Indonesian J our nal of Electrical Engineering and Computer Science V ol. 40, No. 1, October 2025, pp. 189 201 ISSN: 2502-4752, DOI: 10.11591/ijeecs.v40.i1.pp189-201 189 Adv anced cloud security framew ork based on zer o trust ar chitectur e and adapti v e deep lear ning f or next-generation systems Israa Basim, Amel Meddeb Makhlouf, Ahmed F akhfakh NTS’COM Unit, National School of Electronics and T elecommunication, Uni v ersity of Sf ax, Sf ax, T unisia Article Inf o Article history: Recei v ed Jan 15, 2025 Re vised Apr 23, 2025 Accepted Jul 3, 2025 K eyw ords: Adapti v e deep learning Cloud security Hybrid security frame w ork Ne xt-generation cloud security Security metrics Zero trust architecture ABSTRA CT Static rule-based models and cloud access securit y brok ers (CASBs) tradi- tional cloud security frame w orks— can no longer ef fecti v ely mitig ate modern and e v olving c yber threa ts. T w o such e xamples include signature-based de- tection methods which lack real-time v ersatility and are inef fecti v e ag ainst ad- v anced persistent threats or zero-day threats. In this paper , we introduce an adap- ti v e zero trust frame w ork (AZTF) based on the inte gration of zero trust architec- ture (ZT A) and adapti v e deep learning (ADL) approach to dynamically e v aluate threats and risks being tar geted on cloud en vironments. It continually moni- tors access attempts using DL models for real-time anomaly detection. Nine synthetic datasets were generated and used in the e xperiment in tw o security do- mains: netw ork traf c and access pattern. The proposed system reached 96% detection accurac y , 52% impro v ements in response time, and 12% resource con- sumption optimization compared to traditional ZT A-based security models. The results highlight the po wer of using a combination of continuous authentication with articial intelligence (AI)-po wered dynamic security polic y application to strengthen the resilience of cloud security . Future research will focus on feder - ated learning inte gration, multi-cloud security applications, and e xplainable AI for increased transparenc y of models. This is an open access article under the CC BY -SA license . Corresponding A uthor: Israa Basim NTS’COM Unit, National School of Electronics and T elecommunication, Uni v ersity of Sf ax 3000, Sf ax, T unisia Email: israabasim85@gmail.com 1. INTR ODUCTION Cloud computing has re v olutionized the w ay b usinesses operate by pro viding scalable, e xible, and cost-ef fecti v e information technology (IT) solutions [1]–[3]. Ho we v er , as cloud adoption gro ws, so does the comple xity of securing cloud en vironments [4]–[6]. Cloud service pro viders host a v ast array of sensiti v e data and critical applications, making cl o ud security a top concern for or g anizations w orldwide [7]–[9]. The dy- namic nature of cloud en vironments, along with the increasing sophistication of c yber threats, poses signicant challenges to traditional security models [10]. As a result, ensuring rob ust, adapti v e, and real-time protection for cloud resources has become a pressing necessity [11]–[14]. T raditional security approaches, such as cloud access security brok ers (CASBs), ha v e been widely used to monitor and control access to cloud services [15], [16]. While ef fecti v e to some e xtent, these solutions are often static and unable to res pon d to the f ast-e v olving landscape of modern cloud threats [17]–[19]. CASBs J ournal homepage: http://ijeecs.iaescor e .com Evaluation Warning : The document was created with Spire.PDF for Python.
