A Biologically Inspired Cost-Efficient Zero-Trust Security Approach for Attacker Detection and Classification in Inter-Satellite Communication Networks

Abstract

In next-generation Low-Earth-Orbit (LEO) satellite networks, securing inter-satellite communication links (ISLs) through strong authentication is essential due to the network’s dynamic and distributed structure. Traditional authentication systems often struggle in these environments, leading to the adoption of Zero-Trust Security (ZTS) models. However, current ZTS protocols typically introduce high computational overhead, especially as the number of satellite nodes grows, which can impact both security and network performance. To overcome these challenges, a new bio-inspired ZTS framework called Manta Ray Foraging Cost-Optimized Zero-Trust Security (MRFCO-ZTS) has been introduced. This approach uses data-driven learning methods to enhance security across satellite communications. It continuously evaluates access requests by applying a cost function that accounts for risk level, likelihood of attack, and computational delay. The Manta Ray Foraging Optimization (MRFO) algorithm is used to minimize this cost, enabling effective classification of nodes as either trusted or malicious based on historical authentication records and real-time behavior. MRFCO-ZTS improves the accuracy of attacker detection while maintaining secure data exchange between authenticated satellites. Its effectiveness has been tested through numerical simulations under different satellite traffic conditions, with performance measured in terms of security accuracy, latency, and operational efficiency.

1. Introduction

As next-generation wireless communication technologies continue to evolve, satellite communication networks are playing an increasingly important role. These networks support a range of critical wireless services, including voice communication, global positioning, and message transmission. In Low-Earth-Orbit (LEO) satellite networks, inter-satellite links (ISLs) are essential for connecting multiple satellites, facilitating data exchange and command coordination, and enabling real-time monitoring of the network. ISLs are especially vital for large-scale satellite constellations like SpaceX’s Starlink, as they enhance global coverage and support diverse applications. To ensure secure and reliable communication, ISLs must be protected by strong security protocols that defend against threats such as eavesdropping and spoofing.

Recently, the emerging zero-trust authentication model has attracted enormous interest and has been implemented in NextGen LEO satellite networks to secure communications from illegitimate access using Hyperelliptic Curve Cryptography (HECC) [1]. However, continuous authentication performance could increase operation costs, especially while covering a greater number of satellite users. Additionally, provably secure optimal homomorphic sign encryption was employed in [2] to achieve privacy-preserved data transmission from multiple IoT devices to LEO satellites. However, wireless communication latency has been increased. A secure authentication was performed in [3] by utilizing key agreement systems and Elliptic Curve Cryptography (ECC) for satellite communication systems. However, the operation time taken for the reliable authentication process was increased significantly.

A one-class classification support vector machine (OCC-SVM) was applied in [4] to enhance the performance of physical layer authentication. However, the authentication rate was unsatisfactory. A Lightweight Authentication and Key Sharing Protocol was applied in [5] for secure satellite communication with better computational complexity, speed, and bandwidth. However, the scalability of this protocol has remained an open issue. The Encryption-based Mutual Authentication and Key Update (EMAKU) protocol was implemented in [6] to find the replay attack and man-in-the-middle attack. However, the latency during the secured satellite communication process was not minimal.

An orbital zero-trust architecture (oZTA) was implemented in [7] for securing the LEO satellite networks. However, the types of anomaly detection remained an open issue. In [8], the handover authentication protocol was investigated to rapidly and strongly authenticate the user’s identity during the handover process. However, communication and computational efficiency cannot be balanced effectively. Elliptic curve cryptography and a three-factor authentication procedure have been used in [9] for satellite communications. However, the data loss rate was determined using elliptic curve cryptography, which was still higher than in other studies. A robust three-factor authentication protocol was implemented in [10] for satellite communication. However, the successful authentication rate was poor while assuming a larger satellite network as input.

To address the outlined challenges, the MRFCO-ZTS approach has been introduced to provide enhanced security for next-generation Low-Earth-Orbit (LEO) satellite networks. It ensures secure and reliable communication between satellites operating in dynamic and complex non-terrestrial environments. This model introduces several key improvements over conventional Zero-Trust Security (ZTS) frameworks:

(1)

Continuous Authentication for ISLs: The MRFCO-ZTS model implements continuous authentication mechanisms specifically tailored for Inter-Satellite Links (ISLs) in LEO networks. This strengthens security by improving data confidentiality, authentication reliability, integrity, and privacy protection, while effectively resisting a wide range of cyber threats.

