{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T19:04:40Z","timestamp":1754161480432,"version":"3.41.2"},"reference-count":25,"publisher":"Emerald","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2005,2,1]]},"abstract":"\n Purpose<\/jats:title>\n The goal of our work is to discuss the fundamental issues of privacy and anomaly-based intrusion detection systems (IDS) and to design an efficient anomaly-based intrusion IDS architecture where users' privacy is maintained.<\/jats:p>\n <\/jats:sec>\n \n Design\/methodology\/approach<\/jats:title>\n In this work, any information that can link intrusion detection activity to a user is encrypted so as to pseudonyze the sensitive information. A database of encrypted information would then be created which becomes the source database for the IDS. The design makes use of dynamic key generation algorithm that generates key randomly when an intrusion is detected. The keys are only released when an intrusion occurs and immediately swapped to protect harm access to the mapping database.<\/jats:p>\n <\/jats:sec>\n \n Findings<\/jats:title>\n The result after testing the new privacy maintained IDS architecture on an application package shows greater improvement over the ordinary IDSs. Privacy complaints reduced considerably from between 8 and 16 per week to about 1-2.<\/jats:p>\n <\/jats:sec>\n \n Research limitations\/implications<\/jats:title>\n We only tested the new privacy maintained IDS on a package, it would also be interesting to test the design on some other systems. There is a possibility that time to detection would increase because of the encryption\/decryption part of the new design. All the same, we have designed an IDS architecture where privacy of users on the systems is guaranteed.<\/jats:p>\n <\/jats:sec>\n \n Practical implications<\/jats:title>\n This work provides a background for researchers in IDS and it requires further improvements and extensions.<\/jats:p>\n <\/jats:sec>\n \n Originality\/value<\/jats:title>\n The work shows that it is possible to design an IDS architecture for maintaining privacy of users on the network. The result shows the originality of the new design.<\/jats:p>\n <\/jats:sec>","DOI":"10.1108\/09685220510582683","type":"journal-article","created":{"date-parts":[[2005,3,21]],"date-time":"2005-03-21T18:44:32Z","timestamp":1111430672000},"page":"72-80","source":"Crossref","is-referenced-by-count":1,"title":["Maintaining privacy in anomaly-based intrusion detection systems"],"prefix":"10.1108","volume":"13","author":[{"given":"A.S.","family":"Sodiya","sequence":"first","affiliation":[{"name":"Department of Mathematical Sciences, University of Agriculture, Abeokuta, Ogun State, Nigeria"}]},{"given":"H.O.D.","family":"Longe","sequence":"additional","affiliation":[{"name":"Department of Computer Sciences, University of Lagos, Lagos, Nigeria"}]},{"given":"A.T.","family":"Akinwale","sequence":"additional","affiliation":[{"name":"Department of Mathematical Sciences, University of Agriculture, Abeokuta, Ogun State, Nigeria"}]}],"member":"140","reference":[{"key":"2025072819442397800_b1","unstructured":"Anderson, J.P.\n (1980), \u201cComputer security threat monitoring and surveillance\u201d, Technical Report Contract 79F26400, James P. Anderson Co., Box 42, Fort Washington, PA."},{"key":"2025072819442397800_b2","doi-asserted-by":"crossref","unstructured":"Debar, H.\n , Becker, M. and Siboni, D. (1992), \u201cA neural network component for an intrusion detection system\u201d, Proceedings of the IEEE Symposium on Research in Computer Security and Privacy, Oakland, CA, pp. 240-50.","DOI":"10.1109\/RISP.1992.213257"},{"issue":"2","key":"2025072819442397800_b3","doi-asserted-by":"crossref","first-page":"222","DOI":"10.1109\/TSE.1987.232894","article-title":"An intrusion-detection model","volume":"SE-13","author":"Denning","year":"1987","journal-title":"IEEE Transactions on Software Engineering"},{"key":"2025072819442397800_b5","doi-asserted-by":"crossref","unstructured":"Forrest, S.\n , Hofmeyr, S.A., Somayaji, A. and Longstaff, T.A. (1996), \u201cA sense of self for Unix processes\u201d, Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, pp. 120-8.","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"2025072819442397800_b8","unstructured":"Javitz, H.S.\n and Valdes, A. (1994), \u201cThe NIDES statistical component: description and justification\u201d, Technical Report, SRI Computer Science Laboratory, Menlo Park, available at: www.sdl.sri.com\/nides\/index5.html."},{"key":"2025072819442397800_b12","unstructured":"Lane, T.\n and Brodley, C. (1997), \u201cAn application of machine learning to anomaly detection\u201d, Proceedings of the 20th National Information Systems Security Conference, pp. 366-77."},{"key":"2025072819442397800_b13","unstructured":"Lee, W.\n , Stolfo, S.J., Chan, P.K., Wofan, E.E., Miller, M., Hershkop, S. and Zhang, J. (2001), \u201cReal time data mining-based intrusion detection\u201d, available at: www.cs.columbia.edu\/ids.2001."},{"key":"2025072819442397800_b14","doi-asserted-by":"crossref","unstructured":"Lundin, E.\n and Jonsson, E. (1999), \u201cAnomaly based intrusion detection \u2013 privacy concerns and other problems\u201d, Technical report of Department of Computer Engineering, Chalmers University of Technology, Goteborg.","DOI":"10.1016\/S1389-1286(00)00134-1"},{"key":"2025072819442397800_b15","unstructured":"Lundin, E.