survey

The Privacy Implications of Cyber Security Systems: A Technological Survey

Authors:

Claudio Bettini,

Laura Radaelli,

Daniele Riboni,

Bruno LepriAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 51, Issue 2

Article No.: 36, Pages 1 - 27

https://doi.org/10.1145/3172869

Published: 20 February 2018 Publication History

Abstract

Cyber-security systems, which protect networks and computers against cyber attacks, are becoming common due to increasing threats and government regulation. At the same time, the enormous amount of data gathered by cyber-security systems poses a serious threat to the privacy of the people protected by those systems. To ground this threat, we survey common and novel cyber-security technologies and analyze them according to the potential for privacy invasion. We suggest a taxonomy for privacy risks assessment of information security technologies, based on the level of data exposure, the level of identification of individual users, the data sensitivity and the user control over the monitoring, and collection and analysis of the data. We discuss our results in light of the recent technological trends and suggest several new directions for making these mechanisms more privacy-aware.

References

[1]

Jagdish Prasad Achara, Gergely Acs, and Claude Castelluccia. 2015. On the unicity of smartphone applications. In Proceedings of the 14th ACM Workshop on Privacy in the Electronic Society. ACM, 27--36.

Digital Library

[2]

Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou. 2017. Understanding the mirai botnet. In Proceedings of the 26th USENIX Security Symposium (USENIX Security’17). USENIX Association, Vancouver, BC, 1093--1110. Retrieved from https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis.

[3]

Italian Data Protection Authority. 2016. Processing of personal data of employees by e-mail and other work tools. Retrieved from http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/5408460.

[4]

Claudio Bettini and Daniele Riboni. 2015. Privacy protection in pervasive systems: State of the art and technical challenges. Pervas. Mobile Comput. 17 (2015), 159--174.

Digital Library

[5]

Giuseppe Bianchi, Simone Teofili, and Matteo Pomposini. 2008. New directions in privacy-preserving anomaly detection for network traffic. In Proceedings of the 1st ACM Workshop on Network Data Anonymization. ACM, 11--18.

Digital Library

[6]

Iker Burguera, Urko Zurutuza, and Simin Nadjm-Tehrani. 2011. Crowdroid: Behavior-based malware detection system for android. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM’11). ACM, 15--26.

Digital Library

[7]

Martin Burkhart, Mario Strasser, Dilip Many, and Xenofontas Dimitropoulos. 2010. SEPIA: Privacy-preserving aggregation of multi-domain network events and statistics. Network 1 (2010), 101101.

[8]

Ismail Butun, Salvatore D. Morgera, and Ravi Sankar. 2014. A survey of intrusion detection systems in wireless sensor networks. IEEE Commun. Surveys Tutor. 16, 1 (2014), 266--282. 1553-877X

[9]

Davide Canali, Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, and Engin Kirda. 2012. A quantitative study of accuracy in system call-based malware detection. In Proceedings of the 2012 International Symposium on Software Testing and Analysis (ISSTA’12). ACM, New York, NY, 122--132.

Digital Library

[10]

James Cannady. 1998. Artificial neural networks for misuse detection. In Proceedings of the National Information Systems Security Conference. 368--81.

[11]

Checkpoint. 2017. Checkpoint security appliances. Retrieved from https://www.checkpoint.com/.

[12]

Jerry Cheng, Starsky H. Y. Wong, Hao Yang, and Songwu Lu. 2007. SmartSiren: Virus detection and alert for smartphones. In Proceedings of the 5th International Conference on Mobile Systems, Applications and Services. 258--271.

Digital Library

[13]

Roger Clarke. 2009. Privacy impact assessment: Its origins and development. Comput. Law Secur. Rev. 25, 2 (2009), 123--135.

[14]

Canada Privacy Commissioner. 2013. What an IP Address Can Reveal About You. Technical Report. Office of the Privacy Commissioner of Canada.

[15]

Andrea Continella, Michele Carminati, Mario Polino, Andrea Lanzi, Stefano Zanero, and Federico Maggi. 2017. Prometheus: Analyzing webinject-based information stealers. J. Comput. Secur. Preprint (2017), 1--21.

[16]

Scott E. Coull, Charles V. Wright, Fabian Monrose, Michael P. Collins, Michael K. Reiter et al. 2007. Playing devil’s advocate: Inferring sensitive information from anonymized network traces. In Proceedings of the Network and Distributed System Security Symposium (NDSS’07), Vol. 7. 35--47.

[17]

Stefano Cristalli, Mattia Pagnozzi, Mariano Graziano, Andrea Lanzi, and Davide Balzarotti. 2016. Micro-virtualization memory tracing to detect and prevent spraying attacks. In Proceedings of the 25th USENIX Security Symposium (USENIX Security’16). USENIX Association, Austin, TX, 431--446. Retrieved from https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/stefano.

[18]

Robert E. Crossler and France Bélanger. 2017. The mobile privacy-security knowledge gap model: Understanding behaviors. In Proceedings of the 50th Hawaii International Conference on System Sciences.

