On Pseudonymization of Audit Data for Intrusion Detection

  • Joachim Biskup
  • Ulrich Flegel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2009)


In multilaterally secure intrusion detection systems (IDS) anonymity and accountability are potentially conflicting requirements. Since IDS rely on audit data to detect violations of security policy, we can balance above requirements by pseudonymization of audit data, as a form of reversible anonymization. We discuss previous work in this area and underlying trust models. Instead of relying on mechanisms external to the system, or under the control of potential adversaries, in our proposal we technically bind reidentification to a threshold, representing the legal purpose of accountability in the presence of policy violations. Also, we contrast our notion of threshold-based identity recovery with previous approaches and point out open problems.


Access Control Intrusion Detection Anomaly Detection Intrusion Detection System Attack Scenario 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Birgit Pfitzmann, Michael Waidner, and Andreas Pfitzmann. Rechtssicherheit trotz Anonymität in offenen digitalen Systemen (in German). Datenschutz und Datensicherheit, 14(5–6):243–253, 305–315, 1990.Google Scholar
  2. 2.
    Kai Rannenberg, Andreas Pfitzmann, and Günther Müller. IT security and multilateral security. In Müller and Rannenberg [27], pages 21–29.Google Scholar
  3. 3.
    Joachim Biskup and Ulrich Flegel. Transaction-based pseudonyms in audit data for privacy respecting intrusion detection. In Hervé Debar, Ludovic Mé, and S. Felix Wu, editors, Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection (RAID 2000), number 1907 in LNCS, pages 28–48, Toulouse, France, October 2000. Springer.CrossRefGoogle Scholar
  4. 4.
    Directive 95/46/EC of the European Parliament and of the Council of 24 october 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal L 281, October 1995.
  5. 5.
    Erster Senat des Bundesverfassungsgerichts. Urteil vom 15. Dezember 1983 zum Volkszählungsgesetz-1 BvR 209/83 u.a. (in German). Datenschutz und Datensicherung, 84(4):258–281, April 1984. Scholar
  6. 6.
    Michael Sobirey, Simone Fischer-Hübner, and Kai Rannenberg. Pseudonymous audit for privacy enhanced intrusion detection. In L. Yngström and J. Carlsen, editors, Proceedings of the IFIP TC11 13th International Conference on Information Security (SEC’97), pages 151–163, Copenhagen, Denmark, May 1997. IFIP, Chapman & Hall, London.Google Scholar
  7. 7.
    Emilie Lundin and Erland Jonsson. Privacy vs intrusion detection analysis. In Proceedings of the Second International Workshop on the Recent Advances in Intrusion Detection (RAID’99), West Lafayette, Indiana, September 1999. Purdue University, CERIAS.Google Scholar
  8. 8.
    Emilie Lundin and Erland Jonsson. Some practical and fundamental problems with anomaly detection. In Proceedings of NORDSEC’99, Kista Science Park, Sweden, November 1999.Google Scholar
  9. 9.
    Simone Fischer-Hübner and Klaus Brunnstein. Opportunities and risks of intrusion detection expert systems. In Proceedings of the International IFIP-GI-Conference Opportunities and Risks of Artificial Intelligence Systems ORAIS’89, Hamburg, Germany, July 1989. IFIP.Google Scholar
  10. 10.
    Simone Fischer-Hübner. IDA ( I ntrusion D etection and A voidance System): Eineinbruchsentdeckendes und einbruchsvermeidendes System (in German). Informatik. Shaker, 1993.Google Scholar
  11. 11.
    Michael Sobirey. Aktuelle Anforderungen an Intrusion Detection-Systeme und deren Berücksichtigung bei der Systemgestaltung von AID2 (in German). In Hans H. Brüggemann and Waltraud Gerhardt-Häckl, editors, Proceedings of Verlä\liche IT-Systeme, DuD-Fachbeiträge, pages 351–370, Rostock, Germany, April 1995. GI, Vieweg.Google Scholar
