research-article

Differential privacy for collaborative security

Authors:

Andreas Haeberlen,

Benjamin C. Pierce,

Jonathan M. SmithAuthors Info & Claims

EUROSEC '10: Proceedings of the Third European Workshop on System Security

Pages 1 - 7

https://doi.org/10.1145/1752046.1752047

Published: 13 April 2010 Publication History

Abstract

Fighting global security threats with only a local view is inherently difficult. Internet network operators need to fight global phenomena such as botnets, but they are hampered by the fact that operators can observe only the traffic in their local domains. We propose a collaborative approach to this problem, in which operators share aggregate information about the traffic in their respective domains through an automated query mechanism. We argue that existing work on differential privacy and type systems can be leveraged to build a programmable query mechanism that can express a wide range of queries while limiting what can be learned about individual customers. We report on our progress towards building such a mechanism, and we discuss opportunities and challenges of the collaborative security approach.

References

[1]

P. Bächer, T. Holz, M. Kötter, and G. Wicherski. Know your enemy: Tracking botnets, 2005. http://honeynet.org/papers/bots.

[2]

J. R. Binkley. An algorithm for anomaly-based botnet detection. In Proceedings of the 2nd Conference on Steps to Reducing Unwanted Traffic on the Internet (SRUTI), pages 43--48, July 2006.

Digital Library

[3]

A. Blum, C. Dwork, F. McSherry, and K. Nissim. Practical privacy: the SuLQ framework. In Proceedings of the 24th ACM Symposium on Principles of Database Systems (PODS), pages 128--138, June 2005.

Digital Library

[4]

A. Blum, K. Ligett, and A. Roth. A learning theory approach to non-interactive database privacy. In Proceedings of the 40th Annual ACM Symposium on Theory of Computing (STOC), pages 609--618, May 2008.

Digital Library

[5]

S. Chaudhuri, S. Gulwani, and R. Lublinerman. Continuity analysis of programs. ACM SIGPLAN Notices, 45(1):57--70, 2010.

Digital Library

[6]

C.-M. Cheng, H. T. Kung, and K.-S. Tan. Use of spectral analysis in defense against DoS attacks. In Proceedings of IEEE GLOBECOM, volume 3, pages 2143--2148, 2002.

[7]

E. Cooke, F. Jahanian, and D. McPherson. The zombie roundup: Understanding, detecting, and disrupting botnets. In Proceedings of the Conference on Steps to Reducing Unwanted Traffic on the Internet (SRUTI), July 2005.

Digital Library

[8]

C. Dwork. Differential privacy. In Proceedings of the 33rd International Colloquium on Automata, Languages and Programming (ICALP), 2006.

Digital Library

[9]

C. Dwork. Differential privacy: A survey of results. In Proceedings of the International Conference on Theory and Applications of Models of Computation (TAMC), Apr. 2008. Invited paper.

Digital Library

[10]

C. Dwork. The differential privacy frontier (extended abstract). In Theory of Cryptography, Lecture Notes in Computer Science, chapter 29, pages 496--502. Springer, 2009.

Digital Library

[11]

C. Dwork and J. Lei. Differential privacy and robust statistics. In Proceedings of the 41st Annual ACM Symposium on Theory of Computing (STOC), pages 371--380, 2009.

Digital Library

[12]

C. Dwork, F. McSherry, K. Nissim, and A. Smith. Calibrating noise to sensitivity in private data analysis. In Proceedings of the 3rd Theory of Cryptography Conference (TCC), 2006.

Digital Library

[13]

J. Goebel and T. Holz. Rishi: Identify bot contaminated host by IRC nickname evaluation. In Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots), April 2007.

Digital Library

[14]

G. Gu, R. Perdisci, J. Zhang, and W. Lee. Botminer: Clustering analysis of network traffic for protocol- and structure-independent botnet detection. In Proceedings of the 17th USENIX Security Symposium, July 2008.

Digital Library

[15]

G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee. Bothunter: Detecting malware infection through IDS-driven dialog crrelation. In Proceedings of the 16th USENIX Security Symposium, Aug. 2007.

Digital Library

[16]

G. Gu, J. Zhang, and W. Lee. Botsniffer: Detecting botnet command and control channels in network traffic. In Proceedings of the Network and Distributed System Security Symposium (NDSS), February 2008.

[17]

A. Gupta, K. Ligett, F. McSherry, A. Roth, and K. Talwar. Differentially private combinatorial optimization, Nov 2009. http://arxiv.org/abs/0903.4510.

