{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,31]],"date-time":"2026-03-31T21:48:31Z","timestamp":1774993711834,"version":"3.50.1"},"reference-count":51,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2025,2,22]],"date-time":"2025-02-22T00:00:00Z","timestamp":1740182400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Science Foundation","award":["2112471 and 2229876"],"award-info":[{"award-number":["2112471 and 2229876"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2025,5,31]]},"abstract":"<jats:p>\n            Zero Trust (ZT) is a security paradigm aiming to curtail an attacker\u2019s lateral movements within a network by implementing least-privilege and per-request access control policies. However, its widespread adoption is hindered by the difficulty of generating proper rules owing to the lack of detailed knowledge of communication requirements and the characteristic behaviors of communicating entities under benign conditions. Consequently, manual rule generation becomes cumbersome and error prone. To address these problems, we propose\n            <jats:italic>ZT-SDN<\/jats:italic>\n            , an automated framework for learning and enforcing network access control in Software-Defined Networks (SDNs). ZT-SDN collects data from the underlying network and models the network \u201ctransactions\u201d performed by communicating entities as graphs. The nodes represent entities, whereas the directed edges represent transactions identified by different protocol stacks observed. It uses novel unsupervised learning approaches to extract transaction patterns directly from the network data, such as the allowed protocol stacks and port numbers and data transmission behavior. Finally, ZT-SDN uses an innovative approach to generate correct access control rules and infer strong associations between them, allowing proactive rule deployment in forwarding devices. We show the framework\u2019s efficacy in detecting abnormal network accesses and abuses of permitted flows in changing network conditions with real network datasets. Additionally, we showcase ZT-SDN\u2019s scalability and the network\u2019s performance when applied in an SDN environment.\n          <\/jats:p>","DOI":"10.1145\/3712262","type":"journal-article","created":{"date-parts":[[2025,1,15]],"date-time":"2025-01-15T10:56:01Z","timestamp":1736938561000},"page":"1-35","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["ZT-SDN: An ML-Powered Zero-Trust Architecture for Software-Defined Networks"],"prefix":"10.1145","volume":"28","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1876-8478","authenticated-orcid":false,"given":"Charalampos","family":"Katsis","sequence":"first","affiliation":[{"name":"Department of Computer Science, Purdue University, West Lafayette, United States"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4029-7051","authenticated-orcid":false,"given":"Elisa","family":"Bertino","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Purdue University, West Lafayette, United States"}]}],"member":"320","published-online":{"date-parts":[[2025,2,22]]},"reference":[{"key":"e_1_3_3_2_2","volume-title":"tc(8) - Linux Manual Page","unstructured":"[n.d.]. tc(8) - Linux Manual Page. Retrieved from https:\/\/man7.org\/linux\/man-pages\/man8\/tc.8.html"},{"key":"e_1_3_3_3_2","volume-title":"OpenFlow Switch Specification (version 1.5.1)","year":"2015","unstructured":"2015. OpenFlow Switch Specification (version 1.5.1). Technical Report. Open Networking Foundation."},{"key":"e_1_3_3_4_2","first-page":"1","volume-title":"2021 IEEE Global Communications Conference (GLOBECOM)","author":"Houda Zakaria Abou El","year":"2021","unstructured":"Zakaria Abou El Houda, Abdelhakim Senhaji Hafid, and Lyes Khoukhi. 2021. A novel machine learning framework for advanced attack detection using SDN. In 2021 IEEE Global Communications Conference (GLOBECOM). IEEE, 1\u20136."},{"key":"e_1_3_3_5_2","first-page":"499","volume-title":"Proc. of the 20th VLDB Conference","volume":"487","author":"Agarwal Rakesh","year":"1994","unstructured":"Rakesh Agarwal, Ramakrishnan Srikant, et\u00a0al. 1994. Fast algorithms for mining association rules. In Proc. of the 20th VLDB Conference, Vol. 487. 