TriageHD: A Hyper-Dimensional Learning-to-Rank Framework for Dynamic Micro-Segmentation in Zero-Trust Network Security

Network security faces major challenges from sophisticated cyber attacks that exploit lateral movement and evade traditional network intrusion detection mechanisms. To address these challenges, micro-segmentation has proven to be an effective defense strategy for isolating network components and limiting breach propagation. This paper presents TriageHD, a novel framework that integrates graph-based Hyper-Dimensional Computing (HDC) with a learning-to-rank algorithm to strengthen zero-trust network security. TriageHD constructs dynamic scene graphs from time-based network flow data, integrating feature representations extracted via a self-attention-based payload encoder. It employs a learning-to-rank algorithm with an approximated nDCG loss function, incorporating time-aware relevance and graph-aware HDC to prioritize nodes for segregation, thereby mitigating attack propagation. Experiments on the CIC-IDS-2017 dataset demonstrate that TriageHD outperforms state-of-the-art graph neural networks, including graph convolutional networks, graph attention networks, and graph transformer models, in threat prioritization accuracy. By providing a dynamic micro-segmentation approach, TriageHD significantly enhances automated threat detection and response. This work bridges traditional network security measures with zero-trust paradigms, laying the groundwork for future advancements in dynamic micro-segmentation.