An Approach to Privacy-Preserving Alert Correlation and Analysis

Author

Ma, Jin ; Chen, Xiu-zhen ; Li, Jian-Hua

Author_Institution

Electron. Inf. & Electr. Eng. Sch., Shanghai Jiao Tong Univ., Shanghai, China

fYear

2010

fDate

6-10 Dec. 2010

Firstpage

620

Lastpage

624

Abstract

Privacy issues are concerned when data holders share their detected security data for correlation and analysis purpose. This paper proposes an approach to correlate and analyze intrusion alerts, while preserve privacy for alert holders. The raw intrusion alerts are protected by improved k-anonymity model, which preserves the alert regulation inside disturbed data records. With this privacy preserving technique, combing the typical FP-tree association rules mining algorithm, the approach provides the capacity of well balancing the alert correlation and the privacy preservation. Experimental results show that this approach works comparatively efficient and reaches a well balance between the alerts correlation and the privacy issues.

Keywords

data privacy; security of data; alert holder; data holder; intrusion alert; k-anonymity model; privacy preservation; privacy-preserving alert correlation; rules mining algorithm; security data; Algorithm design and analysis; Association rules; Correlation; Intrusion detection; Privacy; alert correlation; frequent pattern; intrusion detection; k-anonymity; privacy preserving;

fLanguage

English

Publisher

ieee

Conference_Titel

Services Computing Conference (APSCC), 2010 IEEE Asia-Pacific

Conference_Location

Hangzhou

Print_ISBN

978-1-4244-9396-8

Type

conf

DOI

10.1109/APSCC.2010.85

Filename

5708630