Evaluating the Utility of Single Field Anonymization Polices by the IDS Metric : Towards measuring the trade off between Utility and Security
作者: Kiran Lakkaraju , Adam J. Slagell
DOI:
关键词: Process (engineering) 、 Data set 、 Field (computer science) 、 Metric (mathematics) 、 Information sensitivity 、 Set (abstract data type) 、 Intrusion detection system 、 Data mining 、 Computer science
摘要: Anonymization is the process of removing or hiding sensitive information in logs. allows organizations to share network logs while not exposing information. However, there an inherent trade off between amount revealed log and usefulness client (the utility a log). There are many anonymization techniques, ways anonymize particular (that is, which fields how). Different policies will result with varying levels for analysis. In this paper we explore effect different on We provide empirical analysis by looking at number alerts generated Intrusion Detection System. This first work thoroughly evaluate single field data set. Our main contributions determine set that have large impact log.
arxiv.org参考文章(16)
Emilie Lundin, Erland Jonsson, Privacy vs. Intrusion Detection Analysis. recent advances in intrusion detection. ,(1999)
Joachim Biskup, Ulrich Flegel, Transaction-Based Pseudonyms in Audit Data for Privacy Respecting Intrusion Detection recent advances in intrusion detection. pp. 28- 48 ,(2000) , 10.1007/3-540-39945-3_3
Mary Vernon, Jason Franklin, John Bethencourt, Mapping internet sensors with probe response attacks usenix security symposium. pp. 13- 13 ,(2005)
Patrick Lincoln, Phillip Porras, Vitally Shmatikov, Privacy-preserving sharing and correction of security alerts usenix security symposium. pp. 17- 17 ,(2004)
Fabian Monrose, Scott E. Coull, Michael P. Collins, Charles V. Wright, Michael K. Reiter, Playing Devil's Advocate: Inferring Sensitive Information from Anonymized Network Traces. network and distributed system security symposium. ,(2007)
John McHugh, Testing Intrusion detection systems ACM Transactions on Information and System Security. ,vol. 3, pp. 262- 294 ,(2000) , 10.1145/382912.382923
Douglas C. Sicker, Paul Ohm, Dirk Grunwald, Legal issues surrounding monitoring during network research Proceedings of the 7th ACM SIGCOMM conference on Internet measurement - IMC '07. pp. 141- 148 ,(2007) , 10.1145/1298306.1298307
Ruoming Pang, Vern Paxson, A high-level programming environment for packet trace anonymization and transformation Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications - SIGCOMM '03. pp. 339- 351 ,(2003) , 10.1145/863955.863994
A. Slagell, W. Yurcik, Sharing computer network logs for security and privacy: a motivation for new methodologies of anonymization Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.. pp. 82- 91 ,(2005) , 10.1109/SECCMW.2005.1588299
Ruoming Pang, Mark Allman, Vern Paxson, Jason Lee, The devil and packet trace anonymization acm special interest group on data communication. ,vol. 36, pp. 29- 38 ,(2006) , 10.1145/1111322.1111330