Privacy-Respecting Intrusion Detection (Advances in Information Security)

With our society's growing dependency on information technology systems (IT), the issue of IT Security becomes increasingly important. IT security cannot be achieved by means of preventive safeguards alone. To properly respond to misuse or abusive activity in IT systems, one needs to establish the capability to detect and understand improper activity. Intrusion Detection Systems (IDSs) observe activity occurring in the IT system, record these observations in audit data, and analyze the collected audit data in order to detect misuse.

The collection and processing of audit data for misuse detection conflicts with the expectation and the rights of the system users regarding their privacy. A viable solution is replacing personal data with pseudonyms in audit data.