Towards designing privacy-preserving signature-based IDS as a service : a study and practice

Meng, Yuxin, Li, Wenjuan, Kwok, Lam-For and Xiang, Yang 2013, Towards designing privacy-preserving signature-based IDS as a service : a study and practice, in Proceedings of the 5th International Conference on Intelligent Networking and Collaborative Systems; INCOS 2013, IEEE Computer Society, Piscataway, N.J., pp. 181-188.

Attached Files
Name Description MIMEType Size Downloads

Title Towards designing privacy-preserving signature-based IDS as a service : a study and practice
Author(s) Meng, Yuxin
Li, Wenjuan
Kwok, Lam-For
Xiang, Yang
Conference name International Conference on Intelligent Networking and Collaborative Systems (5th : 2013 : Xi'an, China)
Conference location Xi'an, China
Conference dates 9 -11 Sep. 2013
Title of proceedings Proceedings of the 5th International Conference on Intelligent Networking and Collaborative Systems; INCOS 2013
Editor(s) Xhafa, Fatos
Barolli, Leonard
Chen, Xiaofeng
Publication date 2013
Conference series International Conference on Intelligent Networking and Collaborative Systems
Start page 181
End page 188
Total pages 8
Publisher IEEE Computer Society
Place of publication Piscataway, N.J.
Keyword(s) Cloud environment
IDSaaS
Intrusion detection
Network security
Privacy preserving
Signature matching
Summary With the advent of Cloud Computing, IDS as a service (IDSaaS) has been proposed as an alternative to protect a network (e.g., financial organization) from a wide range of network attacks by offloading the expensive operations such as the process of signature matching to the cloud. The IDSaaS can be roughly classified into two types: signature-based detection and anomaly-based detection. During the packet inspection, no party wants to disclose their own data especially sensitive information to others, even to the cloud provider, for privacy concerns. However, current solutions of IDSaaS have not much discussed this issue. In this work, focus on the signature-based IDSaaS, we begin by designing a promising privacy-preserving intrusion detection mechanism, the main feature of which is that the process of signature matching does not reveal any specific content of network packets by means of a fingerprint-based comparison. We further conduct a study to evaluate this mechanism under a cloud scenario and identify several open problems and issues for designing such a privacy-preserving mechanism for IDSaaS in a practical environment.
ISBN 9780769549880
Language eng
Field of Research 080503 Networking and Communications
080501 Distributed and Grid Systems
Socio Economic Objective 890103 Mobile Data Networks and Services
HERDC Research category E1 Full written paper - refereed
ERA Research output type E Conference publication
HERDC collection year 2013
Copyright notice ©2013, IEEE
Persistent URL http://hdl.handle.net/10536/DRO/DU:30060768

Document type: Conference Paper
Collection: School of Information Technology
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Versions
Version Filter Type
Access Statistics: 38 Abstract Views, 3 File Downloads  -  Detailed Statistics
Created: Thu, 20 Feb 2014, 11:55:08 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.