Lightweight Zero Trust Access Control with Behavior-Based Anomaly Detection in Cloud

Title

Lightweight Zero Trust Access Control with Behavior-Based Anomaly Detection in Cloud

Creator

Vivek, S.; Vinod, Smitha; Sreeja, C.S.J.

Description

As cloud services become more popular, static security models must give way to dynamic, identity-centric ones. This paper introduces a serverless AWS architecturebased Lightweight Zero Trust Access (LZTA) framework with Behavior-Based Anomaly Detection (BBAD) designed for the cloud. Through the use of AWS Lambda to process CloudTrail logs and DynamoDB to store profiles, our system automatically learns user behavior. Using this profile, a Lambda Authorizer at the API Gateway determines a risk score in real time for every access request, preventing unusual activity such as attempts from unidentified IP addresses. This scalable, reasonably priced frame- work proved to be an effective modern cloud security solution by successfully blocking simulated credential theft attacks with a latency of less than 150 ms while running at no cost within the AWS Free Tier. 2025 IEEE.

Source

2025 17th IEEE International Conference on Computational Intelligence and Communication Networks, CICN 2025;pp.942-948

Date

01-01-2025

Publisher

Institute of Electrical and Electronics Engineers Inc.

Subject

Access Control; Anomaly Detection; AWS Lambda; BehaviorBased Secu- rity; Cloud Security; Lightweight Architecture; Serverless; Zero Trust

Coverage

Vivek S., Christ University, Department of Computer Science, Bengaluru, India; Vinod S., Christ University, Department of Computer Science, Bengaluru, India; Sreeja C.S.J., Christ University, Department of Computer Science, Bengaluru, India

Rights

Restricted Access; Hardcopy may be available in the library

Relation

ISBN: 979-833158733-8;

Format

online

Language

English

Type

Conference paper

Identifier

https://doi.org/10.1109/CICN67655.2025.11368052

https://www.scopus.com/pages/publications/105034649391?origin=resultslist