[19]

Jagan Mohan Reddy Danda and Chittaranjan Hota. 2016. Attack identification framework for IoT devices. In Information Systems Design and Intelligent Applications. Springer, 505--513.

[20]

M. de los Angeles Cosio Leon, Juan Ivan Nieto Hipolito, and Jesús Luna García. 2009. A security and privacy survey for WSN in e-health applications. In Proceedings of the Electronics, Robotics and Automotive Mechanics Conference (CERMA’09). IEEE, 125--130.

Digital Library

[21]

Yves-Alexandre de Montjoye, César A. Hidalgo, Michel Verleysen, and Vincent D. Blondel. 2013. Unique in the crowd: The privacy bounds of human mobility. Sci. Rep. 3 (2013).

[22]

Yves-Alexandre de Montjoye, Laura Radaelli, Vivek Kumar Singh et al. 2015. Unique in the shopping mall: On the reidentifiability of credit card metadata. Science 347, 6221 (2015), 536--539.

[23]

Yvo Desmedt. 2011. Man-in-the-middle attack. In Encyclopedia of Cryptography and Security. Springer, 759--759.

[24]

Dotan Di Castro, Liane Lewin-Eytan, Yoelle Maarek, Ran Wolff, and Eyal Zohar. 2016. Enforcing k-anonymity in web mail auditing. In Proceedings of the 9th ACM International Conference on Web Search and Data Mining. ACM, 327--336.

Digital Library

[25]

Cynthia Dwork. 2006. Differential privacy. In Proceedings of the 33rd International Colloquium on Automata, Languages and Programming (ICALP’06) (Lecture Notes in Computer Science), Vol. 4052. Springer, 1--12.

Digital Library

[26]

Serge Egelman, Raghudeep Kannavara, and Richard Chow. 2015. Is this thing on?: Crowdsourcing privacy indicators for ubiquitous sensing platforms. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems. ACM, 1669--1678.

Digital Library

[27]

William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. 2014. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32, 2 (2014), 5.

Digital Library

[28]

Aristide Fattori, Andrea Lanzi, Davide Balzarotti, and Engin Kirda. 2015. Hypervisor-based malware protection with accessminer. Comput. Secur. 52 (2015), 33--50.

Digital Library

[29]

Henry Hanping Feng, Oleg M. Kolesnikov, Prahlad Fogla, Wenke Lee, and Weibo Gong. 2003. Anomaly detection using call stack information. In Proceedings of the 2003 IEEE Symposium on Security and Privacy (SP’03). IEEE Computer Society, Washington, DC, 62--75.

Digital Library

[30]

Diogo A. B. Fernandes, Liliana F. B. Soares, João V. Gomes, Mário M. Freire, and Pedro R. M. Inácio. 2014. Security issues in cloud environments: A survey. Int. J. Info. Secur. 13, 2 (2014), 113--170.

Digital Library

[31]

Ian Fette, Norman Sadeh, and Anthony Tomasic. 2007. Learning to detect phishing emails. In Proceedings of the 16th International Conference on World Wide Web. ACM, 649--656.

Digital Library

[32]

Pedro Garcia-Teodoro, J Diaz-Verdejo, Gabriel Maciá-Fernández, and Enrique Vázquez. 2009. Anomaly-based network intrusion detection: Techniques, systems and challenges. Comput. Secur. 28, 1 (2009), 18--28.

Digital Library

[33]

Sharad Goel, J. M. Hofman, and M. Irmak Sirer. 2012. Who does what on the web: Studying web browsing behavior at scale. In Proceedings of the International Conference on Weblogs and Social Media. 130--137.

[34]

Mariano Graziano, Lorenzo Flore, Andrea Lanzi, and Davide Balzarotti. 2016. Subverting operating system properties through evolutionary DKOM attacks. In Proceedings of the 13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Vol. 9721 (DIMVA’16). Springer-Verlag New York, Inc., New York, NY, 3--24.

Digital Library

[35]

Philip Gross, Janak Parekh, and Gail Kaiser. 2004. Secure selecticast for collaborative intrusion detection systems. In Proceedings of the 3rd International Workshop on Distributed Event-Based Systems (DEBS’04). IET.

[36]

Tamara L. Hayesa, Francena Abendroth, Andre Adami, Misha Pavel, Tracy A. Zitzelberger, and Jeffrey A. Kaye. 2008. Unobtrusive assessment of activity patterns associated with mild cognitive impairment. Alzheimers Dement. 4, 6 (2008), 395--405.

[37]

Ron Hirschprung, Eran Toch, Hadas Schwartz-Chassidim, Tamir Mendel, and Oded Maimon. 2017. Analyzing and optimizing access control choice architectures in online social networks. ACM Trans. Intell. Syst. Technol. (TIST) 8, 4 (2017), 57.

