Zero Trust with Guaranteed Accuracy Architecture Implementation for Intrusion Detection Systems (ZTA-IDS)
Date
2024-05-13
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
University of Technology Sydney
Abstract
As security monitoring advances and cloud computing grows popular, organizations
increasingly outsource intrusion detection and monitoring to third-party analysts to
save on costs like installation, maintenance, labor, and computational time, thereby
enhancing efficiency and focus on services and products. However, due to the data
security risks of allowing cloud-based third-party analysts access to network traces,
the current ”trust but verify” approach in security monitoring is insufficient. Therefore, new mechanisms such as Zero Trust models, which demand a shift in perspective to “never trust, always verify”, must be built and implemented by network
providers. The main challenge, however, is that outsourcing sensitive network traces
to untrusted parties is inherently in contradiction with the policy of Zero Trust models. A great deal of effort has been devoted to address such security and privacy
issues. Unfortunately, the majority of these sacrifice usability to provide better
privacy guarantees, while others sacrifice privacy to maintain usability. A case in
point is CryptoPAn, a prefix-preserving anonymization solution that preserves the
utility for Internet Protocol (IP)-based intrusion detection analyses but is vulnernable to semantic attacks. Recently, a new notion called the multi-view approach
has been proposed to preserve both the privacy and accuracy of the outsourced
datasets targeting intrusion detection schemes. In this thesis, we apply multi-view
approach, addressing the challenges including use of appropriate partitioning algorithm and interpretation of security rules in each IDS when examining anonymized
views. It assesses the model’s effectiveness against various intrusions and its resilience to different semantic attacks. Furthermore, we propose a new binary IDS,
based on an autoencoder and a convolutional neural network, which outperforms
other related works and achieves an accuracy of 92% using small amount of training
data. Additionally, we extend binary IDS to a multiclass IDS and we take sequential
dependencies into consideration using recurrent neural networks. However, experi-
ments reveal a decline in accuracy on real-world data due to significant domain shift
between the training and real-world data domains. This may be due to variety of
training data on real-world scenarios and sensitivity to input changes. However, after fine-tuning with a limited set of samples from the real-world domain, our model’s
accuracy improved significantly, aligning with unique characteristics of the collected
data.
Description
Keywords
Zero Trust models, intrusion detection systems, security, convolutional neural network, recurrent neural networks.