A Hybrid Machine Learning-Based Network Intrusion Detection System Integrating Zero Trust Principle
Keywords:
Cybersecurity, Encrypted traffic, Hybrid detection, Machine learning, Network intrusion detection system, Real-time monitoring, Zero trust architectureAbstract
In an era where cyberattacks evolve faster than traditional defences, Network Intrusion Detection Systems (NIDS) are essential for securing enterprise, cloud, and IoT infrastructures. Conventional signature-based NIDS face limitations against zero-day exploits, encrypted traffic, and high-speed networks, resulting in excessive false positives and delayed responses. This study proposes a hybrid machine learning-based NIDS integrated with Zero Trust Architecture (ZTA). The system employs a multi-layered detection model combining signature-based filtering for known threats and machine learning-driven anomaly detection for unknown or evolving attacks. Algorithms such as Random Forest, Support Vector Machine (SVM), Neural Networks, and Isolation Forest enable continuous learning from network behaviors to enhance detection accuracy and adaptability. Integration with Zero Trust enforces continuous authentication, real-time packet inspection, and adaptive response mechanisms. Evaluations on the NSL-KDD and CICIDS2017 datasets demonstrate an improved accuracy of approximately 97% and a reduced false positive rate below 3%, outperforming standalone detection methods. This scalable, intelligent, and self-evolving intrusion detection framework is suitable for modern enterprise, cloud-native, and IoT deployments. By bridging hybrid analytics with Zero Trust principles, this research advances proactive, resilient, and adaptive network security solutions.
References
A. Laghari, A. A. Khan, A. Ksibi, F. Hajjej, and M. A. Mohamed, “A novel and secure artificial intelligence enabled zero trust intrusion detection in industrial internet of things architecture,” Scientific Reports, vol. 15, no. 1, Jul. 2025, doi: https://doi.org/10.1038/s41598-025-11738-915. OISF, “Open Information Security Foundation | Community Driven, Open Source,” oisf.net. https://oisf.net/
OISF, “Open Information Security Foundation | Community Driven, Open Source,” oisf.net. https://oisf.net/
Cisco, “Cisco Secure Firewall Management Center Snort 3 Configuration Guide, Version 7.6,” Cisco, Nov. 2025. https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/snort/760/snort3-configuration-guide-v76.html
V. Paxson, “Bro: a system for detecting network intruders in real-time,” Computer Networks, vol. 31, no. 23–24, pp. 2435–2463, Dec. 1999, doi: https://doi.org/10.1016/s1389-1286(99)00112-7
R. Kozik, M. Choraś, M. Ficco, and F. Palmieri, “A scalable distributed machine learning approach for attack detection in edge computing environments,” Journal of Parallel and Distributed Computing, vol. 119, pp. 18–26, Sep. 2018, doi: https://doi.org/10.1016/j.jpdc.2018.03.006
N. Shone, T. N. Ngoc, V. D. Phai, and Q. Shi, “A Deep Learning Approach to Network Intrusion Detection,” IEEE Transactions on Emerging Topics in Computational Intelligence, vol. 2, no. 1, pp. 41–50, Feb. 2018, doi: https://doi.org/10.1109/tetci.2017.2772792
N. Moustafa and J. Slay, “UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” IEEE Xplore, Nov. 01, 2015. https://ieeexplore.ieee.org/document/7348942
D. A. Adenusi, O. O. Oladimeji, T. A. Oyekola, and K. S. Olagunju, “Data-driven network intrusion detection using optimized machine learning algorithms,” Franklin Open, vol. 12, p. 100339, Aug. 2025, doi: https://doi.org/10.1016/j.fraope.2025.100339
D. Javeed, M. S. Saeed, M. Adil, P. Kumar, and A. Jolfaei, “A federated learning-based zero trust intrusion detection system for Internet of Things,” Ad hoc networks, pp. 103540–103540, May 2024, doi: https://doi.org/10.1016/j.adhoc.2024.103540
M. Ahmed, A. Naser Mahmood, and J. Hu, “A survey of network anomaly detection techniques,” Journal of Network and Computer Applications, vol. 60, pp. 19–31, Jan. 2016, doi: https://doi.org/10.1016/j.jnca.2015.11.016
Md. A. Talukder, M. Khalid, and N. Sultana, “A hybrid machine learning model for intrusion detection in wireless sensor networks leveraging data balancing and dimensionality reduction,” Scientific Reports, vol. 15, no. 1, Feb. 2025, doi: https://doi.org/10.1038/s41598-025-87028-1
M. Al-Zewairi, S. Almajali, M. Ayyash, M. Rahouti, F. Martinez, and N. Quadar, “Multi-Stage Enhanced Zero Trust Intrusion Detection System for Unknown Attack Detection in Internet of Things and Traditional Networks,” ACM Transactions on Privacy and Security, Mar. 2025, doi: https://doi.org/10.1145/3725216
D. Pinto, I. Amorim, E. Maia, and I. Praça, “A review on intrusion detection datasets: Tools, processes, and features,” Computer Networks, pp. 111177–111177, Mar. 2025, doi: https://doi.org/10.1016/j.comnet.2025.111177
R. Chinnasamy, M. Subramanian, S. V. Easwaramoorthy, and J. Cho, “Deep Learning-driven Methods for Network-based Intrusion Detection Systems: A Systematic Review,” ICT Express, Jan. 2025, doi: https://doi.org/10.1016/j.icte.2025.01.005
N. Daniel, F. K. Kaiser, S. Giladi, and S. Sharabi, “Labeling Network Intrusion Detection System (NIDS) Rules with MITRE ATT&CK Techniques: Machine Learning vs. Large Language Models,” Big Data and Cognitive Computing (BDCC), vol. 9, no. 2, p. 23, Jan. 2025, doi: https://doi.org/10.3390/bdcc9020023
S. Amalapuram, B. Reddy, and S. Channappayya, “SPIDER: A Semi-Supervised Continual Learning-based Network Intrusion Detection System,” 2021. [Online]. Available: https://newslab.iith.ac.in/files/conference/SPIDER-Suresh.pdf