(2)

Bio-Inspired Optimization for Cost Efficiency: MRFCO-ZTS employs the Manta Ray Foraging Optimization (MRFO) algorithm—a bio-inspired technique—to optimize the ZTS cost function. This function considers the likelihood of attacks, potential risk impact, and computational overhead. By integrating a cost-optimized classification system, the model effectively distinguishes between legitimate and malicious nodes, enhancing secure data access in satellite communications.

(3)

Balanced Performance and Efficiency: The MRFCO-ZTS framework achieves an optimal balance between satellite network security, communication latency, and resource utilization. Its performance has been validated through extensive simulations, demonstrating improvements over traditional satellite authentication methods in terms of accuracy, speed, and efficiency [3,4,6].

The traditional metaheuristic security schemes were designed for one-time or static trust assumptions. In contrast, the proposed MRFCO-ZTS is implemented for fully dynamic zero-trust score updating. In addition, the traditional metaheuristic security schemes were developed for ground networks (IoT, WSN, and MANET) or generic cyber systems. However, the MRFCO-ZTS is proposed for inter-satellite environments. In traditional metaheuristic security, optimization focuses on generic search (e.g., PSO, GA). In contrast, the proposed MRFCO-ZTS used Manta Ray Foraging Optimization for dynamic orbital constraints. Traditional Metaheuristic Security Schemes support only limited feedback loops or static decision logic, whereas the proposed MRFCO-ZTS uses real-time continuous monitoring and adaptive trust updates.

The rest of the paper is formulated as follows: Section 2 shows related works, Section 3 describes the LEO satellite network model, Section 4 provides the detailed processes of the developed MRFCO-ZTS approach for authentication and secure data access, Section 5 illustrates experimental results and features a comparison with conventional methods, and Section 6 concludes the paper.

2. Related Works

This section presents the state-of-the-art authentication techniques that were implemented for secure data communication in satellite networks.

2.1. Conventional Authentication Techniques

A Network Slice Access Authentication and Service Authorization method was developed in [11] to securely access data in satellite–terrestrial networks with minimal computational and communication overhead. However, the complexity involved during the authentication process was not reduced. A broad examination of state-of-the-art authentication techniques designed for satellite communication networks was presented in [12].

A robust ECC-based authentication procedure was utilized in [13] for reliable satellite-to-satellite communication networks. However, the error rate measured during the authentication was higher. A High-Performance Identity-Based Quantum Signature system was implemented in [14] to attain strong security. However, the authentication efficiency was unsatisfactory. A provably secure and efficient emergency message verification scheme was presented in [15] to achieve privacy and accountability and support confidential transmission. However, the data loss rate was higher than others.

A lightweight authentication and key agreement method was implemented in [16] for S2S communication with the application of a symmetric cryptographic system. However, the data integrity rate was poor. An access authentication protocol was developed in [17] with user anonymity and traceability, with the objective of decreasing the communication delay and signaling cost of access authentication. However, the true-positive rate of authentication was not sufficient.

A secure three-factor anonymous-roaming authentication procedure was introduced in [18] with the assistance of ECC for space information networks, but the authentication failure was worse. However, the ratio of the number of users that are correctly authenticated as detector or attacker satellites was not higher. LSTM Networks were introduced in [19] with the aim of achieving better anomaly detection accuracy in satellite communications systems. However, it was computationally costly and training time and memory consumption was higher. A literature review of different security threats, solutions, and challenges faced during the process of secure satellite communication was presented in [20].

2.2. Conventional Zero-Trust Authentication Techniques

An intelligent zero-trust architecture was constructed in [21] to achieve better information security in networks. However, the communication delay was not reduced. A convolutional neural network (CNN) and zero-trust security strategy were utilized in [22] for precise and timely recognition of false data injection attacks. However, the transmission delay was not reduced. An orbital zero-trust architecture (OZTA) was presented in [23] for LEO satellite networks.

Zero-trust and edge intelligence (ZTEI)-empowered continuous authentication was carried out in [24] to attain better accuracy for user authentication. However, the false positive rate observed during the authentication process was higher. A Multi-Factor Authentication system was implemented in [25] with the support of Zero-Trust Network Access to achieve low computation and communication costs while maintaining a high level of security and reliability. A deep learning-based anomaly detection framework was designed in [26] for satellite telemetry with false anomalies. However, the existing framework features a high computational cost, over-fitting, and data privacy and security concerns. A Variance-Based Genetic Ensemble of Neural Networks was designed in [27] for increasing the efficiency of satellite anomaly detection. However, the false positive rate was higher.

A zero-trust framework was presented in [28] by using Proof-of-Work and Mean Field Game theory to scale authentication in satellite-ground IoT scenarios. LSTM-based anomaly detection was designed in [29] to satellite telemetry, enabling real-time detection of unusual behaviors. A deep-learning model was intended in [30] that trains on synthetic telemetry faults to simulate and detect anomalies. A genetic-algorithm-optimized ensemble of neural networks was presented in [26] for satellite anomaly detection. Secure Optimization was performed in [30] for enhancing LEO link energy efficiency.

