Abstract
Cyber-security attacks are becoming more frequent and more severe day by day. To detect the execution of such attacks, organizations install intrusion detection systems. It would be beneficial for such organizations to collaborate, to better assess the severity and the importance of each detected attack. On the other hand, it is very difficult for them to exchange data, such as network traffic or intrusion detection alerts, due to privacy reasons. A privacy-preserving collaboration system for attack detection is proposed in this paper. Specifically, homomorphic encryption is used to perform alerts clustering at an inter-organizational level, with the use of an honest but curious trusted third party. Results have shown that privacy-preserving clustering of intrusion detection alerts is feasible, with a tolerable performance overhead.
Similar content being viewed by others
References
Andreolini, M., Colajanni, M., Marchetti, M.: A collaborative framework for intrusion detection in mobile networks. Inf. Sci. 321(C), 179–192 (2015). https://doi.org/10.1016/j.ins.2015.03.025
Axelsson, S.: The base-rate fallacy and the difficulty of intrusion detection. ACM Trans. Inf. Syst. Secur. (TISSEC) 3(3), 186–205 (2000)
Barry, B.I.A., Chan, H.A.: Intrusion Detection Systems, pp. 193–205. Springer, Berlin (2010)
Benali, F., Bennani, N., Gianini, G., Cimato, S.: A distributed and privacy-preserving method for network intrusion detection. In: OTM Confederated International Conferences On the Move to Meaningful Internet Systems, pp. 861–875. Springer (2010)
Boneh, D., Goh, E.J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Theory of Cryptography Conference, pp. 325–341. Springer (2005)
Dara, S., Muralidhara, V.: Privacy preserving architectures for collaborative intrusion detection. arXiv preprint arXiv:1602.02452 (2016)
Davis, C.: The norm of the schur product operation. Numer. Math. 4(1), 343–344 (1962). https://doi.org/10.1007/BF01386329
Dermott, A., Shi, Q., Kifayat, K.: Collaborative intrusion detection in federated cloud environments. J. Comput. Sci. Appl. 3(3A), 10–20 (2015). https://doi.org/10.12691/jcsa-3-3A-2
Do, H.G., Ng, W.K.: Privacy-preserving approach for sharing and processing intrusion alert data. In: 2015 IEEE Tenth International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), pp. 1–6. IEEE (2015)
Fayi, S.Y.A.: What petya/notpetya ransomware is and what its remidiations are. In: Information Technology-New Generations, pp. 93–100. Springer (2018)
Francois, J., Aib, I., Boutaba, R.: Firecol: a collaborative protection network for the detection of flooding ddos attacks. IEEE/ACM Trans. Netw. 20(6), 1828–1841 (2012)
Gogoi, P., Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Packet and flow based network intrusion dataset. In: Parashar, M., Kaushik, D., Rana, O.F., Samtaney, R., Yang, Y., Zomaya, A. (eds.) Contemporary Computing, pp. 322–334. Springer, Berlin (2012)
Ho, C.Y., Lai, Y.C., Chen, I.W., Wang, F.Y., Tai, W.H.: Statistical analysis of false positives and false negatives from real traffic with intrusion detection/prevention systems. IEEE Commun. Mag. 50(3), 146–154 (2012)
Hong, J., Liu, C.C.: Intelligent electronic devices with collaborative intrusion detection systems. IEEE Trans. Smart Grid PP(99), 1-1 (2017). https://doi.org/10.1109/TSG.2017.2737826
Horn, R.A.: The hadamard product. Proc. Symp. Appl. Math. 40, 87–169 (1990)
Jin, R., He, X., Dai, H.: On the tradeoff between privacy and utility in collaborative intrusion detection systems-a game theoretical approach. In: Proceedings of the Hot Topics in Science of Security: Symposium and Bootcamp, HoTSoS, pp. 45–51. ACM, New York, NY, USA (2017). https://doi.org/10.1145/3055305.3055311
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: Ddos in the iot: Mirai and other botnets. Computer 50(7), 80–84 (2017)
Lazarevic, A., Kumar, V., Srivastava, J.: Intrusion Detection: A Survey, pp. 19–78. Springer, Boston (2005)
Li, W., Meng, W., Kwok, L.F., Horace, H.: S: Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivity-based trust management model. J. Netw. Comput. Appl. 77, 135–145 (2017). https://doi.org/10.1016/j.jnca.2016.09.014
