Advanced Anomaly Detection and Threat Intelligence in Zero Trust IoT Environments Using Machine Learning

TL;DR

This paper explores advanced AI and machine learning techniques, including SMOTE, SVM, RF, and DT, to enhance anomaly detection and threat intelligence in Zero Trust IoT environments, addressing the limitations of traditional security methods.

Contribution

It introduces the application of SMOTE and supervised learning models to improve threat detection accuracy and resilience in IoT security within Zero Trust architectures.

Findings

SMOTE significantly improved model performance by addressing class imbalance.

Support Vector Machine, Random Forest, and Decision Tree classifiers showed increased detection accuracy.

Edge-based ML and blockchain methods were explored for malicious URL and APT detection.

Abstract

The growing adoption of IoT and cloud computing, combined with rapid advancements in digital technologies, has considerably increased the cyber-attack surface, resulting in increasingly complex and persistent attacks. Traditional security methods, primarily based on perimeter defenses, are insufficient to meet these developing threats, especially within the context of a Zero Trust Security (ZTS) architecture. This study investigates the application of sophisticated artificial intelligence (AI) and machine learning (ML) techniques, including the use of the Synthetic Minority Oversampling Technique (SMOTE), to improve anomaly detection and threat intelligence systems. This study focuses on how Support Vector Machine (SVM), Random Forest (RF), and Decision Tree (DT) classifiers might increase threat detection accuracy in IoT environments. The research endeavors to improve cybersecurity resilience by mitigating false positives and providing actionable intelligence through supervised learning algorithms. The KDD Cup 1999 dataset is used in the study to assess how well these models perform in simulating various network intrusions and regular traffic. The application of SMOTE significantly enhanced the performance of these models by addressing class imbalance, leading to improved detection accuracy. Furthermore, as supplementary methods for detecting malicious URLs and advanced persistent threats (APTs), edge-based machine learning and blockchain technology are investigated. This study addresses the shortcomings of conventional security systems and supports the growing demand for reliable threat detection in a world that is becoming more interconnected. It also advances the creation of more proactive and adaptable cybersecur