The Reasonability of using artificial intelligence capabilities to ensure enterprise cybersecurity based on the concept of zero trust
DOI:
https://doi.org/10.30837/rt.2025.1.220.02Keywords:
zero trust, zero trust architecture, zero trust architecture deployment models, information security, cybersecurityAbstract
Modern enterprises face increasingly complex cybersecurity challenges, which require new approaches to digital asset protection. To ensure modern enterprise cybersecurity, a complex approach is needed, including adaptive and intelligent protection mechanisms that can withstand modern threats. The traditional perimeter-based protection model is not able to provide an adequate level of protection, as modern attacks are becoming increasingly sophisticated and enterprise infrastructure is undergoing significant changes due to the expansion of the attack surface, the use of cloud technologies and remote access. In this regard, an increasing number of organizations are focusing on the concept of zero trust, which is based on the principle of “never trust, always verify” and allows for secure access to their corporate resources anytime and anywhere, as well as their efficient functioning regardless of where they are located. Implementation of the zero-trust architecture involves the usage of modern methods and technologies, including artificial intelligence. The use of artificial intelligence technologies makes it possible to effectively detect threats, identify anomalies in systems and networks, automate access control, and dynamically monitor user behavior. This paper focuses on analyzing the role of artificial intelligence in ensuring cybersecurity of enterprises in the context of the zero-trust architecture. The paper aims to determine the possibilities of using artificial intelligence technologies to increase the level of protection of information systems and identify cyber threats within the framework of the zero trust architecture. The paper briefly describes the conceptual architecture of zero trust, its main logical components and approaches to integrating artificial intelligence into them. The analysis of existing approaches leads to the conclusion that the combination of artificial intelligence and the principles of zero trust contributes to the creation of a flexible and adaptive protection system capable of detecting, analyzing and neutralizing threats in real time, increasing resilience of an enterprise to cyber threats. In addition, the paper discusses the challenges associated with integrating artificial intelligence into the zero-trust architecture. In particular, it raises the issues of adapting outdated systems, creating mechanisms and recommendations for the gradual implementation of the zero-trust architecture and training staff to work effectively in the new environment, the need to standardize data and ensure consistency in security automation processes.
References
Pentera: The State Of Pentesting 2024 Survey Report. (2024). URL: https://pentera.io/resources/reports/the-state-of-pentesting-2024-survey-report/.
PwC: The macroeconomic impact of artificial intelligence (2018). URL: https://www.pwc.co.uk/economic-services/assets/macroeconomic-impact-of-ai-technical-report-feb-18.pdf.
Cost of a data breach (2024). URL: https://www.ibm.com/reports/data-breach.
National Cybersecurity Center of Excellence (NCCoE). Implementing a Zero Trust Architecture. URL: https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture.
Єсін В. І., Вілігура В. В., Узлов Д. Ю. Огляд існуючих моделей та основних принципів нульової дові-ри // Радіотехніка. 2024. Вип. 217. С. 39–54. https://doi.org/10.30837/rt.2024.2.217.03.
Rose S., Borchert O., Mitchell S., & Connelly S. Zero Trust Architecture. NIST Special Publication 800-207 // National Institute of Standards and Technology. 2020. 59 p. https://doi.org/10.6028/NIST.SP.800-207.
Ahmed I., Nahar T., Urmi S. S., Taher K. A. Protection of Sensitive Data in Zero Trust Model // Proceedings of the International Conference on Computing Advancements. 2020. Vol. 63. P. 1–6. https://doi.org/10.1145/3377049.3377114.
Zero Trust Security (2024). URL: https://www.akamai.com/solutions/security/zero-trust-security.
Kindervag J. No More Chewy Centers: Introducing The Zero Trust Model Of Information Security. Forrester Research, For Security & Risk Professionals. URL: https://media.paloaltonetworks.com/documents/Forrester-NoMore-Chewy-Centers.pdf.
Sarkar S., Choudhary G., Shandilya S. K., Hussain A., Kim H. Security of Zero Trust Networks in Cloud Computing: A Comparative Review // Sustainability. 2022. 14(18). 11213. https://doi.org/10.3390/su141811213.
Cunningham C., Balaouras S., Barringham B., Dostie P. The Zero Trust eXtended (ZTX) Ecosystem. Extend-ing Zero Trust Security Across Your Digital Business. Forrester Research, Inc. Cambridge, MA. 2018. URL: https://www.cisco.com/c/dam/m/en_sg/solutions/security/pdfs/forrester-ztx.pdf.
Fisher B. Forrester’s Zero Trust or Gartner’s Lean Trust? 2019. URL: https://blogs.cisco.com/security/forresters-zero-trust-or-gartners-lean-trust.
Ward R., Beyer B. Beyondcorp // A new approach to enterprise security. 2014. 39(6). P. 6–11.
Oracle. Zero-trust security model. 2024. URL: https://www.oracle.com/nl/security/what-is-zero-trust/.