Liang, H., Ge, Y., Wang, W., Chen, L.: Collaborative intrusion detection as a service in cloud computing environment. In: 2015 IEEE International Conference on Progress in Informatics and Computing (PIC), pp. 476–480 (2015). https://doi.org/10.1109/PIC.2015.7489893
McHugh, J., Christie, A., Allen, J.: Defending yourself: the role of intrusion detection systems. IEEE Softw. 17(5), 42–51 (2000)
Milenkoski, A., Vieira, M., Kounev, S., Avritzer, A., Payne, B.D.: Evaluating computer intrusion detection systems: a survey of common practices. ACM Comput. Surv. (CSUR) 48(1), 12 (2015)
Morais, A., Cavalli, A.: A distributed and collaborative intrusion detection architecture for wireless mesh networks. Mobile Netw. Appl. 19(1), 101–120 (2014). https://doi.org/10.1007/s11036-013-0457-8
Nicolas, J.L., Robin, G.: Highly composite numbers by srinivasa ramanujan. Ramanujan J. 1(2), 119–153 (1997). https://doi.org/10.1023/A:1009764017495
Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: International Conference on the Theory and Applications of Cryptographic Techniques, pp. 223–238. Springer (1999)
Pietraszek, T., Tanner, A.: Data mining and machine learning-towards reducing false positives in intrusion detection. Inf. Secur. Tech. Rep. 10(3), 169–183 (2005)
Ring, M., Wunderlich, S., Scheuring, D., Landes, D., Hotho, A.: A survey of network-based intrusion detection data sets. Comput. Secur. 86, 147–167 (2019)
Roesch, M.: Snort—lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX Conference on System Administration, LISA’99, pp. 229–238. USENIX Association, Berkeley, CA, USA (1999). http://dl.acm.org/citation.cfm?id=1039834.1039864
Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357–374 (2012). https://doi.org/10.1016/j.cose.2011.12.012
Singh, S.S., Chauhan, N.: K-means v/s k-medoids: a comparative study. In: National Conference on Recent Trends in Engineering & Technology, vol. 13 (2011)
Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 305–316. IEEE (2010)
Spathoulas, G.P., Katsikas, S.K.: Reducing false positives in intrusion detection systems. Comput. Secur. 29(1), 35–44 (2010)
Tan, Z., Nagar, U.T., He, X., Nanda, P., Liu, R.P., Wang, S., Hu, J.: Enhancing big data security with collaborative intrusion detection. IEEE Cloud Comput. 1(3), 27–33 (2014). https://doi.org/10.1109/MCC.2014.53
Vasilomanolakis, E., Karuppayah, S., Mühlhäuser, M., Fischer, M.: Taxonomy and survey of collaborative intrusion detection. ACM Comput. Surv. (CSUR) 47(4), 55 (2015)
Vasilomanolakis, E., Krügl, M., Cordero, C.G., Mühlhäuser, M., Fischer, M.: Skipmon: A locality-aware collaborative intrusion detection system. In: 2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC), pp. 1–8 (2015). https://doi.org/10.1109/PCCC.2015.7410282
Wang, Y., Meng, W., Li, W., Li, J., Liu, W.X., Xiang, Y.: A fog-based privacy-preserving approach for distributed signature-based intrusion detection. J. Parallel Distrib. Comput. 122, 26–35 (2018)
Wang, Y., Xie, L., Li, W., Meng, W., Li, J.: A privacy-preserving framework for collaborative intrusion detection networks through fog computing. In: Wen, S., Wu, W., Castiglione, A. (eds.) Cyberspace Safety and Security, pp. 267–279. Springer International Publishing, Cham (2017)
Zhang, P., Huang, X., Sun, X., Wang, H., Ma, Y.: Privacy-preserving anomaly detection across multi-domain networks. In: 2012 9th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD), pp. 1066–1070. IEEE (2012)
Zhou, C.V., Karunasekera, S., Leckie, C.: Evaluation of a decentralized architecture for large scale collaborative intrusion detection. In: 2007 10th IFIP/IEEE International Symposium on Integrated Network Management, pp. 80–89 (2007)
Zhou, C.V., Leckie, C., Karunasekera, S.: Decentralized multi-dimensional alert correlation for collaborative intrusion detection. J. Netw. Comput. Appl. 32(5), 1106–1123 (2009). https://doi.org/10.1016/j.jnca.2009.02.010. Next Generation Content Networks
Zhou, C.V., Leckie, C., Karunasekera, S.: A survey of coordinated attacks and collaborative intrusion detection. Comput. Secur. 29(1), 124–140 (2010)
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Spathoulas, G., Theodoridis, G. & Damiris, GP. Using homomorphic encryption for privacy-preserving clustering of intrusion detection alerts. Int. J. Inf. Secur. 20, 347–370 (2021). https://doi.org/10.1007/s10207-020-00506-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-020-00506-7