Recently, insider cyberthreats have posed significant and inherent risks to organizations and enterprises. These challenges increase the demand for proactive and adaptive ICD techniques that can effectively be mitigated such risks. This paper proposes a new proactive and hybrid ICD technique that integrates the principles of ZTA with a modified RL algorithm. Specifically, the RL-based model combines three algorithms (DDQN, Dueling Networks, and PER) in order to enhance detection performance and decision-making efficiency in dynamic environments. After 300 training episodes, the proposed method attains an accuracy of 0.9895, a precision of 0.9897, a recall of 0.9894, and an F1-score of 0.9895. Comparative analysis indicates that it outperforms existing RL-based methods. Notably, this model is not only data-driven and reward-optimized but also supports compliance with the ZTA policy, thereby enabling continuous verification, implementing micro-segmentation, and adapting access decisions dynamically.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A Hybrid Reinforcement Learning and Zero Trust-Based Framework for Proactive Insider Cyberthreat Detection

  • Yasir A. Hamza,
  • Najla B. Aldabagh

摘要

Recently, insider cyberthreats have posed significant and inherent risks to organizations and enterprises. These challenges increase the demand for proactive and adaptive ICD techniques that can effectively be mitigated such risks. This paper proposes a new proactive and hybrid ICD technique that integrates the principles of ZTA with a modified RL algorithm. Specifically, the RL-based model combines three algorithms (DDQN, Dueling Networks, and PER) in order to enhance detection performance and decision-making efficiency in dynamic environments. After 300 training episodes, the proposed method attains an accuracy of 0.9895, a precision of 0.9897, a recall of 0.9894, and an F1-score of 0.9895. Comparative analysis indicates that it outperforms existing RL-based methods. Notably, this model is not only data-driven and reward-optimized but also supports compliance with the ZTA policy, thereby enabling continuous verification, implementing micro-segmentation, and adapting access decisions dynamically.