Digital Library

[38]

Albert J. Hoglund, Kimmo Hatonen, and Antti S. Sorvari. 2000. A computer host-based user anomaly detection system using the self-organizing map. In Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks (IJCNN’00), Vol. 5. IEEE, 411--416.

Digital Library

[39]

Jian Hu, Hua-Jun Zeng, Hua Li, Cheng Niu, and Zheng Chen. 2007. Demographic prediction based on user’s browsing behavior. In Proceedings of the 16th International Conference on World Wide Web. ACM, 151--160.

Digital Library

[40]

Sotiris Ioannidis, Angelos D. Keromytis, Steve M. Bellovin, and Jonathan M. Smith. 2000. Implementing a distributed firewall. In Proceedings of the 7th ACM Conference on Computer and Communications Security (CCS’00). ACM, 190--199.

Digital Library

[41]

Julian Jang-Jaccard and Surya Nepal. 2014. A survey of emerging threats in cybersecurity. J. Comput. Syst. Sci. 80, 5 (2014), 973--993.

[42]

Richeng Jin, Xiaofan He, and Huaiyu Dai. 2017. On the tradeoff between privacy and utility in collaborative intrusion detection systems-A game theoretical approach. In Proceedings of the Hot Topics in Science of Security: Symposium and Bootcamp. ACM, 45--51.

Digital Library

[43]

Patrick Gage Kelley, Joanna Bresee, Lorrie Faith Cranor, and Robert W. Reeder. 2009. A nutrition label for privacy. In Proceedings of the 5th Symposium on Usable Privacy and Security. ACM, 4.

Digital Library

[44]

Maciej Korczynski, Ali Hamieh, Jun Ho Huh, Henrik Holm, S. Raj Rajagopalan, and Nina H. Fefferman. 2016. Hive oversight for network intrusion early warning using DIAMoND: A bee-inspired method for fully distributed cyber defense. IEEE Commun. Mag. 54, 6 (2016), 60--67.

Digital Library

[45]

Michal Kosinski, David Stillwell, and Thore Graepel. 2013. Private traits and attributes are predictable from digital records of human behavior. Proc. Nat. Acad. Sci. 110, 15 (2013), 5802--5805.

[46]

Brian Krebs. 2017. Breach at DocuSign Led to Targeted Email Malware Campaign. Retrieved from https://krebsonsecurity.com/2017/05/breach-at-docusign-led-to-targeted-email-malware-campaign/.

[47]

Katharina Krombholz, Heidelinde Hobel, Markus Huber, and Edgar Weippl. 2015. Advanced social engineering attacks. J. Info. Secur. Appl. 22 (2015), 113--122.

Digital Library

[48]

Christopher Kruegel and Giovanni Vigna. 2003. Anomaly detection of web-based attacks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS’03). ACM, New York, NY, 251--261.

Digital Library

[49]

Andreas Kurtz, Hugo Gascon, Tobias Becker, Konrad Rieck, and Felix Freiling. 2016. Fingerprinting mobile devices using personalized configurations. Proc. Privacy Enhanc. Technol. 2016, 1 (2016), 4--19.

[50]

Mariantonietta La Polla, Fabio Martinelli, and Daniele Sgandurra. 2013. A survey on security for mobile devices. IEEE Commun. Surveys Tutor. 15, 1 (2013), 446--471.

[51]

RSA FraudAction Research Labs. 2011. Anatomy of an attack. Retrieved from http://blogs.rsa.com/anatomy-of-an-attack/.

[52]

Chandana Lala and Brajendra Panda. 2001. Evaluating damage from cyber attacks: A model and analysis. IEEE Trans. Syst., Man, Cybernet.—Part A: Syst. Hum. 31, 4 (2001), 300--310.

Digital Library

[53]

Susan Landau. 2014. Highlights from making sense of snowden, part II: What’s significant in the NSA revelations. IEEE Secur. Priv. 12, 1 (2014), 62--64.

[54]

Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, and Engin Kirda. 2010. AccessMiner: Using system-centric models for malware protection. In Proceedings of the 17th ACM Conference on Computer and Communications Security. 399--412.

Digital Library

[55]

C. Laughman, Kwangduk Lee, R. Cox, S. Shaw, S. Leeb, L. Norford, and P. Armstrong. 2003. Power signature analysis. IEEE Power Energy Mag. 1, 2 (2003), 56--63.

[56]

Bingdong Li, Jeff Springer, George Bebis, and Mehmet Hadi Gunes. 2013. A survey of network flow applications. J. Netw. Comput. Appl. 36, 2 (2013), 567--581.

Digital Library

[57]

Ninghui Li, Tiancheng Li, and Suresh Venkatasubramanian. 2007. t-closeness: Privacy beyond k-anonymity and l-diversity. In Proceedings of (ICDE’07). IEEE Computer Society, 106--115.

[58]

Kaitai Liang, Willy Susilo, and Joseph K. Liu. 2015. Privacy-preserving ciphertext multi-sharing control for big data storage. IEEE Trans. Info. Forensics Secur. 10, 8 (2015), 1578--1589.