190 ISSN: 2502-4752 typically rely on predened rules and congurations, which struggle to k eep up with the dynamic beha vior of cloud en vironments and the increa singly comple x attack v ectors. As c yber thr eats become more adv anced, these static security models are pro ving insuf cient in pro viding the le v el of protection required to secure sensiti v e cloud resources ef fecti v ely [20]–[23]. T o address these limitations, this paper introduces a ne xt-generation cloud security frame w ork that combines zero trust architecture (ZT A) [24], [25] with adapti v e deep learning (ADL) techniques [26]. Zero trust has emer ged as a transformati v e security model that operates on the principle of “ne v er trust, al w ays v erify”. Under this model, access to cloud resources is strictly controlled, and users are continuously v eried, re g ardless of their location within or outside the netw ork perimeter . The zero trust model signicantly reduces the risk of unauthorized access, lateral mo v ement, and data breaches. Ho we v er , while ZT A pro vides a rob ust foundation for securing cloud en vironments, it does not inherently address the challenge of detecting emer ging threats in real time or adapting to rapidly e v olving attack techniques. T o address the limitations of traditional static security models, we propose a h ybrid security frame w ork that inte grates ZT A with adapti v e deep learning (ADL) to increase the quality of security in the cloud. It emplo ys DL for on-time threat detection, continually analyzing user acti vity , netw ork traf c, and access beha vior , and thus, adapts and learns from ne w threats. As a result, the frame w ork also applies dynamic security policies and measures to reduce the a ttack surf ace, in other w ords based on intelligent risk asse ssments conducted by these internal agents, the y apply an attack surf aces tailored to what is the beha vior of the or g anization, ensuring a reacti v e posture. F or performance, it reaches a detection accurac y of 96%, better than CASB (85%) and ZT A-only (90%) models, with 52% less response time (1.2 seconds) and 12% less consumed resources. It stands out e v en more from e xisting models in terms of scalability and ef cienc y under load. The core enabler for these enhancements comes from ADL and its inte gration within ZT A, establishing the frame w ork as a ne xt-generation enabler for adapti v e, proacti v e cloud security . The rest of this paper is or g anized as follo ws: section 2 re vie ws related w ork in cloud security and ZT A. Section 3 pro vides background of this paper . Se ction 4 presents the proposed h ybrid security frame- w ork in detail, outlining its design, components, and operation. Section 5 discusses e xperimental results and compares the performance of the proposed frame w ork with e xisting solutions. Finally , section 6 concludes the paper and highlights areas for future research. 2. RELA TED W ORK In this section, we re vie w t h e e xisting literature on cloud security , ZT A, CASBs, the application of DL techniques in c ybersecurity , and h ybrid frame w ork. The aim is to conte xtualize the proposed frame w ork within the broader eld of research and to highlight the g aps that this w ork intends to address. In this portion of their analysis, researchers delv e into traditional cloud security methodologies lik e identity management, encryption and monitoring. Which mak es it clear just ho w limited these solutions are, in terms of the dynamism and uidity with which cloud-infrastructure e v olv es. Ramesh et al. [27] introduced an anti virus with DL for rapid detection and ef fecti v e treatment of polymorphic and encrypted viruses. Attou et al. [28] proposed a cloud-based intrusion detection model with random forest (RF) and feature engineering. A ne w method of the Salp sw arm algorithm-based feature selection with DL-based intrusion detection (SSA-FS- DLID) technique has been proposed by Sanag ana and T ummalachervu [29] for impro ving cloud infrastructure security . It also addresses the challenges of adopting ZT A, particularly in cloud en vironments. P atil et al. [30] pro vided insight into the ZT A adoption security frame w ork for cloud-based Fintech services. Dash [31] adv o- cated the use of ZT A for in cloud en vironments, spe cically when deplo ying lar ge language models (LLMs) in articial intelligence (AI) applications. CASBs visibility and control o v er cloud usage a particularly impor - tant point will be to analyze their strengths and weaknesses, especially where the y may not yet adapt nimbly enough to h yper f ast mo ving cloud tim es. Abbas [32] pro vided an in-depth analysis of CASBs, and sheds light on their role in stepping up cloud security . In response to more enterprises mo ving their sensiti v e data to the cloud, Ahmad et al. [33] addressed the demand for higher le v els of cloud security . It suggested a GOSIMMG method to impro v e the security of the cloud using identity-based CASBs. This post w alks through benets and dif culties of emplo ying DL models within security . Abirami and Bhanu [34] in v olv ed secure data e xchange in cloud en vironments, specically focusses on impersonation attacks and of fers a solution based on the use of a crypto-deep neural netw ork (CDNNCS). Experimental results indicate that. CDNNCS reduce pack et loss by 10% and response time about impro v ed 5%, signicantly better than e xisting approaches. Aoudni et al. Indonesian J Elec Eng & Comp Sci, V ol. 40, No. 1, October 2025: 189–201 Evaluation Warning : The document was created with Spire.PDF for Python.
