Springer Nature is making SARS-CoV-2 and COVID-19 research free. View research | View latest news | Sign up for updates

A Composite Privacy Leakage Indicator


This paper proposes a Subjective Logic based composite privacy leakage metric that both takes into account the amount of information leakage and also that information with high entropy in some cases may be considered encrypted. It is furthermore shown both analytically and experimentally that Min-entropy is considered better than Shannon, Rényi or Max entropy for identifying encrypted content for the composite metric. This is in particular useful for implementing privacy-enhanced Intrusion Detection Systems (IDS), where sampled encrypted traffic can be considered to have low risk of revealing sensitive information. The combined metric can be used in a Policy Enforcement Point that acts as a proxy/anonymiser in order to to reduce the leakage of private or sensitive information from the IDS sensors to an outsourced Managed Security Service provider. Although the composite privacy indicator is IDS specific, the authorisation architecture is general, and may also be useful for anonymising or pseusonymising sensitive information from or to other types of sensors that need to be exposed to the Internet. The solution is based on the eXtensible Access Control Markup Language policy language extended with support for Subjective Logic, in order to provide a method for expressing fine-grained access control policies that are based on uncertain evidences.

This is a preview of subscription content, log in to check access.


  1. 1

    Bezzi, M. (2008). An entropy based method for measuring anonymity. In Third International Conference on Security and Privacy in Communications Networks and the Workshops, 2007. SecureComm 2007, (pp. 28–32).

  2. 2

    Büschkes R., Kesdogan D. (1999) Privacy enhanced intrusion detection. In: Müller G., Rannenberg K. (eds) Multilateral security in communications, information security. Addison Wesley, Reading, MA, pp 187–204

  3. 3

    Clauß, S., & Schiffner, S. (2006). Structuring anonymity metrics. In Proceedings of the Second ACM Workshop on Digital Identity Management, ACM, Alexandria, Virginia, USA (pp. 55–62).

  4. 4

    Fischer-Hübner S. (2007) IDA—An intrusion detection and avoidance system (in German). Aachen, Shaker

  5. 5

    Gordon, J., & Shortliffe, E. H. (1984). The Dempster-Shafer theory of evidence. In Rule-Based Expert Systems: The MYCIN Experiments of the Stanford Heuristic Programming Project (pp. 272–292).

  6. 6

    Holz, T. (2004). An efficient distributed intrusion detection scheme. In COMPSAC Workshops (pp. 39–40).

  7. 7

    Jøsang, A. (1997). Artificial reasoning with subjective logic. In Proceedings of the 2nd Australian Workshop on Commonsense Reasoning, Perth, vol 65, Australian Computer Society.

  8. 8

    Jøsang A. (2001) A logic for uncertain probabilities. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems 9: 279–311

  9. 9

    Jøsang, A. (2010). Subjective Logic (Draft book). University of Oslo.

  10. 10

    Jøsang A., Bondi V. A. (2000) Legal reasoning with subjective logic. Artificial Intelligence and Law 8(4): 289–315

  11. 11

    Jøsang A., McAnally D. (2005) Multiplication and comultiplication of beliefs. International Journal of Approximate Reasoning 38(1): 19–51

  12. 12

    Jøsang, A, Gollmann, D., & Au, R. (2006). A method for access authorisation through delegation networks. In Proceedings of the 2006 Australasian workshops on Grid computing and e-research—Vol 54 (pp. 165–174). Hobart, Tasmania, Australia: Australian Computer Society, Inc.

  13. 13

    Mahoney, M.V., & Chan, P. K. (2003). An analysis of the 1999 darpa/lincoln laboratory evaluation data for network anomaly detection. In G. Vigna, C. Kruegel, & E. Jonsson (Eds.) Recent Advances in Intrusion Detection, Lecture Notes in Computer Science, Vol 2820 (pp. 220–237). Berlin/Heidelberg: Springer.

  14. 14

    Pang, R., & Paxson, V. (2003). A high-level programming environment for packet trace anonymization and transformation. In Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, ACM, Karlsruhe, Germany (pp. 339–351).

  15. 15

    Rényi, A. (1961). On measures of information and entropy. In Proceedings of the 4th Berkeley Symposium on Mathematics, Statistics and Probability 1960, (pp. 547–561).

  16. 16

    Serjantov, A., & Danezis, G. (2003). Towards an information theoretic metric for anonymity. Privacy Enhancing Technologies (pp. 259–263).

  17. 17

    Shafer G. (1976) A mathematical theory of evidence. Princeton university press, Princeton, NJ

  18. 18

    Shannon, C. E. (1948). A mathematical theory of communication. Bell System Technical Journal 27, 379–423, 623–656.

  19. 19

    Sobirey, M., Richter, B., & König, H. (1996). The intrusion detection system AID—architecture and experiences in automated audit trail analysis. In Proceedings of the IFIP TC6/TC11 International Conference on Communications and Mult imedia Security (pp. 278–290).

  20. 20

    Sobirey, M., Fischer-Hübner, S., & Rannenberg, K. (1997). Pseudonymous audit for privacy enhanced intrusion detection. In Proceedings of the IFIP TC11 13th International Conference on Information Security (SEC’97), (pp. 151–163).

  21. 21

    Svensson, H., & Jøsang, A. (2001). Correlation of intrusion alarms with subjective logic. In Proceedings of the Sixth Nordic Workshop on Secure IT systems (NordSec 2001), Copenhagen, Denmark 1–2, vol 13104, Technical Report IMM-TR-2001-14, Informatics and Mathematical Modelling, Technical University of Denmark, DTU.

  22. 22

    Tavallaee, M., Bagheri, E., Lu, W., & Ghorbani, A. (2010). A detailed analysis of the KDD CUP 99 data set. In Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defence Applications 2009.

  23. 23

    Tóth, G., Hornák, Z., & Vajda, F. (2004). Measuring anonymity revisited. In Proceedings of the Ninth Nordic Workshop on Secure IT Systems (pp. 85–90).

  24. 24

    Ulltveit-Moe, N., & Oleshchuk, V. (2010). Privacy leakage methodology (PRILE) for ids rules. In M. Bezzi, P. Duquenoy, S. Fischer-Hübner, M. Hansen, G. Zhang (Eds.) Privacy and Identity Management for Life, IFIP Advances in Information and Communication Technology, Vol 320 (pp. 213–225). Boston: Springer. doi:10.1007/978-3-642-14282-6_17.

  25. 25

    Yannacopoulos, A.N., Lambrinoudakis, C., Gritzalis, S., Xanthopoulos, S.Z., & Katsikas, S.N. (2008). Modeling privacy insurance contracts and their utilization in risk management for ICT firms. In Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security (pp. 207–222). Málaga, Spain: Springer.

Download references

Author information

Correspondence to Nils Ulltveit-Moe.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Ulltveit-Moe, N., Oleshchuk, V.A. A Composite Privacy Leakage Indicator. Wireless Pers Commun 61, 511–526 (2011).

Download citation


  • Privacy policy authorisation
  • Anonymisation
  • Subjective logic
  • Network monitoring
  • Outsourcing