Privacy-Preserving Alert Correlation: A Concept Hierarchy Based Approach

14 years 24 days ago
Privacy-Preserving Alert Correlation: A Concept Hierarchy Based Approach
With the increasing security threats from infrastructure attacks such as worms and distributed denial of service attacks, it is clear that the cooperation among different organizations is necessary to defend against these attacks. However, organizations’ privacy concerns for the incident and security alert data require that sensitive data be sanitized before they are shared with other organizations. Such sanitization process usually has negative impacts on intrusion analysis (such as alert correlation). To balance the privacy requirements and the need for intrusion analysis, we propose a privacy-preserving alert correlation approach based on concept hierarchies. Our approach consists of two phases. The first phase is entropy guided alert sanitization, where sensitive alert attributes are generalized to high-level concepts to introduce uncertainty into the dataset with partial semantics. To balance the privacy and the usability of alert data, we propose to guide the alert sanitizati...
Dingbang Xu, Peng Ning
Added 24 Jun 2010
Updated 24 Jun 2010
Type Conference
Year 2005
Authors Dingbang Xu, Peng Ning
Comments (0)