Indonesian J Elec Eng & Comp Sci ISSN: 2502-4752 191 [35] proposed HMM-TDL, a DL model that aims to spot zero-day security intrusions on cloud platforms. In this conte xt, we tak e a look at h ybrid security frame w orks that blend con v entional models and AI/ machine learning (ML) strate gies, before underscoring the ur genc y to deplo y real-time adapti v e cloud security solutions ag ainst ne xt-gen attack v ectors. Y iliyaer and Kim [36] e xamined the increasingly widespread requirement to w ork safely remotely and the dif culties or g anization f ace in gi ving public secure access to a netw ork. Kim and Song [37] proposed an abnormal beha vior detection mechanism (ABDM) to enhance security f or e xternal access, addressing the challenges of sophisticated attacks. In this paper , we ll this g ap by designing a ne w generation cloud security frame w ork combining ZT A capabilities with po wer of ADL algorithms. The h ybrid frame w ork is designed to do an ef fecti v e real-time adaptation, i.e., o v ercome the limitations of traditional methods and impro v e the ef fecti v eness of cloud security with a more dynamic responsi v e approach, including threat detection & mitig ation to w ards e v olving threats. Although the model proposed is a step in the right direction, more w ork needs to be done t o solv e problems such as interpretability and inte grating DL models into e xisting security frame w orks. 3. B A CKGR OUND 3.1. Zer o trust ar chitectur e Zero trust is a security concept centered on the belief that or g anizations should not automatically trus t an ything inside or outside its boundaries, the y must v erify an ything trying to connect to its systems and data [38]. Rather , e v ery user or de vice coming in o v er the netw ork edge should be authenticated. ZT A w orks on some core principles that focus on v erication, monitoring, and least pri vile ge access. The k e y principles include: ne v er trust, al w ays v erify: ZT A w orks under the assumption that no user , de vice, or system should be trusted by def ault, e v en if the y are inside the perimeter [25]. All-access requests must be authenticated, and the trust is not gi v en until authentication has happened (authorization). Least pri vile ge access: users, de vices, and applications are only allo wed the least pri vile ged access the y need to get their job done. When the rights pro vided to each user or de vice are k ept, there is a potential attack surf ace reduction. Micro-se gmentation: the netw ork is brok en up into se v eral isolated se gments and you enforce security policies with each se gment. This will by def ault limit lateral mo v ement in the netw ork and mak e it dif cult for an attack er can compromise one part of the system and then get access to man y resources. Continuous monitoring and v alidation: unlik e VPN, ZT A pro vides continuous tracking of users, de vices, and data o ws to ensure that security policies are enforced all the time. Ev en after the rst authentication, access i s continuously reconsidered depending upon the conte xt; i.e., a combination of f actors such as user beha vior , de vice security posture, or sudden en vironmental changes. Data protection: ZT A stresses the importance of data security at rest as well as in transit; that is, permissioned or sensiti v e data must be protected ag ainst unauthorized acces s or breach attacks also when within the netw ork perimeter [39]. The use of encryption is a cornerstone in securing data. 3.2. Cloud access security br ok ers CASBs serv e as an intermediary between an or g anization’ s on-premises infrastructure and the cloud services it uses [40], [41]. CASBs enfor ce security policies, monitor user acti vities, and also ensure that all cloud products are in compliance with industry re gulations. The fundamental principles of CASBs in v olv e the follo wing: visi b i lity: to help the enterprises with this, CASBs of fer them cloud visibility that all o ws the enterprise to monitor and control all cloud apps and services. This tool also identies shado w IT (cloud services not v etted by the or g anization) and enables acti vity tracking across hundreds of SaaS applications [36]. Data security: CASBs are responsible for enforcing data protection policies that protect sensiti v e data when it is stored, a ccessed, or transmitted in the cloud. The y encrypt, tok enize and apply data loss pre v ention DLP policies to protect data at rest and in transi t. Access control: through centralization, CASBs can enforce ne- grained acces s control policies based on identity , role, de vice or location. Threat protection: one of the primary objecti v es here is CASBs, designed to re v ok e the scope of an attack and get on top of threats before the y hit your users [42]. Cloud go v ernance: a CASB ensures consistent security and complianc e policies across multiple cloud platforms, reinforcing the or g anizational control model. Application security: CASBs mitig ate cloud application security threats by assessing the security of applications and ensuring the y conform to an or g anization’ s established security requirements [43]. Advanced cloud security fr ame work based on zer o trust ar c hitectur e and ... (Isr aa Basim) Evaluation Warning : The document was created with Spire.PDF for Python.
