Homomorphic Encryption at Work for Private Analysis of Security Logs

Aymen Boudguiga; Oana Stan; Hichem Sedjelmaci; Sergiu Carpov

doi:10.5220/0008969205150523

Homomorphic Encryption at Work for Private Analysis of Security Logs

Aymen Boudguiga, Oana Stan, Hichem Sedjelmaci, Sergiu Carpov

2020

Abstract

One important component of incident handling in cyber-security is log management. In practice, different software and/or hardware components of a system such as Intrusion Detection Systems (IDS) or firewalls analyze network traffic and log suspicious events or activities. These logs are timestamped, gathered by a log collector and centralized within a log analyzer. Security Incidents and Events Management (SIEM) system is an example of a such log analysis tool. SIEM can be a dedicated network device or a Cloud service offered by a security services provider. Providing SIEM as a cloud service raises privacy issues as logs contain confidential information that must not be disclosed to third parties. In this work, we investigate the possible use of homomorphic encryption to provide a privacy preserving log management architecture. We explain how SIEM can be adapted to treat encrypted logs. In addition, we evaluate the homomorphic classification of IDS alerts from NSL-KDD set with an SVM linear model.

Download

Paper Citation

in Harvard Style

Boudguiga A., Stan O., Sedjelmaci H. and Carpov S. (2020). Homomorphic Encryption at Work for Private Analysis of Security Logs. In Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-399-5, pages 515-523. DOI: 10.5220/0008969205150523

in Bibtex Style

@conference{icissp20,
author={Aymen Boudguiga and Oana Stan and Hichem Sedjelmaci and Sergiu Carpov},
title={Homomorphic Encryption at Work for Private Analysis of Security Logs},
booktitle={Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2020},
pages={515-523},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0008969205150523},
isbn={978-989-758-399-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Homomorphic Encryption at Work for Private Analysis of Security Logs
SN - 978-989-758-399-5
AU - Boudguiga A.
AU - Stan O.
AU - Sedjelmaci H.
AU - Carpov S.
PY - 2020
SP - 515
EP - 523
DO - 10.5220/0008969205150523