Defending Cloud Web Applications Using Machine Learning-Driven Triple Validation of IP Reputation by Integrating Security Operation Center

Abstract

This paper will present an innovative system method of IPR IP Address Reputation validation with the assistance of clause of ML machine learning for discovering malicious IPs while also viewing the importance of security of installed applications on AWS Amazon Web Services servers The ML SANS and AbuseDB datasets that were verified are being integrated through the Wazuh Security Operation Centre SOC stage to consume issues at the log ingesting IP address-related level Having integrated extraction of IPs Wazuh agents the output does match MITRE ATT CK framework-filtered IP address from the Wazuh SOC These algorithms and models based on natural language processing will flag suspicious patterns across IPs through the process of machine learning and prevent the event of a cyberattack at the time This integration not only boosts cybersecurity information through a single point source of distribution but it also provides security finds and other resources to prove and maintain awareness against malicious IPs The final solution includes using the maximum amounts of bad IPs blocking in the IP-List of AWS WAF and if they are added to the Blacklist automatically checking them through an automatic ML-based signature validation process