The devil and packet trace anonymization

Pang, Ruoming; Allman, Mark; Paxson, Vern; Lee, Jason R.

doi:10.1145/1111322.1111330

Cited by 179 publications

(133 citation statements)

References 15 publications

Supporting

Mentioning

127

Contrasting

Unclassified

Order By: Relevance

“…One can also sanitize captured data by, e.g., removing or anonymizing potentially sensitive information [49], [50], [51]. However, despite intensive efforts [52], [53], publishing such datasets has garnered little traction to date, mostly one suspects for the fear that information can still leak.…”

Section: ) Difficulties Of Datamentioning

confidence: 99%

Outside the Closed World: On Using Machine Learning for Network Intrusion Detection

Sommer

Paxson

2010

2010 IEEE Symposium on Security and Privacy

Self Cite

1,214

743

View full text Add to dashboard Cite

Abstract-In network intrusion detection research, one popular strategy for finding attacks is monitoring a network's activity for anomalies: deviations from profiles of normality previously learned from benign traffic, typically identified using tools borrowed from the machine learning community. However, despite extensive academic research one finds a striking gap in terms of actual deployments of such systems: compared with other intrusion detection approaches, machine learning is rarely employed in operational "real world" settings. We examine the differences between the network intrusion detection problem and other areas where machine learning regularly finds much more success. Our main claim is that the task of finding attacks is fundamentally different from these other applications, making it significantly harder for the intrusion detection community to employ machine learning effectively. We support this claim by identifying challenges particular to network intrusion detection, and provide a set of guidelines meant to strengthen future research on anomaly detection.

show abstract

Section: ) Difficulties Of Datamentioning

confidence: 99%

Outside the Closed World: On Using Machine Learning for Network Intrusion Detection

Sommer

Paxson

2010

2010 IEEE Symposium on Security and Privacy

Self Cite

1,214

743

View full text Add to dashboard Cite

show abstract

“…In fact, comprehensive anonymization is not easy to achieve [532]. For example, hosts can also be compromised by port numbers (if they support a unique service) or even by packet timestamps (by fingerprinting a host's clock drift [408]).…”

Section: Privacymentioning

confidence: 99%

“…But this risk does not justify the blocking of all data publication. Rather, a privacy policy should be decided on, which will balance the usefulness of the data with the risk of exposure [532,147]. In certain cases -notably the recording of network communications -there may also be specific laws that spell out exactly what is allowed or not [522].…”

Section: Privacymentioning

confidence: 99%

Workload Modeling for Computer Systems Performance Evaluation

Feitelson

2015

197

131

View full text Add to dashboard Cite

Reliable performance evaluations require the use of representative workloads. This is no easy task since modern computer systems and their workloads are complex, with many interrelated attributes and complicated structures. Experts often use sophisticated mathematics to analyze and describe workload models, making these models difficult for practitioners to grasp. This book aims to close this gap by emphasizing the intuition and the reasoning behind the definitions and derivations related to the workload models. It provides numerous examples from real production systems, with hundreds of graphs. Using this book, readers will be able to analyze collected workload data and clean it if necessary, derive statistical models that include skewed marginal distributions and correlations, and consider the need for generative models and feedback from the system. The descriptive statistics techniques covered are also useful for other domains.

show abstract

“…Although such frameworks are aimed to be quite generic, a significant drawback is that they base on quite "static" anonymisation policies specification; in all cases, the policies that will regulate the execution of the underlying anonymisation APIs must be defined in an explicit manner. Additionally, although they work well for applications using previously collected traffic data, they are not applicable to applications' domains that demand real-time data, such as intrusion detection systems, while being vulnerable to attacks able to infer sensitive information [22] [23].…”

Section: Related Workmentioning

confidence: 99%

A privacy-aware access control model for distributed network monitoring

Papagiannakopoulou

Koukovini

Lioudakis

et al. 2013

Computers & Electrical Engineering

View full text Add to dashboard Cite

Despite the usefulness of network monitoring for the operation, maintenance, control and protection of communication networks, as well as law enforcement, network monitoring activities are surrounded by serious privacy implications. Their inherent leakage-proneness is harshened due to the increasing complexity of the monitoring procedures and infrastructures, that may include multiple traffic observation points, distributed mitigation mechanisms and even inter-operator cooperation. However, current approaches present limitations in effectively addressing such privacy issues, as they have not been designed for meeting the particular requirements of distributed network monitoring and conceptualising the corresponding functionalities and infrastructures; additionally, they are not suitable for highly dynamic and distributed environments and for automating privacy-awareness. In this paper, we introduce a new access control model that aims at addressing these concerns; it is conceived on the basis of data protection legislation, as well as distributed network monitoring. The proposed approach provides rich expressiveness, captures all the underlying concepts along with their associations and enables the specification of contextual authorisation policies and * Corresponding author.Email address: epapag@icbnet.ntua.gr (Eugenia I. Papagiannakopoulou) ⋆ This is a revised and expanded version of a paper that appeared in the proceedings of the 4th MITACS Workshop on Foundations & Practice of Security, Paris, France, May 2011, pp. 208-217 [44]. Computers & Electrical Engineering 2011 June 7, 2012 expressive separation and binding of duty constraints. Finally, two key innovations of our work consist in the ability to define access control rules in any possible level of abstraction and in enabling a verification procedure which results in inherently privacy-aware workflows, thus minimising run-time reasoning overheads and fostering the realisation of the Privacy by Design vision. Preprint submitted to Elsevier

show abstract

The devil and packet trace anonymization

Cited by 179 publications

References 15 publications

Outside the Closed World: On Using Machine Learning for Network Intrusion Detection

Outside the Closed World: On Using Machine Learning for Network Intrusion Detection

Workload Modeling for Computer Systems Performance Evaluation

A privacy-aware access control model for distributed network monitoring

Contact Info

Product

Resources

About