Using Machine Learning to Detect Network Client Health Security in Zero Trust Architecture رسالة ماجستير

Abstract

Modern organizations face increasing cybersecurity challenges as cyberattacks expand due to remote work, cloud services, and Bring Your Own Device (BYOD) policies. Zero Trust Architecture (ZTA) has emerged to address these challenges by applying a "never trust, always verify" model to every user and device. This thesis targets a critical vulnerability in ZTA: the real-time assessment of endpoint security health. We propose a machine learning based framework for continuously assessing device security health and integrating this information into ZTA decision-making processes. A comprehensive dataset was created by collecting data from multiple sources (such as update status, antivirus presence, vulnerabilities, and system behavior indicators) from different environments. To overcome the limitations of real-world data, synthetic data augmentation techniques (including a GPT-based) were applied, expanding the dataset while maintaining realistic distributions. Each device was assessed using a Device Risk Measure (DRM) that combines factors such as compromise likelihood and potential impact, enabling the training of supervised learning models with clear accept/deny labels. Several machine learning algorithms (such as support vector machines, decision trees, and ensemble methods) were trained and evaluated based on their ability to classify devices as "healthy" (acceptable) or "unhealthy" (should be denied from network access). The models achieved high accuracy in distinguishing device trust levels, with the best-performing model exceeding 99% classification accuracy. The integration of feature extraction highlighted the most critical security features contributing to device risk. The results demonstrate the potential for effectively integrating data-driven adaptive device health checks into a zero-trust (ZTA) model. This approach enables dynamic policy implementation, allowing the policy decision point to trust or quarantine devices based on their current risk level. This helps reduce the attack surface and prevents compromised or non-compliant devices from compromising the network. The research has significant implications for cybersecurity practices, providing a blueprint for enhancing ZTA implementations using machine learning, ultimately improving automated threat prevention and organizational resilience