survey

The Privacy Implications of Cyber Security Systems: A Technological Survey

Authors:
Eran Toch

Tel Aviv University, Tel Aviv, Israel

Tel Aviv University, Tel Aviv, Israel

0000-0001-6939-5870
View Profile

,
Claudio Bettini

University of Milan, Milano, Italy

University of Milan, Milano, Italy
View Profile

,
Erez Shmueli

Tel Aviv University, Tel Aviv, Israel

Tel Aviv University, Tel Aviv, Israel
View Profile

,
Laura Radaelli

Tel Aviv University, Tel Aviv, Israel

Tel Aviv University, Tel Aviv, Israel
View Profile

,
Andrea Lanzi

University of Milan, Milano, Italy

University of Milan, Milano, Italy
View Profile

,
Daniele Riboni

University of Cagliari, Cagliari, Italy

University of Cagliari, Cagliari, Italy
View Profile

,
Bruno Lepri

Fondazione Bruno Kessler, Trento, Italy

Fondazione Bruno Kessler, Trento, Italy
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 51 Issue 2Article No.: 36pp 1–27https://doi.org/10.1145/3172869

Published:20 February 2018Publication History

ACM Computing Surveys

Abstract

Cyber-security systems, which protect networks and computers against cyber attacks, are becoming common due to increasing threats and government regulation. At the same time, the enormous amount of data gathered by cyber-security systems poses a serious threat to the privacy of the people protected by those systems. To ground this threat, we survey common and novel cyber-security technologies and analyze them according to the potential for privacy invasion. We suggest a taxonomy for privacy risks assessment of information security technologies, based on the level of data exposure, the level of identification of individual users, the data sensitivity and the user control over the monitoring, and collection and analysis of the data. We discuss our results in light of the recent technological trends and suggest several new directions for making these mechanisms more privacy-aware.

