Evaluating the utility of anonymized network traces for intrusion detection

Kiran Lakkaraju, Adam Slagell

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

To intelligently create policies governing the anonymization of network logs, one must analyze the effects of anonymiza-tion on both the security and utility of sanitized data. In this paper, we focus on analyzing the utility of network traces post-anonymization. Any measure of utility is subjective to the type of analysis being performed. This work focuses on utility for the task of attack detection since attack detection is an important part of an incident responders daily responsibilities. We employ a methodology we developed that analyzes the effect of anonymization on Intrusion Detection Systems (IDS), and we provide the first rigorous analysis of single field anonymization on IDS effectiveness. Through this work we can begin to answer the questions of whether the field affects anonymization more than the algorithm; which fields have a larger impact on utility; and which anonymization algorithms have a larger impact on utility.

Original languageEnglish (US)
Title of host publicationProceedings of the 4th International Conference on Security and Privacy in Communication Networks, SecureComm'08
DOIs
StatePublished - Dec 1 2008
Event4th International Conference on Security and Privacy in Communication Networks, SecureComm'08 - Istanbul, Turkey
Duration: Sep 22 2008Sep 25 2008

Publication series

NameProceedings of the 4th International Conference on Security and Privacy in Communication Networks, SecureComm'08

Other

Other4th International Conference on Security and Privacy in Communication Networks, SecureComm'08
Country/TerritoryTurkey
CityIstanbul
Period9/22/089/25/08

Keywords

  • Anonymization
  • Data sanitization
  • FLAIM
  • Intrusion detection
  • Metrics

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software

Fingerprint

Dive into the research topics of 'Evaluating the utility of anonymized network traces for intrusion detection'. Together they form a unique fingerprint.

Cite this