skip to main content
10.1145/1529282.1529572acmconferencesArticle/Chapter ViewAbstractPublication PagessacConference Proceedingsconference-collections
research-article

A taxonomy and adversarial model for attacks against network log anonymization

Published: 08 March 2009 Publication History

Abstract

In recent years, it has become important for researchers, security incident responders and educators to share network logs, and many log anonymization tools and techniques have been put forth to sanitize this sensitive data source in order to enable more collaboration. Unfortunately, many new attacks have been created, in parallel, that try to exploit weaknesses in the anonymization process. In this paper, we present a taxonomy that relates similar kinds of attacks in a meaningful way. We also present a new adversarial model which we can map into the taxonomy by the types of attacks that can be perpetrated by a particular adversary. This has helped us to negotiate the trade-offs between data utility and trust, by giving us a way to specify the strength of an anonymization scheme as a measure of the types of adversaries it protects against.

References

[1]
Avoine, G., "Adversary Model for Radio Frequency Identification," Cryptology ePrint Archive, Report 2005/049, 2005.
[2]
Bethencourt, J., Franklin, J., Vernon, M., "Mapping Internet Sensors with Probe Response Attacks," 14 th USENIX Security Symposium, Aug., 2005.
[3]
Coull, S., Wright, C. V., Keromytis, A., Monrose, F., and Reiter, M., "Taming the Devil: Techniques for Evaluating Anonymized Network Data,", 15 th Network and Distributed System Security Symposium (NDSS '08), Feb., 2008.
[4]
Coull, S., Wright, C. V., Monrose, F., Collins, M., and Reiter, M., "Playing Devil's Advocate: Inferring Sensitive Information from Anonymized Network Traces," 14th Network and Distributed System Security Symposium (NDSS '07), Feb., 2007.
[5]
Coull, S., Collins, M., Wright, C. V., Monrose, F., and Reiter, M., "On Web Browsing Privacy in Anonymized NetFlows," 16 th USENIX Security Symposium, Aug., 2007.
[6]
King, J., "A Taxonomy, Model, and Method for Secure Network Log Anonymization," Master's Thesis, University of Illinois at Urbana-Champaign, Apr., 2008.
[7]
Kohno, T., Broido, A., and Claffy, K. C., "Remote Physical Device Fingerprinting," IEEE Transactions on Dependable and Secure Computing, Apr., 2005.
[8]
Koukis, D., Antonatos, S., and Anagnostakis, K., "On the Privacy Risks of Publishing Anonymized IP Network Traces," 10 th IFIP Open Conference on Communications and Multimedia Security (CMS '06), Oct., 2006.
[9]
Koukis, D., Antonatos, S., Antoniades, D., Markatos, E., and Trimintzios, P., "A Generic Anonymization Framework for Network Traffic," IEEE International Conference on Communications (ICC '06), Jun., 2006.
[10]
Lakkaraju, K. and Slagell. A., "Evaluating the Utility of Anonymized Network Traces for Intrusion Detection," 4 th SecureComm Conference, Sep., 2008.
[11]
Lincoln, P., Porras, P., and Shmatikov, V., "Privacy-preserving Sharing and Correction of Security Alerts," 13 th USENIX Security Symposium, Aug., 2004.
[12]
Mc Hugh, J., "Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory," ACM Transactions on Information and System Security, Vol. 3(4), Nov., 2000.
[13]
Øverlier, L., Brekne, T., and Årnes, A., "Non-expanding Transaction Specific Pseudonymization for IP Traffic Monitoring," 4 th International Conference on Cryptology and Network Security (CANS '05), Dec., 2005.
[14]
Pang, R., Allman, M., Paxson, V., and Lee, J., "The Devil and Packet Trace Anonymization," SIGCOMM Computing Communications Review, Vol. 36(1): 29--38, 2006.
[15]
Pang, R. Paxson, V., "A High-level Programming Environment for Packet Trace Anonymization and Transformation," ACM Conference of the Special Interest Group on Data Communication (SIGCOMM '03), Aug., 2003.
[16]
Porras, P., and Shmatikov, V., "Large-scale Collection and Sanitization of Network Security Data: Risks and Challenges," Workshop on New Security Paradigms (NSPW '06), Sep., 2006.
[17]
Ramaswamy, R., and Wolf, T., "High-Speed Prefix-Preserving IP Address Anonymization for Passive Measurement Systems," Networking, IEEE/ACM Transactions on Networking, Vol. 15(1), Jan., 2007.
[18]
Ribeiro, B., Chen, W., Miklau, G., and Towsley, D., "Analyzing Privacy in Enterprise Packet Trace Anonymization," 15 th Network and Distributed System Security Symposium (NDSS '08), Feb., 2008.
[19]
Sicker, D., Ohm, P., and Grunwald, D., "Legal Issues Surrounding Monitoring during Network Research," Internet Measurement Conference (IMC '07), Jun., 2007.
[20]
Slagell, A., Lakkaraju, K., and Luo, K., "FLAIM: A Multi-level Anonymization Framework for Computer and Network Logs," 20 th Large Installation System Administration Conference LISA '06), Dec., 2006.
[21]
Slagell, A., Li, Y., and Luo, K., "Sharing Network Logs for Computer Forensics: A New tool for the Anonymization of NetFlow Records," First Computer Network Forensics Research Workshop, held in conjunction with IEEE SecureComm, Sep., 2005.
[22]
Slagell, A., and Yurcik, W., "Sharing Computer Network Logs for Security and Privacy: A Motivation for New Methodologies of Anonymization," First International Workshop on the Value of Security through Collaboration (SECOVAL '05), Sep., 2005.
[23]
Xu, J., Fan, J., Ammar, M., and Moon, S., "Prefix-preserving IP Address Anonymization: Measurement-based Security Evaluation and a New Cryptography-based Scheme," 10 th IEEE International Conference on Network Protocols (ICNP '02), Nov., 2002.
[24]
Zalewski, M., and Stearns, W., "Passive OS Fingerprinting Tool," www.stearns.org/p0f/README, viewed Aug. 1, 2008.
[25]
Zhang, Q. and Li, X., "An IP Address Anonymization Scheme with Multiple Access Levels," Advances in Data Communications and Wireless Networks (ICOIN '06), Jan., 2006.
[26]
Zhang, Q., Wang, J., and Li, X., "On the Design of Fast Prefix-Preserving IP Address Anonymization Scheme," International Conference on Information and Communications Security (ICICS '07), Dec., 2007.

