Cyber-security attacks are becoming more frequent and more severe day by day. To detect the execution of such attacks, organizations install intrusion detection systems. It would be beneficial for such organizations to collaborate, to better assess the severity and the importance of each detected attack. On the other hand, it is very difficult for them to exchange data, such as network traffic or intrusion detection alerts, due to privacy reasons. A privacy-preserving collaboration system for attack detection is proposed in this paper. Specifically, homomorphic encryption is used to perform alerts clustering at an inter-organizational level, with the use of an honest but curious trusted third party. Results have shown that privacy-preserving clustering of intrusion detection alerts is feasible, with a tolerable performance overhead.

网络安全攻击正变得越来越频繁，越来越严重。为了检测此类攻击的执行情况，组织安装了入侵检测系统。这样的组织进行协作，更好地评估每个检测到的攻击的严重性和重要性将是有益的。另一方面，由于隐私原因，它们很难交换数据，例如网络流量或入侵检测警报。本文提出了一种用于攻击检测的保护隐私的协作系统。具体而言，同态加密用于通过诚实但好奇的可信任第三方在组织间级别执行警报群集。结果表明，入侵检测警报的保护隐私的群集是可行的，并且具有可容忍的性能开销。