Abstract

The growing adoption of Cloud computing has brought about the enhancement of cost-efficiency and effectiveness but also comes with increase in security vulnerabilities due to its distributed and multi-tenant architecture. This contribution if this study to the cloud security through the development of a hybrid intrusion detection system (IDS) that integrates Snort (N-IDS) and OSSEC (H-IDS) to achieve cross-layer alert correlation. Unlike standalone deployments or other deep learning models that are computationally intensive, the framework proposed is an open source that is interpretable, and also deployable in real-world environments. The experimental evaluation within a cloud testbed shows that the hybrid IDS was able to achieve 97.1% accuracy, a 94.1% detection rate, and a false alarm rate of only 0.2%, which performed better than Snort-only and OSSEC-only systems. The case-based simulations conducted further revealed that hybrid correlation does not just enhance the detection, but it also reduced false positives with better forensic trails, most especially in port scanning, brute-force login, and user-to-root exploits. When compared with previous IDS studies, the system achieved competitive accuracy while maintaining efficiency and transparency. Although tested in a limited-scale environment, this study establishes a practical foundation for adaptive, scalable, and prevention-oriented frameworks in cloud security.