{"title":"ML Detection Method for Malicious Operation in Hybrid Zero Trust Architecture","authors":"Koshi Ishide, Satoshi Okada, Mariko Fujimoto, Takuho Mitsunaga","doi":"10.1109/ICOCO56118.2022.10031702","DOIUrl":null,"url":null,"abstract":"Recently, remote work has become popular due to the widespread of infectious diseases. Many organizations and companies have turned to a Virtual Private Network (VPN) in an attempt to provide secure remote access to their on-premises infrastructure. However, intensive access to such VPN devices places a heavy burden on network performance, and there is also a high risk of cyber-attacks targeting them. Therefore, the demand for zero trust architecture without using VPN devices is increasing these days. However, it takes much time for organizations to introduce a zero trust architecture. Furthermore, it is difficult for some organizations to implement the so-called “ideal zero trust environment” because of some security problems and confidential information management. Thus, it is expected that a hybrid environment in which a zero trust architecture and a conventional on-premises environment coexist is introduced at first in many organizations. In this environment, access logs for each service are distributed in both cloud and on-premise servers. Thus, conventional log-based anomaly detection methods will not work well. In this paper, we propose a method for detecting unauthorized access to such a hybrid environment using machine learning and verify its effectiveness in a virtual environment. As a result, we detect abnormal behavior with high accuracy. Furthermore, based on the experimental results, we discuss how logs should be collected and what kind of log information is useful for anomaly detection in hybrid environments.","PeriodicalId":319652,"journal":{"name":"2022 IEEE International Conference on Computing (ICOCO)","volume":"253 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE International Conference on Computing (ICOCO)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICOCO56118.2022.10031702","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
Recently, remote work has become popular due to the widespread of infectious diseases. Many organizations and companies have turned to a Virtual Private Network (VPN) in an attempt to provide secure remote access to their on-premises infrastructure. However, intensive access to such VPN devices places a heavy burden on network performance, and there is also a high risk of cyber-attacks targeting them. Therefore, the demand for zero trust architecture without using VPN devices is increasing these days. However, it takes much time for organizations to introduce a zero trust architecture. Furthermore, it is difficult for some organizations to implement the so-called “ideal zero trust environment” because of some security problems and confidential information management. Thus, it is expected that a hybrid environment in which a zero trust architecture and a conventional on-premises environment coexist is introduced at first in many organizations. In this environment, access logs for each service are distributed in both cloud and on-premise servers. Thus, conventional log-based anomaly detection methods will not work well. In this paper, we propose a method for detecting unauthorized access to such a hybrid environment using machine learning and verify its effectiveness in a virtual environment. As a result, we detect abnormal behavior with high accuracy. Furthermore, based on the experimental results, we discuss how logs should be collected and what kind of log information is useful for anomaly detection in hybrid environments.