On the contrary to state-of-the-art works, following are the key contributions:

• Proposed MRFCO-ZTS is intended for fast adaptation to new threat patterns and Minimizes system load during detection/classification as where it utilizes Manta Ray Foraging Optimization for learning-based evolution of trust scores, using behaviors.
• Besides to that, proposed MRFCO-ZTS enforces Strict identity validation at every request, Dynamic trust re-evaluation based on behavior and past interaction, No implicit trust for previously authenticated satellite nodes, Trust decay over time in idle or suspicious nodes.

3. LEO Satellite Network Model

The proposed LEO satellite network architecture for MRFCO ZTS comprises four primary components: (1) a centralized Network Control Center (NCC) managing satellite operations and user access, (2) an authorized user segment with terminals such as VSATs and GPS receivers, (3) a constellation of LEO satellites (including both inter-satellite and ground feeder links), and (4) communication links, encompassing uplink/downlink paths between users and satellites as well as inter-satellite and feeder links, which have been shown in Figure 1.

The NCC handles tasks such as user registration, key distribution, and satellite configuration. The user segment, consisting of diverse end devices, interfaces through satellite links for services like broadband and navigation. LEO satellites maintain essential on-board capabilities (AD&C, TT&C, payloads) and enable secure channel setup via narrow-band inter-satellite links (ISLs). These ground-to-satellite links, while pivotal for global connectivity, require robust trust configurations to mitigate vulnerabilities. This architecture draws on the model introduced by Farreaa, K.A et al. [1] with adaptations for the MRFCO-ZTS framework.

4. The Development of the MRFCO-ZTS Approach

4.1. The Architecture of MRFCO-ZTS-Secured LEO Satellite Network

When applying a ZTS concept to satellite networks, classifying attackers and detector users is difficult because of the distinctive characteristics of satellite communication and the potential for sophisticated attacks. In addition, the cost function of conventional ZTS was higher in satellite networks. Hence, the MRFCO-ZTS approach is implemented by integrating the Manta Ray Foraging Optimization algorithm and ZTS for attack and detector classification via continuous verification. With the assistance of ZTS, the developed MRFCO-ZTS-secured LEO satellite system verifies satellite users continuously during communication sessions by using the rule of ‘Never trust, always verify’, whether the satellite users are inside or outside the network boundary. By using the ZTS protocol, the developed MRFCO-ZTS-secured LEO satellite system re-authenticates satellite users with each access request for every session by optimizing the cost function of attacker/detector classification. From this, the MRFCO-ZTS approach provides higher security levels through adding an extra layer of protection and ensuring that only authorized users and devices can access valuable resources in satellite networks. The architecture diagram of the MRFCO-ZTS-secured LEO satellite network is presented in Figure 2.

As presented in the above diagram, the MRFCO-ZTS approach initially considers zero-trust satellite networks with many satellite users. Then, the MRFCO-ZTS approach generates the cost function of ZTS by considering multiple factors, including attack likelihood, cumulative user risk, and computational delay. Subsequently, the MRFCO-ZTS approach utilizes Manta Ray Foraging Optimization (MRFO) to optimize the cost function of ZTS for continuous user verification with better resource efficiency. As a result, the MRFCO-ZTS approach can provide stronger security for data communication in satellite environments by finding honest and attack users in satellite networks via classification.

4.2. MRFCO-ZTS Approach

Satellite continuous authentication is a significant task in zero-trust security where it verifies user identity, device posture, and session behavior. However, combining continuous checking with zero-trust formulates several problems that impact security, user experience, and system performance in the satellite communication environment. Continuous checking of all users in every session requires the processing of contextual and behavioral data in real-time, which slows down the communication system, increases network strain, and affects overall performance when considering a larger environment. Scaling continuous verification for thousands of users and devices needs robust infrastructure and constant tuning. Hence, the efficiency of zero-trust security still needed to be improved with a greater number of input satellite users.

To address the issue of existing Zero-Trust Security, a novel cost function $C\left(M\right)$ has been developed based on attack, risk, and computational delay when considering a growing number of users in a satellite network. To optimize ZTS, our developed MRFCO-ZTS approach aims to minimize multi-objective cost function per user/session $i$, using

$$C\left(M\right)=\alpha ·a_i·r_i+\beta ·d_i+\gamma ·m_i$$

(1)

In Equation (1), $a_i$ refers to attack likelihood, $r_i$ indicates cumulative user risk, $d_i$ represents computational delay/overhead (due to continuous authentication), and $m$ denotes the misclassification penalty (

Table 1. Symbol definition.