National Cybersecurity Center of Excellence (NCCoE). Implementing a Zero Trust Architecture. URL: https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture.
Fortinet. The State of Zero Trust. Report. 2023. URL: https://www.fortinet.com/content/dam/fortinet/assets/reports/report-state-of-zero-trust.pdf.
Єсін В. І., Вілігура В. В., Узлов Д. Ю. Архітектура нульової довіри: проблеми та рекомендації щодо успішного впровадження. Радіотехніка. 2024. Вип. 218. С. 7–34. https://doi.org/10.30837/rt.2024.3.218.01.
Garbis J., Chapman J. W. Zero Trust Security: An Enterprise Guide. Berkeley, CA : Apress, 2021. 300 p.
ManageEngine: Adopting Zero Trust to safeguard against generative AI cyberthreats (2024). URL: https://www.manageengine.com/active-directory-360/ebooks/zero-trust-approach-to-combating-gen- ai-cyberattacks.html.
Wang J. W., Jing X. Y., Yan Z., Fu Y. L., Pedrycz W., Yang L. T. A survey on trust evaluation based on ma-chine learning // ACM Computing Surveys. 2020. 53(5). P. 1–36. https://doi.org/10.1145/3408292.
Ajish D. The significance of artificial intelligence in zero trust technologies: a comprehensive review // Jour-nal of Electrical Systems and Inf Technol. 2024. 11(30). P. 1–23. https://doi.org/10.1186/s43067-024-00155-z.
Rangaraju S. Secure by intelligence: enhancing products with AI-driven security measures // EPH – Interna-tional Journal of Science and Engineering. 2023. 9(3). P. 36–41. https://doi.org/10.53555/ephijse.v9i3.212.
Suleski T., Ahmed M., Yang W., Wang E. A review of multi-factor authentication in the Internet of Healthcare Things // Digital Health. 2023. Vol. 9. P. 1–20. https://doi.org/10.1177/20552076231177144.
Borodavka V., Tsuranov M. Biometrics: analysis and multi-criterion selection // The 9th IEEE International Conference on Dependable Systems, Services and Technologies, DESSERT, Kyiv, Ukraine. 2018. P. 334–339. https://doi.org/10.1109/DESSERT.2018.8409152.
Bodepudi A., Reddy M., Gutlapalli S. S., & Mandapuram M. Voice Recognition Systems in the Cloud Net-works: Has It Reached Its Full Potential? // Asian Journal of Applied Science and Engineering. 2019. 8(1). P. 51–60. https://doi.org/10.18034/ajase.v8i1.12.
Stouffer C. What is facial recognition and how does it work? 2023. URL: https://us.norton.com/blog/iot/how-facial-recognition-software-works.
Ryu R., Yeom S., Kim S. H., Herbert D. Continuous multimodal biometric authentication schemes: A sys-tematic review // IEEE Access. 2021. Vol. 9. P. 34541–34557. https://doi.org/10.1109/ACCESS.2021.3061589.
Germain K. S., Kragh F. Mobile physical-layer authentication using channel state information and condi-tional recurrent neural networks. In Proceedings of the 93rd IEEE Vehicular Technology Conference, Helsinki, Finland. 2021. P. 1–6. https://doi.org/10.1109/VTC2021-Spring51267.2021.9448652.
Meng R., Xu B., Xu X., Sun M., Wang B., Han S., Lv S., Zhang P. A survey of machine learning-based physical-layer authentication in wireless communications // Journal of Network and Computer Applications. 2024. 111 p. https://doi.org/10.48550/arXiv.2411.09906.
Du M., Li F. F., Zheng G. N., Srikumar V. DeepLog: Anomaly detection and diagnosis from system logs through deep learning // Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, Dallas, USA. 2017. P. 1285–1298. https://doi.org/10.1145/3133956. 3134015.
Wang Y. M., Ji Z. X. Design and implementation of a semi-supervised anomaly log detection model DDA // Proceedings of International Conference on Computer Communication and Artificial Intelligence, Guangzhou, China. 2021. P. 86–90. https://doi.org/10.1109/CCAI50917.2021. 9447533.
Bursic S., Cuculo V., D’Amelio A. Anomaly detection from log files using unsupervised deep learning // Pro-ceedings of International Symposium on Formal Methods, Porto, Portugal. 2019. P. 200–207. https://doi.org/10.1007/ 978-3-030-54994-7_15.
Tang Y. P., Ma B. X., Wu Z. Research on user clustering algorithm based on software system user behavior trajectory // Proceedings of the 2nd International Conference on Big Data Technologies, Jinan, China. 2019. P. 11–14. https://doi.org/10.1145/3358528.3358572.
Zhao Z., Chen W., Wu X., Chen P.C.Y., Liu J. LSTM network: A deep learning approach for Short-term traf-fic forecast // IET Intelligent Transport Systems. 2017. 11(2). P. 68–75. https://doi.org/10.1049/iet-its.2016.0208.
