16th Euromicro Conference on Parallel, Distributed and Network-Based Processing (PDP 2008) (2010)
Feb. 17, 2010 to Feb. 19, 2010
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/PDP.2010.87
It is important to analyse the privacy impact of Intrusion Detection System (IDS) rules, in order to understand and quantify the privacy-invasiveness of network monitoring services. The objective in this paper is to classify Snort rules according to the risk of privacy violations in the form of leaking sensitive or confidential material. The classification is based on a ruleset that formerly has been manually categorised according to our PRIvacy LEakage (PRILE) methodology. Such information can be useful both for privacy impact assessments and automated tests for detecting privacy violations. Information about potentially privacy violating rules can subsequently be used to tune the IDS rule sets, with the objective to minimise the expected amount of data privacy violations during normal operation. The paper suggests some classification tasks that can be useful both to improve the PRILE methodology and for privacy violation evaluation tools. Finally, two selected classification tasks are analysed by using a Naïve Bayes classifier.
IDS, rules, privacy violation, classification
Nils Ulltveit-Moe, Vladimir Oleshchuk, "Privacy Violation Classification of Snort Ruleset", 16th Euromicro Conference on Parallel, Distributed and Network-Based Processing (PDP 2008), vol. 00, no. , pp. 654-658, 2010, doi:10.1109/PDP.2010.87