ML Detection Method for Malicious Operation in Hybrid Zero Trust Architecture

Koshi Ishide, Satoshi Okada, Mariko Fujimoto, Takuho Mitsunaga
{"title":"ML Detection Method for Malicious Operation in Hybrid Zero Trust Architecture","authors":"Koshi Ishide, Satoshi Okada, Mariko Fujimoto, Takuho Mitsunaga","doi":"10.1109/ICOCO56118.2022.10031702","DOIUrl":null,"url":null,"abstract":"Recently, remote work has become popular due to the widespread of infectious diseases. Many organizations and companies have turned to a Virtual Private Network (VPN) in an attempt to provide secure remote access to their on-premises infrastructure. However, intensive access to such VPN devices places a heavy burden on network performance, and there is also a high risk of cyber-attacks targeting them. Therefore, the demand for zero trust architecture without using VPN devices is increasing these days. However, it takes much time for organizations to introduce a zero trust architecture. Furthermore, it is difficult for some organizations to implement the so-called “ideal zero trust environment” because of some security problems and confidential information management. Thus, it is expected that a hybrid environment in which a zero trust architecture and a conventional on-premises environment coexist is introduced at first in many organizations. In this environment, access logs for each service are distributed in both cloud and on-premise servers. Thus, conventional log-based anomaly detection methods will not work well. In this paper, we propose a method for detecting unauthorized access to such a hybrid environment using machine learning and verify its effectiveness in a virtual environment. As a result, we detect abnormal behavior with high accuracy. Furthermore, based on the experimental results, we discuss how logs should be collected and what kind of log information is useful for anomaly detection in hybrid environments.","PeriodicalId":319652,"journal":{"name":"2022 IEEE International Conference on Computing (ICOCO)","volume":"253 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE International Conference on Computing (ICOCO)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICOCO56118.2022.10031702","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

Recently, remote work has become popular due to the widespread of infectious diseases. Many organizations and companies have turned to a Virtual Private Network (VPN) in an attempt to provide secure remote access to their on-premises infrastructure. However, intensive access to such VPN devices places a heavy burden on network performance, and there is also a high risk of cyber-attacks targeting them. Therefore, the demand for zero trust architecture without using VPN devices is increasing these days. However, it takes much time for organizations to introduce a zero trust architecture. Furthermore, it is difficult for some organizations to implement the so-called “ideal zero trust environment” because of some security problems and confidential information management. Thus, it is expected that a hybrid environment in which a zero trust architecture and a conventional on-premises environment coexist is introduced at first in many organizations. In this environment, access logs for each service are distributed in both cloud and on-premise servers. Thus, conventional log-based anomaly detection methods will not work well. In this paper, we propose a method for detecting unauthorized access to such a hybrid environment using machine learning and verify its effectiveness in a virtual environment. As a result, we detect abnormal behavior with high accuracy. Furthermore, based on the experimental results, we discuss how logs should be collected and what kind of log information is useful for anomaly detection in hybrid environments.
混合零信任架构下恶意操作的机器学习检测方法
最近,由于传染病的广泛传播,远程工作变得流行起来。许多组织和公司已经转向虚拟专用网(VPN),试图提供对其本地基础设施的安全远程访问。然而,对此类VPN设备的密集访问给网络性能带来了沉重的负担,而且针对这些设备的网络攻击风险也很高。因此,对不使用VPN设备的零信任架构的需求越来越大。然而,组织引入零信任体系结构需要花费大量时间。此外,由于一些安全问题和机密信息管理,一些组织难以实现所谓的“理想零信任环境”。因此,期望在许多组织中首先引入零信任体系结构和传统的本地环境共存的混合环境。在这种环境下,每个服务的访问日志都分布在云和本地服务器上。因此,传统的基于日志的异常检测方法将不能很好地工作。在本文中,我们提出了一种使用机器学习来检测对这种混合环境的未经授权访问的方法,并验证其在虚拟环境中的有效性。因此,我们检测异常行为的准确性很高。在实验的基础上,讨论了在混合环境中如何收集日志信息以及哪些日志信息对异常检测有用。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信