Symbol	Meaning
$a_i$	Attack likelihood score for user/session $i$ (0 to 1)
$r_i$	Risk impact if misclassification occurs (0 to 1)
$d_i$	Computational delay or verification latency for $i$ (in milliseconds)
$m_i$	Misclassification penalty, 1 if misclassified, 0 otherwise
$\alpha ,\beta ,\gamma$	Tunable weights for security, performance, accuracy

).

Let us consider that attack probability increases with the number of users and is higher for non-potential users, which can be expressed mathematically as

$${ a}_i=a_1·log(M_p+1)+a_2·log\left(M_{np}1\right)$$

(2)

Here, $a_1<a_2$ indicates attacks are more expected from non-potential users.

$$r_i={\displaystyle \frac{1}{M}}\left(\sum _{i=1}^{M_p}{r}_{p,i}+\sum _{i=1}^{M_{np}}{r}_{np,j}\right)$$

(3)

In Equation (3), $r_{p,i}$ and $r_{np,j}$ show risk scores for individual users.

To define a cost function for computational delay that balances reduced latency and improved security in a satellite network using a ZTS concept for both potential and non-potential users, the following key terms are considered: $M_p$ refers to potential (trusted) users; $M_{np}$ represents non-potential (un-trusted) users. Then, the total number of users $M$ can be calculated as $M=M_p+M_{np}$.

$$d_i=w1·CD\left(M\right)+w2·L\left(M\right)-w3·S\left(M\right)$$

(4)

In Equation (4), $CD\left(M\right)$ depicts total computational delay, $L\left(M\right)$ defines latency as a function of users, $S\left(M\right)$ indicates security strength (e.g., number/intensity of ZTS checks), $D_i$ refers to computational delay, and $w1$,$w2$, and $w3$ represent weights balancing security, latency, and user importance.

Next, the computational delay of ZTS has been defined based on user types as

$$CD\left(M\right)=M_p·d_p+M_{np}·d_{np}$$

(5)

In Equation (5), $M_p$ and $M_{np}$ describe the number of possible non-potential users, $d_p$ represents the average delay per potential user (lower), and $d_{np}$ refers to the average delay per non-potential user (higher). Latency occurs due to satellite links and ZTS verification, which is represented mathematically as

$$L\left(M\right)=\omega (M_p·l_p+M_{np}·l_{np})$$

(6)

In Equation (6), $l_p<l_{np}$ and $\omega$ describes a system-specific constant.

$$S\left(M\right)=\sigma (M_p·s_p+M_{np}·s_{np})$$

(7)

In Equation (7), $s_p<s_{np}$ (more secure verifications for non-potential users); $\sigma$ is a security effectiveness constant. The objective function J(.) of the optimization algorithm is defined mathematically as

$$\mathrm{J}(.)=\underset{\theta }{\min }\sum _{i=1}^M{C}_i$$

(8)

Using Equations (1) and (8), this can be represented as

$$\mathrm{J}(.)=\underset{\theta }{\min }\sum _{i=1}^M[\alpha ·a_i·r_i+\beta ·d_i+\gamma ·m_i]$$

(9)

In Equation (9), $\theta$ indicates the parameters of the classification model. With the motivation of optimizing the cost function of the ZTS model for the classification of attacker/detector, a new metaheuristic algorithmic concept called Manta Ray Foraging Cost Optimization (MRFCO) is applied, which balances security, performance, and resource usage in the satellite network environment. The MRFCO is implemented based on the foraging behavior of manta rays in ocean environments. To apply MRFCO under a ZTS model for optimizing a cost function, we must align MRFO’s exploration–exploitation procedure with the security objectives of ZTS, including the following: (1) finding attackers vs. detectors, (2) reducing computational delay, (3) minimizing risk while maintaining security assurance, and (4) supporting dynamic authentication decisions.

In ZTS, every access request of satellite users must be authenticated continuously. This leads to complex decision-making, often involving dynamic risk scores, delay-sensitive authentication, and adaptive access control (deny, grant). Hence, an optimized cost function assists in balancing performance and achieving security. In MRFCO, manta rays contain distinctive foraging plans to find plankton and small fish using three key behaviors, i.e., chain foraging, cyclone foraging, and somersault foraging. Each signifies different phases of exploration and exploitation. Let us assume that $z_i$ indicates the position of the $i^{th}$ manta ray (solution), $z_{best}$ defines the global best solution, $t$ defines the current iteration, and $T$ represents maximum iterations. Next, the different types of foraging plans considered in our developed MRFCO-ZTS are represented, as follows:

(1)

Chain foraging: Create sequential foraging using the mathematical formulation below:

$$z_i^{t+1}=z_i^t+{\alpha }_1·\left(z_{best}^t-z_i^t\right)+{\alpha }_1·(z_{i-1}^t-z_i^t)$$

(10)

In Equation (10), ${\alpha }_1,{\alpha }_2~U(0,1)$, which is good for global exploration.

