An extensible probe architecture for network protocol performance measurement
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
BLT: Bi-layer tracing of HTTP and TCP&slash;IP
Proceedings of the 9th international World Wide Web conference on Computer networks : the international journal of computer and telecommunications netowrking
The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
A method to compress and anonymize packet traces
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
On the design and performance of prefix-preserving IP traffic trace anonymization
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Statistical Identification of Encrypted Web Browsing Traffic
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
System design issues for internet middleware services: deductions from a large client trace
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
Pandora: a flexible network monitoring platform
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Strategies for sound internet measurement
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Experiences with a continuous network tracing infrastructure
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
Architectural impact of stateful networking applications
Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
The impact of traffic aggregation on the memory performance of networking applications
MEDEA '04 Proceedings of the 2004 workshop on MEmory performance: DEaling with Applications , systems and architecture
Secure distributed data-mining and its application to large-scale network measurements
ACM SIGCOMM Computer Communication Review
The devil and packet trace anonymization
ACM SIGCOMM Computer Communication Review
Community-oriented network measurement infrastructure (CONMI) workshop report
ACM SIGCOMM Computer Communication Review
SC2D: an alternative to trace anonymization
Proceedings of the 2006 SIGCOMM workshop on Mining network data
Flexible network monitoring with FLAME
Computer Networks: The International Journal of Computer and Telecommunications Networking - Active networks
A privacy-preserving interdomain audit framework
Proceedings of the 5th ACM workshop on Privacy in electronic society
Taking advantages of a disadvantage: Digital forensics and steganography using document metadata
Journal of Systems and Software
High-speed prefix-preserving IP address anonymization for passive measurement systems
IEEE/ACM Transactions on Networking (TON)
On anonymizing query logs via token-based hashing
Proceedings of the 16th international conference on World Wide Web
Privacy-preserving sharing and correction of security alerts
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Mapping internet sensors with probe response attacks
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Large-scale collection and sanitization of network security data: risks and challenges
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Issues and etiquette concerning use of shared measurement data
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Distance-preserving pseudonymization for timestamps and spatial data
Proceedings of the 2007 ACM workshop on Privacy in electronic society
On the (un)reliability of eavesdropping
International Journal of Security and Networks
On web browsing privacy in anonymized NetFlows
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
The impact of traffic aggregation on the memory performance of networking applications
Journal of Embedded Computing - Embeded Processors and Systems: Architectural Issues and Solutions for Emerging Applications
A Tool for Offline and Live Testing of Evasion Resilience in Network Intrusion Detection Systems
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Privacy-safe network trace sharing via secure queries
Proceedings of the 1st ACM workshop on Network data anonymization
Evaluating the utility of anonymized network traces for intrusion detection
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Proceedings of the Second European Workshop on System Security
A taxonomy and adversarial model for attacks against network log anonymization
Proceedings of the 2009 ACM symposium on Applied Computing
Trustworthy Log Reconciliation for Distributed Virtual Organisations
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Bunker: a privacy-oriented platform for network tracing
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Structure preserving anonymization of router configuration data
IEEE Journal on Selected Areas in Communications - Special issue on network infrastructure configuration
Applying differential privacy to search queries in a policy based interactive framework
Proceedings of the ACM first international workshop on Privacy and anonymity for very large databases
The role of network trace anonymization under attack
ACM SIGCOMM Computer Communication Review
The Journal of Machine Learning Research
Workload characterization of stateful networking applications
ISHPC'05/ALPS'06 Proceedings of the 6th international symposium on high-performance computing and 1st international conference on Advanced low power systems
On the design of fast prefix-preserving IP address anonymization scheme
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Preserving the privacy of sensitive relationships in graph data
PinKDD'07 Proceedings of the 1st ACM SIGKDD international conference on Privacy, security, and trust in KDD
Differentially-private network trace analysis
Proceedings of the ACM SIGCOMM 2010 conference
Impact of sanitized message flows in a cooperative intrusion warning system
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Location-Aware Mobile Intrusion Detection with Enhanced Privacy in a 5G Context
Wireless Personal Communications: An International Journal
ASAP: automatic semantics-aware analysis of network payloads
PSDML'10 Proceedings of the international ECML/PKDD conference on Privacy and security issues in data mining and machine learning
Salting public traces with attack traffic to test flow classifiers
CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
A Composite Privacy Leakage Indicator
Wireless Personal Communications: An International Journal
Requirements of information reductions for cooperating intrusion detection agents
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Non-expanding transaction specific pseudonymization for IP traffic monitoring
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
An IP address anonymization scheme with multiple access levels
ICOIN'06 Proceedings of the 2006 international conference on Information Networking: advances in Data Communications and Wireless Networks
A distributed passive measurement infrastructure
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
On the privacy risks of publishing anonymized IP network traces
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
User-Assisted host-based detection of outbound malware traffic
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
Survey: DNA-inspired information concealing: A survey
Computer Science Review
Decision-cache based XACML authorisation and anonymisation for XML documents
Computer Standards & Interfaces
Learning stateful models for network honeypots
Proceedings of the 5th ACM workshop on Security and artificial intelligence
Maintaining high performance communication under least privilege using dynamic perimeter control
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Authorization architectures for privacy-respecting surveillance
EuroPKI'07 Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice
Re-examining the performance bottleneck in a NIDS with detailed profiling
Journal of Network and Computer Applications
On changing the culture of empirical internet assessment
ACM SIGCOMM Computer Communication Review
RENETO, a realistic network traffic generator for OMNeT++/INET
Proceedings of the 6th International ICST Conference on Simulation Tools and Techniques
A close look on n-grams in intrusion detection: anomaly detection vs. classification
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
| Hi-index | 0.00 |
Packet traces of operational Internet traffic are invaluable to network research, but public sharing of such traces is severely limited by the need to first remove all sensitive information. Current trace anonymization technology leaves only the packet headers intact, completely stripping the contents; to our knowledge, there are no publicly available traces of any significant size that contain packet payloads. We describe a new approach to transform and anonymize packet traces. Our tool provides high-level language support for packet transformation, allowing the user to write short policy scripts to express sophisticated trace transformations. The resulting scripts can anonymize both packet headers and payloads, and can perform application-level transformations such as editing HTTP or SMTP headers, replacing the content of Web items with MD5 hashes, or altering filenames or reply codes that match given patterns. We discuss the critical issue of verifying that anonymizations are both correctly applied and correctly specified, and experiences with anonymizing FTP traces from the Lawrence Berkeley National Laboratory for public release.