{"title":"A privacy-preserving alert correlation model","authors":"Jin Ma, Xiuzhen Chen, Jian-hua Li","doi":"10.1109/PIC.2010.5687475","DOIUrl":null,"url":null,"abstract":"Data holders need to share the alerts data that they detected for correlation and analysis purpose. In such cases, privacy issues turn out to be a major concern. This paper proposes a model to correlate and analyze intrusion alerts with privacy-preserving capability. The raw intrusion alerts are protected by improved k-anonymity method, which preserves the alert regulation inside disturbed data records. Combining this privacy preserving method with typical FP-tree frequent pattern mining approach and WINEPI sequence pattern mining algorithm, an alert correlation model is set up to well balance the alert correlation and the privacy protection. Experimental results show that this model reaches close similarity of correlation and analysis result comparing with original FP-tree and WINEPI algorithm, while sensitive attributes are well preserved.","PeriodicalId":142910,"journal":{"name":"2010 IEEE International Conference on Progress in Informatics and Computing","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE International Conference on Progress in Informatics and Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PIC.2010.5687475","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Data holders need to share the alerts data that they detected for correlation and analysis purpose. In such cases, privacy issues turn out to be a major concern. This paper proposes a model to correlate and analyze intrusion alerts with privacy-preserving capability. The raw intrusion alerts are protected by improved k-anonymity method, which preserves the alert regulation inside disturbed data records. Combining this privacy preserving method with typical FP-tree frequent pattern mining approach and WINEPI sequence pattern mining algorithm, an alert correlation model is set up to well balance the alert correlation and the privacy protection. Experimental results show that this model reaches close similarity of correlation and analysis result comparing with original FP-tree and WINEPI algorithm, while sensitive attributes are well preserved.