(2)

Cyclone Foraging: Forms circular swimming to encircle, using the formula below:

$$z_i^{t+1}=z_i^t+r·\left(z_{best}^t-z_i^t\right)·\mathrm{s}\mathrm{i}\mathrm{n}\left({\displaystyle \frac{\pi t}{T}}\right)$$

(11)

The above equation supports convergence and spiral search toward the best position.

(3)

Somersault Foraging: Local fine-tuning through somersault maneuvers, using the formula below:

$$z_i^{t+1}=z_i^t+S·({\alpha }_1·z_{best}^t-{\alpha }_2·z_i^t)$$

(12)

In Equation (12), $S$ refers to the somersault factor (e.g., 2). Using this exploitation-focused method helps refine the solutions and thus minimize the cost function of the ZTS approach for accurate classification of users. To better recognize the possible foraging, a novel classification rule has been developed and used in the developed MRFCO-ZTS approach.

Based on cost minimization, the classification decision rule for satellite user ‘$i$’ is mathematically described as

$$\widehat{y}=\left\{\begin{array}{c}\mathrm{If} \alpha ·A_i·R_i+\beta ·D_i+\gamma ·m_i>t_u , \mathrm{then} \widehat{y}=1 \mathrm{and} \mathrm{user} i \mathrm{is} \mathrm{classified} \mathrm{as} \mathrm{attacker}\\ \mathrm{Otherwise} , \mathrm{then} \widehat{y}=0 \mathrm{and} \mathrm{user} i is \mathrm{classified} \mathrm{as} \mathrm{detector}\end{array}\right.$$

(13)

In Equation (13), $t_u$ denotes the decision threshold, i.e., trust score threshold. By using the above equation, each user in the satellite network is efficiently classified as an attacker or detector (i.e., legitimate) according to their activity patterns (i.e., cost function). The

Table 2. Classification result and detector action.

$\mathbf{Classification} \mathbf{Result} \widehat{\mathit{y}}$	Detector Action
$i$ = Legitimate	Give full access to all services
$S_i$ = Attacker	Immediate block, alert, forensic log

below shows detector actions based on classification results.

The Algorithm 1 of the manta ray foraging cost-optimized zero-trust security approach for attacker/detector classification is given below.

Algorithm 1 Manta ray foraging cost-optimized zero-trust security approach for attacker/detector classification algorithm

1: Input: Number of satellites $i_1,i_2,..,i_M$’; Behavior logs, access pattern, trust score 2: Output: Minimum-cost classification model (deny, allow) for achieving higher security 3: Begin 4: Number of satellite users $i_1,i_2,..,i_M$’ 5: For all satellite users $i$ in the network 6: Define cost function $C\left(M\right)=\alpha ·a_i·r_i+\beta ·d_i+\gamma ·m_i$ 7: Determine Attack likelihood score ‘$a_i$’$a_i=a_1·log(M_p+1)+a_2·log\left(M_{np}1\right)$ 8: Measure cumulative user risk $r_i={\displaystyle \frac{1}{M}}\left(\sum _{i=1}^{M_p}{r}_{p,i}+\sum _{i=1}^{M_{np}}{r}_{np,j}\right)$ 9: Calculate computational delay $d_i=w1·CD\left(M\right)+w2·L\left(M\right)-w3·S\left(M\right)$ 10: Define the Objective Function of optimization $\mathrm{J}(.)=\underset{\theta }{\min }\sum _{i=1}^M[\alpha ·a_i·r_i+\beta ·d_i+\gamma ·m_i]$ 11: Apply MRFCO Concept, initialize population $z_i$ by considering ‘$t_u$’ 12: For each $z_i$, Measure fitness $\alpha ·a_i·r_i+\beta ·d_i+\gamma ·$ 13: While not termination 14: Choose foraging mode (Chain, Cyclone, Somersault) 15: Update $z_i$ position $z_i^{t+1}=z_i^t+{\alpha }_1·\left(z_{best}^t-z_i^t\right)+{\alpha }_1·(z_{i-1}^t-z_i^t)$ 16: Determine new fitness i.e., Re-evaluate cost, Update $z_{best}^t$ if required 17: Return $z_{best}^t$ as optimal parameters for ZTS classification 18: Cyclone Foraging $z_i^{t+1}=z_i^t+r·\left(z_{best}^t-z_i^t\right)·\mathrm{s}\mathrm{i}\mathrm{n}\left({\displaystyle \frac{\pi t}{T}}\right)$ 19: Somersault Foraging $z_i^{t+1}=z_i^t+S·({\alpha }_1·z_{best}^t-{\alpha }_2·z_i^t)$ 20: $\widehat{y}=\left\{\begin{array}{c}\mathrm{If} \alpha ·A_i·R_i+\beta ·D_i+\gamma ·m_i>t_u , \mathrm{then} \widehat{y}=1 \mathrm{and} \mathrm{user} i \mathrm{is} \mathrm{classified} \mathrm{as} \mathrm{Attacker}\\ \mathrm{Otherwise} , \mathrm{then} \widehat{y}=0 \mathrm{and} \mathrm{user} i \mathrm{is} \mathrm{classified} \mathrm{as} \mathrm{detector}\end{array}\right.$ 21: End While 22: End For 23: End