References

Jagdish Prasad Achara, Gergely Acs, and Claude Castelluccia. 2015. On the unicity of smartphone applications. In Proceedings of the 14th ACM Workshop on Privacy in the Electronic Society. ACM, 27--36. Google ScholarDigital Library
Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou. 2017. Understanding the mirai botnet. In Proceedings of the 26th USENIX Security Symposium (USENIX Security’17). USENIX Association, Vancouver, BC, 1093--1110. Retrieved from https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis.Google Scholar
Italian Data Protection Authority. 2016. Processing of personal data of employees by e-mail and other work tools. Retrieved from http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/5408460.Google Scholar
Claudio Bettini and Daniele Riboni. 2015. Privacy protection in pervasive systems: State of the art and technical challenges. Pervas. Mobile Comput. 17 (2015), 159--174. Google ScholarDigital Library
Giuseppe Bianchi, Simone Teofili, and Matteo Pomposini. 2008. New directions in privacy-preserving anomaly detection for network traffic. In Proceedings of the 1st ACM Workshop on Network Data Anonymization. ACM, 11--18. Google ScholarDigital Library
Iker Burguera, Urko Zurutuza, and Simin Nadjm-Tehrani. 2011. Crowdroid: Behavior-based malware detection system for android. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM’11). ACM, 15--26. Google ScholarDigital Library
Martin Burkhart, Mario Strasser, Dilip Many, and Xenofontas Dimitropoulos. 2010. SEPIA: Privacy-preserving aggregation of multi-domain network events and statistics. Network 1 (2010), 101101.Google Scholar
Ismail Butun, Salvatore D. Morgera, and Ravi Sankar. 2014. A survey of intrusion detection systems in wireless sensor networks. IEEE Commun. Surveys Tutor. 16, 1 (2014), 266--282. 1553-877XGoogle ScholarCross Ref
Davide Canali, Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, and Engin Kirda. 2012. A quantitative study of accuracy in system call-based malware detection. In Proceedings of the 2012 International Symposium on Software Testing and Analysis (ISSTA’12). ACM, New York, NY, 122--132. Google ScholarDigital Library
James Cannady. 1998. Artificial neural networks for misuse detection. In Proceedings of the National Information Systems Security Conference. 368--81.Google Scholar
Checkpoint. 2017. Checkpoint security appliances. Retrieved from https://www.checkpoint.com/.Google Scholar
Jerry Cheng, Starsky H. Y. Wong, Hao Yang, and Songwu Lu. 2007. SmartSiren: Virus detection and alert for smartphones. In Proceedings of the 5th International Conference on Mobile Systems, Applications and Services. 258--271. Google ScholarDigital Library
Roger Clarke. 2009. Privacy impact assessment: Its origins and development. Comput. Law Secur. Rev. 25, 2 (2009), 123--135.Google ScholarCross Ref
Canada Privacy Commissioner. 2013. What an IP Address Can Reveal About You. Technical Report. Office of the Privacy Commissioner of Canada.Google Scholar
Andrea Continella, Michele Carminati, Mario Polino, Andrea Lanzi, Stefano Zanero, and Federico Maggi. 2017. Prometheus: Analyzing webinject-based information stealers. J. Comput. Secur. Preprint (2017), 1--21.Google Scholar
Scott E. Coull, Charles V. Wright, Fabian Monrose, Michael P. Collins, Michael K. Reiter et al. 2007. Playing devil’s advocate: Inferring sensitive information from anonymized network traces. In Proceedings of the Network and Distributed System Security Symposium (NDSS’07), Vol. 7. 35--47.Google Scholar
Stefano Cristalli, Mattia Pagnozzi, Mariano Graziano, Andrea Lanzi, and Davide Balzarotti. 2016. Micro-virtualization memory tracing to detect and prevent spraying attacks. In Proceedings of the 25th USENIX Security Symposium (USENIX Security’16). USENIX Association, Austin, TX, 431--446. Retrieved from https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/stefano.Google Scholar
Robert E. Crossler and France Bélanger. 2017. The mobile privacy-security knowledge gap model: Understanding behaviors. In Proceedings of the 50th Hawaii International Conference on System Sciences.Google Scholar
Jagan Mohan Reddy Danda and Chittaranjan Hota. 2016. Attack identification framework for IoT devices. In Information Systems Design and Intelligent Applications. Springer, 505--513.Google Scholar
M. de los Angeles Cosio Leon, Juan Ivan Nieto Hipolito, and Jesús Luna García. 2009. A security and privacy survey for WSN in e-health applications. In Proceedings of the Electronics, Robotics and Automotive Mechanics Conference (CERMA’09). IEEE, 125--130. Google ScholarDigital Library
Yves-Alexandre de Montjoye, César A. Hidalgo, Michel Verleysen, and Vincent D. Blondel. 2013. Unique in the crowd: The privacy bounds of human mobility. Sci. Rep. 3 (2013).Google Scholar
Yves-Alexandre de Montjoye, Laura Radaelli, Vivek Kumar Singh et al. 2015. Unique in the shopping mall: On the reidentifiability of credit card metadata. Science 347, 6221 (2015), 536--539.Google Scholar
