ML Detection Method for Malicious Operation in Hybrid Zero Trust Architecture

Koshi Ishide, Satoshi Okada, Mariko Fujimoto, Takuho Mitsunaga
{"title":"ML Detection Method for Malicious Operation in Hybrid Zero Trust Architecture","authors":"Koshi Ishide, Satoshi Okada, Mariko Fujimoto, Takuho Mitsunaga","doi":"10.1109/ICOCO56118.2022.10031702","DOIUrl":null,"url":null,"abstract":"Recently, remote work has become popular due to the widespread of infectious diseases. Many organizations and companies have turned to a Virtual Private Network (VPN) in an attempt to provide secure remote access to their on-premises infrastructure. However, intensive access to such VPN devices places a heavy burden on network performance, and there is also a high risk of cyber-attacks targeting them. Therefore, the demand for zero trust architecture without using VPN devices is increasing these days. However, it takes much time for organizations to introduce a zero trust architecture. Furthermore, it is difficult for some organizations to implement the so-called “ideal zero trust environment” because of some security problems and confidential information management. Thus, it is expected that a hybrid environment in which a zero trust architecture and a conventional on-premises environment coexist is introduced at first in many organizations. In this environment, access logs for each service are distributed in both cloud and on-premise servers. Thus, conventional log-based anomaly detection methods will not work well. In this paper, we propose a method for detecting unauthorized access to such a hybrid environment using machine learning and verify its effectiveness in a virtual environment. As a result, we detect abnormal behavior with high accuracy. Furthermore, based on the experimental results, we discuss how logs should be collected and what kind of log information is useful for anomaly detection in hybrid environments.","PeriodicalId":319652,"journal":{"name":"2022 IEEE International Conference on Computing (ICOCO)","volume":"253 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE International Conference on Computing (ICOCO)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICOCO56118.2022.10031702","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

Recently, remote work has become popular due to the widespread of infectious diseases. Many organizations and companies have turned to a Virtual Private Network (VPN) in an attempt to provide secure remote access to their on-premises infrastructure. However, intensive access to such VPN devices places a heavy burden on network performance, and there is also a high risk of cyber-attacks targeting them. Therefore, the demand for zero trust architecture without using VPN devices is increasing these days. However, it takes much time for organizations to introduce a zero trust architecture. Furthermore, it is difficult for some organizations to implement the so-called “ideal zero trust environment” because of some security problems and confidential information management. Thus, it is expected that a hybrid environment in which a zero trust architecture and a conventional on-premises environment coexist is introduced at first in many organizations. In this environment, access logs for each service are distributed in both cloud and on-premise servers. Thus, conventional log-based anomaly detection methods will not work well. In this paper, we propose a method for detecting unauthorized access to such a hybrid environment using machine learning and verify its effectiveness in a virtual environment. As a result, we detect abnormal behavior with high accuracy. Furthermore, based on the experimental results, we discuss how logs should be collected and what kind of log information is useful for anomaly detection in hybrid environments.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
混合零信任架构下恶意操作的机器学习检测方法
最近,由于传染病的广泛传播,远程工作变得流行起来。许多组织和公司已经转向虚拟专用网(VPN),试图提供对其本地基础设施的安全远程访问。然而,对此类VPN设备的密集访问给网络性能带来了沉重的负担,而且针对这些设备的网络攻击风险也很高。因此,对不使用VPN设备的零信任架构的需求越来越大。然而,组织引入零信任体系结构需要花费大量时间。此外,由于一些安全问题和机密信息管理,一些组织难以实现所谓的“理想零信任环境”。因此,期望在许多组织中首先引入零信任体系结构和传统的本地环境共存的混合环境。在这种环境下,每个服务的访问日志都分布在云和本地服务器上。因此,传统的基于日志的异常检测方法将不能很好地工作。在本文中,我们提出了一种使用机器学习来检测对这种混合环境的未经授权访问的方法,并验证其在虚拟环境中的有效性。因此,我们检测异常行为的准确性很高。在实验的基础上,讨论了在混合环境中如何收集日志信息以及哪些日志信息对异常检测有用。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Preliminary Study on the Effect of Traffic Representation on Accuracy Degradation in Machine Learning-based IoT Device Identification Residual Value Prediction A Framework for Supporting Deaf and Mute Learning Experience Through Extended Reality A Comparative Study of Monolithic and Microservices Architectures in Machine Learning Scenarios Salient feature extraction using Attention for Brain Tumor segmentation
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1