and conference-style presentations using the same assets and secure download workflow.
Open posterFirst research artifact
The original research baseline and portal. This site now links directly to it so readers can compare progression clearly.
Open Research-1 websiteProtected document bundles
The conference PDF and LaTeX source package are published only as encrypted zip archives. The gate enforces the same policy flow as the first portal.
Author profiles and contact
All primary profiles and contact channels for collaboration, citation, and password requests are collected in one place.
Open profilesAuthor Profiles
Primary researcher links
All public profiles are linked directly so visitors can verify authorship, follow ongoing work, and request access through expected channels.
Professional profile and academic/engineering background.
linkedin.com/in/md-anisur-rahman-chowdhury-15862420aGitHub
Source repositories, prior artifacts, and the first research portal.
github.com/ANIS151993Google Scholar
Citation and publication index for academic visibility.
scholar.google.com/citations?user=NQyywPoAAAAJPortfolio
Personal portfolio and extended project showcase.
marcbd.comResearchGate
Research network profile for academic collaboration.
researchgate.net/profile/Md-Anisur-Rahman-ChowdhuryContact
Password requests and academic inquiries should be sent directly by email.
engr.aanis@gmail.com