The microsegmentation design introduced by the Zero Trust model is a powerful approach for enhancing cybersecurity in dynamic networks with many heterogeneous resources, such as IoT and cyber-physical systems. Implementing an effective threat detection system for this architecture is an open issue. The widespread use of end-to-end encryption restricts access to network traffic data, thus limiting the data available for machine learning models.We propose a novel graph-oriented approach that leverages the topology of a microsegmentation architecture. The proposed system generates a complete network graph of the infrastructure by integrating data from the security policy repository and the asset database. This enables the application of graph-based algorithms to assess the security risks associated with individual network resources. By combining this high-level information with netflow data collected from individual resources, we are able to construct enriched feature vectors that are suitable for training threat and anomaly detection models without requiring direct access to raw traffic data. This approach is validated by experimenting it in a complex network environment including traffic patterns of attack scenarios. The experimental results demonstrate that the system is capable of accurately identifying cybersecurity threats in microsegmentation-based networks.
Zanasi, C., Marasco, I., Colajanni, M. (2025). Graph based threat detection system for a microsegmentation Zero Trust Architecture [10.1109/dasc68382.2025.00012].
Graph based threat detection system for a microsegmentation Zero Trust Architecture
Zanasi, Claudio
Primo
;Marasco, Isabella;Colajanni, Michele
2025
Abstract
The microsegmentation design introduced by the Zero Trust model is a powerful approach for enhancing cybersecurity in dynamic networks with many heterogeneous resources, such as IoT and cyber-physical systems. Implementing an effective threat detection system for this architecture is an open issue. The widespread use of end-to-end encryption restricts access to network traffic data, thus limiting the data available for machine learning models.We propose a novel graph-oriented approach that leverages the topology of a microsegmentation architecture. The proposed system generates a complete network graph of the infrastructure by integrating data from the security policy repository and the asset database. This enables the application of graph-based algorithms to assess the security risks associated with individual network resources. By combining this high-level information with netflow data collected from individual resources, we are able to construct enriched feature vectors that are suitable for training threat and anomaly detection models without requiring direct access to raw traffic data. This approach is validated by experimenting it in a complex network environment including traffic patterns of attack scenarios. The experimental results demonstrate that the system is capable of accurately identifying cybersecurity threats in microsegmentation-based networks.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
