计算机科学
同态加密
差别隐私
范畴变量
入侵检测系统
加密
计算机安全
安全多方计算
聚类分析
信息共享
工作量
秘密分享
数据挖掘
作者
Laylon Mokry,Paul Slife,Patrick Bishop,Jose Quiroz,Cooper Guzzi,Zhiyuan Chen,Adina Crainiceanu,Don Needham
标识
DOI:10.1109/bigdata52589.2021.9671428
摘要
Intrusion Detection Systems are commonly used by organizations to monitor network traffic and detect attacks or suspicious behaviours. However, many attacks occur across organizations and are often difficult to detect using any single IDS. Collaborative Intrusion Detection Systems could lead to more accurate prediction and detection of cyber threats as well as a reduction of security administrators’ workload as similar threats from different places can be merged. However, most organizations are unwilling to disclose sensitive information about their internal network topology and traffic, lending these systems unusable. Existing solutions using homomorphic encryption and secure multi-party computation are often expensive. In this paper, we propose efficient and privacy preserving techniques to correlate alerts generated at different organizations. We propose skPrototypes, a distributed clustering algorithm for horizontally partitioned mixed data using additive secret sharing. This algorithm can be used to create a privacy preserving, collaborative intrusion detection system. We also propose dpkPrototypes which uses differential privacy on categorical attributes and is more efficient than skPrototypes for categorical attributes with many distinct values. Theoretical and experimental results validate the effectiveness of our algorithms.
科研通智能强力驱动
Strongly Powered by AbleSci AI