Yvo Desmedt. 2011. Man-in-the-middle attack. In Encyclopedia of Cryptography and Security. Springer, 759--759.Google Scholar
Dotan Di Castro, Liane Lewin-Eytan, Yoelle Maarek, Ran Wolff, and Eyal Zohar. 2016. Enforcing k-anonymity in web mail auditing. In Proceedings of the 9th ACM International Conference on Web Search and Data Mining. ACM, 327--336. Google ScholarDigital Library
Cynthia Dwork. 2006. Differential privacy. In Proceedings of the 33rd International Colloquium on Automata, Languages and Programming (ICALP’06) (Lecture Notes in Computer Science), Vol. 4052. Springer, 1--12. Google ScholarDigital Library
Serge Egelman, Raghudeep Kannavara, and Richard Chow. 2015. Is this thing on?: Crowdsourcing privacy indicators for ubiquitous sensing platforms. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems. ACM, 1669--1678. Google ScholarDigital Library
William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. 2014. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32, 2 (2014), 5. Google ScholarDigital Library
Aristide Fattori, Andrea Lanzi, Davide Balzarotti, and Engin Kirda. 2015. Hypervisor-based malware protection with accessminer. Comput. Secur. 52 (2015), 33--50. Google ScholarDigital Library
Henry Hanping Feng, Oleg M. Kolesnikov, Prahlad Fogla, Wenke Lee, and Weibo Gong. 2003. Anomaly detection using call stack information. In Proceedings of the 2003 IEEE Symposium on Security and Privacy (SP’03). IEEE Computer Society, Washington, DC, 62--75. Google ScholarDigital Library
Diogo A. B. Fernandes, Liliana F. B. Soares, João V. Gomes, Mário M. Freire, and Pedro R. M. Inácio. 2014. Security issues in cloud environments: A survey. Int. J. Info. Secur. 13, 2 (2014), 113--170. Google ScholarDigital Library
Ian Fette, Norman Sadeh, and Anthony Tomasic. 2007. Learning to detect phishing emails. In Proceedings of the 16th International Conference on World Wide Web. ACM, 649--656. Google ScholarDigital Library
Pedro Garcia-Teodoro, J Diaz-Verdejo, Gabriel Maciá-Fernández, and Enrique Vázquez. 2009. Anomaly-based network intrusion detection: Techniques, systems and challenges. Comput. Secur. 28, 1 (2009), 18--28. Google ScholarDigital Library
Sharad Goel, J. M. Hofman, and M. Irmak Sirer. 2012. Who does what on the web: Studying web browsing behavior at scale. In Proceedings of the International Conference on Weblogs and Social Media. 130--137.Google Scholar
Mariano Graziano, Lorenzo Flore, Andrea Lanzi, and Davide Balzarotti. 2016. Subverting operating system properties through evolutionary DKOM attacks. In Proceedings of the 13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Vol. 9721 (DIMVA’16). Springer-Verlag New York, Inc., New York, NY, 3--24. Google ScholarDigital Library
Philip Gross, Janak Parekh, and Gail Kaiser. 2004. Secure selecticast for collaborative intrusion detection systems. In Proceedings of the 3rd International Workshop on Distributed Event-Based Systems (DEBS’04). IET.Google ScholarCross Ref
Tamara L. Hayesa, Francena Abendroth, Andre Adami, Misha Pavel, Tracy A. Zitzelberger, and Jeffrey A. Kaye. 2008. Unobtrusive assessment of activity patterns associated with mild cognitive impairment. Alzheimers Dement. 4, 6 (2008), 395--405.Google ScholarCross Ref
Ron Hirschprung, Eran Toch, Hadas Schwartz-Chassidim, Tamir Mendel, and Oded Maimon. 2017. Analyzing and optimizing access control choice architectures in online social networks. ACM Trans. Intell. Syst. Technol. (TIST) 8, 4 (2017), 57. Google ScholarDigital Library
Albert J. Hoglund, Kimmo Hatonen, and Antti S. Sorvari. 2000. A computer host-based user anomaly detection system using the self-organizing map. In Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks (IJCNN’00), Vol. 5. IEEE, 411--416. Google ScholarDigital Library
Jian Hu, Hua-Jun Zeng, Hua Li, Cheng Niu, and Zheng Chen. 2007. Demographic prediction based on user’s browsing behavior. In Proceedings of the 16th International Conference on World Wide Web. ACM, 151--160. Google ScholarDigital Library
Sotiris Ioannidis, Angelos D. Keromytis, Steve M. Bellovin, and Jonathan M. Smith. 2000. Implementing a distributed firewall. In Proceedings of the 7th ACM Conference on Computer and Communications Security (CCS’00). ACM, 190--199. Google ScholarDigital Library
Julian Jang-Jaccard and Surya Nepal. 2014. A survey of emerging threats in cybersecurity. J. Comput. Syst. Sci. 80, 5 (2014), 973--993.Google ScholarCross Ref
Richeng Jin, Xiaofan He, and Huaiyu Dai. 2017. On the tradeoff between privacy and utility in collaborative intrusion detection systems-A game theoretical approach. In Proceedings of the Hot Topics in Science of Security: Symposium and Bootcamp. ACM, 45--51. Google ScholarDigital Library
Patrick Gage Kelley, Joanna Bresee, Lorrie Faith Cranor, and Robert W. Reeder. 2009. A nutrition label for privacy. In Proceedings of the 5th Symposium on Usable Privacy and Security. ACM, 4. Google ScholarDigital Library