[18]

T. Holz, C. Gorecki, K. Rieck, and F. C. Freiling. Measuring and detecting fast-flux service networks. In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2008.

[19]

J. Ioannidis and S. Bellovin. Implementing pushback: Router-based defense against DDoS attacks. In Proceedings of the Network and Distributed System Security Symposium (NDSS), volume 2, Feb. 2002.

[20]

C. Kanich, C. Kreibich, K. Levchenko, B. Enright, G. M. Voelker, V. Paxson, and S. Savage. Spamalytics: an empirical analysis of spam marketing conversion. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), pages 3--14, Oct. 2008.

Digital Library

[21]

A. Karasardis, B. Rexroad, and D. Hoeflin. Wide-scale botnet detection and characterization. In Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots), 2007.

Digital Library

[22]

S. P. Kasiviswanathan, H. K. Lee, K. Nissim, S. Raskhodnikova, and A. Smith. What can we learn privately? In Proceedings of the 49th Annual IEEE Symposium on Foundations of Computer Science (FOCS), pages 531--540, October 2008.

Digital Library

[23]

C. Livads, R. Walsh, D. Lapsley, and W. Strayer. Using machine learning techniques to identify botnet traffic. In 2nd IEEE LCN Workshop on Network Security (WNS '06), Nov. 2006.

[24]

F. McSherry and K. Talwar. Mechanism design via differential privacy. In Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS), pages 94--103, Oct. 2007.

Digital Library

[25]

F. D. McSherry. Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In Proceedings of the ACM International Conference on Management of Data (SIGMOD), pages 19--30, 2009.

Digital Library

[26]

D. Moore, G. M. Voelker, and S. Savage. Inferring internet denial-of-service activity. In Proceedings of the 10th USENIX Security Symposium, 2001.

Digital Library

[27]

A. Narayanan and V. Shmatikov. Robust de-anonymization of large sparse datasets. In Proceedings of the IEEE Symposium on Security and Privacy (S&P), 2008.

Digital Library

[28]

K. Nissim, S. Raskhodnikova, and A. Smith. Smooth sensitivity and sampling in private data analysis. In Proceedings of the 39th Annual ACM Symposium on Theory of Computing (STOC), pages 75--84, 2007.

Digital Library

[29]

A. Roth and T. Roughgarden. The Median Mechanism: Interactive and efficient privacy with multiple queries. To appear in: Proceedings of the 42nd Annual ACM Symposium on Theory of Computing (STOC). Preprint available as arXiv:0911.1813v1.

[30]

B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, and G. Vigna. Your botnet is my botnet: analysis of a botnet takeover. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), pages 635--647, 2009.

Digital Library

[31]

T. Yen and M. K. Reiter. Traffic aggregation for malware detection. In Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, volume 5137, pages 207--227. LNCS Springer Berlin / Heidelberg, 2008.

Digital Library

Cited By

Mireshghallah FTaram MRamrakhyani PJalali ATullsen DEsmaeilzadeh HLarus JCeze LStrauss K(2020)ShredderProceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3373376.3378522(3-18)Online publication date: 9-Mar-2020
https://dl.acm.org/doi/10.1145/3373376.3378522
Xing JWu WChen A(2019)Architecting Programmable Data Plane Defenses into the Network with FastFlexProceedings of the 18th ACM Workshop on Hot Topics in Networks10.1145/3365609.3365860(161-169)Online publication date: 13-Nov-2019
https://dl.acm.org/doi/10.1145/3365609.3365860
Jin RHe XDai H(2019)On the Security-Privacy Tradeoff in Collaborative Security: A Quantitative Information Flow Game PerspectiveIEEE Transactions on Information Forensics and Security10.1109/TIFS.2019.291435814:12(3273-3286)Online publication date: Dec-2019
https://doi.org/10.1109/TIFS.2019.2914358
Show More Cited By

Index Terms

Differential privacy for collaborative security
1. Security and privacy
  1. Systems security
    1. Operating systems security
2. Social and professional topics
  1. Computing / technology policy

Recommendations

Collaborative Security: A Survey and Taxonomy

Security is oftentimes centrally managed. An alternative trend of using collaboration in order to improve security has gained momentum over the past few years. Collaborative security is an abstract concept that applies to a wide variety of systems and ...
Collaborative device-level botnet detection for internet of things
Highlights
- A review of the state-of-the-art device-level intrusion detection approaches.
- A detailed analysis of existing botnet datasets and their features to support evaluation of IDS.
- A novel trustworthy botnet detection framework for ...
Abstract
Cyber attacks on the Internet of Things (IoT) have seen a significant increase in recent years. This is primarily due to the widespread adoption and prevalence of IoT within domestic and critical national infrastructures, as well as inherent ...
Mobile Security: Finally a Serious Problem?

