Requirements of Information Reductions for Cooperating Intrusion Detection Agents

• Published in: Emerging Trends in Information and Communication Security pp. 466 - 480
• Main Authors: Flegel, Ulrich, Biskup, Joachim
• Format: Book Chapter Conference Proceeding
• Language: English
• Published: Berlin, Heidelberg Springer Berlin Heidelberg 2006; Springer
• Series: Lecture Notes in Computer Science
• Subjects: Analyze Agent; Applied sciences; Audit Data; Computer science; control theory; systems; Exact sciences and technology; Intrusion Detection; Memory and file management (including protection and security); Memory organisation. Data processing; Security Incident; Software; Source Agent; Information use; Private life; Confidentiality; Reduced order systems; Intruder detector; Computer security; User need; Intrusion detection systems; Data flow processing
• ISBN: 9783540346401; 3540346406
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/11766155_33

We consider cooperating intrusion detection agents that limit the cooperation information flow with a focus on privacy and confidentiality. Generalizing our previous work on privacy respecting intrusion detection for centralized systems we propose an extended functional model for information reductions that is used for cooperation between intrusion detection agents. The reductions have the following goals: detective effectiveness of cooperation alliances, privacy of honest individuals, further organizational confidentiality requirements, and efficiency. For the reductions we outline the basic requirements, and derive the specific requirements imposed by the cooperation methods used for intrusion detection. It is shown, how our existing solutions could be adapted and what restrictions apply.