Anonymising security event logs to protect against privacy identification attacks while maintaining utility

Thumbnail Image

Date

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

Many small to medium organisations outsource their security services such as monitoring services and incident response. Therefore, their managed security service providers (MSSPs) handle very sensitive or private data about their employees and clients. Moreover, security monitoring systems such as Intrusion Detection Systems (IDS) logs some personally identifiable information that could lead to privacy consequences if not handled properly. This research provides an approach to protect against such privacy identification attacks that may result by using these systems and outsourcing security services. It will study how to apply robust anonymisation techniques while maintaining the ability to analyse malicious behaviour and attacks. Therefore, it will address the utility/analysis trade-off. The dissertation is focused on analysing spear phishing attacks by collecting end-point logs such as Sysmon event logs. The study uses the Elasticsearch, Logstash, and Kibana for anonymising and as a Security Information Event Management (SIEM) solution. Moreover, the analysis will show how the proposed technique has succeeded in providing answers to the analysis phase and maintained the utility of the data as well as protecting privacy by the use of keyhashed functions.

Description

Keywords

Citation

Endorsement

Review

Supplemented By

Referenced By

Copyright owned by the Saudi Digital Library (SDL) © 2025