Research Area:  Machine Learning

Abstract:

Cyber-security attacks are becoming more frequent and more severe day by day. To detect the execution of such attacks, organizations install intrusion detection systems. It would be beneficial for such organizations to collaborate, to better assess the severity and the importance of each detected attack. On the other hand, it is very difficult for them to exchange data, such as network traffic or intrusion detection alerts, due to privacy reasons. A privacy-preserving collaboration system for attack detection is proposed in this paper. Specifically, homomorphic encryption is used to perform alerts clustering at an inter-organizational level, with the use of an honest but curious trusted third party. Results have shown that privacy-preserving clustering of intrusion detection alerts is feasible, with a tolerable performance overhead.

Keywords:  
Cyber-security
intrusion detection
exchange data
network traffic
homomorphic encryption
privacy-preserving

Author(s) Name:  Georgios Spathoulas, Georgios Theodoridis, Georgios-Paraskevas Damiris

Publisher name:  Springer

DOI:  10.1007/s10207-020-00506-7

Volume Information:  Volume 20

Paper Link: https://link.springer.com/article/10.1007/s10207-020-00506-7