AI-Driven Causal Graph Models for Cross-Cloud Anomaly and Threat Detection Using Obfuscated CloudTrail Logs

Abstract

The rapid adoption of multi-cloud and cross-cloud architectures has fundamentally transformed enterprise computing, creating both opportunities and challenges for secure operations. CloudTrail logs are a primary source of operational and security-related data, yet their high dimensionality, noise, and obfuscation complicate anomaly detection and threat identification. Traditional statistical and machine learning techniques often fail to capture the causal dependencies between events across heterogeneous cloud environments. This paper proposes an AI-driven causal graph model to analyze obfuscated CloudTrail logs, leveraging causal inference principles to model dependencies between events and isolate abnormal behaviors. The methodology incorporates graph-based learning, temporal modeling, and domain-specific feature engineering to overcome data sparsity and obfuscation. Experimental evaluation demonstrates the model’s superiority in accuracy, precision, and interpretability compared to baseline anomaly detection techniques. The findings emphasize that causal graphs not only enhance cross-cloud anomaly detection but also improve forensic analysis by clarifying event chains that lead to potential threats.