Skip to Main content Skip to Navigation
Conference papers

PRIvacy LEakage Methodology (PRILE) for IDS Rules

Abstract : This paper introduces a methodology for evaluating PRIvacy LEakage in signature-based Network Intrusion Detection System (IDS) rules. IDS rules that expose more data than a given percentage of all data sessions are defined as privacy leaking. Furthermore, it analyses the IDS rule attack specific pattern size required in order to keep the privacy leakage below a given threshold, presuming that occurrence frequencies of the attack pattern in normal text are known. We have applied the methodology on the network intrusion detection system Snort's rule set. The evaluation confirms that Snort in its default configuration aims at not being excessively privacy invasive. However we have identified some types of rules rules with poor or missing ability to distinguish attack traffic from normal traffic.
Document type :
Conference papers
Complete list of metadata

Cited literature [14 references]  Display  Hide  Download

https://hal.inria.fr/hal-01061167
Contributor : Hal Ifip <>
Submitted on : Friday, September 5, 2014 - 11:31:57 AM
Last modification on : Friday, June 5, 2020 - 5:10:10 PM
Long-term archiving on: : Friday, April 14, 2017 - 1:26:31 PM

File

nils.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Nills Ulltveit-Moe, Vladimir Oleshchuk. PRIvacy LEakage Methodology (PRILE) for IDS Rules. 5th IFIP WG 9.2, 9.6/11.4, 11.6, 11.7/PrimeLife International Summer School(PRIMELIFE), Sep 2009, Nice, France. pp.213-225, ⟨10.1007/978-3-642-14282-6_17⟩. ⟨hal-01061167⟩

Share

Metrics

Record views

691

Files downloads

691