  12. 12.
    M. Sobirey, B. Richter, and H. König. The intrusion detection system AID-Architecture and experiences in automated audit trail analysis. In P. Horster, editor, Proceedings of the IFIP TC6/TC11 International Conference on Communications and Multimedia Security, pages 278–290, Essen, Germany, September 1996. IFIP, Chapman & Hall, London.Google Scholar
  13. 13.
    Michael Sobirey. Datenschutzorientiertes Intrusion Detection (in German). DuD-Fachbeiträge. Vieweg, 1999.Google Scholar
  14. 14.
    Michael Meier and Thomas Holz. Sicheres Schlüsselmanagement für verteilte Intrusion-Detection-Systeme (in German). In Patrick Horster, editor, Systemsicherheit, DuD-Fachbeiträge, pages 275–286, Bremen, Germany, March 2000. GI-2.5.3, ITG-6.2, ÖCG/ACS, TeleTrusT, Vieweg.Google Scholar
  15. 15.
    Emilie Lundin and Erland Jonsson. Anomaly-based intrusion detection: privacy concerns and other problems. Computer Networks, 34(4):623–640, October 2000.CrossRefGoogle Scholar
  16. 16.
    Roland Büschkes and Dogan Kesdogan. Privacy enhanced intrusion detection. In Müller and Rannenberg [27], pages 187–204.Google Scholar
  17. 17.
    David Chaum. Untraceable electronic mail, return addresses, and digital signatures. Communications of the ACM, 24(2):84–88, February 1981.CrossRefGoogle Scholar
  18. 18.
    D. Kesdogan, R. Büschkes, and J. Egner. Stop-and-go-mixes providing probabilistic anonymity in an open system. In Proceedings of the 2nd Workshop on Information Hiding (IHW’98), number 1525 in LNCS, pages 83–98. Springer, 1998.CrossRefGoogle Scholar
  19. 19.
    Teresa F. Lunt, R. Jagannathan, Rosanna Lee, Sherry Listgarten, David L. Edwards, Peter G. Neumann, Harold S. Javitz, and Al Valdes. IDES: The enhanced prototype, a real-time intrusion-detection expert system. Technical Report SRI-CSL-88-12, SRI Project 4185–010, Computer Science Laboratory SRI International, 1988.Google Scholar
  20. 20.
    Joe Kilian and Erez Petrank. Identity escrow. In Proceedings of the Conference on Advances in Cryptology (CRYPTO’98), pages 196–185, 1998.Google Scholar
  21. 21.
    Dan Boneh and Matt Franklin. Anonymous authentication with subset queries. In Proceedings of the 6th ACM Conference on Computer and Communications Security, pages 113–119, Kent Ridge Digital Labs, Singapore, November 1999. ACM SIGSAC, ACM Press.Google Scholar
  22. 22.
    Yuen-Yan Chan. On privacy issues of internet access services via proxy servers. In Rainer Baumgart, editor, Secure Networking-CQRE[Secure]’99, number 1740 in LNCS, pages 183–191, Düsseldorf, Germany, November 1999. secunet, Springer.CrossRefGoogle Scholar
  23. 23.
    David Chaum, Amos Fiat, and Moni Naor. Untraceable electronic cash. In S. Goldwasser, editor, Proceedings of the Conference on Advances in Cryptology (CRYPTO’88), LNCS, pages 319–327, Santa Barbara, CA, August 1988. Springer.Google Scholar
  24. 24.
    National Computer Security Center. US DoD Standard: Department of Defense Trusted Computer System Evaluation Criteria. DOD 5200.28-STD, Supercedes CSC-STD-001-83, dtd 15 Aug 83, Library No. S225,711, December 1985.
  25. 25.
    National Computer Security Center. Audit in trusted systems. NCSC-TG-001, Library No. S-228,470, July 1987.
  26. 26.
    Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone. Handbook of Applied Cryptography. Discrete Mathematics and its Applications. CRC Press, Inc., Boca Raton, Florida, 1997.Google Scholar
  27. 27.
    Günter Müller and Kai Rannenberg, editors. Multilateral Security in Communications. Information Security. Addison Wesley, first edition, 1999.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Joachim Biskup
    • 1
  • Ulrich Flegel
    • 1
  1. 1.University of DortmundDortmundGermany

Personalised recommendations