TY - GEN
T1 - SigML
T2 - 7th International Symposium on Cyber Security, Cryptology, and Machine Learning, CSCML 2023
AU - Trivedi, Devharsh
AU - Boudguiga, Aymen
AU - Triandopoulos, Nikos
N1 - Publisher Copyright:
© 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2023
Y1 - 2023
N2 - Security (and Audit) log collection and storage is a crucial process for enterprises around the globe. Log analysis helps identify potential security breaches and, in some cases, is required by law for compliance. However, enterprises often delegate these responsibilities to a third-party cloud service provider, where the logs are collected and processed for anomaly detection and stored in a cold data warehouse for archiving. Prevalent schemes rely on plain (unencrypted) data for log anomaly detection. More often, these logs can reveal much sensitive information about an organization or the customers of that organization. Hence it is in the best interest of everyone to keep it encrypted at all times. This paper proposes “SigML” utilizing Fully Homomorphic Encryption (FHE) with the Cheon-Kim-Kim-Song (CKKS) scheme for supervised log anomaly detection on encrypted data. We formulate a binary classification problem and propose a novel “Aggregate” configuration using the Sigmoid function for resource-strained (wireless sensors or IoT) devices to reduce communication and computation requirements by a factor of n, where n is the number of ciphertexts received by the clients. We further approximate the Sigmoid activation function (σ(x) ) with first, third, and fifth-order polynomials in the encrypted domain and evaluate the supervised models with NSL-KDD and HDFS datasets in terms of performance metrics and computation time.
AB - Security (and Audit) log collection and storage is a crucial process for enterprises around the globe. Log analysis helps identify potential security breaches and, in some cases, is required by law for compliance. However, enterprises often delegate these responsibilities to a third-party cloud service provider, where the logs are collected and processed for anomaly detection and stored in a cold data warehouse for archiving. Prevalent schemes rely on plain (unencrypted) data for log anomaly detection. More often, these logs can reveal much sensitive information about an organization or the customers of that organization. Hence it is in the best interest of everyone to keep it encrypted at all times. This paper proposes “SigML” utilizing Fully Homomorphic Encryption (FHE) with the Cheon-Kim-Kim-Song (CKKS) scheme for supervised log anomaly detection on encrypted data. We formulate a binary classification problem and propose a novel “Aggregate” configuration using the Sigmoid function for resource-strained (wireless sensors or IoT) devices to reduce communication and computation requirements by a factor of n, where n is the number of ciphertexts received by the clients. We further approximate the Sigmoid activation function (σ(x) ) with first, third, and fifth-order polynomials in the encrypted domain and evaluate the supervised models with NSL-KDD and HDFS datasets in terms of performance metrics and computation time.
KW - Fully Homomorphic Encryption
KW - Log Anomaly Detection
KW - Sigmoid Function Approximation
KW - Supervised Machine Learning
UR - http://www.scopus.com/inward/record.url?scp=85164931115&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85164931115&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-34671-2_26
DO - 10.1007/978-3-031-34671-2_26
M3 - Conference contribution
AN - SCOPUS:85164931115
SN - 9783031346705
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 372
EP - 388
BT - Cyber Security, Cryptology, and Machine Learning - 7th International Symposium, CSCML 2023, Proceedings
A2 - Dolev, Shlomi
A2 - Gudes, Ehud
A2 - Paillier, Pascal
Y2 - 29 June 2023 through 30 June 2023
ER -