499."},{"key":"e_1_3_3_6_2","unstructured":"Alexey Kuznetsov and Michael Prokop. [n.d.]. ss(8) - linux manual page. Linux Documentation ([n.d.]). https:\/\/linux.die.net\/man\/8\/ss"},{"key":"e_1_3_3_7_2","doi-asserted-by":"publisher","DOI":"10.1145\/3532105.3535029"},{"key":"e_1_3_3_8_2","doi-asserted-by":"publisher","DOI":"10.1145\/3589608.3593836"},{"key":"e_1_3_3_9_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2008.12.011"},{"key":"e_1_3_3_10_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2018.03.027"},{"key":"e_1_3_3_11_2","doi-asserted-by":"publisher","DOI":"10.1145\/1282427.1282382"},{"key":"e_1_3_3_12_2","volume-title":"Configuring Traffic Mirroring","unstructured":"Cisco. [n.d.]. Configuring Traffic Mirroring. Retrieved from https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/iosxr\/ncs5000\/interfaces\/711x\/configuration\/guide\/b-interfaces-hardware-component-cg-ncs5000-711x\/configuring-traffic-mirroring.pdf"},{"key":"e_1_3_3_13_2","volume-title":"What is Jitter?","year":"2020","unstructured":"Cisco. 2020. What is Jitter?https:\/\/documentation.meraki.com\/MR\/Wi-Fi_Basics_and_Best_Practices\/What_is_Jitter%3F"},{"key":"e_1_3_3_14_2","doi-asserted-by":"publisher","DOI":"10.1145\/3564625.3567968"},{"key":"e_1_3_3_15_2","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1109\/NOMS.2016.7502793","volume-title":"NOMS 2016-2016 IEEE\/IFIP Network Operations and Management Symposium","author":"Silva Anderson Santos da","year":"2016","unstructured":"Anderson Santos da Silva, Juliano Araujo Wickboldt, Lisandro Zambenedetti Granville, and Alberto Schaeffer-Filho. 2016. ATLANTIC: A framework for anomaly traffic detection, classification, and mitigation in SDN. In NOMS 2016-2016 IEEE\/IFIP Network Operations and Management Symposium. IEEE, 27\u201335."},{"key":"e_1_3_3_16_2","doi-asserted-by":"publisher","DOI":"10.1109\/TCCN.2022.3186331"},{"key":"e_1_3_3_17_2","first-page":"1","volume-title":"2017 IFIP Networking Conference (IFIP Networking) and Workshops","author":"Emmerich Paul","year":"2017","unstructured":"Paul Emmerich, Maximilian Pudelko, Sebastian Gallenm\u00fcller, and Georg Carle. 2017. FlowScope: Efficient packet capture and storage in 100 Gbit\/s networks. In 2017 IFIP Networking Conference (IFIP Networking) and Workshops. IEEE, 1\u20139."},{"key":"e_1_3_3_18_2","doi-asserted-by":"publisher","DOI":"10.1109\/TMM.2019.2893549"},{"key":"e_1_3_3_19_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.bjp.2013.10.014"},{"key":"e_1_3_3_20_2","doi-asserted-by":"crossref","first-page":"305","DOI":"10.1109\/NOMS.2006.1687561","volume-title":"2006 IEEE\/IFIP Network Operations and Management Symposium (NOMS 2006","author":"Golnabi Korosh","year":"2006","unstructured":"Korosh Golnabi, Richard K, Min, Latifur Khan, and Ehab Al-Shaer. 2006. Analysis of firewall policy rules using data mining techniques. In 2006 IEEE\/IFIP Network Operations and Management Symposium (NOMS 2006). IEEE, 305\u2013315."},{"key":"e_1_3_3_21_2","unstructured":"MAWI Working Group. 2024. MAWI Traffic Trace Dataset of June 19th 8.45 am 2024. Retrieved January 4 2025 from https:\/\/mawi.wide.ad.jp\/mawi\/ditl\/ditl2024\/202406190845.html"},{"key":"e_1_3_3_22_2","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484758"},{"key":"e_1_3_3_23_2","doi-asserted-by":"publisher","DOI":"10.3390\/fi12090147"},{"key":"e_1_3_3_24_2","doi-asserted-by":"publisher","unstructured":"Liu Jian-Ping Liu Juan-Juan and Wang Dong-Long. 2012. Application analysis of automated testing framework based on robot. (2012) 194\u2013197. 10.1109\/ICNDC.2012.53","DOI":"10.1109\/ICNDC.2012.53"},{"key":"e_1_3_3_25_2","doi-asserted-by":"publisher","DOI":"10.1145\/3450569.3463558"},{"key":"e_1_3_3_26_2","first-page":"167","volume-title":"Proceedings of the 12th ACM Conference on Data and Application Security and Privacy","author":"Katsis Charalampos","year":"2022","unstructured":"Charalampos Katsis, Fabrizio Cicala, Dan Thomsen, Nathan Ringo, and Elisa Bertino. 