5. Simulation

The proposed MRFCO-ZTS model and existing Zero-Trust Authentication Approach with Hyperelliptic Curve Cryptography (ZTAP-HECC) [1] are implemented in MATLAB (R2024b). During the simulation, the number of satellite users varies in a range of 50 to 250, which is considered as an input. The simulations and model evaluations were executed on a standalone desktop system with the following specifications (

Table 3. Hardware configuration.

Component	Specification
Processor (CPU)	Intel Core i5-11400F @ 2.60 GHz (6 cores, 12 threads) (Intel Corporation, Santa Clara, CA, USA)
RAM	16 GB DDR4 @ 3200 MHz (MHzKingston Technology, Fountain Valley, CA, USA)
Storage	512 GB NVMe SSD (Kingston Technology, Fountain Valley, CA, USA)
GPU (optional use)	NVIDIA GTX 1650 (4 GB GDDR6, CUDA-capable) (NVIDIA Corporation, Santa Clara, CA, USA)
Power Supply	500 W PSU, consistent 220 V input (Corsair Components, Fremont, CA, USA)
Operating System	Windows 10 Pro (64-bit), version 22H2 (Microsoft Corporation, Redmond, WA, USA)

,

Table 4. Software environment.

Category	Configuration
Simulation Platform	MATLAB R2024b (64-bit)
MATLAB Toolboxes	Optimization Toolbox; Statistics and Machine Learning Toolbox
Programming Language	MATLAB scripting (M-code)
Execution Mode	Script and function-based batch simulations
Parallel Computing	Disabled (single-node simulation)

,

Table 5. Used libraries and functions.

Function	Description
fmincon()	Constrained optimization (baseline comparison)
Custom mrfo_cost_function()	Implements MRFO-based attacker classification
rand(), normrnd()	Random-number generation for synthetic user behavior
surf(), plot3(), bar()	Visualization of cost landscapes and classification results
Custom trust-score module	Rule-based and probabilistic trust-score evaluation
tic; toc;	Used for measuring simulation time

and

Table 6. Simulation Input Models.

Element	Value/Description
User Sessions Simulated	250 to 1200 dynamic users per run
Session Duration	600 s (10 min real-time simulation)
Cost Function Range	0.1 to 4.8
Authentication Cycle	Every 1.5–3 s (configurable interval)
Attack Behavior	Injected synthetic mimicry, burst, and random attacks
Trust Score Model	Probabilistic model based on user activity logs
Classification Output	Binary (Legitimate, Attacker), with risk tagging

):

In the MRFCO-ZTS Model, continuous authentication is based on the cost function of ZTS. The following

Table 7. Real-world simulation performance results.

User_ID	Sessions	Avg_Risk_Score	Suspicious_Sessions	Total_Cost	User_Type
“User_1”	39	0.82	27	318.82	“Attacker”
“User_2”	43	0.62	22	268.25	“Detector”
“User_3”	37	0.63	16	223.85	“Detector”
“User_4”	34	0.63	17	214.93	“Detector”
“User_5”	32	0.7	18	253.74	“Attacker”

shows the evaluation of five user sessions.

The simulation performance output of the developed MRFCO-ZTS approach is compared against the conventional existing Zero-Trust Authentication Protocol with Hyperelliptic Curve Cryptography (ZTAP-HECC) [1] using the below metrics:

• Security level;
• Latency;
• Efficiency.

