Oxford University Press
The authors introduce ZIDS, a client-server solution for private detection of intrusions that is suitable for private detection of zero-day attacks in input data. The system includes an Intrusion Detection System (IDS) server that has a set of sensitive signatures for zero-day attacks and IDS clients that possess some sensitive data (e.g. files and logs). Using ZIDS, each IDS client learns whether its input data matches any of the zero-day signatures, but neither party learns about any additional information. In other words, the IDS client learns nothing about the zero-day signatures and the IDS server learns nothing about the input data and the analysis results. To solve this problem, they reduce privacy-preserving intrusion detection to an instance of secure two-party Oblivious Deterministic Finite Automata (ODFA) evaluation.