Skip to main content
SpringerLink
Log in

Network Trace Anonymization Using a Prefix-Preserving Condensation-Based Technique (Short paper)

  • Conference paper
  • First Online:
On the Move to Meaningful Internet Systems: OTM 2016 Conferences (OTM 2016)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10033))

Abstract

This paper proposes a method to anonymize network trace data by utilizing a novel perturbation technique that has strong privacy guarantee and at the same time preserves data utility. The resulting dataset can be used for security analysis, retaining the utility of the original dataset, without revealing sensitive information. Our method utilizes a condensation based approach with strong privacy guarantees, suited for cloud environments. Experiments show that the method performs better than existing anonymization techniques in terms of privacy-utility trade off, and it surpasses existing techniques in attack prediction accuracy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Pang, R., Allman, M., Paxson, V., Lee, J.: The devil and packet trace anonymization. ACM SIGCOMM Comput. Commun. Rev. 36, 29–38 (2006)

    Article  Google Scholar 

  2. RIPE (RIPE Network Coordination Centre). https://www.ripe.net/

  3. University of Oregon Route Views Project. http://www.routeviews.org/

  4. Corporative Association for Internet Data Analysis (CAIDA). https://www.caida.org/tools/taxonomy/anonymization.xml

  5. Xu, J., Fan, J., Ammar, M., Moon, S.B.: On the design and performance of prefix-preserving IP traffic trace anonymization. In: Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, pp. 263–266. ACM (2001)

    Google Scholar 

  6. Burkhart, M., Schatzmann, D., Trammell, B., Boschi, E., Plattner, B.: The role of network trace anonymization under attack. ACM SIGCOMM Comput. Commun. Rev. 40, 5–11 (2010)

    Article  Google Scholar 

  7. Brekne, T., Årnes, A., Øslebø, A.: Anonymization of IP traffic monitoring data: attacks on two prefix-preserving anonymization schemes and some proposed remedies. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, pp. 179–196. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  8. Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24, 84–90 (1981)

    Article  Google Scholar 

  9. Raymond, J.-F.: Traffic analysis: protocols, attacks, design issues, and open problems. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 10–29. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  10. Slagell, A.J., Li, Y., Luo, K.: Sharing network logs for computer forensics: a new tool for the anonymization of netflow records. In: Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, pp. 37–42. IEEE (2005)

    Google Scholar 

  11. Gamer, T., Mayer, C., Schöller, M.: PktAnon–A Generic Framework for Profile-based Traffic Anonymization. PIK-Praxis der Informationsverarbeitung und Kommunikation 31, 76–81 (2008)

    Article  Google Scholar 

  12. Qardaji, W., Li, N.: Anonymizing network traces with temporal pseudonym consistency. In: 2012 32nd International Conference on Distributed Computing Systems Workshops, pp. 622–633. IEEE (2012)

    Google Scholar 

  13. Peuhkuri, M.: A method to compress and anonymize packet traces. In: Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, pp. 257–261. ACM (2001)

    Google Scholar 

  14. Fan, J., Xu, J., Ammar, M.H., Moon, S.B.: Prefix-preserving IP address anonymization: measurement-based security evaluation and a new cryptography-based scheme. Comput. Netw. 46, 253–272 (2004)

    Article  MATH  Google Scholar 

  15. Riboni, D., Villani, A., Vitali, D., Bettini, C., Mancini, L.V.: Obfuscation of sensitive data in network flows. In: Proceedings of IEEE INFOCOM, pp. 2372–2380. IEEE (2012)

    Google Scholar 

  16. Slagell, A., Yurcik, W.: Sharing computer network logs for security and privacy: a motivation for new methodologies of anonymization. In: Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, pp. 80–89. IEEE (2005)

    Google Scholar 

  17. Slagell, A., Wang, J., Yurcik, W.: Network log anonymization: application of crypto-pan to cisco netflows. In: Proceedings of the Workshop on Secure Knowledge Management (2004)

    Google Scholar 

  18. Shebaro, B., Crandall, J.R.: Privacy-preserving network flow recording. Digital Invest. 8, S90–S100 (2011)

    Article  Google Scholar 

  19. Koukis, D., Antonatos, S., Antoniades, D., Markatos, E.P., Trimintzios, P.: A generic anonymization framework for network traffic. In: IEEE International Conference on Communications, pp. 2302–2309. IEEE (2006)

    Google Scholar 

  20. King, J., Lakkaraju, K., Slagell, A.: A taxonomy and adversarial model for attacks against network log anonymization. In: Proceedings of the ACM symposium on Applied Computing, pp. 1286–1293. ACM (2009)

    Google Scholar 

  21. Sweeney, L.: k-anonymity: a model for protecting privacy. Int. J. Uncertainty Fuzziness Knowl. Based Syst. 10, 557–570 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  22. Aggarwal, C.C., Yu, P.S.: A condensation approach to privacy preserving data mining. In: Bertino, E., Christodoulakis, S., Plexousakis, D., Christophides, V., Koubarakis, M., Böhm, K., Ferrari, E. (eds.) EDBT 2004. LNCS, vol. 2992, pp. 183–199. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24741-8_12

    Chapter  Google Scholar 

  23. MacQueen, J.: Some methods for classification and analysis of multivariate observations. In: Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability, Oakland, CA, USA, pp. 281–297 (1967)

    Google Scholar 

  24. Miller, D.: Softflowd: A Flow-Based Network Traffic Analyser (2013). Mindrot.org

  25. Agrawal, D., Aggarwal, C.C.: On the design and quantification of privacy preserving data mining algorithms. In: Proceedings of the Twentieth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, pp. 247–255. ACM (2001)

    Google Scholar 

Download references

Acknowledgement

This work is partially supported by MITRE-USM FFRDC under grant 11183.

Author information

Authors and Affiliations

  1. Department of Computer Information Systems, Yarmouk University, Irbid, 21163, Jordan

    Ahmed Aleroud

  2. Department of Information Systems, University of Maryland, Baltimore County, 1000 Hilltop Circle, Baltimore, MD, 21250, USA

    Zhiyuan Chen & George Karabatis

Authors
  1. Ahmed Aleroud
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhiyuan Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. George Karabatis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ahmed Aleroud .

Editor information

Editors and Affiliations

  1. ADAPT Centre, Trinity College Dublin, Dublin 2, Ireland

    Christophe Debruyne

  2. University of Lorraine, Vandoeuvre-les-Nancy, France

    Hervé Panetto

  3. TU Graz, Graz, Austria

    Robert Meersman

  4. La Trobe University, Melbourne, Australia

    Tharam Dillon

  5. Institute of Computer Languages, TU Wien, Vienna, Austria

    eva Kühn

  6. ADAPT Centre, Trinity College Dublin, Dublin 2, Ireland

    Declan O'Sullivan

  7. Università degli Studi di Milano Crema, Crema, Italy

    Claudio Agostino Ardagna

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Aleroud, A., Chen, Z., Karabatis, G. (2016). Network Trace Anonymization Using a Prefix-Preserving Condensation-Based Technique (Short paper). In: Debruyne, C., et al. On the Move to Meaningful Internet Systems: OTM 2016 Conferences. OTM 2016. Lecture Notes in Computer Science(), vol 10033. Springer, Cham. https://doi.org/10.1007/978-3-319-48472-3_59

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-48472-3_59

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-48471-6

  • Online ISBN: 978-3-319-48472-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation