TY - GEN
T1 - Trust Threshold Policy for Explainable and Adaptive Zero-Trust Defense in Enterprise Networks
AU - Ge, Yunfei
AU - Zhu, Quanyan
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - In response to the vulnerabilities in traditional perimeter-based network security, the zero trust framework is a promising approach to secure modern network systems and address the challenges. The core of zero trust security is agent-centric trust evaluation and trust-based security decisions. The challenges, however, arise from the limited observations of the agent's footprint and asymmetric information in the decision-making. An effective trust policy needs to tradeoff between the security and usability of the network. The explainability of the policy facilitates the human understanding of the policy, the trust of the result, as well as the adoption of the technology. To this end, we formulate a zero-trust defense model using Partially Observable Markov Decision Processes (POMDP), which captures the uncertainties in the observations of the defender. The framework leads to an explainable trust-threshold policy that determines the defense policy based on the trust scores. This policy is shown to achieve optimal performance under mild conditions. The trust threshold enables an efficient algorithm to compute the defense policy while providing online learning capabilities. We use an enterprise network as a case study to corroborate the results. We discuss key factors on the trust threshold and illustrate how the trust threshold policy can adapt to different environments.
AB - In response to the vulnerabilities in traditional perimeter-based network security, the zero trust framework is a promising approach to secure modern network systems and address the challenges. The core of zero trust security is agent-centric trust evaluation and trust-based security decisions. The challenges, however, arise from the limited observations of the agent's footprint and asymmetric information in the decision-making. An effective trust policy needs to tradeoff between the security and usability of the network. The explainability of the policy facilitates the human understanding of the policy, the trust of the result, as well as the adoption of the technology. To this end, we formulate a zero-trust defense model using Partially Observable Markov Decision Processes (POMDP), which captures the uncertainties in the observations of the defender. The framework leads to an explainable trust-threshold policy that determines the defense policy based on the trust scores. This policy is shown to achieve optimal performance under mild conditions. The trust threshold enables an efficient algorithm to compute the defense policy while providing online learning capabilities. We use an enterprise network as a case study to corroborate the results. We discuss key factors on the trust threshold and illustrate how the trust threshold policy can adapt to different environments.
KW - Network Security
KW - Partially Observable Markov Decision Processes (POMDP)
KW - Threshold Policy
KW - Trust Evaluation
KW - Zero Trust Security
UR - http://www.scopus.com/inward/record.url?scp=85143392927&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85143392927&partnerID=8YFLogxK
U2 - 10.1109/CNS56114.2022.9947263
DO - 10.1109/CNS56114.2022.9947263
M3 - Conference contribution
AN - SCOPUS:85143392927
T3 - 2022 IEEE Conference on Communications and Network Security, CNS 2022
SP - 359
EP - 364
BT - 2022 IEEE Conference on Communications and Network Security, CNS 2022
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2022 IEEE Conference on Communications and Network Security, CNS 2022
Y2 - 3 October 2022 through 5 October 2022
ER -