MASTER Assignment
AmICompromised: A Privacy Preserving Intrusion Detection System
Type : Master M-CS
Period: March - August, 2025
Student : Janssen, G. (Guus, Student M-CS)
Date Final project: August 29, 2025
Supervisors:
Abstract:
Systems logs can contain privacy sensitivity data, such as personal information or intellectual property, which may be accessed or stolen during intrusion detection analysis. To address this risk, this research presents a method for privacy preserving anomaly detection on system logs using the BFV homomorphic encryption scheme. Incoming logs are compared to a baseline set of logs that define normal behaviour. By calculating the squared euclidean distance over the encrypted logs, the similarity between these incoming logs and the baseline logs can be determined. This method shows promising results, achieving a classification accuracy of approximately 99\% while processing under encryption. This comes at cost of increased runtime and memory requirement compared to unencrypted processes. However, these increases are not considered a major limitation. This research presents AmICompromised, an effective intrusion detection system with promising results when evaluated on a Hadoop Distributed File System dataset. We tested the system with baseline logs ranging from 50,000 to 300,000 logs and incoming logs ranging from 10 to 200 logs. This resulted in an execution time of 30 seconds to 15 minutes with a maximum memory requirement of 1.8 GB.