Measuring Privacy Leakage for IDS Rules
This work addresses privacy risks for users and organizations relying on IDS, offering a method for benchmarking Managed Security Service providers, though it is incremental as it applies existing theoretical models to a specific domain.
The paper tackled the problem of quantifying privacy leakage from Intrusion Detection System (IDS) alarms by developing a measurement approach based on quantitative information flow analysis and information entropy. The result showed that the metric effectively distinguishes between IDS rules with low or no privacy leakage and those with significant risks, such as leaking user behavior, as verified through simulations and experiments.
This paper proposes a measurement approach for estimating the privacy leakage from Intrusion Detection System (IDS) alarms. Quantitative information flow analysis is used to build a theoretical model of privacy leakage from IDS rules, based on information entropy. This theoretical model is subsequently verified empirically both based on simulations and in an experimental study. The analysis shows that the metric is able to distinguish between IDS rules that have no or low expected privacy leakage and IDS rules with a significant risk of leaking sensitive information, for example on user behaviour. The analysis is based on measurements of number of IDS alarms, data length and data entropy for relevant parts of IDS rules (for example payload). This is a promising approach that opens up for privacy benchmarking of Managed Security Service providers.