192 ISSN: 2502-4752 3.3. Adapti v e deep lear ning techniques ADL based methods are rob ust c ybersecurity tools to detect comple x e v olving threats and mitig ate them in cloud en vironments. Such techniques are based on neural netw orks particularly , recurrent neural netw orks (RNNs) and con v olutional neural netw orks (CNNs) and allo w computer to learn from huge datasets, respond the changing threats and modify security mechanism [44]. CNNs–a widely emplo yed DL technique utilized for feature e xtraction and pattern recognition–has potential for use in both structured and unstructured data, such as logs or netw ork traf c, allo wi ng for automatic detection of malicious acti vity with minimal manual interv ention [45], [46]. On the contrary , RNNs w ork quite well with sequential time-oriented data [47]–[49]. RNN in cloud: in the eld of cloud security , RNN’ s are used for the detection of anomaly in a continuous stream of data such as user acti vity or netw ork traf c, identifying patterns that de viate from normal beha vior and may suggest potential security threats. ADL techniques for cloud security: benets. Enhanced accurac y: adv anced DL models enhance detection precision by enabling continuous learning and adapting to emer ging threats, whereas traditional rule-based systems lack the e xibility to comprehend e v olving attack patterns. Real-time response: by le v eraging hi storical attack data, ML algorithms can identify suspicious acti vities and e v ents, allo wing or g anizations to proacti v ely respond to potential threats. Scalability: cloud based en vironments ha v e lar ge data v olumes and DL models can handle lar ge data, tting well into cloud. This mak es security monitoring across v ari ous cloud servi ces much more scalable. Reduced f alse positi v es: DL models can learn to adapt themselv es to the particular beha vior of an y abnormality of users or de vices, minimizing f alse positi v es and allo wing security alerts to be more pertinent and actionable. 3.4. Integration of zer o trust and deep lear ning ZT A for DL inte grates a systematic access control-based approach focusing on v alidation of de vices, users, and netw orks combined with adapti v e and data-dri v en capabilities. Priorities of these alignments consist of: dynamic trust e v aluation: zero trust is all about continuously assessing trust at each access point, and DL further impro v es this by inte grating and acting on real-time data to assess the risk and dynamically adjusting security decisions made. Conte xt-a w are access: access control is enforced through strict identity v erication and conte xtual f actors in zero trust. Threat mitig ation and anomaly detection: specically , CNNs and RNNs are used to b uild DL models that classify background information and detect anomalies in it in order to determine if it e xhibits the typical pattern. 4. PR OPOSED HYBRID SECURITY FRAMEW ORK 4.1. Hybrid framew ork design 4.1.1. Zer o trust ar chitectur e in the cloud The core security model behind our proposed methodology is based on ZT A. Attending the cloud, ZT A is based on the idea of ’ne v er trust, al w ays v erify’, an approach that is especially rele v ant when it comes to cloud en vironments, where perimeter -based security models f all short. Our methodology for ZT A implementation in a cloud en vironment consists of some signicant components. 4.1.2. Adapti v e deep lear ning techniques The ne xt layer in our h ybrid frame w ork is the protection via ADL techniques when b uilt on le v eraging the security of fered through ZT A. The y are used to multitask, interpret and act on ne w threats in their cloud en vironment. 4.1.3. Integration of ZT A and ADL It is the combination of ZT A and application de v elopment life c ycle (ADL) that will be at the core of our proposed methodology to o v ercome the cloud security issues [50]. T ogether , the y f acilitate adv anced threat detection and adapti v e response mechanisms as ZT A of fers the foundational frame w ork for access con- trol and continuous v erication [51]. Bringing dynamic adaptation: DL models can enhance ZT A s real-time monitoring mechanism to generate predicti v e insights/potential threats before the y completely materialize. 4.1.4. Ar chitectural design of the h ybrid framew ork The proposed h ybrid frame w ork le v erages the ZT A principles, applied to the architecture of a ZT A combined with the po wer of ADL models. The main components are: ZT A Gate w ays: enforce identity man- agement, access control and least pri vile ge. DL models: CNNs and RNNs are used to analyze netw ork traf c and detect anomalies. Cloud infrastructure: resources in a cloud en vironment secured through the use of ZT A Indonesian J Elec Eng & Comp Sci, V ol. 40, No. 1, October 2025: 189–201 Evaluation Warning : The document was created with Spire.PDF for Python.