2022. Neutron: A graph-based pipeline for zero-trust network architectures. In Proceedings of the 12th ACM Conference on Data and Application Security and Privacy. 167\u2013178."},{"key":"e_1_3_3_27_2","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2014.2371999"},{"issue":"1","key":"e_1_3_3_28_2","first-page":"927","article-title":"An overview of association rule mining algorithms","volume":"5","author":"Kumbhare Trupti A.","year":"2014","unstructured":"Trupti A. Kumbhare and Santosh V. Chobe. 2014. An overview of association rule mining algorithms. International Journal of Computer Science and Information Technologies 5, 1 (2014), 927\u2013930.","journal-title":"International Journal of Computer Science and Information Technologies"},{"issue":"2","key":"e_1_3_3_29_2","doi-asserted-by":"crossref","first-page":"1305","DOI":"10.1109\/TNSM.2022.3229706","article-title":"Arcade: Adversarially regularized convolutional autoencoder for network anomaly detection","volume":"20","author":"Lunardi Willian Tessaro","year":"2022","unstructured":"Willian Tessaro Lunardi, Martin Andreoni Lopez, and Jean-Pierre Giacalone. 2022. Arcade: Adversarially regularized convolutional autoencoder for network anomaly detection. IEEE Transactions on Network and Service Management 20, 2 (2022), 1305\u20131318.","journal-title":"IEEE Transactions on Network and Service Management"},{"key":"e_1_3_3_30_2","unstructured":"Roberto Maestre. 2025. FastDTW. Retrieved January 9 2025 from https:\/\/github.com\/rmaestre\/FastDTW"},{"key":"e_1_3_3_31_2","article-title":"Robot framework: A boon for automation","author":"Chinnaswamy Dr. T. H. Sreenivas Mandara Nagendra, C. N.","year":"2018","unstructured":"Dr. T. H. Sreenivas Mandara Nagendra, C. N. Chinnaswamy. 2018. Robot framework: A boon for automation. IJSDR | 3, 11 (2018), 1\u20134.","journal-title":"IJSDR | 3, 11"},{"key":"e_1_3_3_32_2","doi-asserted-by":"publisher","DOI":"10.1145\/1355734.1355746"},{"key":"e_1_3_3_33_2","volume-title":"What is Acceptable Jitter?","year":"2016","unstructured":"Medium. 2016. What is Acceptable Jitter? Retrieved from https:\/\/medium.com\/@datapath_io\/what-is-acceptable-jitter-7e93c1e68f9b"},{"key":"e_1_3_3_34_2","article-title":"Kitsune: An ensemble of autoencoders for online network intrusion detection","author":"Mirsky Yisroel","year":"2018","unstructured":"Yisroel Mirsky, Tomer Doitshman, Yuval Elovici, and Asaf Shabtai. 2018. Kitsune: An ensemble of autoencoders for online network intrusion detection. arXiv preprint arXiv:1802.09089 (2018).","journal-title":"arXiv preprint arXiv:1802.09089"},{"key":"e_1_3_3_35_2","doi-asserted-by":"crossref","first-page":"167","DOI":"10.1109\/NFV-SDN.2016.7919493","volume-title":"2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","author":"Nanda Saurav","year":"2016","unstructured":"Saurav Nanda, Faheem Zafari, Casimer DeCusatis, Eric Wedaa, and Baijian Yang. 2016. Predicting network attack patterns in SDN using machine learning approach. In 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN). IEEE, 167\u2013172."},{"key":"e_1_3_3_36_2","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1145\/1592681.1592684","volume-title":"Proceedings of the 1st ACM Workshop on Research on Enterprise Networking","author":"Nayak Ankur Kumar","year":"2009","unstructured":"Ankur Kumar Nayak, Alex Reimers, Nick Feamster, and Russ Clark. 2009. Resonance: Dynamic access control for enterprise networks. In Proceedings of the 1st ACM Workshop on Research on Enterprise Networking. 11\u201318."},{"key":"e_1_3_3_37_2","volume-title":"Proceedings of the 24th Large Installation System Administration Conference (LISA 10)","author":"Nelson Timothy","year":"2010","unstructured":"Timothy Nelson, Christopher Barratt, Daniel J. Dougherty, Kathi Fisler, and Shriram Krishnamurthi. 2010. The Margrave tool for firewall analysis. In Proceedings of the 24th Large Installation System Administration Conference (LISA 10)."