5.1. Performance Measure of Security

The security level is determined in terms of confidentiality. From this, the security level ($\zeta$) is measured based on the ratio of the number of data packets that are accessed only by authorized users to the total data packets considered as input. Accordingly, the security level ($\zeta$) is mathematically calculated using the following formula:

$$\zeta ={\displaystyle \frac{{\nu }_{auth}}{\nu }}·100$$

(14)

In Equation (14), ‘${\nu }_{auth}$’ defines the data packets that are accessed only by authentic users in a satellite network environment, whereas ‘$\nu$’ indicates thetotal data packets assumed as input for experimental work. The security rate of inter-satellite communication is estimated in terms of percentage (%).

Table 8. Simulation performance of security level.

Number of Data	Security Level (%)
Packets	Existing ZTAP-HECC	Proposed MRFCO-ZTS Mode
50	90.11	96
100	90.73	96.55
150	91.41	96.79
200	92.80	97.04
250	93.32	97.88

and Figure 3 demonstrate the simulation results of security level based on data confidentiality in a satellite environment using the developed MRFCO-ZTS approach and state-of-the-art ZTAP-HECC [1]. During the simulation process, varying numbers of data packets in the range of 50 to 250 are considered as input. As exposed in the above tabulation and graphical comparative analysis, the developed MRFCO-ZTS approach achieved a higher security level for data communication in the satellite environment via continuously authenticating all the users at each session. In addition, the developed MRFCO-ZTS approach provides better security performance while increasing the number of input data packets thereto be transmitted over satellite networks when compared to conventional ZTAP-HECC [1]. This is because the process of MRFCO and ZTS in our work advances state-of-the-art works by balancing computational cost, security, and data integrity. The MRFCO-ZTS approach continuously observes user activity, such as keyboard input patterns, device behavior, and network activity, to notice any deviations from the established baseline. From this, the MRFCO-ZTS model greatly prevents unauthorized access via classification. Hence, the developed MRFCO-ZTS approach’s ratio of the number of data packets that are accessed only by authentic users in a satellite environment improves. As a consequence, the developed MRFCO-ZTS approach obtains a 97.88% security level while considering 250 users as input, whereas the conventional ZTAP-HECC [1] obtained 93.32%.

5.2. Performance Measure of Latency

Latency is determined based on the amount of time taken in order to reliably deliver the data packets between the legitimate users in the satellite network. Thus, the latency is mathematically measured using the following formula:

$$L=\sum _{i=1}^n{\delta }_i·\mathsf{\tau }$$

(15)

In Equation (15), ‘${\delta }_i$’ refers to a data packet and ‘$\mathsf{\tau }$’ describes the time utilized for efficiently transmitting the single data packets in the network, whereas ‘$n$’ depicts the total number of data packets assumed as input. The latency is calculated in terms of milliseconds (ms).

Table 9. Simulation latency performance.

Number of Data	Latency (ms)
Packets	Existing ZTAP-HECC	Proposed MRFCO-ZTS Model
50	0.53	0.34
100	0.65	0.52
150	0.96	0.77
200	1.38	0.96
250	1.80	1.15

and Figure 4 display the comparative testing results of latency for various numbers of input data packets using the developed MRFCO-ZTS approach and the existing ZTAP-HECC [1]. During the experimental evaluation, different numbers of data packets in the range of 50 to 250 are gathered as input to test the performance of the developed work. As depicted in the above tabulation and graphical diagram, the developed MRFCO-ZTS approach acquired minimum latency during the secure satellite communication process via continuous authentication. Also, the developed MRFCO-ZTS approach gives better latency output while considering the greater number of data packets as input when compared to conventional ZTAP-HECC [1]. This is owing to the application of cost-optimized ZTS for seamless user authentication in our proposed work, contrary to conventional ZTS-secured communication systems. For this reason, the developed MRFCO-ZTS model reduces the time required for reliably delivering the data packets among the authentic users in the satellite network. Thus, the developed MRFCO-ZTS approach achieved a 1.15 ms latency while assuming 250 users as input, whereas existing ZTAP-HECC [1] obtained a 1.80 ms latency.

5.3. Performance Measure of Efficiency

Efficiency is determined in terms of authentication accuracy. Thus, efficiency determines the system’s ability to maintain security, performance, and resource efficiency while the number of nodes, users, or connections increases. This incorporates ground stations, satellites, user terminals, and routing paths. When the efficiency or scalability is higher, the proposed model provides secure access for millions of user terminals. Accordingly, efficiency ($\epsilon$) is mathematically calculated using the following:

$$\mathsf{\epsilon }={\displaystyle \frac{{\mu }_{auth}}{M}}·100$$

(16)

In Equation (16), ‘${\mu }_{auth}$’ refers to the corrected number of satellite users authenticated as an attacker or detector, whereas ‘$M$’ denotes the total satellite users considered as input for simulation work. The efficiency is estimated in terms of percentage (%).

