Skip to main content
Conference ProceedingsOPEN ACCESS

Privacy leakage methodology (PRILE) for IDS rules

IFIP Advances in Information and Communication Technology (2010) 320 213-225
DOI: 10.1007/978-3-642-14282-6_17
1Citations
Citations of this article
7Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

This paper introduces a methodology for evaluating PRIvacy LEakage in signature-based Network Intrusion Detection System (IDS) rules. IDS rules that expose more data than a given percentage of all data sessions are defined as privacy leaking. Furthermore, it analyses the IDS rule attack specific pattern size required in order to keep the privacy leakage below a given threshold, presuming that occurrence frequencies of the attack pattern in normal text are known. We have applied the methodology on the network intrusion detection system Snort’s rule set. The evaluation confirms that Snort in its default configuration aims at not being excessively privacy invasive. However we have identified some types of rules rules with poor or missing ability to distinguish attack traffic from normal traffic.

Author supplied keywords

Cite

CITATION STYLE

APA

Ulltveit-Moe, N., & Oleshchuk, V. (2010). Privacy leakage methodology (PRILE) for IDS rules. In IFIP Advances in Information and Communication Technology (Vol. 320, pp. 213–225). Springer New York LLC. https://doi.org/10.1007/978-3-642-14282-6_17

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free