Pseudonymous audit for privacy enhanced intrusion detection
SEC'97 Proceedings of the IFIP TC11 13 international conference on Information Security (SEC '97) on Information security in research and business
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Intrusion detection systems and multisensor data fusion
Communications of the ACM
A large scale distributed intrusion detection framework based on attack strategy analysis
Computer Networks: The International Journal of Computer and Telecommunications Networking
Threshold-based identity recovery for privacy enhanced applications
Proceedings of the 7th ACM conference on Computer and communications security
Handbook of Applied Cryptography
Handbook of Applied Cryptography
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
A high-level programming environment for packet trace anonymization and transformation
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Privacy-Preserving Alert Correlation: A Concept Hierarchy Based Approach
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
A privacy-preserving interdomain audit framework
Proceedings of the 5th ACM workshop on Privacy in electronic society
Privacy-preserving sharing and correction of security alerts
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Requirements of information reductions for cooperating intrusion detection agents
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Security against the business partner
Proceedings of the 2008 ACM workshop on Secure web services
Cooperation enablement for centralistic early warning systems
Proceedings of the 2010 ACM Symposium on Applied Computing
Hi-index | 0.00 |
The need for privacy in intrusion detection data, such as audit logs is widely recognized. The prevalent method for privacy protection in audit logs is pseudonymization (and suppression). There is a clear trade-off between the privacy of a pseudonymization technique and its utility for intrusion detection. E.g., for IP addresses a method for prefix preserving pseudonymization has been developed, that allows pseudonymized IP addresses to be still grouped into subnets. This paper describes a pseudonymization technique for timestamps that is distance preserving. I.e. given two pseudonymized timestamps one can compute the distance δ, if d is below or equal to an agreed threshold d and one cannot compute δif δ = 2d. We extend our technique for two dimensional spatial data, e.g. location of objects or persons. We also evaluate the privacy any such distance-preserving technique can provide for timestamps theoretically and on real-world log data.