Digital Library

[59]

Xi-Jun Lin, Lin Sun, and Haipeng Qu. 2015. Insecurity of an anonymous authentication for privacy- preserving IoT target-driven applications. Comput. Secur. 48 (2015), 142--149.

Digital Library

[60]

Patrick Lincoln, Phillip A. Porras, and Vitaly Shmatikov. 2004. Privacy-preserving sharing and correlation of security alerts. In Proceedings of the USENIX Security Symposium. 239--254.

Digital Library

[61]

Jing Liu, Yang Xiao, Senior Member, Shuhui Li, Wei Liang, and C. L. Philip Chen. 2012. Cyber security and privacy issues in smart grids. IEEE Commun. Surveys Tutor. 14, 4 (2012), 981--997.

[62]

Michael E. Locasto, Janak J. Parekh, Angelos D. Keromytis, and Salvatore J. Stolfo. 2005. Towards collaborative security and p2p intrusion detection. In Proceedings from the 6th Annual IEEE SMC Information Assurance Workshop (IAW’05). IEEE, 333--339.

[63]

Justin Ma, Lawrence K. Saul, Stefan Savage, and Geoffrey M. Voelker. 2009. Beyond blacklists: Learning to detect malicious web sites from suspicious URLs. In Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 1245--1254.

Digital Library

[64]

Ashwin Machanavajjhala, Johannes Gehrke, Daniel Kifer, and Muthuramakrishnan Venkitasubramaniam. 2006. l-diversity: Privacy beyond k-anonymity. In Proceedings of International Conference on Data Engineering (ICDE’06). IEEE Computer Society.

Digital Library

[65]

Delfina Malandrino and Vittorio Scarano. 2013. Privacy leakage on the web: Diffusion and countermeasures. Comput. Netw. 57, 14 (2013), 2833--2855.

[66]

Mirco Marchetti, Michele Messori, and Michele Colajanni. 2009. Peer-to-peer architecture for collaborative intrusion and malware detection on a large scale. In Information Security. Springer, 475--490.

Digital Library

[67]

Sergio Mascetti, Letizia Bertolaja, and Claudio Bettini. 2014. SafeBox: Adaptable spatio-temporal generalization for location privacy protection. Trans. Data Priv. 7, 2 (2014), 131--163.

Digital Library

[68]

Sergio Mascetti, Dario Freni, Claudio Bettini, X. Sean Wang, and Sushil Jajodia. 2011. Privacy in geo-social networks: Proximity notification with untrusted service providers and curious buddies. VLDB J. 20, 4 (2011), 541--566. arXiv:1007.0408.

Digital Library

[69]

Aleecia M. McDonald and Lorrie Faith Cranor. 2008. The cost of reading privacy policies. ISJLP 4 (2008), 543.

[70]

Frank McSherry and Ratul Mahajan. 2010. Differentially-private network trace analysis. In Proceedings of SIGCOMM. ACM, 123--134.

Digital Library

[71]

Eirinaios Michelakis, Ion Androutsopoulos, Georgios Paliouras, George Sakkis, and Panagiotis Stamatopoulos. 2004. Filtron: A Learning-Based Anti-Spam Filter. In Proceedings of the 1st Conference on Email and Anti-spam.

[72]

Keith W. Miller, Jeffrey Voas, and George F. Hurlburt. 2012. BYOD: Security and privacy considerations. IT Profess. 5 (2012), 53--55.

Digital Library

[73]

Chirag Modi, Dhiren Patel, Bhavesh Borisaniya, Avi Patel, and Muttukrishnan Rajarajan. 2013a. A survey on security issues and solutions at different layers of cloud computing. J. Supercomput. 63, 2 (2013), 561--592.

Digital Library

[74]

Chirag Modi, Dhiren Patel, Bhavesh Borisaniya, Hiren Patel, Avi Patel, and Muttukrishnan Rajarajan. 2013b. A survey of intrusion detection techniques in cloud. J. Netw. Comput. Appl. 36, 1 (2013), 42--57.

Digital Library

[75]

Robert Moskovitch, Nir Nissim, and Yuval Elovici. 2009. Malicious code detection using active learning. In Privacy, Security, and Trust in KDD. Springer, 74--91.

Digital Library

[76]

Arvind Narayanan and Vitaly Shmatikov. 2008. Robust de-anonymization of large sparse datasets. In Proceedings of the IEEE Symposium on Security and Privacy (SP’08). IEEE, 111--125.

Digital Library

[77]

Terry Nelms, Roberto Perdisci, Manos Antonakakis, and Mustaque Ahamad. 2016. Towards measuring and mitigating social engineering software download attacks. In Proceedings of the 25th USENIX Security Symposium (USENIX Security’16). USENIX Association, 773--789.

[78]

Nick Nikiforakis, Alexandros Kapravelos, Wouter Joosen, Christopher Kruegel, Frank Piessens, and Giovanni Vigna. 2013. Cookieless monster: Exploring the ecosystem of web-based device fingerprinting. In Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP’13). IEEE, 541--555.

