A privacy-preserving alert correlation model

Author

Ma, Jin ; Chen, Xiu-zhen ; Li, Jian-Hua

Author_Institution

Electron. Inf. & Electr. Eng. Sch., Shanghai Jiao Tong Univ., Shanghai, China

Volume

1

fYear

2010

fDate

10-12 Dec. 2010

Firstpage

573

Lastpage

578

Abstract

Data holders need to share the alerts data that they detected for correlation and analysis purpose. In such cases, privacy issues turn out to be a major concern. This paper proposes a model to correlate and analyze intrusion alerts with privacy-preserving capability. The raw intrusion alerts are protected by improved k-anonymity method, which preserves the alert regulation inside disturbed data records. Combining this privacy preserving method with typical FP-tree frequent pattern mining approach and WINEPI sequence pattern mining algorithm, an alert correlation model is set up to well balance the alert correlation and the privacy protection. Experimental results show that this model reaches close similarity of correlation and analysis result comparing with original FP-tree and WINEPI algorithm, while sensitive attributes are well preserved.

Keywords

data mining; data privacy; peer-to-peer computing; security of data; tree data structures; FP tree frequent pattern mining approach; WINEPI sequence pattern mining; data analysis; data sharing; intrusion alert; k-anoπymity method; privacy preserving alert correlation model; Correlation; IP networks; Protocols; alert correlation; frequent pattern; intrusion detection; k-anonymity; privacy-preserving; sequence pattern;

fLanguage

English

Publisher

ieee

Conference_Titel

Progress in Informatics and Computing (PIC), 2010 IEEE International Conference on

Conference_Location

Shanghai

Print_ISBN

978-1-4244-6788-4

Type

conf

DOI

10.1109/PIC.2010.5687475

Filename

5687475