Privacy/Analysis Tradeoffs in Sharing Anonymized Packet Traces: Single-Field Case

Author

Yurcik, William ; Woolam, Clay ; Hellings, Greg ; Khan, Latifur ; Thuraisingham, Bhavani

Author_Institution

Univ. of Texas at Dallas, Dallas, TX

fYear

2008

Firstpage

237

Lastpage

244

Abstract

Network data needs to be shared for distributed security analysis. Anonymization of network data for sharing sets up a fundamental tradeoff between privacy protection versus security analysis capability. This privacy/analysis tradeoff has been acknowledged by many researchers but this is the first paper to provide empirical measurements to characterize the privacy/analysis tradeoff for an enterprise dataset. Specifically we perform anonymization options on single-fields within network packet traces and then make measurements using intrusion detection system alarms as a proxy for security analysis capability. Our results show: (1) two fields have a zero sum tradeoff (more privacy lessens security analysis and vice versa) and (2) eight fields have a more complex tradeoff (that is not zero sum) in which both privacy and analysis can both be simultaneously accomplished.

Keywords

data privacy; security of data; anonymized packet traces; distributed security analysis; intrusion detection system alarms; network data; privacy protection; security analysis capability; Access control; Automation; Collaboration; Data privacy; Data security; Information analysis; Information security; Pattern analysis; Protection; Risk analysis; privacy-enhanced security data sharing;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security, 2008. ARES 08. Third International Conference on

Conference_Location

Barcelona

Print_ISBN

978-0-7695-3102-1

Type

conf

DOI

10.1109/ARES.2008.189

Filename

4529343