Digital Library

[79]

Helen Nissenbaum. 2004. Privacy as contextual integrity. Wash. Law Rev. 79 (2004), 119.

[80]

Andrew Nolan. 2015. Cybersecurity and information sharing: Legal challenges and solutions. Andrew Nolan Legislative Attorney CRS (2015).

[81]

Marie Caroline Oetzel and Sarah Spiekermann. 2014. A systematic methodology for privacy impact assessments: A design science approach. Eur. J. Info. Syst. 23, 2 (2014), 126--150.

[82]

Office of the Australian Information Commissioner. 2014. Guide to undertaking privacy impact assessments. Retrieved from https://www.oaic.gov.au/agencies-and-organisations/guides/guide-to-undertaking-privacy-impact-assessments.

[83]

Maire ONeill et al. 2016. Insecurity by design: Todays IoT device security problem. Engineering 2, 1 (2016), 48--49.

[84]

Paloalto. 2017. Paloalto security platform. Retrieved from https://www.paloalto.com/.

[85]

Ruoming Pang, Mark Allman, Vern Paxson, and Jason Lee. 2006. The devil and packet trace anonymization. ACM SIGCOMM Comput. Commun. Rev. 36, 1 (2006), 29--38.

Digital Library

[86]

Vern Paxson. 1999. Bro: A system for detecting network intruders in real-time. Comput. Netw. 31, 23 (1999), 2435--2463.

Digital Library

[87]

Shari Lawrence Pfleeger, M. Angela Sasse, and Adrian Furnham. 2014. From weakest link to security hero: Transforming staff security behavior. J. Homeland Secur. Emerg. Manage. 11, 4 (2014), 489--510.

[88]

Irene Pollach. 2007. What’s wrong with online privacy policies?Commun. ACM 50, 9 (2007), 103--108.

Digital Library

[89]

Georgios Portokalidis, Philip Homburg, Kostas Anagnostakis, and Herbert Bos. 2010. Paranoid android: Versatile protection for smartphones. In Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC’10). ACM, New York, NY, 347--356.

Digital Library

[90]

Qualcomm. 2017. Qualcomm Snapdragon Smart Protect. Retrieved from https://www.qualcomm.com/.

[91]

Vaibhav Rastogi, Rui Shao, Yan Chen, Xiang Pan, Shihong Zou, and Ryan Riley. 2016. Are these ads safe: Detecting hidden attacks through the mobile app-web interfaces. In Proceedings of the Network and Distributed System Security Symposium (NDSS’16).

[92]

Regulation (EU). 2016. Regulation 679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC (general data protection regulation). Offic. J. Eur. Union L119/59 (May 2016).

[93]

Bruno F. Ribeiro, Weifeng Chen, Gerome Miklau, and Donald F. Towsley. 2008. Analyzing privacy in enterprise packet trace anonymization. In Proceedings of the 15th Network and Distributed Systems Security Symposium (NDSS’08).

[94]

Daniele Riboni, Linda Pareschi, and Claudio Bettini. 2012. JS-reduce: Defending your data from sequential background knowledge attacks. IEEE Trans. Dependable Sec. Comput. 9, 3 (2012), 387--400.

Digital Library

[95]

Martin Roesch and others. 1999. Snort: Lightweight intrusion detection for networks. In Proceedings of LISA, Vol. 99. 229--238.

Digital Library

[96]

Ahmad-Reza Sadeghi, Christian Wachsmann, and Michael Waidner. 2015. Security and privacy challenges in industrial internet of things. In Proceedings of the 52nd ACM/EDAC/IEEE Design Automation Conference (DAC’15). IEEE,1--6.

Digital Library

[97]

Nathan Alexander Sales. 2013. Regulating cyber-security. Northwest. Univ. Law Rev. 107, 4 (2013), 1503--1568.

[98]

P. Samarati. 2001. Protecting respondents’ identities in microdata release. IEEE Trans. Knowl. Data Eng. 13, 6 (2001), 1010--1027.

Digital Library

[99]

Florian Schaub, Rebecca Balebako, Adam L. Durity, and Lorrie Faith Cranor. 2015. A design space for effective privacy notices. In Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS’15). USENIX Association, 1--17.

[100]

Nadav Schweitzer, Ariel Stulman, Asaf Shabtai, and Roy David Margalit. 2016. Mitigating denial of service attacks in OLSR protocol using fictitious nodes. IEEE Trans. Mobile Comput. 15, 1 (2016), 163--172.

Digital Library

[101]

Elaine Shi, John Bethencourt, T. H. Hubert Chan, Dawn Song, and Adrian Perrig. 2007. Multi-dimensional range query over encrypted data. In Proceedings of the IEEE Symposium on Security and Privacy (SP’07). IEEE, 350--364.

Digital Library

[102]

Erez Shmueli and Tamir Tassa. 2015. Privacy by diversity in sequential releases of databases. Info. Sci. 298 (2015), 344--372.

