Title: SECUREVENT: A Hybrid AI/ML Approach to Security Monitoring in Distributed Event-Based Systems

Abstract:

Distributed event-based architectures now serve as the foundational layer for a wide array of large-scale applications, including Internet-wide publish/subscribe networks, IoT telemetry streams, cloud-native microservices, and security operations workflows. While the inherent loose coupling and asynchronous nature of these systems enhance scalability, they simultaneously widen the potential attack surface. In such environments, malicious actors can exploit publishers, brokers, subscribers, topics, schemas, and temporal sequencing without any single component possessing a holistic view of the system’s behavior.

To address these challenges, this paper introduces SECUREVENT, a security monitoring framework that integrates artificial intelligence and machine learning (AI/ML) within distributed event-based systems. SECUREVENT employs a hybrid architecture that merges conventional security measures—such as authenticated transport protocols, topic-level access controls, and digitally signed events—with advanced dynamic detection capabilities. These include real-time anomaly detection, graph-based behavioral analysis, complex event processing (CEP) policy rules, federated learning, and governance structures for adversarial machine learning.

A deterministic prototype evaluation using synthetic event-stream attacks demonstrates that this hybrid AI/CEP monitoring approach can achieve higher recall rates than static rule-based systems while maintaining a minimal false-positive rate. The study argues that machine learning does not supersede cryptographic and access-control mechanisms; rather, it is an essential complement. Model-based security monitoring is required because the dynamic nature of event flows, entity identities, data schemas, and timing relationships often exceeds the capacity of static controls to manage effectively.

Source: arXiv Generated at: 2026-06-02 00:00:00 UTC