},{"key":"e_1_3_3_38_2","first-page":"1","volume-title":"2008 5th IFIP International Conference on Wireless and Optical Communications Networks (WOCN\u201908)","author":"Nguyen Huy Anh","year":"2008","unstructured":"Huy Anh Nguyen, Tam Van Nguyen, Dong Il Kim, and Deokjai Choi. 2008. Network traffic anomalies detection and identification with flow monitoring. In 2008 5th IFIP International Conference on Wireless and Optical Communications Networks (WOCN\u201908). IEEE, 1\u20135."},{"key":"e_1_3_3_39_2","volume-title":"Interface Topology Service","unstructured":"ONF. [n.d.]. Interface Topology Service. Retrieved from https:\/\/api.onosproject.org\/2.7.0\/apidocs\/org\/onosproject\/net\/topology\/TopologyService.html"},{"key":"e_1_3_3_40_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2839684"},{"key":"e_1_3_3_41_2","doi-asserted-by":"publisher","DOI":"10.5555\/2789770.2789779"},{"key":"e_1_3_3_42_2","doi-asserted-by":"publisher","DOI":"10.5555\/1367985.1367993"},{"key":"e_1_3_3_43_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2021.116225"},{"issue":"1","key":"e_1_3_3_44_2","first-page":"1","article-title":"Improving efficiency of apriori algorithm using transaction reduction","volume":"3","author":"Singh Jaishree","year":"2013","unstructured":"Jaishree Singh, Hari Ram, and Dr J. S. Sodhi. 2013. Improving efficiency of apriori algorithm using transaction reduction. International Journal of Scientific and Research Publications 3, 1 (2013), 1\u20134.","journal-title":"International Journal of Scientific and Research Publications"},{"key":"e_1_3_3_45_2","unstructured":"SpeedGuide.net. 2024. TCP\/IP Ports and Protocols Database. Retrieved November 15 2024 from https:\/\/www.speedguide.net\/ports.php"},{"key":"e_1_3_3_46_2","first-page":"207","article-title":"Zero trust architecture","volume":"800","author":"Stafford V. A.","year":"2020","unstructured":"V. A. Stafford. 2020. Zero trust architecture. NIST Special Publication 800 (2020), 207.","journal-title":"NIST Special Publication"},{"key":"e_1_3_3_47_2","first-page":"1","volume-title":"LISA","author":"Tongaonkar Alok","year":"2007","unstructured":"Alok Tongaonkar, Niranjan Inamdar, and R. Sekar. 2007. Inferring higher level policies from firewall rules. In LISA, Vol. 7. 1\u201310."},{"key":"e_1_3_3_48_2","article-title":"Recent advances in autoencoder-based representation learning","author":"Tschannen Michael","year":"2018","unstructured":"Michael Tschannen, Olivier Bachem, and Mario Lucic. 2018. Recent advances in autoencoder-based representation learning. arXiv preprint arXiv:1812.05069 (2018).","journal-title":"arXiv preprint arXiv:1812.05069"},{"key":"e_1_3_3_49_2","first-page":"1","volume-title":"2018 29th Irish Signals and Systems Conference (ISSC)","author":"Vanickis Romans","year":"2018","unstructured":"Romans Vanickis, Paul Jacob, Sohelia Dehghanzadeh, and Brian Lee. 2018. Access control policy enforcement for zero-trust-networking. In 2018 29th Irish Signals and Systems Conference (ISSC). IEEE, 1\u20136."},{"key":"e_1_3_3_50_2","unstructured":"WIDE Project. 2023. MAWI Working Group Traffic Archive. https:\/\/mawi.wide.ad.jp\/mawi\/Accessed: 2024-10-24."},{"key":"e_1_3_3_51_2","doi-asserted-by":"publisher","DOI":"10.17487\/RFC3746"},{"key":"e_1_3_3_52_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3001350"}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3712262","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3712262","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:10:28Z","timestamp":1750295428000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3712262"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,2,22]]},"references-count":51,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2025,5,31]]}},"alternative-id":["10.1145\/3712262"],"URL":"https:\/\/doi.org\/10.1145\/3712262","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,2,22]]},"assertion":[{"value":"2024-11-20","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-12-18","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-02-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}