Towards designing privacy-preserving signature-based IDS as a service: A study and practice

Yuxin Meng, Wenjuan Li, Lam For Kwok, Yang Xiang

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

11 Citations (Scopus)

Abstract

With the advent of Cloud Computing, IDS as a service (IDSaaS) has been proposed as an alternative to protect a network (e.g., financial organization) from a wide range of network attacks by offloading the expensive operations such as the process of signature matching to the cloud. The IDSaaS can be roughly classified into two types: signature-based detection and anomaly-based detection. During the packet inspection, no party wants to disclose their own data especially sensitive information to others, even to the cloud provider, for privacy concerns. However, current solutions of IDSaaS have not much discussed this issue. In this work, focus on the signature-based IDSaaS, we begin by designing a promising privacy-preserving intrusion detection mechanism, the main feature of which is that the process of signature matching does not reveal any specific content of network packets by means of a fingerprint-based comparison. We further conduct a study to evaluate this mechanism under a cloud scenario and identify several open problems and issues for designing such a privacy-preserving mechanism for IDSaaS in a practical environment.

Original languageEnglish
Title of host publicationProceedings - 5th International Conference on Intelligent Networking and Collaborative Systems, INCoS 2013
Pages181-188
Number of pages8
DOIs
Publication statusPublished - 2013
Externally publishedYes
Event5th IEEE International Conference on Intelligent Networking and Collaborative Systems, INCoS 2013 - Xi'an, China
Duration: 9 Sep 201311 Sep 2013

Publication series

NameProceedings - 5th International Conference on Intelligent Networking and Collaborative Systems, INCoS 2013

Conference

Conference5th IEEE International Conference on Intelligent Networking and Collaborative Systems, INCoS 2013
Country/TerritoryChina
CityXi'an
Period9/09/1311/09/13

Keywords

  • Cloud environment
  • IDSaaS
  • Intrusion detection
  • Network security
  • Privacy preserving
  • Signature matching

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications

Cite this