Privacy Violation Classification of Snort Ruleset

It is important to analyse the privacy impact of Intrusion Detection System (IDS) rules, in order to understand and quantify the privacy-invasiveness of network monitoring services. The objective in this paper is to classify Snort rules according to the risk of privacy violations in the form of leaking sensitive or confidential material. The classification is based on a ruleset that formerly has been manually categorised according to our PRIvacy LEakage (PRILE) methodology. Such information can be useful both for privacy impact assessments and automated tests for detecting privacy violations. Information about potentially privacy violating rules can subsequently be used to tune the IDS rule sets, with the objective to minimise the expected amount of data privacy violations during normal operation. The paper suggests some classification tasks that can be useful both to improve the PRILE methodology and for privacy violation evaluation tools. Finally, two selected classification tasks are analysed by using a Naïve Bayes classifier.

[1]  Vern Paxson,et al.  A high-level programming environment for packet trace anonymization and transformation , 2003, SIGCOMM '03.

[2]  Karen Scarfone,et al.  Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[3]  Hartmut König,et al.  The Intrusion Detection System AID - Architecture, and Experiences in Automated Audit Analysis , 1996, Communications and Multimedia Security.

[4]  Roger Larsen,et al.  BRO - an Intrusion Detection System , 2011 .

[5]  Vern Paxson,et al.  Bro Intrusion Detection System , 2006 .

[6]  Thomas Holz An efficient distributed intrusion detection scheme , 2004, Proceedings of the 28th Annual International Computer Software and Applications Conference, 2004. COMPSAC 2004..

[7]  Nick Cercone,et al.  Privacy intrusion detection using dynamic Bayesian networks , 2006, ICEC '06.

[8]  Ulrich Flegel,et al.  Privacy-Respecting Intrusion Detection , 2007, Advances in Information Security.

[9]  Dogan Kesdogan,et al.  Privacy Enhanced Intrusion Detection , 1999 .

[10]  Ewan Klein,et al.  Natural Language Processing with Python , 2009 .

[11]  Karen A. Scarfone,et al.  The Common Vulnerability Scoring System (CVSS) and its Applicability to Federal Agency Systems , 2007 .

[12]  Nir Friedman,et al.  Bayesian Network Classifiers , 1997, Machine Learning.

[13]  Mark S. Fox,et al.  Proceedings of the 8th international conference on Electronic commerce: The new e-commerce: innovations for conquering current barriers, obstacles and limitations to conducting successful business on the internet , 2006 .

[14]  Kai Rannenberg,et al.  Pseudonymous audit for privacy enhanced intrusion detection , 1997, SEC.

[15]  Vladimir A. Oleshchuk,et al.  PRIvacy LEakage Methodology (PRILE) for IDS Rules , 2009, PrimeLife.