English

Measuring Privacy Leakage for IDS Rules

Cryptography and Security 2013-08-27 v1 Information Theory math.IT

Abstract

This paper proposes a measurement approach for estimating the privacy leakage from Intrusion Detection System (IDS) alarms. Quantitative information flow analysis is used to build a theoretical model of privacy leakage from IDS rules, based on information entropy. This theoretical model is subsequently verified empirically both based on simulations and in an experimental study. The analysis shows that the metric is able to distinguish between IDS rules that have no or low expected privacy leakage and IDS rules with a significant risk of leaking sensitive information, for example on user behaviour. The analysis is based on measurements of number of IDS alarms, data length and data entropy for relevant parts of IDS rules (for example payload). This is a promising approach that opens up for privacy benchmarking of Managed Security Service providers.

Keywords

Cite

@article{arxiv.1308.5421,
  title  = {Measuring Privacy Leakage for IDS Rules},
  author = {Nils Ulltveit-Moe and Vladimir Oleshchuk},
  journal= {arXiv preprint arXiv:1308.5421},
  year   = {2013}
}

Comments

22 pages, 16 figures

R2 v1 2026-06-22T01:14:39.301Z