Enhancing Intrusion Detection and Forensic Readiness Through Cloud Log Redundancy: A Multi-Cloud Security Approach

Kunhumbiduka Moolakkal, Pranoy

Enhancing Intrusion Detection and Forensic Readiness Through Cloud Log Redundancy: A Multi-Cloud Security Approach

Tools

Kunhumbiduka Moolakkal, Pranoy (2025) Enhancing Intrusion Detection and Forensic Readiness Through Cloud Log Redundancy: A Multi-Cloud Security Approach. Masters thesis, Dublin, National College of Ireland.

Preview	PDF (Master of Science) Download (4MB) \| Preview
Preview	PDF (Configuration Manual) Download (505kB) \| Preview

Abstract

Cloud-native infrastructures with real-time threat detection along with secure, resilient logging's increasing challenges. This project designs then implements a serverless, multi-cloud security framework. The structure tackles cross-cloud log backup needs and makes sure forensics are ready. The solution is for capturing AWS CloudTrail logs. AWS Lambda with SAS-authenticated HTTP uploads automatically transfer the logs to Azure Blob Storage. .hash.txt files provide storage with logs since SHA-256 hashes get generated dynamically for log integrity. A second Lambda function also parses logs that are .json.gz and triggers AWS SNS alerts in the event that suspicious activity is detected which can include DeleteTrail commands or access coming from blacklisted IPs.

The architecture is fully serverless which avoids reliance on virtual machines or persistent compute also reduces cost plus complexity. All of the operations are automated through the usage of native cloud services such as event triggering and alerting. Testing demonstrated the fast and the reliable log transfers and the accurate hash generation. Testing showed real-time alerting was also effective.

The system was improved with Microsoft Sentinel integration in the final stage since Azure Logic Apps and Azure Functions were used to ingest logs into a centralized SIEM. Real-time incident creation from events such as root login without MFA was enabled in Microsoft Defender via custom detection rules.

This work approaches Zero Trust-aligned log redundancy as well as intrusion detection, scaling lightly throughout public clouds. It gives to small to medium enterprises an improved visibility and resilience without those enterprises requiring expensive third-party tools.

Item Type:	Thesis (Masters)
Supervisors:	Name Email Heffernan, Niall UNSPECIFIED
Subjects:	Q Science > QA Mathematics > Electronic computers. Computer science T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science T Technology > T Technology (General) > Information Technology > Cloud computing Q Science > QA Mathematics > Computer software > Computer Security T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions:	School of Computing > Master of Science in Cyber Security
Depositing User:	Ciara O'Brien
Date Deposited:	15 Jun 2026 14:36
Last Modified:	15 Jun 2026 14:36
URI:	https://norma.ncirl.ie/id/eprint/9359

Actions (login required)

View Item