Indonesian J Elec Eng & Comp Sci ISSN: 2502-4752 193 and ADL techniques. Communication protocols: incorporate secure communication protocols for encrypted data e xchange between system components. 4.2. Designing the h ybrid framew ork ar chitectur e 4.2.1. Thr ee main Lay ers The h ybrid security frame w ork is composed of three main b uilding blocks: ZT A layer: Encompa sses authentication, authorization, access control, and continuous v erication. ADL layer : thi s layer foc u s es on real-time anomaly detection, predicti v e threat analysis, and adapti v e response based on learned patterns. Cloud infrastructure layer: this is the actual cloud en vironment (where services, data, and users are) secured by the ZT A, as also enhanced by the ADL layer . 4.2.2. K ey modules of the h ybrid framew ork Figure 1 illustrates the pipeline of ho w the data gets sent through the respecti v e systems from cloud infrastructure to security decision-making through ZT A and ADL models. Figure 1. High-le v el architecture of proposed h ybrid frame w ork Cloud infrastructure-the cloud en v i ronment where virtual machines, data storage, and services are stored. Data collection: this stage in v olv es collecting ra w data from dif ferent cloud services lik e acti vit y logs, authentication requests, and an y other security e v ents. ZT A, which helps ensure continuous authentication and authorization, with ne-grained access control. ADL: uses DL methods for in-time detection of threats, anomaly detection, and adapti v e learning to help with the impro v ement of security function. Security posture management: this in v olv es security posture management to apply and manage security policies in real-time adjustments from both ZT A and ADL approaches. 4.3. Components of the h ybrid framew ork 4.3.1. Data collection module It is a data collection module that collects security-rele v ant data from the cloud services to feed both the ZT A and ADL layers. Data s ources: cloud traf c: netw ork traf c logs such as pack et-le v el data and o w data. Authentication requests: identity and access management (IAM) logs (e.g., login attempts, MF A v alidations). Another source type w ould be system logs: logs coming from virtual machines, containers, and cloud infrastructure services. Ho w to ensure your security data collection process: monitoring of traf c in the cloud and user and system e v ents. Aggre g ation of both historical and real-time data to form a ful l security conte xt. Advanced cloud security fr ame work based on zer o trust ar c hitectur e and ... (Isr aa Basim) Evaluation Warning : The document was created with Spire.PDF for Python.
194 ISSN: 2502-4752 4.3.2. Thr eat detection and pr e v ention The IAM module uses anomaly detection logic and ZT A principles to identify the security threats. This both ensures a real-time w atch and also responses to possible dangers straighta w ay when the y come in sight. Ev entually , the module w ants to use sophisticated te chniques of nding and pre v enting threats in order to raise cloud safety . ZT A authentication and access control: ZT A is a cloud-based frame w ork that continuously authenticates the users, applications and de vices seeking access to resources. Micro-se gmentation is for using strict access policies for each cloud en vironment se gment. Agent data lab for anomaly detection and predicti v e analytics: CNNs and RNNs or other DL models are used to detect abnormal beha viors in the cloud data. It detects threats by identifying anomalies in user beha vior , access patterns, and netw ork traf c in real-time. 4.3.3. Continuous adaptation Hybrid frame w orks ha v e the virtue of e xibility and adaptability . The y also use DL models that continuously learn from ne w data, making it possible to detect present roads without needing past descriptions. Furthermore, the frame w ork has a feedback loop in which an y anomalies disco v ered can be fed back into training the model in order that access controls will be re gularly updated with up-to-date threat intelligence from the ADL module. DL models: models are constantly trained on ne w data, which enhances their ability to detect ne w , emer ging threats. Ev aluators can also identify types of attacks that ha v e not been classied beforehand, thus not requiring labels. Feedback loop: anomalies that ha v e been detected are used to train the model further to learn and adapt to an y ne w patterns. Updating access controls re gularly based on current threat intelligence from the ADL module. 4.4. Data collection 4.4.1. Dataset description The success of our h ybrid frame w ork relies hea vily on the amount and quality of data that we use to train a deep netw ork model. Thus, comprehensi v e and related datasets in this area are equally a hot t o pi c no w as the y ha v e been for some time. F ollo wing is an introduction to se v eral widely f amiliar e xamples: cloud across multiple datasets: user acti vity , application calls, and infrastructure traf c when mo ving to cloud en vironments, se v eral systems are in v olv ed. These datasets can be utilized for training commonly lik e CICIDS or NSL-KDD datasets. Security logs: contains data on historical incidents, success and f ailed logins, mal w are detections, and an y traf c anomalies. Attack simulation datasets: simulated distrib uted denial-of-service (DDoS), SQL injection, and insider threats are useful for training ADL models to identify ne w attack v ectors. 4.4.2. Data pr epr ocessing Data preprocessing, the k e y rst step for both ZT A and ADL in this h ybrid ZT A platform, also plays a role in impro ving input. Before data can enter an y of these systems, processing must be done to optimize the information for ML. F or e xample, normalization, feature e xtraction, and one-hot encoding. The whole process is necessary to mak e the data “machine learning friendly , thus prepared for ML operations and allo w ef fecti v e analysis. Normalization: scaling numerical features for uniformity across features (e.g., t raf c v olume, no of requests). Feature e xtraction: identifying k e y features from ra w data that are rele v ant for security (e.g., pack et size, frequenc y of requests). Encode: con v ert cate gorical data (lik e user types, de vice data, and so on) into numerical formats that are machine-learning friendly . 