Singh M., Mehtre B. M., Sangeetha S. User behavior profiling using ensemble approach for insider threat de-tection // Proceedings of the 5th IEEE International Conference on Identity, Security, and Behavior Analysis, Hydera-bad, India. 2019. P. 1–8. https://doi.org/10.1109/ISBA.2019. 8778466.
Sharma B., Pokharel P., Joshi B. User behavior analytics for anomaly detection using LSTM autoencoder-insider threat detection // Proceedings of the 11th International Conference on Advances in Information Technology, Bangkok, Thailand. 2020. Vol. 5. P 1–9. https://doi.org/10.1145/3406601.3406610.
Singh M., Mehtre B. M., Sangeetha S. User behaviour based insider threat detection in critical infrastructures // Proceedings of the 2nd International Conference on Secure Cyber Computing and Communications, Jalandhar, India. 2021. P. 489–494. https://doi.org/10.1109/ICSCCC51823.2021.9478137.
Marchal S., Jiang X. Y., State R., Engel T. A big data architecture for large scale security monitoring // Pro-ceedings of IEEE International Congress on Big Data, Anchorage, USA. 2014. P. 56–63. https://doi.org/10.1109/BigData. Congress.2014.18
Li T. M., Yan L. M. SIEM based on big data analysis // Proceedings of the 3rd International Conference on Cloud Computing and Security, Nanjing, China. 2017. P. 167–175. https://doi.org/10.1007/978-3-319-68505-2_15.
El Hajji S., Moukafih N., Orhanou G. Analysis of neural network training and cost functions impact on the accuracy of IDS and SIEM systems // Proceedings of the 3rd International Conference on Codes, Cryptology, and In-formation Security, Rabat, Morocco. 2019. P. 433–451. https://doi.org/10.1007/978-3-030-16458-4_25.
Hossain S. M. M., Couturier R., Rusk J., Kent K. B. Automatic event categorizer for SIEM // Proceedings of the 31st Annual International Conference on Computer Science and Software Engineering, Toronto, Canada. 2021. P. 104–112. https://dl.acm.org/doi/10.5555/3507788.3507803.
Hindy H., Brosset D., Bayne E., Seeam A., Bellekens X. Improving SIEM for critical SCADA water infra-structures using machine learning // Proceedings of International Workshop on Security and Privacy Requirements En-gineering, Barcelona, Spain. 2019. P. 3–19. https://doi.org/10.1007/978-3-030-12786-2_1.
Feng C., Wu S. N., Liu N. W. A user-centric machine learning framework for cyber security operations cen-ter. In Proceedings of IEEE International Conference on Intelligence and Security Informatics, Beijing, China. 2017. P. 173-175. https://doi.org/10.1109/ISI.2017.8004902.
Kinyua J., Awuah L. AI/ML in security orchestration, automation and response // Future research directions. Intelligent Automation & Soft Computing. 2021. 28(2). P. 527–545. https://doi.org/10.32604/iasc.2021.016240.
Aslam N., Khan I.U., Mirza S., AlOwayed A., Anis F.M., Aljuaid R.M., Baageel R. Interpretable Machine Learning Models for Malicious Domains Detection Using Explainable Artificial Intelligence (XAI) // Sustainability. 2022. 14(12), 7375. P. 1–22. https://doi.org/10.3390/su14127375.
Yeshwanth M.V., Kalluri R., Rao M.S., Kumar R.K.S., Bindhumadhava B.S. Adoption and Assessment of Machine Learning Algorithms in Security Operations Centre for Critical Infrastructure // Pillai R.K., Ghatikar G., Sonavane V.L., Singh B.P. (eds) ISUW 2020. Lecture Notes in Electrical Engineering, Springer, Singapore. 2022. № 847. P. 395–407. https://doi.org/10.1007/978-981-16-9008-2_38
Ban T., Ndichu S., Takahashi T., Inoue D. Combat security alert fatigue with AI-assisted techniques // CSET –21: Cyber Security Experimentation and Test Workshop. 2021. P. 9–16. https://doi.org/10.1145/3474718.3474723.
Sentuna A., Alsadoon A., Prasad P. W. C., Saadeh M., Alsadoon O. H. A novel enhanced naive Bayes poste-rior probability (ENBPP) using machine learning: Cyber threat analysis // Neural Processing Letters. 2021. № 53(1). P. 177–209. https://doi.org/10.1007/s11063-020-10381-x.
Deliu I., Leichter C., Franke K. Collecting cyber threat intelligence from hacker forums via a two-stage, hy-brid process using support vector machines and latent dirichlet allocation // Proceedings of IEEE International Confer-ence on Big Data, Seattle, USA. 2018. P. 5008–5013. https://doi.org/10.1109/BigData.2018.8622469.
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