Maciej Korczynski, Ali Hamieh, Jun Ho Huh, Henrik Holm, S. Raj Rajagopalan, and Nina H. Fefferman. 2016. Hive oversight for network intrusion early warning using DIAMoND: A bee-inspired method for fully distributed cyber defense. IEEE Commun. Mag. 54, 6 (2016), 60--67.Google ScholarDigital Library
Michal Kosinski, David Stillwell, and Thore Graepel. 2013. Private traits and attributes are predictable from digital records of human behavior. Proc. Nat. Acad. Sci. 110, 15 (2013), 5802--5805.Google ScholarCross Ref
Brian Krebs. 2017. Breach at DocuSign Led to Targeted Email Malware Campaign. Retrieved from https://krebsonsecurity.com/2017/05/breach-at-docusign-led-to-targeted-email-malware-campaign/.Google Scholar
Katharina Krombholz, Heidelinde Hobel, Markus Huber, and Edgar Weippl. 2015. Advanced social engineering attacks. J. Info. Secur. Appl. 22 (2015), 113--122. Google ScholarDigital Library
Christopher Kruegel and Giovanni Vigna. 2003. Anomaly detection of web-based attacks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS’03). ACM, New York, NY, 251--261. Google ScholarDigital Library
Andreas Kurtz, Hugo Gascon, Tobias Becker, Konrad Rieck, and Felix Freiling. 2016. Fingerprinting mobile devices using personalized configurations. Proc. Privacy Enhanc. Technol. 2016, 1 (2016), 4--19.Google ScholarCross Ref
Mariantonietta La Polla, Fabio Martinelli, and Daniele Sgandurra. 2013. A survey on security for mobile devices. IEEE Commun. Surveys Tutor. 15, 1 (2013), 446--471.Google ScholarCross Ref
RSA FraudAction Research Labs. 2011. Anatomy of an attack. Retrieved from http://blogs.rsa.com/anatomy-of-an-attack/.Google Scholar
Chandana Lala and Brajendra Panda. 2001. Evaluating damage from cyber attacks: A model and analysis. IEEE Trans. Syst., Man, Cybernet.—Part A: Syst. Hum. 31, 4 (2001), 300--310. Google ScholarDigital Library
Susan Landau. 2014. Highlights from making sense of snowden, part II: What’s significant in the NSA revelations. IEEE Secur. Priv. 12, 1 (2014), 62--64.Google ScholarCross Ref
Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, and Engin Kirda. 2010. AccessMiner: Using system-centric models for malware protection. In Proceedings of the 17th ACM Conference on Computer and Communications Security. 399--412. Google ScholarDigital Library
C. Laughman, Kwangduk Lee, R. Cox, S. Shaw, S. Leeb, L. Norford, and P. Armstrong. 2003. Power signature analysis. IEEE Power Energy Mag. 1, 2 (2003), 56--63.Google ScholarCross Ref
Bingdong Li, Jeff Springer, George Bebis, and Mehmet Hadi Gunes. 2013. A survey of network flow applications. J. Netw. Comput. Appl. 36, 2 (2013), 567--581. Google ScholarDigital Library
Ninghui Li, Tiancheng Li, and Suresh Venkatasubramanian. 2007. t-closeness: Privacy beyond k-anonymity and l-diversity. In Proceedings of (ICDE’07). IEEE Computer Society, 106--115.Google ScholarCross Ref
Kaitai Liang, Willy Susilo, and Joseph K. Liu. 2015. Privacy-preserving ciphertext multi-sharing control for big data storage. IEEE Trans. Info. Forensics Secur. 10, 8 (2015), 1578--1589.Google ScholarDigital Library
Xi-Jun Lin, Lin Sun, and Haipeng Qu. 2015. Insecurity of an anonymous authentication for privacy- preserving IoT target-driven applications. Comput. Secur. 48 (2015), 142--149. Google ScholarDigital Library
Patrick Lincoln, Phillip A. Porras, and Vitaly Shmatikov. 2004. Privacy-preserving sharing and correlation of security alerts. In Proceedings of the USENIX Security Symposium. 239--254. Google ScholarDigital Library
Jing Liu, Yang Xiao, Senior Member, Shuhui Li, Wei Liang, and C. L. Philip Chen. 2012. Cyber security and privacy issues in smart grids. IEEE Commun. Surveys Tutor. 14, 4 (2012), 981--997.Google ScholarCross Ref
Michael E. Locasto, Janak J. Parekh, Angelos D. Keromytis, and Salvatore J. Stolfo. 2005. Towards collaborative security and p2p intrusion detection. In Proceedings from the 6th Annual IEEE SMC Information Assurance Workshop (IAW’05). IEEE, 333--339.Google Scholar
Justin Ma, Lawrence K. Saul, Stefan Savage, and Geoffrey M. Voelker. 2009. Beyond blacklists: Learning to detect malicious web sites from suspicious URLs. In Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 1245--1254. Google ScholarDigital Library
Ashwin Machanavajjhala, Johannes Gehrke, Daniel Kifer, and Muthuramakrishnan Venkitasubramaniam. 2006. l-diversity: Privacy beyond k-anonymity. In Proceedings of International Conference on Data Engineering (ICDE’06). IEEE Computer Society. Google ScholarDigital Library
Delfina Malandrino and Vittorio Scarano. 2013. Privacy leakage on the web: Diffusion and countermeasures. Comput. Netw. 57, 14 (2013), 2833--2855.Google ScholarCross Ref
Mirco Marchetti, Michele Messori, and Michele Colajanni. 2009. Peer-to-peer architecture for collaborative intrusion and malware detection on a large scale. In Information Security. Springer, 475--490. Google ScholarDigital Library
Sergio Mascetti, Letizia Bertolaja, and Claudio Bettini. 2014. SafeBox: Adaptable spatio-temporal generalization for location privacy protection. Trans. Data Priv. 7, 2 (2014), 131--163. Google ScholarDigital Library
