Utilizing Network Features for Privacy Violation Detection Jaijit Bhattacharya Rajanish Dass Vishal Kapoor S.K.Gupta Department of Computer Science and Engineering, Indian Institute of Technology, Delhi jaijit@cse.iitd.ernet.in Computer and Information Systems Group, Indian Institute of Management Ahmedabad rajanish@iimahd.ernet.in Oracle HP e-Governance, Center of Excellence, Gurgoan vkapoor@cse.iitd.ernet.in Department of Computer Science and Engineering, Indian Institute of Technology, Delhi skg@cse.iitd.ernet.in Abstract Privacy, its violations and techniques to circumvent privacy violation have grabbed the centre-stage of both academia and industry in recent months. Corporations worldwide have become conscious of the implications of privacy violation and its impact on them and to other stakeholders. Moreover, nations across the world are coming out with privacy protecting legislations to prevent data privacy violations. Such legislations however expose organizations to the issues of intentional or unintentional violation of privacy data. A violation by either malicious external hackers or by internal employees can expose the organizations to costly litigations. In this paper, we propose PRIVDAM; a data mining based intelligent architecture of a Privacy Violation Detection and Monitoring system whose purpose is to detect possible privacy violations and to prevent them in the future. This paper elaborates on the use of network characteristics for differentiating between normal network traffic and potential malicious attacks. These attacks are usually hidden in common network services like http, ftp, udp etc. Experimental evaluations illustrate that our approach is scalable as well as robust and accurate in detecting privacy violations. 1 Introduction Privacy enhancement technology has experienced a growth spurt in the recent years. This is largely due to the enactment of privacy legislations and the wide- spread use of the Internet and its apparent weakness in the protection of organizational and individual privacy. Currently, a majority of these technologies have focused on privacy policy expression [1] of the middleware [2] . Little research has been done on the proactive determination and prevention of privacy violations. Consequently, there is a gaping requirement for a method to automate the detection of privacy violations [3]. The need of a privacy violation prevention mechanism becomes apparent whenever organizations deal with Personal Identifiable Information.. It has been observed that control over personal information has decreased because individuals are oblivious to the systems storing their information. Critical data, such as detailed transaction summaries including social security number, shipping and billing addresses, e-mail id and credit card details are being put to risk routinely [4]. Privacy violation can be defined as an event that violates a privacy policy or an agreement between a customer (data subject) and the data collecting entity. An individual's privacy can be protected in two ways: a) the amount of personal data stored can be minimized or, b) appropriate privacy policies are enforced. This paper describes the use of network features by a Privacy Violation Detection and Monitoring system (PRIVDAM) for detecting privacy violation for a hotel industry scenario [5]. The system uses a collection of machine learning techniques utilizing the collated network data for the automated identification of malicious violations. It can also be made a part of a system that enforces privacy policies. The paper is arranged as follows: Section 2 presents the motivation behind creating such a system. Section 3 describes the previous research both in intrusion detection systems as well as privacy violation detection. Section 4 discusses a logging mechanism while Section 5 goes on to present an anomaly based PRIVDAM architecture using data mining techniques in conjunction to network characteristics. Section 6 describes the implementation of PRIVDAM for a hotel scenario. Finally we conclude with experimental results and make a few recommendations for potential research.