\n and Jonsson, E. (2002), \u201cSurvey of intrusion detection research\u201d, Technical Report No 02-04 of Department of Computer Engineering, Chalmers University of Technology, Goteborg."},{"key":"2025072819442397800_b16","unstructured":"Lunt, T.F.\n (1993), \u201cDetecting intruders in computer systems\u201d, paper presented at the Conference on Auditing and Computer Technology, 1993, available at: www.sdl.sri.com\/nides\/index5.html."},{"key":"2025072819442397800_b17","unstructured":"Martinez, S.\n (2001), \u201cBugs dynamic cryptography algorithm\u201d, available at: http:\/\/bcrypt.com\/English\/info\/doc\/bugs\/."},{"key":"2025072819442397800_b19","unstructured":"Paxon, V.\n (1998), \u201cBro: a system for detecting network intruders in real-time\u201d, Proceedings of the Seventh USENIX Security Symposium, San Antonio, TX, pp. 31-51."},{"key":"2025072819442397800_b21","doi-asserted-by":"crossref","unstructured":"Smaha, S.E.\n (1988), \u201cHaystack: an intrusion detection system\u201d, paper presented at the Fourth Aerospace Computer Security Applications Conference (IEEE CatNo. CH2619-5), Vol. xii+440, pp. 37-44, .","DOI":"10.1109\/ACSAC.1988.113412"},{"key":"2025072819442397800_b22","doi-asserted-by":"crossref","unstructured":"Sobirey, M.\n , Fischer-Hubner, S. and Rannenberg, K. (1998), \u201cPseudonymous audit for privacy enhanced intrusion detection\u201d, Proceedings of the IFIP TC11 13th International Conference on Information Security (SEC' 97), Copenhagen, IFIP, Chapman & Hall, pp. 151-63.","DOI":"10.1007\/978-0-387-35259-6_13"},{"key":"2025072819442397800_b23","doi-asserted-by":"crossref","unstructured":"Vaccaro, H.S.\n and Liepins, G.E. (1989), \u201cDetecting of anomalous computer session activity\u201d, paper presented at the 1989 IEEE Symposium on Security and Privacy, Oakland, pp. 280-9.","DOI":"10.1109\/SECPRI.1989.36302"},{"key":"2025072819442397800_b24","doi-asserted-by":"crossref","unstructured":"Valdes, A.\n and Skinner, K. (2000), \u201cAdaptive, model-based monitoring for cyber attack detection\u201d, paper presented at the Conference on Recent Advances in Intrusion Detection (RAID 2000), Toulose.","DOI":"10.1007\/3-540-39945-3_6"},{"key":"2025072819442397800_b25","doi-asserted-by":"crossref","unstructured":"Warrender, C.\n , Forrest, S. and Pearlmutter, B. (1999), \u201cDetecting intrusions using system calls: alternative data models\u201d, Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA, pp. 133-45.","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"2025072819442397800_frd1","unstructured":"Fawcett, T.\n and Provost, F. (1997), \u201cCombining data mining and machine learning for effective user profiling\u201d, Proceedings of the 1997 Conference on Knowledge Discovery and Data Missing (KDD-97)."},{"key":"2025072819442397800_frd2","doi-asserted-by":"crossref","unstructured":"Ghosh, A.K.\n , Wanken, J. and Charron, F. (1998), \u201cDetecting anomalous and unknown intrusion against programs\u201d, Reliable Software Technologies, available at: www.rstlotp.com..","DOI":"10.21236\/ADA329518"},{"key":"2025072819442397800_frd3","unstructured":"Hedbom, H.\n , Lindskog, S. and Jonsson, E. (2001), \u201cRisks and dangers of security extensions\u201d, Proceedings of Security and Control of IT in Society-II (IFIP SCITS-II), Bratislava, pp. 231-48."},{"key":"2025072819442397800_frd4","unstructured":"Kendall, K.\n , (1999), \u201cA database of computer attacks for the evaluation of intrusion detection systems\u201d, Master's thesis, MIT\u2008Reading, MA."},{"key":"2025072819442397800_frd5","unstructured":"Ko, C.\n , Ruschitzka, M. and Levitt, K. (1997), \u201cExecution monitoring of security-critical programs in distributed systems: a specification based approach\u201d, Proceedings of the 1997 IEEE Symposium on Security and Privacy, Oakland, CA."},{"key":"2025072819442397800_frd6","unstructured":"Kumar, S.\n , (1995) \u201cClassification and detection of computer intrusions\u201c, PhD thesis, Purdue University\u2008West Lafayette, IN."},{"key":"2025072819442397800_frd7","unstructured":"Martino, S.\n (1999), \u201cA mobile agent approach for intrusion detection\u201d, Joint Research Centre-Institute for Systems, Informatics and Safety."},{"key":"2025072819442397800_frd8","unstructured":"Ptacek, T.H.\n and Newsham, T.N. (1998), \u201cInsertion, evasion, and denial of service: eluding network intrusion detection\u201d, Technical Report, Secure Networks, Inc."}],"container-title":["Information Management & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/09685220510582683","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220510582683\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/ics\/article-pdf\/13\/1\/72\/1201619\/09685220510582683.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/www.emerald.com\/ics\/article-pdf\/13\/1\/72\/1201619\/09685220510582683.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,28]],"date-time":"2025-07-28T23:44:38Z","timestamp":1753746278000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.emerald.com\/ics\/article\/13\/1\/72\/176736\/Maintaining-privacy-in-anomaly-based-intrusion"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005,2,1]]},"references-count":25,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2005,2,1]]}},"URL":"https:\/\/doi.org\/10.1108\/09685220510582683","relation":{},"ISSN":["0968-5227","1758-5805"],"issn-type":[{"type":"print","value":"0968-5227"},{"type":"electronic","value":"1758-5805"}],"subject":[],"published":{"date-parts":[[2005,2,1]]}}}