Design and Implementation of a Behavior based Trust Engine for Insider Threat Detection in Zero Trust Environments

Aher, Siddhesh Subhash

Design and Implementation of a Behavior based Trust Engine for Insider Threat Detection in Zero Trust Environments

Tools

Aher, Siddhesh Subhash (2025) Design and Implementation of a Behavior based Trust Engine for Insider Threat Detection in Zero Trust Environments. Masters thesis, Dublin, National College of Ireland.

Preview	PDF (Master of Science) Download (879kB) \| Preview
Preview	PDF (Configuration Manual) Download (1MB) \| Preview

Abstract

Insider attacks are some of the most effective and expensive cybersecurity concerns which tend to circumvent standard perimeter-based measures due to the use of authentic credentials. The given study covers these constraints by developing and deploying a dynamic Trust Engine in a Zero Trust Architecture (ZTA) environment, which is interconnected with Wazuh SIEM. The suggested engine rather implements a rule-based behavioral scoring system that aims to assess the activity of a user and device in real time and assign the user and device trust score classifications depending on security rules triggered. Dynamic interactions Scores are influencing the access decision dynamically, and the thresholds can be used to automatically block, monitor or restore access. To test two high-impact insider threats that involved unauthorized access of sensitive files and SSH brute-forced logins to the server, it was necessary to prepare a controlled virtual construction of a lab based on Wazuh OVA and Kali Linux. The specific measures of evaluation used response time, trust score dynamics and effectiveness of blocking instead of the classical measure of classification accuracy as a part of the adaptive enforcement principle in ZTA. Results illustrated a great decrease in detection-to-mitigation time (average less than two-second) and enhanced decision-making granularity over static rule-based systems. Its results confirm it is possible to use lightweight, explainable, real-time trust scoring to deploy ZTA, providing a practical route to insider threat mitigation in resource-constrained, or transitional security settings.

Item Type:	Thesis (Masters)
Supervisors:	Name Email Hafeez, Khadija UNSPECIFIED
Subjects:	Q Science > QA Mathematics > Electronic computers. Computer science T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science Q Science > QA Mathematics > Computer software > Computer Security T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions:	School of Computing > Master of Science in Cyber Security
Depositing User:	Ciara O'Brien
Date Deposited:	15 Jun 2026 12:39
Last Modified:	15 Jun 2026 12:39
URI:	https://norma.ncirl.ie/id/eprint/9347

Actions (login required)

View Item