Organizations operating in multi-cloud environments face growing security challenges due to distributed data and workloads, which expose them to attacks such as DDoS (Distributed Denial of Service) and identity leakage. To address this, the paper proposes a probabilistic simulation framework for early detection of distributed attacks, combining Markov chains to represent security states, M/M/1 queueing models to capture performance degradation, and likelihood ratio statistics to distinguish normal from abnormal behavior. The model was evaluated through quantitative simulations in MATLAB and applied to semi-realistic data (CICIDS2017). Results show detection within fewer than 20-time steps in simulation and 15-time steps with real-world data, achieving a detection rate of 95-96% and a false alarm rate of 4-5%. The ROC (Receiver Operating Characteristic) curve further confirms the superiority of the proposed approach over traditional single-provider detection methods, offering a practical framework to strengthen cybersecurity in multi-cloud environments.
Tartous University Journal for Scientific Research and Studies.
2026.