Cited By

View all
  • (2023)PD-PAn: Prefix- and Distribution-Preserving Internet of Things Traffic AnonymizationElectronics10.3390/electronics1220436912:20(4369)Online publication date: 21-Oct-2023
  • (2022)The Missing Case of Disinformation from the Cybersecurity Risk Continuum: A Comparative Assessment of Disinformation with Other Cyber ThreatsData10.3390/data70400497:4(49)Online publication date: 12-Apr-2022
  • (2022)Connectivity Preserving Anonymization of Smart Grid Network Configurations2022 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm)10.1109/SmartGridComm52983.2022.9961050(245-251)Online publication date: 25-Oct-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SAC '09: Proceedings of the 2009 ACM symposium on Applied Computing
March 2009
2347 pages
ISBN:9781605581668
DOI:10.1145/1529282
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 March 2009

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. adversarial model
  2. anonymization
  3. network logs
  4. taxonomy

Qualifiers

  • Research-article

Funding Sources

Conference

SAC09
Sponsor:
SAC09: The 2009 ACM Symposium on Applied Computing
March 8, 2009 - March 12, 2008
Hawaii, Honolulu

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25
The 40th ACM/SIGAPP Symposium on Applied Computing
March 31 - April 4, 2025
Catania , Italy

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)9
  • Downloads (Last 6 weeks)2
Reflects downloads up to 16 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)PD-PAn: Prefix- and Distribution-Preserving Internet of Things Traffic AnonymizationElectronics10.3390/electronics1220436912:20(4369)Online publication date: 21-Oct-2023
  • (2022)The Missing Case of Disinformation from the Cybersecurity Risk Continuum: A Comparative Assessment of Disinformation with Other Cyber ThreatsData10.3390/data70400497:4(49)Online publication date: 12-Apr-2022
  • (2022)Connectivity Preserving Anonymization of Smart Grid Network Configurations2022 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm)10.1109/SmartGridComm52983.2022.9961050(245-251)Online publication date: 25-Oct-2022
  • (2021)A Large-Scale Analysis of the Semantic Password Model and Linguistic Patterns in PasswordsACM Transactions on Privacy and Security10.1145/344860824:3(1-21)Online publication date: 20-Apr-2021
  • (2021)A Multi-view Approach to Preserve Privacy and Utility in Network Trace AnonymizationACM Transactions on Privacy and Security10.1145/343973224:3(1-36)Online publication date: 9-Feb-2021
  • (2021)A Generalized Framework for Preserving Both Privacy and Utility in Data OutsourcingIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2021.3078099(1-1)Online publication date: 2021
  • (2021)DPNeT: Differentially Private Network Traffic Synthesis with Generative Adversarial NetworksData and Applications Security and Privacy XXXV10.1007/978-3-030-81242-3_1(3-21)Online publication date: 14-Jul-2021
  • (2020) Integrity verification and behavioral classification of a large dataset applications pertaining smart OS via blockchain and generative models Expert Systems10.1111/exsy.1261138:4Online publication date: 9-Sep-2020
  • (2020)The Formal Representation of Cyberthreats for Automated ReasoningData Science in Cybersecurity and Cyberthreat Intelligence10.1007/978-3-030-38788-4_1(1-12)Online publication date: 6-Feb-2020
  • (2018)A Survey of Network Traffic Anonymisation Techniques and ImplementationsACM Computing Surveys10.1145/318266051:3(1-27)Online publication date: 23-May-2018
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media