Hybrid sigma-to-transformer pipeline for Cloud IDS in AWS Workloads

The goal of the study is to enhance Intrusion Detection Systems (IDS) on AWS cloud-based systems through the addition of a hybrid Sigma-to-Transformer pipeline. The idea is to map a language translation of every Sigma rule, as used in an IDS which is a rule-based system, to features that can be read by the machine to be applied to a transformer-based classifier to increase detection performance. Sigma rules are good at identifying attacks that are well known, but do not help with identifying new attacks since they are fixed. This paper will enhance the stability and real-time capability of the identification system in detecting threats through the use of transformer models, which have the capability of discovering complicated patterns of a systematic data. The expected result will be an impressive increase in the performance of the IDS in turn of the false positive and true positive rates. The latter is achieved with the functional ability of the model generalize across different forms of attacks and lift up to the dynamics of cloud workloads on AWS. The AWS security cloud relevance is also highly prone in that; the workloads and the attack vectors change constantly whilst the research is being done. Such study will offer a more scalable and more effective tool in detecting the complicated security issues in the cloud based on the merit of the versatility of the machine learning in addition to also the stability of the Sigma regulations that will guarantee more performance and proactive caution to the people who use AWS.