Sergio Mascetti, Dario Freni, Claudio Bettini, X. Sean Wang, and Sushil Jajodia. 2011. Privacy in geo-social networks: Proximity notification with untrusted service providers and curious buddies. VLDB J. 20, 4 (2011), 541--566. arXiv:1007.0408. Google ScholarDigital Library
Aleecia M. McDonald and Lorrie Faith Cranor. 2008. The cost of reading privacy policies. ISJLP 4 (2008), 543.Google Scholar
Frank McSherry and Ratul Mahajan. 2010. Differentially-private network trace analysis. In Proceedings of SIGCOMM. ACM, 123--134. Google ScholarDigital Library
Eirinaios Michelakis, Ion Androutsopoulos, Georgios Paliouras, George Sakkis, and Panagiotis Stamatopoulos. 2004. Filtron: A Learning-Based Anti-Spam Filter. In Proceedings of the 1st Conference on Email and Anti-spam.Google Scholar
Keith W. Miller, Jeffrey Voas, and George F. Hurlburt. 2012. BYOD: Security and privacy considerations. IT Profess. 5 (2012), 53--55. Google ScholarDigital Library
Chirag Modi, Dhiren Patel, Bhavesh Borisaniya, Avi Patel, and Muttukrishnan Rajarajan. 2013a. A survey on security issues and solutions at different layers of cloud computing. J. Supercomput. 63, 2 (2013), 561--592. Google ScholarDigital Library
Chirag Modi, Dhiren Patel, Bhavesh Borisaniya, Hiren Patel, Avi Patel, and Muttukrishnan Rajarajan. 2013b. A survey of intrusion detection techniques in cloud. J. Netw. Comput. Appl. 36, 1 (2013), 42--57. Google ScholarDigital Library
Robert Moskovitch, Nir Nissim, and Yuval Elovici. 2009. Malicious code detection using active learning. In Privacy, Security, and Trust in KDD. Springer, 74--91. Google ScholarDigital Library
Arvind Narayanan and Vitaly Shmatikov. 2008. Robust de-anonymization of large sparse datasets. In Proceedings of the IEEE Symposium on Security and Privacy (SP’08). IEEE, 111--125. Google ScholarDigital Library
Terry Nelms, Roberto Perdisci, Manos Antonakakis, and Mustaque Ahamad. 2016. Towards measuring and mitigating social engineering software download attacks. In Proceedings of the 25th USENIX Security Symposium (USENIX Security’16). USENIX Association, 773--789.Google Scholar
Nick Nikiforakis, Alexandros Kapravelos, Wouter Joosen, Christopher Kruegel, Frank Piessens, and Giovanni Vigna. 2013. Cookieless monster: Exploring the ecosystem of web-based device fingerprinting. In Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP’13). IEEE, 541--555. Google ScholarDigital Library
Helen Nissenbaum. 2004. Privacy as contextual integrity. Wash. Law Rev. 79 (2004), 119.Google Scholar
Andrew Nolan. 2015. Cybersecurity and information sharing: Legal challenges and solutions. Andrew Nolan Legislative Attorney CRS (2015).Google Scholar
Marie Caroline Oetzel and Sarah Spiekermann. 2014. A systematic methodology for privacy impact assessments: A design science approach. Eur. J. Info. Syst. 23, 2 (2014), 126--150.Google ScholarCross Ref
Office of the Australian Information Commissioner. 2014. Guide to undertaking privacy impact assessments. Retrieved from https://www.oaic.gov.au/agencies-and-organisations/guides/guide-to-undertaking-privacy-impact-assessments.Google Scholar
Maire ONeill et al. 2016. Insecurity by design: Todays IoT device security problem. Engineering 2, 1 (2016), 48--49.Google ScholarCross Ref
Paloalto. 2017. Paloalto security platform. Retrieved from https://www.paloalto.com/.Google Scholar
Ruoming Pang, Mark Allman, Vern Paxson, and Jason Lee. 2006. The devil and packet trace anonymization. ACM SIGCOMM Comput. Commun. Rev. 36, 1 (2006), 29--38. Google ScholarDigital Library
Vern Paxson. 1999. Bro: A system for detecting network intruders in real-time. Comput. Netw. 31, 23 (1999), 2435--2463. Google ScholarDigital Library
Shari Lawrence Pfleeger, M. Angela Sasse, and Adrian Furnham. 2014. From weakest link to security hero: Transforming staff security behavior. J. Homeland Secur. Emerg. Manage. 11, 4 (2014), 489--510.Google ScholarCross Ref
Irene Pollach. 2007. What’s wrong with online privacy policies?Commun. ACM 50, 9 (2007), 103--108. Google ScholarDigital Library
Georgios Portokalidis, Philip Homburg, Kostas Anagnostakis, and Herbert Bos. 2010. Paranoid android: Versatile protection for smartphones. In Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC’10). ACM, New York, NY, 347--356. Google ScholarDigital Library
Qualcomm. 2017. Qualcomm Snapdragon Smart Protect. Retrieved from https://www.qualcomm.com/.Google Scholar
Vaibhav Rastogi, Rui Shao, Yan Chen, Xiang Pan, Shihong Zou, and Ryan Riley. 2016. Are these ads safe: Detecting hidden attacks through the mobile app-web interfaces. In Proceedings of the Network and Distributed System Security Symposium (NDSS’16).Google ScholarCross Ref
Regulation (EU). 2016. Regulation 679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC (general data protection regulation). Offic. J. Eur. Union L119/59 (May 2016).Google Scholar
Bruno F. Ribeiro, Weifeng Chen, Gerome Miklau, and Donald F. Towsley. 2008. Analyzing privacy in enterprise packet trace anonymization. In Proceedings of the 15th Network and Distributed Systems Security Symposium (NDSS’08).Google Scholar
