Original Article
Securing microservices within enterprise settings is difficult due to each microservice exposing its own API, the attack surface increasing with the number of services, and the current Zero Trust Architecture (ZTA) frameworks not incorporating any behavioral analysis when evaluating requests. In this paper, we introduce an AI-enabled adaptive authentication framework that uses a hybrid machine learning model based on a random forest classifier and isolation forest anomaly detector to compute a continuous risk score for each authentication request. Depending on the risk score, a three-stage policy decision is made either allowing seamless access, performing multi-factor authentication, or denying access to the requested resource. The policy decision process takes place via the Policy Decision Point (PDP) and Policy Enforcement Point (PEP) in the service mesh architecture. On a synthetic dataset of 10,000 authentication events, our solution reaches a classification accuracy of 94.2%, a 4.8% False Positive Rate (FPR), and an end-to-end decision latency of 35-50 ms, outperforming a static ZTA baseline by 7 percentage points in terms of accuracy. Only 21% of all authentication requests require multi-factor authentication, while under a uniform authentication scheme, 100% of them would need it. All performance numbers reported were obtained using simulation to evaluate our solution on actual Kubernetes clusters is the next research direction.
Loading publication timeline...