4.4.3. Ethical considerations As cloud security data is being more used, it’ s ne v er been so crucial that we think about the ethics of handling it. T o mak e sure that collected data is handled according to acceptable moral standards and remains ethically abo v e board, is an absolute necessity . In addition, the structure must comply with stringent re gula- tory initiati v es such as GDPR, which sets requirements for data transfer; CCP A, and HIP AA to protect user rights and maintain inte grity of ho w collected information can be used. Data: all collected data, especially authentication requests and personal data m ust be stored without possible identiers or pseudon ymized. Re gu- latory compliance: the frame w ork must follo w re gulations such as GDPR, CCP A, and HIP AA so that it doesn’ t infringe on user rights in terms of ho w data is collected. 4.5. Model de v elopment 4.5.1. Deep lear ning model ar chitectur e It in v olv es DL models that specically focus on enabling models to detect anomalies, predict p ot ential threats, and mak e them more e xible and adaptable to ne w data. The architecture includes: CNNs: mostly used Indonesian J Elec Eng & Comp Sci, V ol. 40, No. 1, October 2025: 189–201 Evaluation Warning : The document was created with Spire.PDF for Python.
Indonesian J Elec Eng & Comp Sci ISSN: 2502-4752 195 for recognizing spatial patterns in cloud traf c and netw ork beha vior . RNNs: certain types of netw ork traf c, lik e logs, are sequential and RNNs will be useful in identifying time-based anomalies or patterns indicati v e of an attack in progress. 4.5.2. T raining pr ocess The training process includes both supervised and unsupervised techniques: supervised learning: thi s approach requires labeled data from past incidents, such as labeled attack traf c, which are used as inputs when training the models to identify certain types of threats. Unsupervised learning: this is where the model detects anomalies without getting supervised beforehand, thus enabling it to nd ne w attack patterns that ha v e ne v er been seen before. 4.5.3. Adapti v e mechanism This approach will allo w the DL models to continuall y impro v e with the introduction of ne w data as it becomes a v ailable. Gi v en that cloud en vironments are dynamic, the models will either be retrained periodically or adapted in real-time via techniques lik e transfer learning and reinforcement learning. 4.6. Integration with zer o trust ar chitectur e Continuous authentication: in the ZT A for h ybrid frame w ork, ZT A will continuously authe n t icate users, de vices, and applications, where ZT A will be interf aced deeply with the DL models. When an anomaly is detected (such as unusual user acti vity), the ZT A module can require additional v ericati on or den y access to sensiti v e resourc es. Real-time response: the ZT A and ADL modules interac t in real time to create dy- namic security policies according to the output from DL predictions. In the case of a detected anomaly (e.g., unauthorized access attempt) by a DL model, ZT A can instantly modify access go v ernance and se gment the netw ork to pre v ent further damage. Security posture management: with the feedback loop w orking between ZT A and ADL, the system can continuously v erify and update security policies. This allo ws the cloud en vi- ronment to maintai n an optimal security posture, adjust to ne w threats, and reinforce its defenses in the f ace of e v olving risks. 5. EXPERIMENT AL RESUL TS AND EV ALU A TION METRICS 5.1. Experimental setup An e xtensi v e e xperimental setup w as designed to v alidate the ef fecti v eness of the proposed Hybrid Security Frame w ork based on ZT A and ADL techniques. T o replicate the realistic cloud en vironment, while allo wing us to close in on the frame w ork’ s performance under v arious security metrics. 5.1.1. The simulation of cloud en vir onment An e xtensi v e e xperimental setup w as designed to v ali d a te the ef fecti v eness of the proposed h ybrid security frame w ork based on ZT A and ADL techniques. T o replicat e the realistic cloud en vironment, while al- lo wing us to close in on the frame w ork’ s performance under v arious security metrics. Cloud service pro viders: the simulated cloud architecture used industry-leading platforms lik e Amazon web services (A WS) or Mi- crosoft Azure, or h ybrid congurations. A WS EC2 instances: for computational resource management and deplo yment of the security frame w ork. A WS S3 storage: for simulating storage-related security use-cases lik e unauthorized access to the data and data leak pre v ention. Azure virtual machines: used to simulate v arious user and service congurations to test h ybrid security frame w ork scalability . Netw ork conguration: to mimic a realistic cloud en vironment, the topology is comprised of virtual pri v ate netw orks and multiple subnets with re w alls, pro viding v arious netw ork-related security challenges tar geting netw ork breaches or unauthorized access attempts. 5.1.2. Framew ork integration The h ybrid security frame w ork w as inte grated into a model of the cloud simulation en vironment. The inte gration process in v olv ed embedding the ZT A for real-time monitoring and access control, as well as de- plo ying the ADL model for anomaly detection and threat response. ZT A implementation: v arious cloud nati v e security services such as IAM, multi-f actor authentication (MF A), and continuously authentication techniques were used. ADL models deplo yment: perform deplo yment of DL model using frame w orks such as T ensoro w or PyT orch, thus tightly coupled with the cloud infrastructure. The model w as set up to monitor user beha vior , netw ork traf c, and system logs for signs of abnormal beha vior indicati v e of a threat. Advanced cloud security fr ame work based on zer o trust ar c hitectur e and ... (Isr aa Basim) Evaluation Warning : The document was created with Spire.PDF for Python.