Daniele Riboni, Linda Pareschi, and Claudio Bettini. 2012. JS-reduce: Defending your data from sequential background knowledge attacks. IEEE Trans. Dependable Sec. Comput. 9, 3 (2012), 387--400. Google ScholarDigital Library
Martin Roesch and others. 1999. Snort: Lightweight intrusion detection for networks. In Proceedings of LISA, Vol. 99. 229--238. Google ScholarDigital Library
Ahmad-Reza Sadeghi, Christian Wachsmann, and Michael Waidner. 2015. Security and privacy challenges in industrial internet of things. In Proceedings of the 52nd ACM/EDAC/IEEE Design Automation Conference (DAC’15). IEEE,1--6. Google ScholarDigital Library
Nathan Alexander Sales. 2013. Regulating cyber-security. Northwest. Univ. Law Rev. 107, 4 (2013), 1503--1568.Google Scholar
P. Samarati. 2001. Protecting respondents’ identities in microdata release. IEEE Trans. Knowl. Data Eng. 13, 6 (2001), 1010--1027. Google ScholarDigital Library
Florian Schaub, Rebecca Balebako, Adam L. Durity, and Lorrie Faith Cranor. 2015. A design space for effective privacy notices. In Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS’15). USENIX Association, 1--17.Google Scholar
Nadav Schweitzer, Ariel Stulman, Asaf Shabtai, and Roy David Margalit. 2016. Mitigating denial of service attacks in OLSR protocol using fictitious nodes. IEEE Trans. Mobile Comput. 15, 1 (2016), 163--172. Google ScholarDigital Library
Elaine Shi, John Bethencourt, T. H. Hubert Chan, Dawn Song, and Adrian Perrig. 2007. Multi-dimensional range query over encrypted data. In Proceedings of the IEEE Symposium on Security and Privacy (SP’07). IEEE, 350--364. Google ScholarDigital Library
Erez Shmueli and Tamir Tassa. 2015. Privacy by diversity in sequential releases of databases. Info. Sci. 298 (2015), 344--372. Google ScholarDigital Library
Erez Shmueli, Tamir Tassa, Raz Wasserstein, Bracha Shapira, and Lior Rokach. 2012. Limiting disclosure of sensitive data in sequential releases of databases. Info. Sci. 191 (2012), 98--127. Google ScholarDigital Library
Xiaokui Shu, Danfeng Yao, and Elisa Bertino. 2015. Privacy-preserving detection of sensitive data exposure. IEEE Trans. Info. Forensics Secur. 10, 5 (2015), 1092--1103.Google ScholarDigital Library
Sami Smadi, Nauman Aslam, Li Zhang, Rafe Alasem, and M. A. Hossain. 2015. Detection of phishing emails using data mining algorithms. In Proceedings of the 9th International Conference on Software, Knowledge, Information Management and Applications (SKIMA’15). IEEE, 1--8.Google Scholar
Daniel J. Solove. 2006. A taxonomy of privacy. Univ. Penn. Law Rev. (2006), 477--564.Google Scholar
Sarah Spiekermann and Lorrie Faith Cranor. 2009. Engineering privacy. IEEE Trans. Softw. Eng. 35, 1 (2009), 67--82. Google ScholarDigital Library
Jacopo Staiano, Bruno Lepri, Nadav Aharony, Fabio Pianesi, Sebe Nicu, and Alex Pentland. 2012. Friends don’t lie—Inferring personality traits from social network structure. In Proceedings of the ACM International Conference on Ubiquitous Computing (Ubicomp’12). ACM, 321--330. Google ScholarDigital Library
Oleksii Starov, Phillipa Gill, and Nick Nikiforakis. 2016. Are you sure you want to contact us? Quantifying the leakage of PII via website contact forms. Proc. Priv. Enhanc. Technol. 2016, 1 (2016), 20--33.Google ScholarCross Ref
M. Sumeeth, R. Singh, and J. Miller. 2012. Are online privacy policies readable. Optim. Info. Secur. Adv. Priv. Assur.: New Technol. (2012), 91.Google Scholar
Latanya Sweeney. 2002. k-anonymity: A model for protecting privacy. Int. J. Uncertain., Fuzz. Knowl.-Based Syst. 10, 05 (2002), 557--570. Google ScholarDigital Library
Symantec. 2015a. Insecurity in the Internet of Things. Retrieved from http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/insecurity-in-the-internet-of-things.pdf.Google Scholar
Symantec. 2015b. Threat Report Symantec. Technical Report. Symantec Inc.Retrieved from http://www.symantec.com/security_response/publications/threatreport.jsp.Google Scholar
Symantec. 2016a. An Internet of Things Reference Architecture. Retrieved from http://wso2.com/whitepapers/a-reference-architecture-for-the-internet-of-things/.Google Scholar
Symantec. 2016b. Device Protection for the Internet of Things. Retrieved from https://www.symantec.com/content/dam/symantec/docs/data-sheets/embedded-security-critical-system-protection-en.pdf.Google Scholar
Symantec. 2016c. EndPoint Protection. Retrieved from https://www.symantec.com/content/dam/symantec/docs/data-sheets/endpoint-protection-en.pdf.Google Scholar
Mohammad Tehranipoor and Farinaz Koushanfar. 2010. A survey of hardware Trojan taxonomy and detection. IEEE Des. Test Comput. 27, 1 (2010), 10--25. Google ScholarDigital Library
Omer Tene. 2014. New harm matrix for cybersecurity surveillance, A. Colo. Tech. LJ 12 (2014), 391.Google Scholar
Tran Manh Thang and Van Khanh Nguyen. 2016. Synflood spoof source DDoS attack defence based on packet ID anomaly detection-PIDAD. In Proceedings of the Conference on Information Science and Applications (ICISA’16). Springer, 739--751.Google ScholarCross Ref
