Title :
A privacy-preserving alert correlation model
Author :
Ma, Jin ; Chen, Xiu-zhen ; Li, Jian-Hua
Author_Institution :
Electron. Inf. & Electr. Eng. Sch., Shanghai Jiao Tong Univ., Shanghai, China
Abstract :
Data holders need to share the alerts data that they detected for correlation and analysis purpose. In such cases, privacy issues turn out to be a major concern. This paper proposes a model to correlate and analyze intrusion alerts with privacy-preserving capability. The raw intrusion alerts are protected by improved k-anonymity method, which preserves the alert regulation inside disturbed data records. Combining this privacy preserving method with typical FP-tree frequent pattern mining approach and WINEPI sequence pattern mining algorithm, an alert correlation model is set up to well balance the alert correlation and the privacy protection. Experimental results show that this model reaches close similarity of correlation and analysis result comparing with original FP-tree and WINEPI algorithm, while sensitive attributes are well preserved.
Keywords :
data mining; data privacy; peer-to-peer computing; security of data; tree data structures; FP tree frequent pattern mining approach; WINEPI sequence pattern mining; data analysis; data sharing; intrusion alert; k-anoπymity method; privacy preserving alert correlation model; Correlation; IP networks; Protocols; alert correlation; frequent pattern; intrusion detection; k-anonymity; privacy-preserving; sequence pattern;
Conference_Titel :
Progress in Informatics and Computing (PIC), 2010 IEEE International Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-1-4244-6788-4
DOI :
10.1109/PIC.2010.5687475
