A Unified Multi-Layer Framework for Detecting and Mitigating Web Application Attacks in Cloud-Native Environments
Аннотация
Cloud-native architectures have introduced unprecedented scalability and flexibility for modern web applications, yet they have simultaneously expanded the attack surface and exposed systems to increasingly sophisticated intrusion patterns. Existing security approaches—such as provenance-based anomaly detection and machine-learning-driven web intrusion detection—have shown promising performance individually but suffer from scalability, contextual gaps, and limited visibility when deployed in isolation. This study proposes a unified, multi-layer security framework that integrates runtime provenance analysis with optimized SVM-based web intrusion detection to deliver comprehensive protection for containerized and orchestrated cloud-native systems. The framework correlates application-level HTTP feature extraction, container-level provenance graph analysis, and orchestration-level event aggregation, enabling early recognition of both rapid, high-volume attacks and stealthy low-and-slow Advanced Persistent Threats. Experimental evaluation using web intrusion datasets and provenance-based APT traces demonstrates that the combined model significantly enhances detection accuracy, reduces false alarms, and improves the timeliness of automated mitigation actions such as container isolation. By bridging cross-layer visibility and leveraging machine-learning optimization, the unified framework offers a scalable and robust security architecture tailored to the demands of modern cloud-native deployments.