Preserving organizational privacy in intrusion detection log sharing

This paper presents a privacy-preserving framework for organizations that need to share their logs of intrusion detection systems with a centralized intrusion log management center. This centralized center may be an outsourced company that provides an intrusion detection management service to organizations or a system of the National Computer Emergency Response Team that probes the attacks targeting organizations that have critical information systems. For reasons of ensuring privacy, we adopt the notion of l-Diversity in the course of collecting intrusion logs from organizations. Within our framework, an organization ensures the people in the center cannot discern the exact origin of any intrusion log among the other l-1 organizations. Also, it is not possible to precisely identify the classification type of an intrusion log from among other l-1 types. Within this framework, the intrusion log management center can analyze the anonymous data, since the proposed privacy preserving solution creates little information loss. If required, it sends an alarm to the appropriate organization within a reasonable time. The center has the option of publishing useful information security statistics about specific organizations or about the whole ecosystem by using the privacy preserved intrusion logs.

[1]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[2]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[3]  Mostafa H. Ammar,et al.  Prefix-preserving IP address anonymization: measurement-based security evaluation and a new cryptography-based scheme , 2004, Comput. Networks.

[4]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[5]  William Yurcik,et al.  Outsourcing Security Analysis with Anonymized Logs , 2006, 2006 Securecomm and Workshops.

[6]  Traian Marius Truta,et al.  Protection : p-Sensitive k-Anonymity Property , 2006 .

[7]  Albert Levi,et al.  Data Collection Framework for Energy Efficient Privacy Preservation in Wireless Sensor Networks Having Many-to-Many Structures , 2010, Sensors.

[8]  Yifan Li,et al.  Sharing network logs for computer forensics: a new tool for the anonymization of netflow records , 2005, Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005..

[9]  Periklis Andritsos,et al.  Software clustering based on information loss minimization , 2003, 10th Working Conference on Reverse Engineering, 2003. WCRE 2003. Proceedings..

[10]  Philip S. Yu,et al.  Privacy-preserving data publishing: A survey of recent developments , 2010, CSUR.

[11]  Albert Levi,et al.  k-anonymity based framework for privacy preserving data collection in wireless sensor networks , 2010, Turkish Journal of Electrical Engineering and Computer Sciences.