The growing popularity of wireless technology may have finally attracted enough hackers to make the potential for serious security threats a reality.

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

EUROSEC '10: Proceedings of the Third European Workshop on System Security

April 2010

51 pages

ISBN:9781450300599

DOI:10.1145/1752046

Program Chairs:
Manuel Costa
Microsoft Research
,
Engin Kirda
Eurecom Institute

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 April 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Office of Naval Research

Conference

EuroSys '10

Sponsor:

SIGOPS

EuroSys '10: Fifth EuroSys Conference 2010

April 13, 2010

Paris, France

Acceptance Rates

Overall Acceptance Rate 47 of 113 submissions, 42%

Upcoming Conference

EuroSys '25

Sponsor:
sigops

Twentieth European Conference on Computer Systems

March 30 - April 3, 2025

Rotterdam , Netherlands

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
602
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Mireshghallah FTaram MRamrakhyani PJalali ATullsen DEsmaeilzadeh HLarus JCeze LStrauss K(2020)ShredderProceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3373376.3378522(3-18)Online publication date: 9-Mar-2020
https://dl.acm.org/doi/10.1145/3373376.3378522
Xing JWu WChen A(2019)Architecting Programmable Data Plane Defenses into the Network with FastFlexProceedings of the 18th ACM Workshop on Hot Topics in Networks10.1145/3365609.3365860(161-169)Online publication date: 13-Nov-2019
https://dl.acm.org/doi/10.1145/3365609.3365860
Jin RHe XDai H(2019)On the Security-Privacy Tradeoff in Collaborative Security: A Quantitative Information Flow Game PerspectiveIEEE Transactions on Information Forensics and Security10.1109/TIFS.2019.291435814:12(3273-3286)Online publication date: Dec-2019
https://doi.org/10.1109/TIFS.2019.2914358
Guo YZhang HZhang LFang LLi F(2018)Incentive Mechanism for Cooperative Intrusion Detection: An Evolutionary Game ApproachComputational Science – ICCS 201810.1007/978-3-319-93698-7_7(83-97)Online publication date: 12-Jun-2018
https://doi.org/10.1007/978-3-319-93698-7_7
Jin RHe XDai HDutta RNing P(2017)Towards Privacy-Aware Collaborative Security: A Game-Theoretic Approach2017 IEEE Symposium on Privacy-Aware Computing (PAC)10.1109/PAC.2017.32(72-83)Online publication date: Aug-2017
https://doi.org/10.1109/PAC.2017.32
Meng GXue YMahinthan CNarayanan ALiu YZhang JChen TChen XWang XHuang X(2016)MystiqueProceedings of the 11th ACM on Asia Conference on Computer and Communications Security10.1145/2897845.2897856(365-376)Online publication date: 30-May-2016
https://dl.acm.org/doi/10.1145/2897845.2897856
Meng GLiu YZhang JPokluda ABoutaba R(2015)Collaborative SecurityACM Computing Surveys10.1145/278573348:1(1-42)Online publication date: 22-Jul-2015
https://dl.acm.org/doi/10.1145/2785733
Kandappu TFriedman ASivaraman VBoreli R(2015)Privacy in Crowdsourced PlatformsPrivacy in a Digital, Networked World10.1007/978-3-319-08470-1_4(57-84)Online publication date: 14-Oct-2015
https://doi.org/10.1007/978-3-319-08470-1_4
Fredrikson MLantz EJha SLin SPage DRistenpart TFu K(2014)Privacy in pharmacogeneticsProceedings of the 23rd USENIX conference on Security Symposium10.5555/2671225.2671227(17-32)Online publication date: 20-Aug-2014
https://dl.acm.org/doi/10.5555/2671225.2671227
Al-Momin MCosmas J(2013)The Impact of Content Oriented Routing on OpenFlow Burst Switched Optical NetworksProceedings of the 2013 27th International Conference on Advanced Information Networking and Applications Workshops10.1109/WAINA.2013.139(965-970)Online publication date: 25-Mar-2013
https://dl.acm.org/doi/10.1109/WAINA.2013.139
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten