Top

International Journal of Information Security

Published in:

13-06-2020 | regular contribution

Using homomorphic encryption for privacy-preserving clustering of intrusion detection alerts

Authors: Georgios Spathoulas, Georgios Theodoridis, Georgios-Paraskevas Damiris

Published in: International Journal of Information Security | Issue 3/2021

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Cyber-security attacks are becoming more frequent and more severe day by day. To detect the execution of such attacks, organizations install intrusion detection systems. It would be beneficial for such organizations to collaborate, to better assess the severity and the importance of each detected attack. On the other hand, it is very difficult for them to exchange data, such as network traffic or intrusion detection alerts, due to privacy reasons. A privacy-preserving collaboration system for attack detection is proposed in this paper. Specifically, homomorphic encryption is used to perform alerts clustering at an inter-organizational level, with the use of an honest but curious trusted third party. Results have shown that privacy-preserving clustering of intrusion detection alerts is feasible, with a tolerable performance overhead.

previous article Evaluating visualization approaches to detect abnormal activities in network traffic data

next article MalFamAware: automatic family identification and malware classification through online clustering

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Andreolini, M., Colajanni, M., Marchetti, M.: A collaborative framework for intrusion detection in mobile networks. Inf. Sci. 321(C), 179–192 (2015). https://doi.org/10.1016/j.ins.2015.03.025CrossRef

Axelsson, S.: The base-rate fallacy and the difficulty of intrusion detection. ACM Trans. Inf. Syst. Secur. (TISSEC) 3(3), 186–205 (2000)CrossRef

Barry, B.I.A., Chan, H.A.: Intrusion Detection Systems, pp. 193–205. Springer, Berlin (2010)

Benali, F., Bennani, N., Gianini, G., Cimato, S.: A distributed and privacy-preserving method for network intrusion detection. In: OTM Confederated International Conferences On the Move to Meaningful Internet Systems, pp. 861–875. Springer (2010)

Boneh, D., Goh, E.J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Theory of Cryptography Conference, pp. 325–341. Springer (2005)

Dara, S., Muralidhara, V.: Privacy preserving architectures for collaborative intrusion detection. arXiv preprint arXiv:1602.02452 (2016)

Davis, C.: The norm of the schur product operation. Numer. Math. 4(1), 343–344 (1962). https://doi.org/10.1007/BF01386329MathSciNetCrossRefMATH

Dermott, A., Shi, Q., Kifayat, K.: Collaborative intrusion detection in federated cloud environments. J. Comput. Sci. Appl. 3(3A), 10–20 (2015). https://doi.org/10.12691/jcsa-3-3A-2CrossRef

Do, H.G., Ng, W.K.: Privacy-preserving approach for sharing and processing intrusion alert data. In: 2015 IEEE Tenth International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), pp. 1–6. IEEE (2015)

10.

Fayi, S.Y.A.: What petya/notpetya ransomware is and what its remidiations are. In: Information Technology-New Generations, pp. 93–100. Springer (2018)

11.

Francois, J., Aib, I., Boutaba, R.: Firecol: a collaborative protection network for the detection of flooding ddos attacks. IEEE/ACM Trans. Netw. 20(6), 1828–1841 (2012)CrossRef

12.

Gogoi, P., Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Packet and flow based network intrusion dataset. In: Parashar, M., Kaushik, D., Rana, O.F., Samtaney, R., Yang, Y., Zomaya, A. (eds.) Contemporary Computing, pp. 322–334. Springer, Berlin (2012)CrossRef

13.

Ho, C.Y., Lai, Y.C., Chen, I.W., Wang, F.Y., Tai, W.H.: Statistical analysis of false positives and false negatives from real traffic with intrusion detection/prevention systems. IEEE Commun. Mag. 50(3), 146–154 (2012)CrossRef

14.

Hong, J., Liu, C.C.: Intelligent electronic devices with collaborative intrusion detection systems. IEEE Trans. Smart Grid PP(99), 1-1 (2017). https://doi.org/10.1109/TSG.2017.2737826CrossRef

15.

Horn, R.A.: The hadamard product. Proc. Symp. Appl. Math. 40, 87–169 (1990)MathSciNetCrossRef

16.

Jin, R., He, X., Dai, H.: On the tradeoff between privacy and utility in collaborative intrusion detection systems-a game theoretical approach. In: Proceedings of the Hot Topics in Science of Security: Symposium and Bootcamp, HoTSoS, pp. 45–51. ACM, New York, NY, USA (2017). https://doi.org/10.1145/3055305.3055311

17.

Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: Ddos in the iot: Mirai and other botnets. Computer 50(7), 80–84 (2017)CrossRef

18.

Lazarevic, A., Kumar, V., Srivastava, J.: Intrusion Detection: A Survey, pp. 19–78. Springer, Boston (2005)

19.

Li, W., Meng, W., Kwok, L.F., Horace, H.: S: Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivity-based trust management model. J. Netw. Comput. Appl. 77, 135–145 (2017). https://doi.org/10.1016/j.jnca.2016.09.014CrossRef

20.

Liang, H., Ge, Y., Wang, W., Chen, L.: Collaborative intrusion detection as a service in cloud computing environment. In: 2015 IEEE International Conference on Progress in Informatics and Computing (PIC), pp. 476–480 (2015). https://doi.org/10.1109/PIC.2015.7489893

21.

