Maintaining privacy in anomaly-based intrusion detection systems

Purpose – The goal of our work is to discuss the fundamental issues of privacy and anomaly‐based intrusion detection systems (IDS) and to design an efficient anomaly‐based intrusion IDS architecture where users' privacy is maintained.Design/methodology/approach – In this work, any information that can link intrusion detection activity to a user is encrypted so as to pseudonyze the sensitive information. A database of encrypted information would then be created which becomes the source database for the IDS. The design makes use of dynamic key generation algorithm that generates key randomly when an intrusion is detected. The keys are only released when an intrusion occurs and immediately swapped to protect harm access to the mapping database.Findings – The result after testing the new privacy maintained IDS architecture on an application package shows greater improvement over the ordinary IDSs. Privacy complaints reduced considerably from between 8 and 16 per week to about 1‐2.Research limitations/implicat...

[1]  Gunar E. Liepins,et al.  Detection of anomalous computer session activity , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[2]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[3]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[4]  Harold S. Javitz,et al.  The NIDES Statistical Component Description and Justification , 1994 .

[5]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[6]  Tom Fawcett,et al.  Combining Data Mining and Machine Learning for Effective User Profiling , 1996, KDD.

[7]  Terran Lane,et al.  An Application of Machine Learning to Anomaly Detection , 1999 .

[8]  Erland Jonsson,et al.  Anomaly-based intrusion detection: privacy concerns and other problems , 2000, Comput. Networks.

[9]  Erland Jonsson,et al.  Risks and Dangers of Security Extensions , 2001 .

[10]  Karl N. Levitt,et al.  Execution monitoring of security-critical programs in distributed systems: a specification-based approach , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[11]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[12]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[13]  S. E. Smaha Haystack: an intrusion detection system , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[14]  Sandeep Kumar,et al.  Classification and detection of computer intrusions , 1996 .

[15]  Kristopher Kendall,et al.  A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems , 1999 .

[16]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[17]  Erland Jonsson,et al.  Survey of Intrusion Detection Research , 2002 .

[18]  Kai Rannenberg,et al.  Pseudonymous audit for privacy enhanced intrusion detection , 1997, SEC.

[19]  Salvatore J. Stolfo,et al.  Real time data mining-based intrusion detection , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[20]  Alfonso Valdes,et al.  Adaptive, Model-Based Monitoring for Cyber Attack Detection , 2000, Recent Advances in Intrusion Detection.