Maintaining privacy in anomaly‐based intrusion detection systems

The goal of our work is to discuss the fundamental issues of privacy and anomaly‐based intrusion detection systems (IDS) and to design an efficient anomaly‐based intrusion IDS architecture where users' privacy is maintained.

In this work, any information that can link intrusion detection activity to a user is encrypted so as to pseudonyze the sensitive information. A database of encrypted information would then be created which becomes the source database for the IDS. The design makes use of dynamic key generation algorithm that generates key randomly when an intrusion is detected. The keys are only released when an intrusion occurs and immediately swapped to protect harm access to the mapping database.

The result after testing the new privacy maintained IDS architecture on an application package shows greater improvement over the ordinary IDSs. Privacy complaints reduced considerably from between 8 and 16 per week to about 1‐2.

We only tested the new privacy maintained IDS on a package, it would also be interesting to test the design on some other systems. There is a possibility that time to detection would increase because of the encryption/decryption part of the new design. All the same, we have designed an IDS architecture where privacy of users on the systems is guaranteed.

This work provides a background for researchers in IDS and it requires further improvements and extensions.

The work shows that it is possible to design an IDS architecture for maintaining privacy of users on the network. The result shows the originality of the new design.