Netshuffle: Improving Traffic Trace Anonymization through Graph Distortion

“…Further, only packets belonging to an unmapped edge need to be buffered allowing improved throughput as more mappings are made. From our results in [1], we concluded that simply separating the traffic into two decks, one containing small edges, and the other containing medium and large edges, results in significant reduction in the damage done to the empirical value of the traffic. Thus, in our current investigation, we again created a two-deck model by separating the set so that the extremely low traffic edges and heavy hitters do not mix.…”

“…In our first endeavor, we proposed Netshuffle [1], where we demonstrated that the underlying graph structure, present in network traffic traces as a residue of the point-to-point communications of the IP protocol, remains undisturbed by normal anonymization techniques. As a result, attackers can exploit this graph structure by mapping real-life communications (edges) to the traffic trace and thus identifying two endhosts (nodes).…”

“…The performance data was collected by varying the control variable for maintaining partitions on Monday of the first week of the Lincoln Laboratory 1998 DARPA data sets [8]. The other control variable p [1], which allows users to shuffle only a portion of the traffic, was set to 0.5 implying that roughly one out of every two edges was shuffled. Our algorithm was set to activate after observing only 400 packets (i.e.…”

“…To this end, we realized the necessity of an on-line version of Netshuffle to do the graph distortion in real-time. In order to achieve that goal, the memory signature of the original Netshuffle [1] is reduced, while increasing the overall throughput. Thus, our current approach creates confusion for inference attacks, at limited cost in data utility, while attempting to attain line-speeds.…”

“…Unfortunately, little research has examined the obfuscation of this underlying graph inherent in network data. To address these concerns, we proposed Netshuffle [1], a complete graph distortion technique. But as like any other off-line anonymization scheme, it requires the raw traffic traces, which contain much sensitive information, to be stored temporarily in a machine.…”

Real-time Netshuffle: Graph distortion for on-line anonymization

“…Further, only packets belonging to an unmapped edge need to be buffered allowing improved throughput as more mappings are made. From our results in [1], we concluded that simply separating the traffic into two decks, one containing small edges, and the other containing medium and large edges, results in significant reduction in the damage done to the empirical value of the traffic. Thus, in our current investigation, we again created a two-deck model by separating the set so that the extremely low traffic edges and heavy hitters do not mix.…”

“…In our first endeavor, we proposed Netshuffle [1], where we demonstrated that the underlying graph structure, present in network traffic traces as a residue of the point-to-point communications of the IP protocol, remains undisturbed by normal anonymization techniques. As a result, attackers can exploit this graph structure by mapping real-life communications (edges) to the traffic trace and thus identifying two endhosts (nodes).…”

“…The performance data was collected by varying the control variable for maintaining partitions on Monday of the first week of the Lincoln Laboratory 1998 DARPA data sets [8]. The other control variable p [1], which allows users to shuffle only a portion of the traffic, was set to 0.5 implying that roughly one out of every two edges was shuffled. Our algorithm was set to activate after observing only 400 packets (i.e.…”

“…To this end, we realized the necessity of an on-line version of Netshuffle to do the graph distortion in real-time. In order to achieve that goal, the memory signature of the original Netshuffle [1] is reduced, while increasing the overall throughput. Thus, our current approach creates confusion for inference attacks, at limited cost in data utility, while attempting to attain line-speeds.…”

“…Unfortunately, little research has examined the obfuscation of this underlying graph inherent in network data. To address these concerns, we proposed Netshuffle [1], a complete graph distortion technique. But as like any other off-line anonymization scheme, it requires the raw traffic traces, which contain much sensitive information, to be stored temporarily in a machine.…”

Real-time Netshuffle: Graph distortion for on-line anonymization

De-anonymous and Anonymous Technologies for Network Traffic Release

Anonymity-Based Privacy Preserving Network Data Publication