Table 10. Simulation performance of efficiency.

Number of Satellite	Efficiency (%)
Users	Existing ZTAP-HECC	Proposed MRFCO-ZTS Model
40	92.05	95.12
80	92.49	95.46
120	92.92	95.88
160	93.50	96.20
200	94.11	96.62

and Figure 5 present testing results of authentication efficiency for different numbers of input satellite users using the developed MRFCO-ZTS approach and conventional ZTAP-HECC [1]. During the implementation, various numbers of satellite users in the range of 40 to 200 are used as an input to examine the performance of the proposed work for continuous authentication. As illustrated in the above tabulation and graphical representation, the developed MRFCO-ZTS approach achieves a higher authentication efficiency during satellite communication tasks. Also, the developed MRFCO-ZTS approach provides better authentication accuracy while assuming a larger number of satellite users when compared to existing ZTAP-HECC [1]. This is due to the usage of MRFO and ZTS in our developed MRFCO-ZTS approach, contrary to existing research works. The MRFCO-ZTS model considers the cost function of satellite users for continuous authentication. Therefore, the developed MRFCO-ZTS approach increases the ratio of the number of satellite users rightly authenticated as attackers or detectors in satellite networks. Accordingly, the developed MRFCO-ZTS approach achieves a 96.62% authentication efficiency while taking 250 satellite users as input, whereas existing ZTAP-HECC [1] attained 94.11%.

5.4. Scalability to Large Satellite Constellations (e.g., 1000+ Nodes)

In

Table 11. Simulation performance of scalability.

Satellites	Authentication Accuracy (%)	Average Latency (ms)	Average MRFO Iterations	Peak Memory Per Node (MB)
250	96.6	1.10	42	4.2
500	95.8	1.35	45	5.3
750	94.7	1.72	48	6.1
1000	93.4	2.08	52	6.9
1200	91.9	2.46	57	7.5

, accuracy degrades slightly due to increased classification complexity and overlapping behavior patterns. Latency and memory usage grow linearly, suggesting MRFCOZTS can scale but may need distributed optimization or regional segmentation.

5.5. Energy/Resource Consumption per Authentication Cycle

In

Table 12. Simulation performance of energy/resource consumption.

Action Phase	Avg CPU Time (ms)	Energy Consumption (mJ)	Comm Overhead (Bytes/Session)
Trust Score Calculation	3.5	12.2	250
Cost Function Evaluation	2.8	10.5	—
MRFO-Based Optimization	5.2	19.1	—
Final Classification and Action	1.1	3.8	150 (alert or grant signal)
Total per Cycle	12.6 ms	45.6 mJ	~400 bytes

, resource usage is moderate and feasible for onboard satellite computers (assuming ARM-class CPUs). It can be further reduced by caching prior trust scores and limiting full re-optimization for high-confidence sessions.

5.6. Robustness to Adaptive Attacks (e.g., Mimicry, Distributed Spoofing)

In

Table 13. Simulation performance of robustness to adaptive attacks.

Attack Type	Detection Rate (%)	False Negative Rate (%)	Avg Detection Delay (ms)	Remarks
Baseline Random Attack	97.4	2.6	1.3	High sensitivity maintained
Mimicry Behavior Attack	89.5	10.5	2.4	Delay increases; cost function less discriminative
Distributed Coordinated	91.8	8.2	2.1	MRFO adaptation helps isolate spatial patterns

, one can see that the model maintains strong robustness for distributed attacks and slight vulnerability to mimicry attacks due to static behavior inputs.

6. Conclusions

This paper develops a novel MRFCO-ZTS approach with the motivation of strengthening the security of inter-satellite communication and enhancing resource efficiency by optimizing a novel well-defined cost function of ZTS. The implemented MRFCO-ZTS approach efficiently authenticates the identity of satellites before they can connect with each other, thus achieving secure data exchange between them. Also, the MRFCO-ZTS approach minimizes the attack surface and avoids illegitimate access to the satellite network. By continuously monitoring every communication link, the MRFCO-ZTS model increases the network’s resilience against both ground-based and space-based risks by classifying users as honest or malicious users. By performing continuous authentication within the satellite network, the MRFCO-ZTS approach minimizes the requirements of ground station contribution which effectively decreases latency. In addition, the MRFCO-ZTS approach improves the overall reliability and efficiency of satellite communication by minimizing the cost function of ZTS based on attack, risk, and computational delay. The simulation testing results proved that the MRFCO-ZTS model gives better performance with an improvement of security level, efficiency, and minimization of latency when compared to existing research works.