Title :
Amplifying limited expert input to sanitize large network traces
Author :
Huang, Xin ; Monrose, Fabian ; Reiter, Michael K.
Author_Institution :
Dept. of Comput. Sci., Univ. of North Carolina at Chapel Hill, Chapel Hill, NC, USA
Abstract :
We present a methodology for identifying sensitive data in packet payloads, motivated by the need to sanitize packets before releasing them (e.g., for network security/dependability analysis). Our methodology accommodates packets recorded from an incompletely documented protocol, in which case it will be necessary to consult a human expert to determine what packet data is sensitive. Since expert availability for such tasks is limited, however, our methodology adopts a hierarchical approach in which most packet inspection is done by less-trained workers whose designations of sensitive data in selected packets best match the expert´s. At the core of our methodology is a data reduction and presentation algorithm that selects candidate workers based on their evaluations of a small number of packets; that solicits these workers´ designations of sensitive data in a larger (but still minuscule) subset of packets; and then applies these designations to mark sensitive data in the entire data set. We detail our algorithms and evaluate them in a realistic user study.
Keywords :
computer network security; trees (mathematics); amplifying limited expert input; data presentation; data reduction; dependability analysis; documented protocol; expert availability; human expert; large network traces; network security; packet data; packet inspection; packet payloads; Awards activities; Clustering algorithms; Humans; Inspection; Payloads; Protocols; Redundancy; packet payloads; sanitization; sensitive data;
Conference_Titel :
Dependable Systems & Networks (DSN), 2011 IEEE/IFIP 41st International Conference on
Conference_Location :
Hong Kong
Print_ISBN :
978-1-4244-9232-9
Electronic_ISBN :
1530-0889
DOI :
10.1109/DSN.2011.5958262
