Zhu, Ben Wen (2010) Privacy-preserving alert correlation and report retrieval. Masters thesis, Concordia University.
Preview |
Text (application/pdf)
4MBMR67295.pdf - Accepted Version |
Abstract
Intrusion Detection Systems (IDSs) have been widely deployed on both hosts and networks and serve as a second line of defense. Generally, an IDS flags malicious activates as IDS alerts and forwards them to security officers for further responses. The core issue of IDSs is to minimize both false positives and false negatives. Previous research shows that alert correlation is an effective solution. Moreover, alert correlation (in particular, under the cross-domain setting) can fuse distributed information together and thus be able to detect large-scale attacks that local analysis fails to handle. However, in practice the wide usage of alert correlation is hindered by the privacy concern. In this thesis, we propose the TEIRESIAS protocol, which can ensure the privacy-preserving property during the whole process of sharing and correlating alerts, when incorporated with anonymous communication systems. Furthermore, we also take the fairness issue into consideration when designing the procedure of retrieving the results of correlation. More specifically, a contributor can privately retrieve correlated reports in which she involved. The TEIRESIAS protocol is based mainly on searchable encryption, including both symmetric-key encryption with keyword search (SEKS) and public-key encryption with keyword search (PEKS). While designing TEIRESIAS, we identify a new statistical guessing attack against PEKS. To address this problem, we propose the PEKSrand scheme, which is an extension of PEKS and can mitigate both brute-force guessing attacks and statistical guessing attacks. The PEKSrand scheme can either be used independently or be combined with TEIRESIAS to further improve its privacy protection.
Divisions: | Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering |
---|---|
Item Type: | Thesis (Masters) |
Authors: | Zhu, Ben Wen |
Pagination: | xii, 110 leaves : ill. ; 29 cm. |
Institution: | Concordia University |
Degree Name: | M.A. Sc. |
Program: | Institute for Information Systems Engineering |
Date: | 2010 |
Thesis Supervisor(s): | Zhu, B |
Identification Number: | LE 3 C66I54M 2010 Z48 |
ID Code: | 979313 |
Deposited By: | Concordia University Library |
Deposited On: | 09 Dec 2014 17:57 |
Last Modified: | 13 Jul 2020 20:12 |
Related URLs: |
Repository Staff Only: item control page