The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
A high-level programming environment for packet trace anonymization and transformation
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Remote Physical Device Fingerprinting
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Scalability, fidelity, and containment in the potemkin virtual honeyfarm
Proceedings of the twentieth ACM symposium on Operating systems principles
The devil and packet trace anonymization
ACM SIGCOMM Computer Communication Review
Privacy-preserving sharing and correction of security alerts
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Mapping internet sensors with probe response attacks
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
FLAIM: a multi-level anonymization framework for computer and network logs
LISA '06 Proceedings of the 20th conference on Large Installation System Administration
Legal issues surrounding monitoring during network research
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
A taxonomy and adversarial model for attacks against network log anonymization
Proceedings of the 2009 ACM symposium on Applied Computing
Short paper: the NetSANI framework for analysis and fine-tuning of network trace sanitization
Proceedings of the fourth ACM conference on Wireless network security
Hi-index | 0.00 |
To intelligently create policies governing the anonymization of network logs, one must analyze the effects of anonymization on both the security and utility of sanitized data. In this paper, we focus on analyzing the utility of network traces post-anonymization. Any measure of utility is subjective to the type of analysis being performed. This work focuses on utility for the task of attack detection since attack detection is an important part of an incident responders daily responsibilities. We employ a methodology we developed that analyzes the effect of anonymization on Intrusion Detection Systems (IDS), and we provide the first rigorous analysis of single field anonymization on IDS effectiveness. Through this work we can begin to answer the questions of whether the field affects anonymization more than the algorithm; which fields have a larger impact on utility; and which anonymization algorithms have a larger impact on utility.