Privacy Preserving Architectures for Collaborative Intrusion Detection
This tackles the problem of collaborative defense against advanced persistent threats for organizations, but it is a position paper (incremental).
The paper addresses the challenge of enabling organizations to share threat intelligence for intrusion detection while preserving privacy, by identifying real-world privacy problems and discussing relevant cryptographic technologies and architectures.
Collaboration among multiple organizations is imperative for contemporary intrusion detection. As modern threats become well sophisticated it is difficult for organizations to defend with threat context local to their networks alone. Availability of global \emph{threat intelligence} is must for organizations to defend against modern advanced persistent threats (APTs). In order to benefit from such global context of attacks, privacy concerns continue to be of major hindrance. In this position paper we identify real world privacy problems as precise use cases, relevant cryptographic technologies and discuss privacy preserving architectures for collaborative intrusion detection.