Privacy Preserving of IP Address through Truncation Method in Network-based Intrusion Detection System

Network-based Intrusion Detection System (IDS) is gaining wide attention from the research community since the past decades. While having a precise classification model in separating the normal and malicious network traffics is still remain as the ultimate goal, the privacy protection for network traffic database cannot be ignore as well. The impetuous ignorance of database privacy will continue to restrain governments, organisations and individuals in releasing the real and ontological network traces. The common solution to tackle this matter is anonymising the database through the statistical approach. Anonymising can be referred to masking, hiding or removing certain sensitive information from the database. Thus, this will be subsequently resulting in information loss. In this paper, a truncation method is explored to preserve the sensitive information of the network traffic database (i.e. IP addresses). The truncated database is then tested with 10 machine learning classifiers from Weka. We tested four different options of IP address truncation against the 6 percent of GureKDDCup dataset.