KC-IDS

An AI-powered, self-improving Kaizen Cloud Intrusion Detection System, established on Gemini 3 API and Google Cloud.

Comment

Inspiration

Cloud platforms generate massive amounts of security logs, but understanding them at scale is hard. Security teams often see raw error codes and isolated alerts without context. We were inspired to build a system that doesn’t just detect threats, but learns behavior, explains risk, and improves continuously, just like a human analyst would. KC-IDS applies the Kaizen philosophy: small, continuous improvements that compound over time.

What it does

KC-IDS is an AI-powered, self-improving cloud intrusion detection system.

What does it do? Well, KC-IDS is able to...

  • Monitors cloud access behavior
  • Learns normal vs abnormal usage patterns
  • Detects unauthorized access to cloud keys
  • Outputs a probability of fraud (0–1)
  • Improves automatically with every new event

And, unlike traditional IDS tools, KC-IDS doesn’t rely on static rules. It learns, explains, and evolves forever.

How we built it

  1. Data Processing: Synthetic Google-Cloud-style access data processed using Pandas for speed and scalability.
  2. Machine Learning: Neural network machine learning model trained on structured access signals (time, region, request frequency, IP risk, key sensitivity, etc.) and outputs-learned indicators like identity mismatch, unusual timing, region risk, and fraud probability.
  3. Kaizen MLOps Loop: The kaizen/ folder continuously evaluates detections, retrains models, and improves performance automatically.
  4. Frontend Demo: A lightweight Google-style UI in docs/ visualizes results.

Challenges we ran into

  • Defining fraud precisely without overgeneralizing,
  • Handling rare fraud events with realistic synthetic data,
  • Keeping the architecture powerful but simple, and
  • Avoiding static, rule-based detection logic.

Accomplishments that we're proud of

  • Built a neural-network-based IDS, not a rule engine,
  • Implemented a true continuous learning loop,
  • Used Pandas for high-performance feature engineering,
  • Produced interpretable, human-readable security signals, and
  • Designed a system that could scale to real cloud environments.

What we learned

  • Cloud security is a context problem, not a data problem,
  • Simple features and neural learning go a long way,
  • Continuous improvement beats one-time training, and
  • Explain-ability matters as much as detection accuracy.

What's next for KC-IDS

  • Live Google Cloud log iteration,
  • Transition from Pandas to Polars for time efficiency over large datasets,
  • Transition to include Vertex AI on big data and continuous training pipelines, and Gemini 3 API to work on concentrated high-level reasoning,
  • Multi-Cloud expansion and deployment, and perhaps
  • Reinforcement learning for adaptive thresholds. Keep in mind: KC-IDS isn’t finished - it’s designed to never be.

Built With

Share this project:

Updates