Zero Trust with Guaranteed Accuracy Architecture Implementation for Intrusion Detection Systems (ZTA-IDS)

Alalmaie, Abeer Z.

Zero Trust with Guaranteed Accuracy Architecture Implementation for Intrusion Detection Systems (ZTA-IDS)

Alalmaie, Abeer Z.

Permalink

Publication Type:: Thesis
Issue Date:: 2023

Open Access

Copyright Clearance Process

Recently Added
In Progress
Open Access

This item is open access.

Adobe PDF

Download thesisAdobe PDF (4.05 MB)

View statistics

Full metadata record

Field	Value	Language
dc.contributor.author	Alalmaie, Abeer Z.
dc.date.accessioned	2024-06-17T23:50:34Z
dc.date.available	2024-06-17T23:50:34Z
dc.date.issued	2023
dc.identifier.uri	http://hdl.handle.net/10453/179538
dc.description	University of Technology Sydney. Faculty of Engineering and Information Technology.	en_US.UTF-8
dc.description.abstract	As security monitoring advances and cloud computing grows popular, organizations increasingly outsource intrusion detection and monitoring to third-party analysts to save on costs like installation, maintenance, labor, and computational time, thereby enhancing efficiency and focus on services and products. However, due to the data security risks of allowing cloud-based third-party analysts access to network traces, the current ”trust but verify” approach in security monitoring is insufficient. Therefore, new mechanisms such as Zero Trust models, which demand a shift in perspective to “never trust, always verify”, must be built and implemented by network providers. The main challenge, however, is that outsourcing sensitive network traces to untrusted parties is inherently in contradiction with the policy of Zero Trust models. A great deal of effort has been devoted to address such security and privacy issues. Unfortunately, the majority of these sacrifice usability to provide better privacy guarantees, while others sacrifice privacy to maintain usability. A case in point is CryptoPAn, a prefix-preserving anonymization solution that preserves the utility for Internet Protocol (IP)-based intrusion detection analyses but is vulnerable to semantic attacks. Recently, a new notion called the multi-view approach has been proposed to preserve both the privacy and accuracy of the outsourced datasets targeting intrusion detection schemes. In this thesis, we apply multi-view approach, addressing the challenges including use of appropriate partitioning algorithm and interpretation of security rules in each IDS when examining anonymized views. It assesses the model’s effectiveness against various intrusions and its resilience to different semantic attacks. Furthermore, we propose a new binary IDS, based on an autoencoder and a convolutional neural network, which outperforms other related works and achieves an accuracy of 92% using small amount of training data. Additionally, we extend binary IDS to a multiclass IDS and we take sequential dependencies into consideration using recurrent neural networks. However, experiments reveal a decline in accuracy on real-world data due to significant domain shift between the training and real-world data domains. This may be due to variety of training data on real-world scenarios and sensitivity to input changes. However, after fine-tuning with a limited set of samples from the real-world domain, our model’s accuracy improved significantly, aligning with unique characteristics of the collected data.	en_US.UTF-8
dc.format	Thesis (PhD)
dc.language.iso	en_US	en_US.UTF-8
dc.relation	https://opus.lib.uts.edu.au/bitstream/10453/179538/1/thesis.pdf
dc.rights	info:eu-repo/semantics/openAccess
dc.rights	The author owns the copyright in this thesis including all reproduction and reuse rights for the work. The work may not be altered without the permission of the copyright owner. Attribution is essential when quoting or paraphrasing from this thesis.
dc.rights	© 2023 Abeer Z. Alalmaie
dc.rights	au.edu.uts.lib/cph
dc.title	Zero Trust with Guaranteed Accuracy Architecture Implementation for Intrusion Detection Systems (ZTA-IDS)	en_US.UTF-8
dc.type	Thesis
utslib.copyright.status	open_access	*

Abstract:

As security monitoring advances and cloud computing grows popular, organizations increasingly outsource intrusion detection and monitoring to third-party analysts to save on costs like installation, maintenance, labor, and computational time, thereby enhancing efficiency and focus on services and products. However, due to the data security risks of allowing cloud-based third-party analysts access to network traces, the current ”trust but verify” approach in security monitoring is insufficient. Therefore, new mechanisms such as Zero Trust models, which demand a shift in perspective to “never trust, always verify”, must be built and implemented by network providers. The main challenge, however, is that outsourcing sensitive network traces to untrusted parties is inherently in contradiction with the policy of Zero Trust models. A great deal of effort has been devoted to address such security and privacy issues. Unfortunately, the majority of these sacrifice usability to provide better privacy guarantees, while others sacrifice privacy to maintain usability. A case in point is CryptoPAn, a prefix-preserving anonymization solution that preserves the utility for Internet Protocol (IP)-based intrusion detection analyses but is vulnerable to semantic attacks. Recently, a new notion called the multi-view approach has been proposed to preserve both the privacy and accuracy of the outsourced datasets targeting intrusion detection schemes. In this thesis, we apply multi-view approach, addressing the challenges including use of appropriate partitioning algorithm and interpretation of security rules in each IDS when examining anonymized views. It assesses the model’s effectiveness against various intrusions and its resilience to different semantic attacks. Furthermore, we propose a new binary IDS, based on an autoencoder and a convolutional neural network, which outperforms other related works and achieves an accuracy of 92% using small amount of training data. Additionally, we extend binary IDS to a multiclass IDS and we take sequential dependencies into consideration using recurrent neural networks. However, experiments reveal a decline in accuracy on real-world data due to significant domain shift between the training and real-world data domains. This may be due to variety of training data on real-world scenarios and sensitivity to input changes. However, after fine-tuning with a limited set of samples from the real-world domain, our model’s accuracy improved significantly, aligning with unique characteristics of the collected data.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/179538