SigML: Supervised Log Anomaly with Fully Homomorphic Encryption

Devharsh Trivedi, Aymen Boudguiga, Nikos Triandopoulos

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Scopus citations

Abstract

Security (and Audit) log collection and storage is a crucial process for enterprises around the globe. Log analysis helps identify potential security breaches and, in some cases, is required by law for compliance. However, enterprises often delegate these responsibilities to a third-party cloud service provider, where the logs are collected and processed for anomaly detection and stored in a cold data warehouse for archiving. Prevalent schemes rely on plain (unencrypted) data for log anomaly detection. More often, these logs can reveal much sensitive information about an organization or the customers of that organization. Hence it is in the best interest of everyone to keep it encrypted at all times. This paper proposes “SigML” utilizing Fully Homomorphic Encryption (FHE) with the Cheon-Kim-Kim-Song (CKKS) scheme for supervised log anomaly detection on encrypted data. We formulate a binary classification problem and propose a novel “Aggregate” configuration using the Sigmoid function for resource-strained (wireless sensors or IoT) devices to reduce communication and computation requirements by a factor of n, where n is the number of ciphertexts received by the clients. We further approximate the Sigmoid activation function (σ(x) ) with first, third, and fifth-order polynomials in the encrypted domain and evaluate the supervised models with NSL-KDD and HDFS datasets in terms of performance metrics and computation time.

Original languageEnglish
Title of host publicationCyber Security, Cryptology, and Machine Learning - 7th International Symposium, CSCML 2023, Proceedings
EditorsShlomi Dolev, Ehud Gudes, Pascal Paillier
Pages372-388
Number of pages17
DOIs
StatePublished - 2023
Event7th International Symposium on Cyber Security, Cryptology, and Machine Learning, CSCML 2023 - Be'er Sheva, Israel
Duration: 29 Jun 202330 Jun 2023

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13914 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference7th International Symposium on Cyber Security, Cryptology, and Machine Learning, CSCML 2023
Country/TerritoryIsrael
CityBe'er Sheva
Period29/06/2330/06/23

Keywords

  • Fully Homomorphic Encryption
  • Log Anomaly Detection
  • Sigmoid Function Approximation
  • Supervised Machine Learning

Fingerprint

Dive into the research topics of 'SigML: Supervised Log Anomaly with Fully Homomorphic Encryption'. Together they form a unique fingerprint.

Cite this