Efficient and Privacy-Preserving Collaborative Intrusion Detection Using Additive Secret Sharing and Differential Privacy

Thumbnail Image

Files

Efficient_and_Privacy-Preserving_Collaborative_Intrusion_Detection_Using_Additive_Secret_Sharing_and_Differential_Privacy.pdf (1.06 MB)

Links to Files

https://ieeexplore.ieee.org/abstract/document/9671428/

Permanent Link

https://doi.org/10.1109/BigData52589.2021.9671428
 http://hdl.handle.net/11603/24121

Collections

UMBC Information Systems Department
UMBC Faculty Collection

Author/Creator

Author/Creator ORCID

https://orcid.org/0000-0002-6984-7248

Date

2022-01-13

Type of Work

conference papers and proceedings
Text

Department

Program

Citation of Original Publication

L. Mokry et al., "Efficient and Privacy-Preserving Collaborative Intrusion Detection Using Additive Secret Sharing and Differential Privacy," 2021 IEEE International Conference on Big Data (Big Data), 2021, pp. 3324-3333, doi: 10.1109/BigData52589.2021.9671428.

Rights

This work was written as part of one of the author's official duties as an Employee of the United States Government and is therefore a work of the United States Government. In accordance with 17 U.S.C. 105, no copyright protection is available for such works under U.S. Law.
Public Domain Mark 1.0

Subjects

Abstract

Intrusion Detection Systems are commonly used by organizations to monitor network traffic and detect attacks or suspicious behaviours. However, many attacks occur across organizations and are often difficult to detect using any single IDS. Collaborative Intrusion Detection Systems could lead to more accurate prediction and detection of cyber threats as well as a reduction of security administrators’ workload as similar threats from different places can be merged. However, most organizations are unwilling to disclose sensitive information about their internal network topology and traffic, lending these systems unusable. Existing solutions using homomorphic encryption and secure multi-party computation are often expensive. In this paper, we propose efficient and privacy preserving techniques to correlate alerts generated at different organizations. We propose skPrototypes, a distributed clustering algorithm for horizontally partitioned mixed data using additive secret sharing. This algorithm can be used to create a privacy preserving, collaborative intrusion detection system. We also propose dpkPrototypes which uses differential privacy on categorical attributes and is more efficient than skPrototypes for categorical attributes with many distinct values. Theoretical and experimental results validate the effectiveness of our algorithms.