Comparison of methods of privacy-preserving classification based on machine learning algorithms for intrusion detection

Official URL: https://risc01.sabanciuniv.edu/record=b2766865_(Table of contents)

As cyberattacks have become more prevalent and sophisticated, designing and developing intrusion detection systems (IDS) has turned out to be an increasingly challenging task. Machine learning-based intrusion detection systems offer a solution for fast, adaptable and accurate detection of intrusion incidents. However, depending on who is evaluating the classifier, this requires the IDS provider and the user to share the confidential network data and the evaluation model, putting both parties at risk of privacy violations. The homomorphic encryption technique proposes a solution to overcome such privacy issues, by allowing manipulation of encrypted data without requiring a decryption key. Using this technique, the parties may encrypt their private input (e.g., network data or evaluation model) before sharing it with an untrusted party for evaluation. As the homomorphic encryption technique may impose a prohibitively high computational overhead, the homomorphically executed classifiers must be designed to retain the detection abilities of the actual classifiers while minimizing the total computation overhead and multiplicative depth of the circuit that implements the classifiers. This thesis compares the performance of different machine learning-based classifiers for network intrusion detection and also evaluates different encryption scenarios. The overall detection accuracy, time performance, and security and privacy concerns of different implementations are assessed and discussed.