Multi-Observer Privacy-Preserving Hidden Markov Models

Detection of malicious traffic and network health problems would be much easier if Internet Service Providers (ISPs) shared their data. Unfortunately, they are reluctant to share because doing so would either violate privacy legislation or expose business secrets. Secure distributed computation allows calculations to be made using private data and provides an ideal mechanism for ISPs to share their data. This paper presents such a method, allowing multiple parties to jointly infer a Hidden Markov Model (HMM) for network traffic, which can then be used to detect anomalies. We extend prior work on HMMs in network security to include observations from multiple ISPs and develop secure protocols to infer the model parameters without revealing the private data. We implemented a prototype of the protocols and have tested our implementation on simulated data of realistic network attack models. The experiments show that our protocols have small computation and communication overheads. The protocols therefore are suitable for adoption by ISPs.