Pseudo-random permutation generators and cryptographic composition
STOC '86 Proceedings of the eighteenth annual ACM symposium on Theory of computing
A technique for counting natted hosts
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Statistical Identification of Encrypted Web Browsing Traffic
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A high-level programming environment for packet trace anonymization and transformation
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Strategies for sound internet measurement
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Remote Physical Device Fingerprinting
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Measuring the evolution of transport protocols in the internet
ACM SIGCOMM Computer Communication Review
Defeating TCP/IP stack fingerprinting
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Exploiting the IPID field to infer network path and end-system characteristics
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
SC2D: an alternative to trace anonymization
Proceedings of the 2006 SIGCOMM workshop on Mining network data
Using visual motifs to classify encrypted traffic
Proceedings of the 3rd international workshop on Visualization for computer security
A privacy-preserving interdomain audit framework
Proceedings of the 5th ACM workshop on Privacy in electronic society
Building a prototype for network measurement virtual observatory
Proceedings of the 3rd annual ACM workshop on Mining network data
ACM SIGCOMM Computer Communication Review
Large-scale collection and sanitization of network security data: risks and challenges
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Legal issues surrounding monitoring during network research
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Issues and etiquette concerning use of shared measurement data
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Dependable security: testing network intrusion detection systems
HotDep'07 Proceedings of the 3rd workshop on on Hot Topics in System Dependability
On web browsing privacy in anonymized NetFlows
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Conducting cybersecurity research legally and ethically
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
A Comparative Evaluation of Anomaly Detectors under Portscan Attacks
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
What are our standards for validation of measurement-based networking research?
ACM SIGMETRICS Performance Evaluation Review
Privacy-safe network trace sharing via secure queries
Proceedings of the 1st ACM workshop on Network data anonymization
New directions in privacy-preserving anomaly detection for network traffic
Proceedings of the 1st ACM workshop on Network data anonymization
The risk-utility tradeoff for IP address truncation
Proceedings of the 1st ACM workshop on Network data anonymization
Reference models for network data anonymization
Proceedings of the 1st ACM workshop on Network data anonymization
Evaluating the utility of anonymized network traces for intrusion detection
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Capture, conversion, and analysis of an intense NFS workload
FAST '09 Proccedings of the 7th conference on File and storage technologies
A taxonomy and adversarial model for attacks against network log anonymization
Proceedings of the 2009 ACM symposium on Applied Computing
Bunker: a privacy-oriented platform for network tracing
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Support Vector Machines for TCP traffic classification
Computer Networks: The International Journal of Computer and Telecommunications Networking
A framework for safely publishing communication traces
Proceedings of the 18th ACM conference on Information and knowledge management
The role of network trace anonymization under attack
ACM SIGCOMM Computer Communication Review
Review: Passive internet measurement: Overview and guidelines based on experiences
Computer Communications
A visualization framework for traffic data exploration and scan detection
NTMS'09 Proceedings of the 3rd international conference on New technologies, mobility and security
Human behavior and challenges of anonymizing WLAN traces
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Differentially-private network trace analysis
Proceedings of the ACM SIGCOMM 2010 conference
A correlation attack against user mobility privacy in a large-scale WLAN network
Proceedings of the 2010 ACM workshop on Wireless of the students, by the students, for the students
Mapping the urban wireless landscape with Argos
Proceedings of the 8th ACM Conference on Embedded Networked Sensor Systems
A Socratic method for validation of measurement-based networking research
Computer Communications
Relationships and data sanitization: a study in scarlet
Proceedings of the 2010 workshop on New security paradigms
AirLab: consistency, fidelity and privacy in wireless measurements
ACM SIGCOMM Computer Communication Review
Accuracy improving guidelines for network anomaly detection systems
Journal in Computer Virology
Secret-sharing hardware improves the privacy of network monitoring
DPM'10/SETOP'10 Proceedings of the 5th international Workshop on data privacy management, and 3rd international conference on Autonomous spontaneous security
Short paper: the NetSANI framework for analysis and fine-tuning of network trace sanitization
Proceedings of the fourth ACM conference on Wireless network security
Salting public traces with attack traffic to test flow classifiers
CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
User-Assisted host-based detection of outbound malware traffic
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
A contextual privacy-aware access control model for network monitoring workflows: work in progress
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Towards statistical queries over distributed private user data
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
A workflow checking approach for inherent privacy awareness in network monitoring
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Analyzing characteristic host access patterns for re-identification of web user sessions
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
MultiAspectForensics: mining large heterogeneous networks using tensor
International Journal of Web Engineering and Technology
On changing the culture of empirical internet assessment
ACM SIGCOMM Computer Communication Review
A privacy-aware access control model for distributed network monitoring
Computers and Electrical Engineering
Hi-index | 0.00 |
Releasing network measurement data---including packet traces---to the research community is a virtuous activity that promotes solid research. However, in practice, releasing anonymized packet traces for public use entails many more vexing considerations than just the usual notion of how to scramble IP addresses to preserve privacy. Publishing traces requires carefully balancing the security needs of the organization providing the trace with the research usefulness of the anonymized trace. In this paper we recount our experiences in (i) securing permission from a large site to release packet header traces of the site's internal traffic, (ii) implementing the corresponding anonymization policy, and (iii) validating its correctness. We present a general tool, tcpmkpub, for anonymizing traces, discuss the process used to determine the particular anonymization policy, and describe the use of metadata accompanying the traces to provide insight into features that have been obfuscated by anonymization