Eran Toch, Yang Wang, and Lorrie Faith Cranor. 2012. Personalization and privacy: A survey of privacy risks and remedies in personalization-based systems. User Model. User-Adapt. Interact. 22, 1--2 (2012), 203--220. Google ScholarDigital Library
Tripwire. 2017. File Integrity and Change ManagementFIM. Retrieved from https://www.tripwire.com/.Google Scholar
Anton V. Uzunov, Katrina Falkner, and Eduardo B. Fernandez. 2015. A comprehensive pattern-oriented approach to engineering security methodologies. Info. Softw. Technol. 57 (2015), 217--247.Google ScholarCross Ref
Anton V. Uzunov and Eduardo B. Fernandez. 2014. An extensible pattern-based library and taxonomy of security threats for distributed systems. Comput. Stand. Interfaces 36, 4 (2014), 734--747. Google ScholarDigital Library
Anton V. Uzunov, Eduardo B. Fernandez, and Katrina Falkner. 2012. Engineering security into distributed systems: A survey of methodologies. J. Univ. Comput. Sci. 18, 20 (2012), 2920--3006.Google Scholar
Emmanouil Vasilomanolakis, Shankar Karuppayah, Max Mühlhäuser, and Mathias Fischer. 2015a. Taxonomy and survey of collaborative intrusion detection. ACM Comput. Surveys (CSUR) 47, 4 (2015), 55. Google ScholarDigital Library
Emmanouil Vasilomanolakis, Matthias Krügl, Carlos Garcia Cordero, Max Mühlhäuser, and Mathias Fischer. 2015b. SkipMon: A locality-aware collaborative intrusion detection system. In Proceedings of the IEEE 34th International Performance on Computing and Communications Conference (IPCCC’15). IEEE, 1--8. Google ScholarDigital Library
Giovanni Vigna, William Robertson, Vishal Kher, and Richard A. Kemmerer. 2003. A stateful intrusion detection system for world-wide web servers. In Proceedings of the 19th Annual Computer Security Applications Conference. IEEE Computer Society, 34. Retrieved from http://dl.acm.org/citation.cfm?id=956415.956437. Google ScholarDigital Library
Kush Wadhwa, David Barnard-Wills, and David Wright. 2015. The state of the art in societal impact assessment for security research.Sci. Public Pol. (SPP) 42, 3 (2015).Google Scholar
Ke Wang and Benjamin Fung. 2006. Anonymizing sequential releases. In Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 414--423. Google ScholarDigital Library
Ke Wang and Salvatore J. Stolfo. 2004. Anomalous payload-based network intrusion detection. In Proceedings of the International Workshop on Recent Advances in Intrusion Detection. Springer, 203--222.Google Scholar
Merrill Warkentin and Robert Willison. 2009. Behavioral and policy issues in information systems security: The insider threat. Eur. J. Info. Syst. 18, 2 (2009), 101.Google ScholarCross Ref
Rolf H. Weber. 2010. Internet of things—New security and privacy challenges. Comput. Law Secur. Rev. 26, 1 (2010), 23--30.Google ScholarCross Ref
Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest, and Daniel W. Engels. 2004. Security and privacy aspects of low-cost radio frequency identification systems. In Security in Pervasive Computing. Springer, 201--212.Google Scholar
David Wright. 2012. The state of the art in privacy impact assessment. Comput. Law Secur. Rev. 28, 1 (2012), 54--61.Google ScholarCross Ref
David Wright and Paul De Hert. 2011. Privacy Impact Assessment. Vol. 6. Springer Science 8 Business Media.Google Scholar
David Wright and Charles D. Raab. 2012. Constructing a surveillance impact assessment. Comput. Law Secur. Rev. 28, 6 (2012), 613--626.Google ScholarCross Ref
Xiaokui Xiao and Yufei Tao. 2007. m-invariance: Towards privacy preserving re-publication of dynamic datasets. In Proceedings of International Conference on Management of Data (SIGMOD’07). ACM, 689--700. Google ScholarDigital Library
Yi Xie, Yu Wang, Haitao He, Yang Xiang, Shunzheng Yu, and Xincheng Liu. 2016. A general collaborative framework for modeling and perceiving distributed network behavior. IEEE/ACM Trans. Network. 24, 5 (2016), 3162--3176. Google ScholarDigital Library
Ye Yan, Yi Qian, Hamid Sharif, and David Tipper. 2012. A survey on cyber security for smart grid communications. IEEE Commun. Surveys Tutor. 14, 4 (2012), 998--1010.Google ScholarCross Ref
Juan Ye, Simon Dobson, and Susan McKeever. 2012. Situation identification techniques in pervasive computing: A review. Pervas. Mobile Comput. 8, 1 (2012), 36--66. Google ScholarDigital Library
Chenfeng Vincent Zhou, Christopher Leckie, and Shanika Karunasekera. 2010a. A survey of coordinated attacks and collaborative intrusion detection. Comput. Secur. 1, 29 (2010), 124--140. Google ScholarDigital Library
Minqi Zhou, Rong Zhang, Wei Xie, Weining Qian, and Aoying Zhou. 2010b. Security and privacy in cloud computing: A survey. In Proceedings of the 2010 6th International Conference on Semantics Knowledge and Grid (SKG’10). IEEE, 105--112. Google ScholarDigital Library
Jan Henrik Ziegeldorf, Oscar Garcia Morchon, and Klaus Wehrle. 2014. Privacy in the internet of things: Threats and challenges. Secur. Commun. Networks 7, 12 (2014), 2728--2742. arxiv:1505.07683Google ScholarCross Ref

