Abstract

In today’s cybersecurity landscape, the traditional perimeter-based defense model has become obsolete, giving rise to the Zero Trust Architecture (ZTA), where no entity—whether internal or external—is automatically trusted. While ZTA provides a robust security posture, its effectiveness heavily depends on accurate and context-aware access evaluation. Conventional authentication techniques, such as static credentials and multi-factor authentication (MFA), are often insufficient to detect subtle identity compromise or insider threats. This paper introduces a novel framework that leverages Artificial Intelligence (AI) and behavioral fingerprinting to enable continuous and adaptive access evaluation within a Zero Trust environment. Behavioral fingerprinting, which includes unique user-specific patterns such as keystroke dynamics, mouse movement patterns, application access sequences, and response times, is used to construct a dynamic trust profile for each user. Our system continuously collects telemetry data, extracts behavioral features, and uses supervised and unsupervised learning models to assess risk in real-time. By combining these insights with contextual parameters (such as geolocation, device hygiene, and network indicators), our AI engine computes a Behavioral Trust Score (BTS) to grant, deny, or conditionally allow access. The results from our prototype demonstrate a significant improvement in detecting anomalous behavior compared to traditional rule-based systems, with a notable reduction in false positives and latency. Our contributions aim to enhance the granularity and responsiveness of Zero Trust security models while maintaining user transparency and compliance.

References

• Stafford, V. "Zero trust architecture." NIST special publication 800.207 (2020): 800-207.
• Ferraiolo, David F., et al. "Proposed NIST standard for role-based access control." ACM Transactions on Information and System Security (TISSEC) 4.3 (2001): 224-274.
• Google, “BeyondCorp: A New Approach to Enterprise Security,” Google White Paper, 2014. [Online]. Available: https://cloud.google.com/beyondcorp
• Ward, Rory, and Betsy Beyer. "Beyondcorp: A new approach to enterprise security." ; login:: the magazine of USENIX & SAGE 39.6 (2014): 6-11.
• Das, Sanchari, Andrew Dingman, and L. Jean Camp. "Why Johnny doesn’t use two factor a two-phase usability study of the FIDO U2F security key." Financial Cryptography and Data Security: 22nd International Conference, FC 2018, Nieuwpoort, Curaçao, February 26–March 2, 2018, Revised Selected Papers 22. Springer Berlin Heidelberg, 2018.
• Ahmed, Ahmed A., and Issa Traore. "Biometric recognition based on free-text keystroke dynamics." IEEE transactions on cybernetics 44.4 (2013): 458-472.
• Kamezaki, Yuto, and Kazutaka Matsuzaki. "User Identification Based on Mouse Behavior--Enhancing Accuracy with Velocity Features and Evaluating Practicality." IEICE Technical Report; IEICE Tech. Rep.
• Khanan, Akbar, et al. "From bytes to insights: a systematic literature review on unraveling IDS datasets for enhanced cybersecurity understanding." IEEE Access (2024).
• Gadde, Hemanth. "AI-Driven Anomaly Detection in NoSQL Databases for Enhanced Security." International Journal of Machine Learning Research in Cybersecurity and Artificial Intelligence 14.1 (2023): 497-522.
• Sandhu, Ravi S. "Role-based access control." Advances in computers. Vol. 46. Elsevier, 1998. 237-286.
• Jazzar, Mahmoud, and Aman Jantan. "A novel soft computing inference engine model for intrusion detection." IJCSNS International Journal of Computer Science and Network Security 8.4 (2008): 1-9.
• Mahoney, Matthew V., and Philip K. Chan. "An analysis of the 1999 DARPA/Lincoln Laboratory evaluation data for network anomaly detection." International Workshop on Recent Advances in Intrusion Detection. Berlin, Heidelberg: Springer Berlin Heidelberg, 2003.
• Liang, Yunji, et al. "Behavioral biometrics for continuous authentication in the internet-of-things era: An artificial intelligence perspective." IEEE Internet of Things Journal 7.9 (2020): 9128-9143.
• Nasir, Rida, et al. "Behavioral based insider threat detection using deep learning." IEEE Access 9 (2021): 143266-143274.
• Bereziński, Przemysław, Bartosz Jasiul, and Marcin Szpyrka. "An entropy-based network anomaly detection method." Entropy 17.4 (2015): 2367-2408.
• Abuhamad, Mohammed, et al. "Sensor-based continuous authentication of smartphones’ users using behavioral biometrics: A contemporary survey." IEEE Internet of Things Journal 8.1 (2020): 65-84.
• Lundberg, Scott M., and Su-In Lee. "A unified approach to interpreting model predictions." Advances in neural information processing systems 30 (2017).
• MacDonald, Neil, Lawrence Orans, and Joe Skorupa. "The Future of Network Security Is in the Cloud." Gartner. Viitattu 1 (2019): 2021.
• Yang, Qiang, et al. "Federated machine learning: Concept and applications." ACM Transactions on Intelligent Systems and Technology (TIST) 10.2 (2019): 1-19.
• Killourhy, Kevin S., and Roy A. Maxion. "Comparing anomaly-detection algorithms for keystroke dynamics." 2009 IEEE/IFIP international conference on dependable systems & networks. IEEE, 2009.