196 ISSN: 2502-4752 5.1.3. Baseline comparison The e xperimental setup consisted of a baseline comparison with current cloud security system s in place to e v aluate the performance adv antages of the system proposed. The baselines used were not just static cloud security frame w orks without ADL or zero-trust approaches, b ut also e xisting zero trust models that are not using DL to e xpose threats. Classic security architecture: classic cloud security methodology with ac- cess controls, re w alls, and not v ery acti v e monitoring. Zero trust-only frame w ork: this is a cloud security frame w ork solely based on zero trust models b ut not adapti v e learning in threat detection. K e y performance indicators (KPIs): including detection accurac y , response time, resource utilization, and scalability were com- pared ag ainst these baselines. 5.1.4. T est cases and attack scenarios T est cases and attack scenarios were de v eloped to mimic real-w orld threats and challenge the s ystem response. These included: insider threats: simulating attacks for a uthorized users to unauthorized access data e xltration. DDoS attacks: on cloud services for testing the rob ustness of the frame w ork. Mal w are and ransomw are: to simulate dif ferent types of installs and spread of mal w are in the cloud en vironment to v erify ho w the system identies and contains the attacks. Zero-day e xploits: assessing the system’ s capacity for identifying and protecting ag ainst ne w vulnerabilities. Anomaly detection: unsupervised learning techniques for anomaly detection to nd out la wyers de viations across the users of the cloud, the netw ork traf c, login users, and get through a parameter , e v en though for stay n of a with attack type are not kno wn. The attack er scenarios are implemented with dif ferent comple xities such as lo w , medium, and high-intensity attacks to v alidate the proposed frame w ork’ s ability to counter a wider array of security incidents. 5.1.5. Ev aluation of perf ormance metrics The performance of the system w as e v aluated using the follo wing metrics: detection accurac y: the frequenc y of misidentication in a security system. Response time: the a v erage time is tak en from the oc- currence of a security e v ent to the moment the system initiates an appropriate response. Resource usage: the frame w ork usage on CPU, memory , and bandwidth while it is running especially when it is running the DL models. Scalability: the system’ s capacity to sustain performance with increased users, de vices, and traf c v olume. These metrics were monitored continuously throughout test case e x ecution, and result comparisons were made across v arious baseline models and scenarios. 5.2. Results 5.2.1. Detection accuracy and false positi v e/negati v e rates W e measured the detection accurac y of AZTF ag ainst con v entional CASB and ZT A-only frame w orks. Results are summarized in T able 1. T able 1. Threat detection accurac y and error rates Frame w ork Detection accurac y (%) F alse positi v e rate (FPR) F alse ne g ati v e rate (FNR) Baseline CASB 85% 8.2% 12.5% ZT A-only 90% 6.5% 9.2% Proposed AZTF 96% 3.4% 4.8% 5.2.2. Scalability: perf ormance under high w orkloads T o test the scalability of AZTF , we conducted e xperiments under v arying cloud traf c conditions, sim- ulating lo w , medium, and high w orkloads. The detection accurac y and system response were analyzed across dif ferent traf c loads in T able 2. T able 2. Performance at dif ferent w orkload le v els W orkload le v el Requests per second Detection accurac y (%) Response time (s) Lo w load 1,000 96.5% 1.1 Medium load 5,000 95.8% 1.3 High load 10,000 94.3% 1.6 Extreme load 20,000 91.8% 2.0 Indonesian J Elec Eng & Comp Sci, V ol. 40, No. 1, October 2025: 189–201 Evaluation Warning : The document was created with Spire.PDF for Python.
