SCRUB-tcpdump: A multi-level packet anonymizer demonstrating privacy/analysis tradeoffs

Author

Yurcik, William ; Woolam, Clay ; Hellings, Greg ; Khan, Latifur ; Thuraisingham, Bhavani

Author_Institution

University of Illinois at Urbana-Champaign, USA

fYear

2007

fDate

17-21 Sept. 2007

Firstpage

49

Lastpage

56

Abstract

To promote sharing of packet traces across security domains we introduce SCRUB-tcpdump, a tool that adds multi-field multi-option anonymization to tcpdump functionality. Experimental results show how SCRUB-tcpdump provides flexibility to balance the often conflicting requirements for privacy protection versus security analysis. Specifically, we demonstrate with empirical experimentation how different SCRUB-tcpdump anonymization options applied to the same data set can result in different levels of privacy protection and security analysis. Based on these results we propose that optimal network data sharing needs to have different levels of anonymization tailored to the participating organizations in order to tradeoff the risks of potential loss or disclosure of sensitive information.

Keywords

Computer networks; Computer security; Computerized monitoring; Data privacy; Data security; Information security; Intrusion detection; Law enforcement; Protection; Target tracking; anonymization; data obfuscation; network data sharing; network intrusion detection; network monitoring; network packet traces; privacy protection; security data sharing;

fLanguage

English

Publisher

ieee

Conference_Titel

Security and Privacy in Communications Networks and the Workshops, 2007. SecureComm 2007. Third International Conference on

Conference_Location

Nice, France

Print_ISBN

978-1-4244-0974-7

Electronic_ISBN

978-1-4244-0975-4

Type

conf

DOI

10.1109/SECCOM.2007.4550306

Filename

4550306