Generative Identity Forensics and Trust System (GIFTS): Geodesic anomaly detection and manifold diffusion for cloud identity telemetry

The cybersecurity perimeter has shifted from network boundaries to identity-driven control planes, where authentication events, API invocations, and access-policy evaluations constitute the dominant evidence for threat detection in modern cloud infrastructure. While contemporary Identity Threat Detection and Response (ITDR) platforms scale to billions of events, anomaly detection approaches remain primarily discriminative—focusing on statistical rarity or reconstruction error—and often fail to provide actionable explanations of malicious behavior, especially when adversaries suppress audit visibility by disabling or evading logging services. In addition, existing systems largely remain reactive and do not provide native mechanisms to generate realistic, novel attack scenarios for proactive defense testing.

This paper introduces the Generative Identity Forensics and Trust System (GIFTS), a manifold learning and diffusion framework that models valid cloud identity behavior as trajectories on a low-dimensional intrinsic manifold shaped by Identity and Access Management (IAM) permissions, workflow constraints, and temporal dependencies. GIFTS integrates four core modules: (i) semantic log vectorization and sessionization using transformer-based representations for high-cardinality cloud events, (ii) nonlinear dimensionality reduction via Isomap to estimate intrinsic geodesic structure, (iii) a manifold inversion mechanism grounded in the Manifold Decoder principle to map latent coordinates back into interpretable log sequences, and (iv) manifold-constrained diffusion for forensic in-painting during logging blackouts and automated red-team generation. Using benchmark intrusion data and a synthetic CloudTrail generator built from attack-chain templates, we demonstrate that geodesic trust scoring improves separability of identity attacks in the low false-positive regime while latent diffusion enables probabilistic reconstruction of missing forensic traces. This work advances generative security operations by unifying anomaly detection, explainability, reconstruction, and proactive simulation within a geometric trust framework.