Public HTML Report

SIF-CCA research report

This page converts the conference manuscript into a readable web report. It keeps the full PDF private while still exposing the key ideas, methodology, and evaluation results from the submission.

98% accuracy 0.990 ROC-AUC 135 ms cross-cloud latency 99.6% policy consistency
Combined guide

Executive summary

SIF-CCA extends the original Serverless Intelligent Firewall work into a broader multi-cloud security architecture. The model couples hybrid AI intrusion detection with event-driven mitigation and a unified zero-trust control plane so workloads can be protected consistently across AWS, Azure, and Google Cloud.

The manuscript positions the main research gap as the lack of serverless-native, end-to-end, cross-cloud security systems that combine adaptive AI analytics with quantifiable latency and policy consistency guarantees. SIF-CCA is proposed as a practical answer to that gap.

Research scope and methodology

The paper uses the CIC-IDS2017 dataset and applies a multi-stage preprocessing pipeline: column normalization, duplicate removal, anomaly correction, class consolidation, manual outlier filtering, and balancing by undersampling. This reduces noise and gives the downstream learning pipeline a cleaner feature space.

Data preparation pipeline

  • Remove duplicate rows and redundant columns.
  • Replace infinite values and drop rows with missing values.
  • Consolidate attack labels into broader operational classes.
  • Standardize numerical features and trim high-impact outliers.
  • Balance remaining classes for more stable supervised learning.

Model design

  • XGBoost captures non-linear feature importance and supports fast feature-level learning.
  • BiGRU models bidirectional temporal relationships in traffic behavior.
  • A weighted fusion layer balances static and temporal evidence.
  • Serverless response hooks trigger provider-specific actions after detection.
Design intent: the architecture deliberately separates detection from policy governance so identity, trust, and response can evolve independently as workloads shift across clouds.

System architecture

Architecture figure

SIF-CCA architecture

The manuscript’s main architecture figure shows the detection engine, orchestration layer, and unified control plane spanning AWS, Azure, and GCP.

Operational layers

  • Detection layer: classifies traffic and scores threats.
  • Orchestration layer: triggers event-driven response workflows.
  • Policy layer: enforces zero-trust decisions using cloud-agnostic identity and policy logic.
  • Provider layer: executes localized actions in each cloud without losing global policy consistency.

Evaluation highlights

The proposed model outperforms the reported baselines on the paper’s primary classification metrics. The web portal retains the exact headline numbers from the manuscript and exposes them as reviewer-friendly tables and charts.

Model comparison

Cross-cloud execution

Accuracy trend line graph

Attack mix pie chart

Policy health radar chart

Performance summary

Metric Reported value
Accuracy98.00%
Precision98.00%
Recall98.00%
F1-score98.00%
ROC-AUC0.990

Zero-trust runtime summary

Measure Reported value
Policy propagation delay88.3 ms average
Identity verification latency111.3 ms average
Policy consistency99.6%
Cross-cloud avg. latency135 ms

Confusion matrix

Confusion matrix

High diagonal density indicates strong separation across benign and attack classes.

ROC curve

ROC curve

SIF-CCA shows the steepest rise and strongest area under the curve.

Cross-cloud stance

Cross cloud control plane

The control plane normalizes policy and identity posture across providers.

Protected artifact access

Why the files are protected

The full PDF, TeX, and bibliography are intentionally packaged as encrypted archives to keep the submission private while still allowing controlled access for reviewers and collaborators.

The public HTML report remains available so readers can understand the project without direct access to the protected source files.

Access flow

  1. Follow the public GitHub profile.
  2. Review the overview video and subscribe to the YouTube channel.
  3. Email the author to request the password.
  4. Use the secure gate to reveal the encrypted archive links.
Open implementation guide