Homomorphic Encryption atWork for Private Analysis of Security Logs

One important component of incident handling in cyber-security is log management. In practice, different software and/or hardware components of a system such as Intrusion Detection Systems (IDS) or firewalls analyze network traffic and log suspicious events or activities. These logs are timestamped, gathered by a log collector and centralized within a log analyzer. Security Incidents and Events Management (SIEM) system is an example of a such log analysis tool. SIEM can be a dedicated network device or a Cloud service offered by a security services provider. Providing SIEM as a cloud service raises privacy issues as logs contain confidential information that must not be disclosed to third parties. In this work, we investigate the possible use of homomorphic encryption to provide a privacy preserving log management architecture. We explain how SIEM can be adapted to treat encrypted logs. In addition, we evaluate the homomorphic classification of IDS alerts from NSL-KDD set with an SVM linear model.