On Privacy-Preserving and Correlatable Security Alert Translation
碩士 === 國立中央大學 === 資訊管理研究所 === 96 === The Distribution Intrusion Detection (DIDS) or Security Operation Center (SOC), when they want to integrate alerts, still have to overcome the following two problems: 1. DIDS and SOC often assume that they can get the alerts completely for no other condition, but...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Others |
Language: | zh-TW |
Published: |
2008
|
Online Access: | http://ndltd.ncl.edu.tw/handle/09213139001536254250 |
id |
ndltd-TW-096NCU05396078 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-TW-096NCU053960782015-11-25T04:04:57Z http://ndltd.ncl.edu.tw/handle/09213139001536254250 On Privacy-Preserving and Correlatable Security Alert Translation 具隱私防護與關聯能力之資安警訊轉換機制研究 Chang-Zhi Lin 林昶志 碩士 國立中央大學 資訊管理研究所 96 The Distribution Intrusion Detection (DIDS) or Security Operation Center (SOC), when they want to integrate alerts, still have to overcome the following two problems: 1. DIDS and SOC often assume that they can get the alerts completely for no other condition, but in fact, only if the SOC operating inside a single company or manage by a trustable third part, else most companies are not willing to share the alerts collected from their security equipments, because they afraid that will reveal their privacy information accidently. 2. There are too many alerts, even have lots of false alerts, it make the managers hard to deal with. Security alerts often been low level information, that is hard to let managers realize the full attack scenario or purpose of attackers. We propose a method for privacy-preserving and correlatable alerts translation. First, we use a method modify from K-anonymity to achieve privacy-preservation. Then we will prove when we protect the private information of alerts still have the correlation and analysis ability by using some kinds of correlation methods. Our research is base on the IDS which is popularly used to extend practicality of our method. First of our process is protecting the private information of alerts on the end-side IDS, and then share these alerts. By this reason, we can prevent the information of non-privacy-protecting alerts be intercepted by attackers when it transfer to SOC. Then sharing these alerts to SOC and do so integrating, analysis, and correlation process. Our final purpose is to make the private information of alerts be protected, so the uses can share their alerts with no worry. And when these alerts are privacy protected, they still have the analysis and correlation ability. It not only prevent the private information be misused by attackers, but also improve the willing of users for sharing. Yi-Ming Chen 陳奕明 2008 學位論文 ; thesis 50 zh-TW |
collection |
NDLTD |
language |
zh-TW |
format |
Others
|
sources |
NDLTD |
description |
碩士 === 國立中央大學 === 資訊管理研究所 === 96 === The Distribution Intrusion Detection (DIDS) or Security Operation Center (SOC), when they want to integrate alerts, still have to overcome the following two problems:
1. DIDS and SOC often assume that they can get the alerts completely for no other condition, but in fact, only if the SOC operating inside a single company or manage by a trustable third part, else most companies are not willing to share the alerts collected from their security equipments, because they afraid that will reveal their privacy information accidently.
2. There are too many alerts, even have lots of false alerts, it make the managers hard to deal with. Security alerts often been low level information, that is hard to let managers realize the full attack scenario or purpose of attackers.
We propose a method for privacy-preserving and correlatable alerts translation. First, we use a method modify from K-anonymity to achieve privacy-preservation. Then we will prove when we protect the private information of alerts still have the correlation and analysis ability by using some kinds of correlation methods. Our research is base on the IDS which is popularly used to extend practicality of our method. First of our process is protecting the private information of alerts on the end-side IDS, and then share these alerts. By this reason, we can prevent the information of non-privacy-protecting alerts be intercepted by attackers when it transfer to SOC. Then sharing these alerts to SOC and do so integrating, analysis, and correlation process. Our final purpose is to make the private information of alerts be protected, so the uses can share their alerts with no worry. And when these alerts are privacy protected, they still have the analysis and correlation ability. It not only prevent the private information be misused by attackers, but also improve the willing of users for sharing.
|
author2 |
Yi-Ming Chen |
author_facet |
Yi-Ming Chen Chang-Zhi Lin 林昶志 |
author |
Chang-Zhi Lin 林昶志 |
spellingShingle |
Chang-Zhi Lin 林昶志 On Privacy-Preserving and Correlatable Security Alert Translation |
author_sort |
Chang-Zhi Lin |
title |
On Privacy-Preserving and Correlatable Security Alert Translation |
title_short |
On Privacy-Preserving and Correlatable Security Alert Translation |
title_full |
On Privacy-Preserving and Correlatable Security Alert Translation |
title_fullStr |
On Privacy-Preserving and Correlatable Security Alert Translation |
title_full_unstemmed |
On Privacy-Preserving and Correlatable Security Alert Translation |
title_sort |
on privacy-preserving and correlatable security alert translation |
publishDate |
2008 |
url |
http://ndltd.ncl.edu.tw/handle/09213139001536254250 |
work_keys_str_mv |
AT changzhilin onprivacypreservingandcorrelatablesecurityalerttranslation AT línchǎngzhì onprivacypreservingandcorrelatablesecurityalerttranslation AT changzhilin jùyǐnsīfánghùyǔguānliánnénglìzhīzīānjǐngxùnzhuǎnhuànjīzhìyánjiū AT línchǎngzhì jùyǐnsīfánghùyǔguānliánnénglìzhīzīānjǐngxùnzhuǎnhuànjīzhìyánjiū |
_version_ |
1718136526563442688 |