Index Terms

The Privacy Implications of Cyber Security Systems: A Technological Survey
1. Networks
  1. Network properties
    1. Network privacy and anonymity
2. Security and privacy

Recommendations

Government regulations in cyber security: Framework, standards and recommendations
Abstract
Cyber security refers to the protection of Internet-connected systems, such as hardware, software as well as data (information) from cyber attacks (adversaries). A cyber security regulation is needed in order to protect information ...
Highlights
- We list and discuss the cyber attacks, security requirements and measures. We then discuss the cyber security incident management framework and its various ...
Read More
Freedom of Privacy: Anonymous Data Collection with Respondent-Defined Privacy Protection

The massive amount of sensitive survey data about individuals that agencies collect and share through the Internet is causing a great deal of privacy concerns. These concerns may discourage individuals from revealing their sensitive information. ...
Read More
From information security to cyber security

The term cyber security is often used interchangeably with the term information security. This paper argues that, although there is a substantial overlap between cyber security and information security, these two concepts are not totally analogous. ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 51, Issue 2
March 2019
748 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/3186333
Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering / University of Florida / Gainesville, FL 32611
Issue’s Table of Contents
Copyright © 2018 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 20 February 2018
- Accepted: 1 December 2017
- Revised: 1 June 2017
- Received: 1 August 2016
Published in csur Volume 51, Issue 2

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Information security
network surveillance
privacy
privacy-preserving methods
system monitoring
Qualifiers
- survey
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 43
  Total Citations
  View Citations
- 2,597
  Total Downloads
- Downloads (Last 12 months)277
- Downloads (Last 6 weeks)39
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

The Privacy Implications of Cyber Security Systems: A Technological Survey

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

Government regulations in cyber security: Framework, standards and recommendations

Freedom of Privacy: Anonymous Data Collection with Respondent-Defined Privacy Protection

From information security to cyber security