Digital Library

[103]

Erez Shmueli, Tamir Tassa, Raz Wasserstein, Bracha Shapira, and Lior Rokach. 2012. Limiting disclosure of sensitive data in sequential releases of databases. Info. Sci. 191 (2012), 98--127.

Digital Library

[104]

Xiaokui Shu, Danfeng Yao, and Elisa Bertino. 2015. Privacy-preserving detection of sensitive data exposure. IEEE Trans. Info. Forensics Secur. 10, 5 (2015), 1092--1103.

Digital Library

[105]

Sami Smadi, Nauman Aslam, Li Zhang, Rafe Alasem, and M. A. Hossain. 2015. Detection of phishing emails using data mining algorithms. In Proceedings of the 9th International Conference on Software, Knowledge, Information Management and Applications (SKIMA’15). IEEE, 1--8.

[106]

Daniel J. Solove. 2006. A taxonomy of privacy. Univ. Penn. Law Rev. (2006), 477--564.

[107]

Sarah Spiekermann and Lorrie Faith Cranor. 2009. Engineering privacy. IEEE Trans. Softw. Eng. 35, 1 (2009), 67--82.

Digital Library

[108]

Jacopo Staiano, Bruno Lepri, Nadav Aharony, Fabio Pianesi, Sebe Nicu, and Alex Pentland. 2012. Friends don’t lie—Inferring personality traits from social network structure. In Proceedings of the ACM International Conference on Ubiquitous Computing (Ubicomp’12). ACM, 321--330.

Digital Library

[109]

Oleksii Starov, Phillipa Gill, and Nick Nikiforakis. 2016. Are you sure you want to contact us? Quantifying the leakage of PII via website contact forms. Proc. Priv. Enhanc. Technol. 2016, 1 (2016), 20--33.

[110]

M. Sumeeth, R. Singh, and J. Miller. 2012. Are online privacy policies readable. Optim. Info. Secur. Adv. Priv. Assur.: New Technol. (2012), 91.

[111]

Latanya Sweeney. 2002. k-anonymity: A model for protecting privacy. Int. J. Uncertain., Fuzz. Knowl.-Based Syst. 10, 05 (2002), 557--570.

Digital Library

[112]

Symantec. 2015a. Insecurity in the Internet of Things. Retrieved from http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/insecurity-in-the-internet-of-things.pdf.

[113]

Symantec. 2015b. Threat Report Symantec. Technical Report. Symantec Inc.Retrieved from http://www.symantec.com/security_response/publications/threatreport.jsp.

[114]

Symantec. 2016a. An Internet of Things Reference Architecture. Retrieved from http://wso2.com/whitepapers/a-reference-architecture-for-the-internet-of-things/.

[115]

Symantec. 2016b. Device Protection for the Internet of Things. Retrieved from https://www.symantec.com/content/dam/symantec/docs/data-sheets/embedded-security-critical-system-protection-en.pdf.

[116]

Symantec. 2016c. EndPoint Protection. Retrieved from https://www.symantec.com/content/dam/symantec/docs/data-sheets/endpoint-protection-en.pdf.

[117]

Mohammad Tehranipoor and Farinaz Koushanfar. 2010. A survey of hardware Trojan taxonomy and detection. IEEE Des. Test Comput. 27, 1 (2010), 10--25.

Digital Library

[118]

Omer Tene. 2014. New harm matrix for cybersecurity surveillance, A. Colo. Tech. LJ 12 (2014), 391.

[119]

Tran Manh Thang and Van Khanh Nguyen. 2016. Synflood spoof source DDoS attack defence based on packet ID anomaly detection-PIDAD. In Proceedings of the Conference on Information Science and Applications (ICISA’16). Springer, 739--751.

[120]

Eran Toch, Yang Wang, and Lorrie Faith Cranor. 2012. Personalization and privacy: A survey of privacy risks and remedies in personalization-based systems. User Model. User-Adapt. Interact. 22, 1--2 (2012), 203--220.

Digital Library

[121]

Tripwire. 2017. File Integrity and Change ManagementFIM. Retrieved from https://www.tripwire.com/.

[122]

Anton V. Uzunov, Katrina Falkner, and Eduardo B. Fernandez. 2015. A comprehensive pattern-oriented approach to engineering security methodologies. Info. Softw. Technol. 57 (2015), 217--247.

[123]

Anton V. Uzunov and Eduardo B. Fernandez. 2014. An extensible pattern-based library and taxonomy of security threats for distributed systems. Comput. Stand. Interfaces 36, 4 (2014), 734--747.

Digital Library

[124]

Anton V. Uzunov, Eduardo B. Fernandez, and Katrina Falkner. 2012. Engineering security into distributed systems: A survey of methodologies. J. Univ. Comput. Sci. 18, 20 (2012), 2920--3006.

[125]

Emmanouil Vasilomanolakis, Shankar Karuppayah, Max Mühlhäuser, and Mathias Fischer. 2015a. Taxonomy and survey of collaborative intrusion detection. ACM Comput. Surveys (CSUR) 47, 4 (2015), 55.

