Privacy Violation Classification of Snort Ruleset
Original version
Ulltveit-Moe, N. & Oleshchuk, V. A. (2010). Privacy Violation Classification of Snort Ruleset. In Parallel, Distributed and Network-Based Processing. IEEE. http://dx.doi.org/10.1109/PDP.2010.87Abstract
It is important to analyse the privacy impact of Intrusion Detection System (IDS) rules, in order to understand and quantify the privacy-invasiveness of network monitoring services. The objective in this paper is to classify Snort rules according to the risk of privacy violations in the form of leaking sensitive or confidential material. The classification is based on a ruleset that formerly has been manually categorised according to our PRIvacy LEakage (PRILE) methodology. Such information can be useful both for privacy impact assessments and automated tests for detecting privacy violations. Information about potentially privacy violating rules can subsequently be used to tune the IDS rule sets, with the objective to minimise the expected amount of data privacy violations during normal operation. The paper suggests some classification tasks that can be useful both to improve the PRILE methodology and for privacy violation evaluation tools. Finally, two selected classification tasks are analysed by using a Naive Bayes classifier.
Publisher
IEEEJournal
Parallel, Distributed and Network-Based ProcessingCopyright
© 2010 IEEEPersonal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.