McHugh, J., Christie, A., Allen, J.: Defending yourself: the role of intrusion detection systems. IEEE Softw. 17(5), 42–51 (2000)CrossRef

22.

Milenkoski, A., Vieira, M., Kounev, S., Avritzer, A., Payne, B.D.: Evaluating computer intrusion detection systems: a survey of common practices. ACM Comput. Surv. (CSUR) 48(1), 12 (2015)CrossRef

23.

Morais, A., Cavalli, A.: A distributed and collaborative intrusion detection architecture for wireless mesh networks. Mobile Netw. Appl. 19(1), 101–120 (2014). https://doi.org/10.1007/s11036-013-0457-8CrossRef

24.

Nicolas, J.L., Robin, G.: Highly composite numbers by srinivasa ramanujan. Ramanujan J. 1(2), 119–153 (1997). https://doi.org/10.1023/A:1009764017495MathSciNetCrossRef

25.

Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: International Conference on the Theory and Applications of Cryptographic Techniques, pp. 223–238. Springer (1999)

26.

Pietraszek, T., Tanner, A.: Data mining and machine learning-towards reducing false positives in intrusion detection. Inf. Secur. Tech. Rep. 10(3), 169–183 (2005)CrossRef

27.

Ring, M., Wunderlich, S., Scheuring, D., Landes, D., Hotho, A.: A survey of network-based intrusion detection data sets. Comput. Secur. 86, 147–167 (2019)CrossRef

28.

Roesch, M.: Snort—lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX Conference on System Administration, LISA’99, pp. 229–238. USENIX Association, Berkeley, CA, USA (1999). http://dl.acm.org/citation.cfm?id=1039834.1039864

29.

Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357–374 (2012). https://doi.org/10.1016/j.cose.2011.12.012CrossRef

30.

Singh, S.S., Chauhan, N.: K-means v/s k-medoids: a comparative study. In: National Conference on Recent Trends in Engineering & Technology, vol. 13 (2011)

31.

Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 305–316. IEEE (2010)

32.

Spathoulas, G.P., Katsikas, S.K.: Reducing false positives in intrusion detection systems. Comput. Secur. 29(1), 35–44 (2010)CrossRef

33.

Tan, Z., Nagar, U.T., He, X., Nanda, P., Liu, R.P., Wang, S., Hu, J.: Enhancing big data security with collaborative intrusion detection. IEEE Cloud Comput. 1(3), 27–33 (2014). https://doi.org/10.1109/MCC.2014.53CrossRef

34.

Vasilomanolakis, E., Karuppayah, S., Mühlhäuser, M., Fischer, M.: Taxonomy and survey of collaborative intrusion detection. ACM Comput. Surv. (CSUR) 47(4), 55 (2015)CrossRef

35.

Vasilomanolakis, E., Krügl, M., Cordero, C.G., Mühlhäuser, M., Fischer, M.: Skipmon: A locality-aware collaborative intrusion detection system. In: 2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC), pp. 1–8 (2015). https://doi.org/10.1109/PCCC.2015.7410282

36.

Wang, Y., Meng, W., Li, W., Li, J., Liu, W.X., Xiang, Y.: A fog-based privacy-preserving approach for distributed signature-based intrusion detection. J. Parallel Distrib. Comput. 122, 26–35 (2018)CrossRef

37.

Wang, Y., Xie, L., Li, W., Meng, W., Li, J.: A privacy-preserving framework for collaborative intrusion detection networks through fog computing. In: Wen, S., Wu, W., Castiglione, A. (eds.) Cyberspace Safety and Security, pp. 267–279. Springer International Publishing, Cham (2017)CrossRef

38.

Zhang, P., Huang, X., Sun, X., Wang, H., Ma, Y.: Privacy-preserving anomaly detection across multi-domain networks. In: 2012 9th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD), pp. 1066–1070. IEEE (2012)

39.

Zhou, C.V., Karunasekera, S., Leckie, C.: Evaluation of a decentralized architecture for large scale collaborative intrusion detection. In: 2007 10th IFIP/IEEE International Symposium on Integrated Network Management, pp. 80–89 (2007)

40.

Zhou, C.V., Leckie, C., Karunasekera, S.: Decentralized multi-dimensional alert correlation for collaborative intrusion detection. J. Netw. Comput. Appl. 32(5), 1106–1123 (2009). https://doi.org/10.1016/j.jnca.2009.02.010. Next Generation Content NetworksCrossRef

41.

Zhou, C.V., Leckie, C., Karunasekera, S.: A survey of coordinated attacks and collaborative intrusion detection. Comput. Secur. 29(1), 124–140 (2010)CrossRef

Title: Using homomorphic encryption for privacy-preserving clustering of intrusion detection alerts
Authors: Georgios Spathoulas
Georgios Theodoridis
Georgios-Paraskevas Damiris
Publication date: 13-06-2020
Publisher: Springer Berlin Heidelberg
Published in: International Journal of Information Security / Issue 3/2021
Print ISSN: 1615-5262
Electronic ISSN: 1615-5270
DOI: https://doi.org/10.1007/s10207-020-00506-7

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 3/2021

A wrinkle in time: a case study in DNS poisoning

Cyber security in New Space

Anti-BlUFf: towards counterfeit mitigation in IC supply chains using blockchain and PUF

Anonymity in traceable cloud data broadcast system with simultaneous individual messaging

MalFamAware: automatic family identification and malware classification through online clustering

ChoKIFA+: an early detection and mitigation approach against interest flooding attacks in NDN

Premium Partner