Term of Award

Spring 2025

Degree Name

Master of Science, Information Technology

Document Type and Release Option

Thesis (open access)

Copyright Statement / License for Reuse

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.

Department

Department of Information Technology

Committee Chair

Lei Chen

Committee Member 1

Chris Kadlec

Committee Member 2

Jongyeop Kim

Abstract

Hybrid work, cloud adoption, and freely available AI‑enabled attack tools have exposed critical weaknesses in perimeter‑centric security. Current breach reports attribute more than one‑third of incidents to insider misuse or credential compromise, yet many organizations still depend on static Role‑ or Attribute‑Based Access Control that neither verifies intent continuously nor adapts to subtle behavioral change. This research addresses that gap by designing and validating a behavioral based Zero Trust Access Control (ZTAC) Agent. A five‑year enterprise log Dataset was extracted and cleansed to establish a high‑fidelity baseline of normal user behavior. Feature engineering captured temporal regularity (login sequence, session duration), geospatial consistency (median location and deviation), and event‑sequence context (command‑to‑file‑access patterns). These features feed an eXtreme Gradient Boosting model that assigns a per‑request risk score; Shapley Additive exPlanations (SHAP) render each decision transparent at feature level. Scores are delivered to a Zero Trust policy gateway via a lightweight, containerized micro‑service, enabling on‑the‑fly privilege revocation or step‑up authentication. The solution was stress‑tested against replayed insider‑threat scenarios drawn from real‑world breach playbooks. The ZTAC Agent achieved a significant accuracy, while sustaining sub‑second inference latency, and < 300 MB runtime memory. Mean‑time‑to‑detect fell by 42 percent relative to RBAC/ABAC baselines. SHAP visualizations consistently surfaced primary decision factors, accelerating analyst triage and bolstering trust in automated enforcement. Collectively, the findings demonstrate that integrating explainable machine‑learning analytics into continuous‑verification loops can shrink attacker dwell‑time without sacrificing regulatory compliance or operational agility. The micro‑service architecture provides a practical pathway for progressive adoption of Zero Trust in heterogeneous, cloud‑first environments.

OCLC Number

1520623701

Research Data and Supplementary Material

No

Download

Share

COinS