@inproceedings{ef348f82fc6d40d4b82aed0149d77b83,
title = "Towards designing privacy-preserving signature-based IDS as a service: A study and practice",
abstract = "With the advent of Cloud Computing, IDS as a service (IDSaaS) has been proposed as an alternative to protect a network (e.g., financial organization) from a wide range of network attacks by offloading the expensive operations such as the process of signature matching to the cloud. The IDSaaS can be roughly classified into two types: signature-based detection and anomaly-based detection. During the packet inspection, no party wants to disclose their own data especially sensitive information to others, even to the cloud provider, for privacy concerns. However, current solutions of IDSaaS have not much discussed this issue. In this work, focus on the signature-based IDSaaS, we begin by designing a promising privacy-preserving intrusion detection mechanism, the main feature of which is that the process of signature matching does not reveal any specific content of network packets by means of a fingerprint-based comparison. We further conduct a study to evaluate this mechanism under a cloud scenario and identify several open problems and issues for designing such a privacy-preserving mechanism for IDSaaS in a practical environment.",
keywords = "Cloud environment, IDSaaS, Intrusion detection, Network security, Privacy preserving, Signature matching",
author = "Yuxin Meng and Wenjuan Li and Kwok, {Lam For} and Yang Xiang",
year = "2013",
doi = "10.1109/INCoS.2013.35",
language = "English",
isbn = "9780769549880",
series = "Proceedings - 5th International Conference on Intelligent Networking and Collaborative Systems, INCoS 2013",
pages = "181--188",
booktitle = "Proceedings - 5th International Conference on Intelligent Networking and Collaborative Systems, INCoS 2013",
note = "5th IEEE International Conference on Intelligent Networking and Collaborative Systems, INCoS 2013 ; Conference date: 09-09-2013 Through 11-09-2013",
}