Digital Library

[126]

Emmanouil Vasilomanolakis, Matthias Krügl, Carlos Garcia Cordero, Max Mühlhäuser, and Mathias Fischer. 2015b. SkipMon: A locality-aware collaborative intrusion detection system. In Proceedings of the IEEE 34th International Performance on Computing and Communications Conference (IPCCC’15). IEEE, 1--8.

Digital Library

[127]

Giovanni Vigna, William Robertson, Vishal Kher, and Richard A. Kemmerer. 2003. A stateful intrusion detection system for world-wide web servers. In Proceedings of the 19th Annual Computer Security Applications Conference. IEEE Computer Society, 34. Retrieved from http://dl.acm.org/citation.cfm?id=956415.956437.

Digital Library

[128]

Kush Wadhwa, David Barnard-Wills, and David Wright. 2015. The state of the art in societal impact assessment for security research.Sci. Public Pol. (SPP) 42, 3 (2015).

[129]

Ke Wang and Benjamin Fung. 2006. Anonymizing sequential releases. In Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 414--423.

Digital Library

[130]

Ke Wang and Salvatore J. Stolfo. 2004. Anomalous payload-based network intrusion detection. In Proceedings of the International Workshop on Recent Advances in Intrusion Detection. Springer, 203--222.

[131]

Merrill Warkentin and Robert Willison. 2009. Behavioral and policy issues in information systems security: The insider threat. Eur. J. Info. Syst. 18, 2 (2009), 101.

[132]

Rolf H. Weber. 2010. Internet of things—New security and privacy challenges. Comput. Law Secur. Rev. 26, 1 (2010), 23--30.

[133]

Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest, and Daniel W. Engels. 2004. Security and privacy aspects of low-cost radio frequency identification systems. In Security in Pervasive Computing. Springer, 201--212.

[134]

David Wright. 2012. The state of the art in privacy impact assessment. Comput. Law Secur. Rev. 28, 1 (2012), 54--61.

[135]

David Wright and Paul De Hert. 2011. Privacy Impact Assessment. Vol. 6. Springer Science 8 Business Media.

[136]

David Wright and Charles D. Raab. 2012. Constructing a surveillance impact assessment. Comput. Law Secur. Rev. 28, 6 (2012), 613--626.

[137]

Xiaokui Xiao and Yufei Tao. 2007. m-invariance: Towards privacy preserving re-publication of dynamic datasets. In Proceedings of International Conference on Management of Data (SIGMOD’07). ACM, 689--700.

Digital Library

[138]

Yi Xie, Yu Wang, Haitao He, Yang Xiang, Shunzheng Yu, and Xincheng Liu. 2016. A general collaborative framework for modeling and perceiving distributed network behavior. IEEE/ACM Trans. Network. 24, 5 (2016), 3162--3176.

Digital Library

[139]

Ye Yan, Yi Qian, Hamid Sharif, and David Tipper. 2012. A survey on cyber security for smart grid communications. IEEE Commun. Surveys Tutor. 14, 4 (2012), 998--1010.

[140]

Juan Ye, Simon Dobson, and Susan McKeever. 2012. Situation identification techniques in pervasive computing: A review. Pervas. Mobile Comput. 8, 1 (2012), 36--66.

Digital Library

[141]

Chenfeng Vincent Zhou, Christopher Leckie, and Shanika Karunasekera. 2010a. A survey of coordinated attacks and collaborative intrusion detection. Comput. Secur. 1, 29 (2010), 124--140.

Digital Library

[142]

Minqi Zhou, Rong Zhang, Wei Xie, Weining Qian, and Aoying Zhou. 2010b. Security and privacy in cloud computing: A survey. In Proceedings of the 2010 6th International Conference on Semantics Knowledge and Grid (SKG’10). IEEE, 105--112.

Digital Library

[143]

Jan Henrik Ziegeldorf, Oscar Garcia Morchon, and Klaus Wehrle. 2014. Privacy in the internet of things: Threats and challenges. Secur. Commun. Networks 7, 12 (2014), 2728--2742. arxiv:1505.07683

Cited By

Balboni PBella GCapparelli FBarata M(2025)Privacy-Enhancing TechnologiesComputer and Information Security Handbook10.1016/B978-0-443-13223-0.00054-0(891-905)Online publication date: 2025
https://doi.org/10.1016/B978-0-443-13223-0.00054-0
Mingo H(2024)The Emerging Cybersecurity Challenges With Artificial IntelligenceMultisector Insights in Healthcare, Social Sciences, Society, and Technology10.4018/979-8-3693-3226-9.ch010(163-185)Online publication date: 5-Jan-2024
https://doi.org/10.4018/979-8-3693-3226-9.ch010
Gavėnaitė-Sirvydienė J(2024)Development of cyber security assessment tool for financial institutionsundefined10.20334/2024-023-MOnline publication date: 2024
https://doi.org/10.20334/2024-023-M
Show More Cited By

