3rd International ICST Workshop on the Value of Security through Collaboration

Research Article

Flexible and high-performance anonymization of NetFlow records using anontool

  • @INPROCEEDINGS{10.1109/SECCOM.2007.4550304,
        author={Michalis Foukarakis and Demetres Antoniades and Spiros Antonatos and Evangelos  Markatos},
        title={Flexible and high-performance anonymization of NetFlow records using anontool},
        proceedings={3rd International ICST Workshop on the Value of Security through Collaboration},
        publisher={IEEE},
        proceedings_a={SECOVAL},
        year={2008},
        month={6},
        keywords={},
        doi={10.1109/SECCOM.2007.4550304}
    }
    
  • Michalis Foukarakis
    Demetres Antoniades
    Spiros Antonatos
    Evangelos Markatos
    Year: 2008
    Flexible and high-performance anonymization of NetFlow records using anontool
    SECOVAL
    IEEE
    DOI: 10.1109/SECCOM.2007.4550304
Michalis Foukarakis1,*, Demetres Antoniades1,*, Spiros Antonatos1,*, Evangelos Markatos1,*
  • 1: Institute of Computer Science, Foundation for Research and Technology Hellas, Heraklion Crete, Greece
*Contact email: mfukar@ics.forth.gr, danton@ics.forth.gr, antonat@ics.forth.gr, markatos@ics.forth.gr

Abstract

Netflow is a protocol widely adopted by the security and performance measurements community. Nowadays, many distributed applications and architectures base their functionality on Netflow data collected at diverse environments. However, communities and administrators are reluctant to share exported Netflow data for privacy reasons. As a consequence, the effectiveness of distributed approaches is limited due to lack of input data. To overcome this limitation, anonymization on Netflow data is proposed for sharing. However, the available tools are either proprietary or of very limited functionality. Towards this direction, we propose and implement anontool, that allow administrators to anonymize Netflow data in a highly customizable way. A comparison of anontool with existing solutions is provided along two dimensions: functionality and performance. Anontool can anonymize traffic even at high bandwidth rates, outperforming most of the tools and having same performance with specialized - but very limited in functionality - approaches.