Privacy-enhanced network monitoring

This PhD dissertation investigates two necessary means that are required for building privacy-enhanced network monitoring systems: a policy-based privacy or confidentiality enforcement technology; and metrics measuring leakage of private or confidential information to verify and improve these policies. The privacy enforcement mechanism is based on fine-grained access control and reversible anonymisation of XML data to limit or control access to sensitive information from the monitoring systems. The metrics can be used to support a continuous improvement process, by quantifying leakages of private or confidential information, locating where they are, and proposing how these leakages can be mitigated. The planned actions can be enforced by applying a reversible anonymisation policy, or by removing the source of the information leakages. The metrics can subsequently verify that the planned privacy enforcement scheme works as intended. Any significant deviations from the expected information leakage can be used to trigger further improvement actions. The most significant results from the dissertation are: a privacy leakage metric based on the entropy standard deviation of given data (for example IDS alarms), which measures how much sensitive information that is leaking and where these leakages occur; a proxy offering policy-based reversible anonymisation of information in XML-based web services. The solution supports multi-level security, so that only authorised stakeholders can get access to sensitive information; a methodology which combines privacy metrics with the reversible anonymisation scheme to support a continuous improvement process with reduced leakage of private or confidential information over time. This can be used to improve management of private or confidential information where managed security services have been outsourced to semi-trusted parties, for example for outsourced managed security services monitoring health institutions or critical infrastructures. The solution is based on relevant standards to ensure backwards compatibility with existing intrusion detection systems and alarm databases

Privacy Violation Classification of Snort Ruleset

It is important to analyse the privacy impact of Intrusion Detection System (IDS) rules, in order to understand and quantify the privacy-invasiveness of network monitoring services. The objective in this paper is to classify Snort rules according to the risk of privacy violations in the form of leaking sensitive or confidential material. The classification is based on a ruleset that formerly has been manually categorised according to our PRIvacy LEakage (PRILE) methodology. Such information can be useful both for privacy impact assessments and automated tests for detecting privacy violations. Information about potentially privacy violating rules can subsequently be used to tune the IDS rule sets, with the objective to minimise the expected amount of data privacy violations during normal operation. The paper suggests some classification tasks that can be useful both to improve the PRILE methodology and for privacy violation evaluation tools. Finally, two selected classification tasks are analysed by using a Naive Bayes classifier