AI-Driven Identity Threat Detection and Response Systems for Modern Cloud Security Operations Centers
DOI:
https://doi.org/10.63282/3050-922X.IJERET-V6I4P112Keywords:
Identity Threat Detection and Response (ITDR), Zero Trust, UEBA, SOAR, CIEM, Policy-as-Code, Explainable AIAbstract
Identity is the new perimeter in cloud-first enterprises, where adversaries increasingly weaponize stolen credentials, malicious OAuth consents, token replay, and over-permissioned roles to traverse control planes and SaaS estates with minimal endpoint noise. In this paper, a telemetry-based Identity Threat Detection and Response (ITDR) architecture integrating identity provider (SSO/OAuth/OIDC), cloud API (AWS/Azure/GCP), endpoint, and SaaS audit log telemetry into a privacy-conscious feature fabric is proposed using AI. Our combination of sequential modelling of session dynamics, graph learning of privilege, relationship abuse, and self-supervised representation learning reveals low-and-slow compromise patterns. An anomaly strength is combined with contextual role criticality of data, device trust, and just-in-time elevation, session isolation, token revocation, and step-up authentication executed by a policy-as-code and SOAR playbooks-based risk layer that is calibrated. Details Implementation summary Streaming feature stores (training/serving parity) Feedback loops (with analyst adjudications) Governance (mapped to ISO 27001, NIST SP 800-207, and GDPR) In hybrid real-world and synthetic tests, the method does better recall at constant low false-positive rates, as well as fivefold trimming alert volume by deduplication and model calibration and with less time-to-detect and time to respond with real-time inference and automated containment. Describe stability to adversarial log poisoning and concept drift, and explainability methods that do not compromise auditability. The findings reveal that AI-based ITDR has the potential to support SOC effectiveness in a material manner without going against the principles of Zero Trust nor regulatory requirements
References
[1] Sivakumar, J., Salman, N. R., Salman, F. R., Salimova, H. R., & Ghimire, E. (2025). AI-driven cyber threat detection: enhancing security through intelligent engineering systems. Journal of Information Systems Engineering and Management, 10(19), 790-798.
[2] Khayat, M., Barka, E., Serhani, M. A., Sallabi, F., Shuaib, K., & Khater, H. M. (2025). Empowering Security Operation Center with Artificial Intelligence and Machine Learning–A Systematic Literature Review. IEEE Access.
[3] Merlano, C. (2024). Enhancing cyber security through artificial intelligence and machine learning: a literature review. Journal of Cybersecurity, 6, 89.
[4] UEBA (User and Entity Behavior Analytics): Complete 2025 Guide, exabeam, https://www.exabeam.com/explainers/ueba/what-ueba-stands-for-and-a-5-minute-ueba-pr
[5] Kaur, R., Gabrijelčič, D., & Klobučar, T. (2023). Artificial intelligence for cybersecurity: Literature review and future research directions. Information Fusion, 97, 101804.
[6] Mohamed, N. (2025). Cutting-edge advances in AI and ML for cybersecurity: a comprehensive review of emerging trends and future directions. Cogent Business & Management, 12(1), 2518496.
[7] Top 8 Threat Detection Tools That Work, accuknox, online. https://accuknox.com/blog/threat-detection-tools
[8] Mohale, V. Z., & Obagbuwa, I. C. (2025). A systematic review on the integration of explainable artificial intelligence in intrusion detection systems to enhancing transparency and interpretability in cybersecurity. Frontiers in Artificial Intelligence, 8, 1526221.
[9] Samed, A. L., & Sagiroglu, S. (2025). Explainable artificial intelligence models in intrusion detection systems. Engineering Applications of Artificial Intelligence, 144, 110145.
[10] KYC AI: How AI-Driven “Know Your Customer” is Revolutionizing Identity Verification, jumio, online. https://www.jumio.com/how-ai-kyc-is-changing-identity-verification/
[11] Torres, M., Álvarez, R., & Cazorla, M. (2023). A malware detection approach based on feature engineering and behavior analysis. IEEE Access, 11, 105355-105367.
[12] Moore, K. L., Bihl, T. J., Bauer Jr, K. W., & Dube, T. E. (2017). Feature extraction and feature selection for classifying cyber traffic threats. The Journal of Defense Modeling and Simulation, 14(3), 217-231.
[13] Rastogi, N., Dhanuka, D., Saxena, A., Mairal, P., & Nguyen, L. (2025). Survey Perspective: The Role of Explainable AI in Threat Intelligence. arXiv preprint arXiv:2503.02065.
[14] What is UEBA? Complete Guide to User and Entity Behavior Analytics, varonis, online. https://www.varonis.com/blog/user-entity-behavior-analytics-ueba
[15] Khan, M. Z. A., Khan, M. M., & Arshad, J. (2022, December). Anomaly detection and enterprise security using user and entity behavior analytics (UEBA). In 2022 3rd International Conference on Innovations in Computer Science & Software Engineering (ICONICS) (pp. 1-9). IEEE.
[16] Threat Detection Solutions in 2025 You Need to Know, sisainfosec, online. https://www.sisainfosec.com/blogs/threat-detection-solutions-in-2025-you-need-to-know/
[17] Lo, C. C., Huang, C. C., & Ku, J. (2010, September). A cooperative intrusion detection system framework for cloud computing networks. In 2010 39th International Conference on Parallel Processing Workshops (pp. 280-284). IEEE.
[18] Teodoro, M. A. G., & Benitez, I. B. (2025, April). A Review of AI-Driven Techniques for Power System Insulation Coordination and Surge Protection. In 2024 International Conference on IT Innovation and Knowledge Discovery (ITIKD) (pp. 1-6). IEEE.
[19] Speed vs Accuracy in Cybersecurity: How AI Achieves Both in Identity Management, avatier, online. https://www.avatier.com/blog/speed-vs-accuracy-cybersecurity/
[20] Malik, A., & Om, H. (2017). Cloud computing and internet of things integration: Architecture, applications, issues, and challenges. In Sustainable cloud and energy services: Principles and practice (pp. 1-24). Cham: Springer International Publishing.
[21] Murvay, P. S., & Groza, B. (2014). Source identification using signal characteristics in controller area networks. IEEE Signal Processing Letters, 21(4), 395-399
