SAX: a privacy preserving general pupose methodapplied to detection of intrusions

To overcome the problem of attacks on networks, new Intrusion Detection System (IDS) approaches have been proposed in recent years. They consist in identifying signatures of known attacks to compare them to each request and determine whether it is an attack or not. However, these methods are set to default when the attack is unknown from the database of signatures. Usually this problem is solved by calling human expertise to update the database of signatures. However, it is frequent that an attack has already been detected by another organization and it would be useful to be able to benefit from this knowledge to enrich the database of signatures. Unfortunately this information is not so easy to obtain. In fact organizations do not necessarily want to spread the information that they have already faced this type of attack. In this paper we propose a new approach to intrusion detection in a collaborative environment but by preserving the privacy of the collaborative organizations. Our approach works for any signature even if it needs a complex program to be detected and insure that no information is disclosed on the content of any of the sites. For this pupose, we have developped a general method (SAX) that allows to compute any algorithm while preserving privacy of data and also of the program code which is computed.

[1]  Arthur B. Maccabe,et al.  The architecture of a network level intrusion detection system , 1990 .

[2]  Christopher Leckie,et al.  Evaluation of a Decentralized Architecture for Large Scale Collaborative Intrusion Detection , 2007, 2007 10th IFIP/IEEE International Symposium on Integrated Network Management.

[3]  John McHugh,et al.  Defending Yourself: The Role of Intrusion Detection Systems , 2000, IEEE Software.

[4]  Manish Parashar,et al.  Cooperative Defence Against DDoS Attacks , 2006, J. Res. Pract. Inf. Technol..

[5]  Qi Zhang,et al.  Indra: a peer-to-peer approach to network intrusion detection and prevention , 2003, WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003..

[6]  Terry Dwain Escamilla,et al.  Intrusion detection: network security beyond the firewall , 1998 .

[7]  Murat Kantarcioglu,et al.  An architecture for privacy-preserving mining of client information , 2002 .

[8]  Paul E. Proctor,et al.  Practical Intrusion Detection Handbook , 2000 .

[9]  Frédéric Cuppens,et al.  Alert correlation in a cooperative intrusion detection framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[10]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Worm Detection and Signature Generation , 2005, RAID.

[11]  M.E. Locasto,et al.  Towards collaborative security and P2P intrusion detection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.