Indonesian J Elec Eng & Comp Sci ISSN: 2502-4752 197 5.2.3. System r esour ce utilization T o ensure ef cienc y , we measured CPU and memory utilization while running AZTF compared to CASB and ZT A-only models in T able 3. T able 3. System resource utilization Frame w ork CPU usage (%) Memory usage (GB) Baseline CASB 80% 3.2 GB ZT A-only 75% 2.8 GB Proposed AZTF 70% 2.5 GB 5.2.4. Detection accuracy The detection accurac y of the Baseline CASB w as 85%, demonstrating a decent b ut narro w recogni- tion of threats. Although it w orks on the le system and can handle basic security functions, it does not adapt to changing and comple x attack patterns. Figure 2 sho ws the comparison of detection accurac y between baseline CASB, ZT A only , and the proposed security frame w ork. Figure 2. Comparison of detection accurac y 5.2.5. Response T ime The baseline CASB had an a v erage response time of 2.588 seconds a moderate time, b ut one that can lead to delays when handling real-time threats, namely in high traf c conditions. Figure 3 sho ws the com- parison of response time between baseline CASB, ZT A only , and the proposed security frame w ork. Figure 3. Comparison of response time 5.2.6. Resour ce utilization As the baseline CASB performs a great deal of traf c inspection and traf c security monitoring, it consumes 80% of the a v ailable resources, which is quite a lot. This amount of resources can be taxing on the system, particularly in lar ge-scale settings. Figure 4 sho ws the comparison of resource utilizati on between baseline CASB, ZT A only , and the proposed security frame w ork. Advanced cloud security fr ame work based on zer o trust ar c hitectur e and ... (Isr aa Basim) Evaluation Warning : The document was created with Spire.PDF for Python.
198 ISSN: 2502-4752 Figure 4. Comparison of resource utilization 5.2.7. Scalability The baseline CASB scaled to a modest e xtent b ut sho wed de gradation in performance with the in- creasing scope of the cloud en vironment. T able 4 lists a comparison of scalability between baseline CASB, ZT A only , and the proposed security frame w ork. T able 4. Comparison of scalability Frame w ork Scalability Baseline CASB Medium ZT A only High Proposed h ybrid frame w ork High 6. CONCLUSION AND FUTURE W ORKS Proposed h ybrid security frame w ork that consists of ZT A and ADL technology should render modern cloud b usiness better protected from threats performance e v aluations indicated signicant adv ances o v er e v ery major indicator in contrast to baseline models with detection accurac y reaching 96%, 52% f aster response times and 70% greater resource utilization than baseline CASB and ZT A-only frame w orks. Scalability of the frame w ork allo ws it to maintain high performance costs under high traf c loads, ensuring that it is well-suited for dynamic cloud en vironments. By le v eraging ZT A s continuous v erication principle and ADL s real- time threat detection and adaptability , the frame w ork can address e v olving security threat s ef fecti v ely . These ndings indicate the potential for enhancing cloud security through a h ybrid approach, based on which we can be gin to probe unkno wn threats in real-time, real-time response to those threats and the allocation of resources ALOG in dif ferent en vironments with great di v ersity . Although our frame w ork sho ws remarkably impro v ed detection accurac y , response time, and resource ef cienc y , some problems to solv e in future research may include: DL models are not e xplainable: for AI-based security systems, a critical challenge is the e xplainability of the decisions made by DL algorithms. Future research may be directed to w ards XAI techniques to enhance interpretability in threat detection. Federated learning for cloud security: the trend of adopting federated learning could bring benets of impro v ed pri v ac y when using multi-cloud computing en vironments and scalability compared to cloud training of a centralized DL model. Logisti cs and stores - real-time adapti v e policies: implement ing self-learning policies that adapt in response to the identied threat landscape can lead to more ef fecti v e security enforcement. Application to edge and IoT security: as edge computing and IoT -based architectures become perv asi v e, future research w ork can e xplore further ho w the h ybrid security model described here can be e xtended be yond traditional cloud en vironments. A CKNO WLEDGMENTS The authors w ould lik e to ackno wledge the support and resources pro vided by the National School of Electronics and T elecommunications (ENET’COM), Uni v ersity of Sf ax. Their institutional guidance and technical infrastructure contrib uted signicantly to the completion of this w ork. Indonesian J Elec Eng & Comp Sci, V ol. 40, No. 1, October 2025: 189–201 Evaluation Warning : The document was created with Spire.PDF for Python.