Index Terms

The Privacy Implications of Cyber Security Systems: A Technological Survey
1. Networks
  1. Network properties
    1. Network privacy and anonymity
2. Security and privacy

Recommendations

Government regulations in cyber security: Framework, standards and recommendations
Abstract
Cyber security refers to the protection of Internet-connected systems, such as hardware, software as well as data (information) from cyber attacks (adversaries). A cyber security regulation is needed in order to protect information ...
Highlights
- We list and discuss the cyber attacks, security requirements and measures. We then discuss the cyber security incident management framework and its various ...
Freedom of Privacy: Anonymous Data Collection with Respondent-Defined Privacy Protection

The massive amount of sensitive survey data about individuals that agencies collect and share through the Internet is causing a great deal of privacy concerns. These concerns may discourage individuals from revealing their sensitive information. ...
From information security to cyber security

The term cyber security is often used interchangeably with the term information security. This paper argues that, although there is a substantial overlap between cyber security and information security, these two concepts are not totally analogous. ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 51, Issue 2

March 2019

748 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3186333

Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering / University of Florida / Gainesville, FL 32611

Issue’s Table of Contents

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 February 2018

Accepted: 01 December 2017

Revised: 01 June 2017

Received: 01 August 2016

Published in CSUR Volume 51, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Survey
Research
Refereed

Funding Sources

Ministry of Science, Technology and Space, Israel
Ministry of Foreign Affairs and International Cooperation, Italy
Israeli-Italian Scientific and Technological Cooperation program

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

49
Total Citations
View Citations
2,717
Total Downloads

Downloads (Last 12 months)215
Downloads (Last 6 weeks)24

Reflects downloads up to 09 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Balboni PBella GCapparelli FBarata M(2025)Privacy-Enhancing TechnologiesComputer and Information Security Handbook10.1016/B978-0-443-13223-0.00054-0(891-905)Online publication date: 2025
https://doi.org/10.1016/B978-0-443-13223-0.00054-0
Mingo H(2024)The Emerging Cybersecurity Challenges With Artificial IntelligenceMultisector Insights in Healthcare, Social Sciences, Society, and Technology10.4018/979-8-3693-3226-9.ch010(163-185)Online publication date: 5-Jan-2024
https://doi.org/10.4018/979-8-3693-3226-9.ch010
Gavėnaitė-Sirvydienė J(2024)Development of cyber security assessment tool for financial institutionsundefined10.20334/2024-023-MOnline publication date: 2024
https://doi.org/10.20334/2024-023-M
Joshi AKaur NKaur A(2024)Unveiling the Achilles' Heel: A Comprehensive Exploration of Vulnerabilities in RMI and Bindshell Communication2024 11th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO)10.1109/ICRITO61523.2024.10522462(1-5)Online publication date: 14-Mar-2024
https://doi.org/10.1109/ICRITO61523.2024.10522462
Joshi AKaur NChauhan S(2024)Encrypting the Unseen: Exploring Steganography Techniques in HTTP Environments2024 11th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO)10.1109/ICRITO61523.2024.10522256(1-5)Online publication date: 14-Mar-2024
https://doi.org/10.1109/ICRITO61523.2024.10522256
Singamaneni KMuhammad G(2024)A novel integrated quantum-resistant cryptography for secure scientific data exchange in ad hoc networksAd Hoc Networks10.1016/j.adhoc.2024.103607164(103607)Online publication date: Nov-2024
https://doi.org/10.1016/j.adhoc.2024.103607
Acheampong DMeso PAgyemang ICudjoe J(2024)Bridging the Digital Divide: Securing Information and Computer Systems in an Unequal WorldImplications of Information and Digital Technologies for Development10.1007/978-3-031-66986-6_6(77-90)Online publication date: 1-Aug-2024
https://doi.org/10.1007/978-3-031-66986-6_6
Gadad VSowmyarani C. N. (2023)A Comprehensive Review of Privacy Preserving Data Publishing (PPDP) Algorithms for Multiple Sensitive Attributes (MSA)Information Security and Privacy in Smart Devices10.4018/978-1-6684-5991-1.ch006(142-193)Online publication date: 31-Mar-2023
https://doi.org/10.4018/978-1-6684-5991-1.ch006
Javed AKhan HAlomari MSarwar MAsim MAlmadhor AKhan M(2023)Toward explainable AI-empowered cognitive health assessmentFrontiers in Public Health10.3389/fpubh.2023.102419511Online publication date: 9-Mar-2023
https://doi.org/10.3389/fpubh.2023.1024195
Zolfaghari SSuravee SRiboni DYordanova K(2023)Sensor-Based Locomotion Data Mining for Supporting the Diagnosis of Neurodegenerative Disorders: A SurveyACM Computing Surveys10.1145/360349556:1(1-36)Online publication date: 26-Aug-2023
https://dl.acm.org/doi/10.1145/3603495
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents