TY - GEN
T1 - Preserving organizational privacy in intrusion detection log sharing
AU - Bahşi, Hayretdin
AU - Levi, Albert
PY - 2011
Y1 - 2011
N2 - This paper presents a privacy-preserving framework for organizations that need to share their logs of intrusion detection systems with a centralized intrusion log management center. This centralized center may be an outsourced company that provides an intrusion detection management service to organizations or a system of the National Computer Emergency Response Team that probes the attacks targeting organizations that have critical information systems. For reasons of ensuring privacy, we adopt the notion of l-Diversity in the course of collecting intrusion logs from organizations. Within our framework, an organization ensures the people in the center cannot discern the exact origin of any intrusion log among the other l-1 organizations. Also, it is not possible to precisely identify the classification type of an intrusion log from among other l-1 types. Within this framework, the intrusion log management center can analyze the anonymous data, since the proposed privacy preserving solution creates little information loss. If required, it sends an alarm to the appropriate organization within a reasonable time. The center has the option of publishing useful information security statistics about specific organizations or about the whole ecosystem by using the privacy preserved intrusion logs.
AB - This paper presents a privacy-preserving framework for organizations that need to share their logs of intrusion detection systems with a centralized intrusion log management center. This centralized center may be an outsourced company that provides an intrusion detection management service to organizations or a system of the National Computer Emergency Response Team that probes the attacks targeting organizations that have critical information systems. For reasons of ensuring privacy, we adopt the notion of l-Diversity in the course of collecting intrusion logs from organizations. Within our framework, an organization ensures the people in the center cannot discern the exact origin of any intrusion log among the other l-1 organizations. Also, it is not possible to precisely identify the classification type of an intrusion log from among other l-1 types. Within this framework, the intrusion log management center can analyze the anonymous data, since the proposed privacy preserving solution creates little information loss. If required, it sends an alarm to the appropriate organization within a reasonable time. The center has the option of publishing useful information security statistics about specific organizations or about the whole ecosystem by using the privacy preserved intrusion logs.
KW - intrusion detection
KW - log sharing
KW - privacy preserving framework
UR - http://www.scopus.com/inward/record.url?scp=80051981562&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=80051981562&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:80051981562
SN - 9789949904020
T3 - 2011 3rd International Conference on Cyber Conflict, ICCC 2011 - Proceedings
BT - 2011 3rd International Conference on Cyber Conflict, ICCC 2011 - Proceedings
T2 - 2011 3rd International Conference on Cyber Conflict, ICCC 2011
Y2 - 7 June 2011 through 10 June 2011
ER -