3rd International ICST Workshop on the Value of Security through Collaboration

Research Article

SCRUB-tcpdump: A Multi-Level Packet AnonymizerDemonstrating Privacy/Analysis Tradeoffs

  • @INPROCEEDINGS{10.1109/SECCOM.2007.4550306,
        author={William Yurcik and Clay Woolam and Greg Hellings and Latifur Khan and Bhavani Thuraisingham},
        title={SCRUB-tcpdump: A Multi-Level Packet AnonymizerDemonstrating Privacy/Analysis Tradeoffs},
        proceedings={3rd International ICST Workshop on the Value of Security through Collaboration},
        publisher={IEEE},
        proceedings_a={SECOVAL},
        year={2008},
        month={6},
        keywords={anonymization  data obfuscation  network data sharing  network intrusion detection  network monitoring  network packet traces  privacy protection  security data sharing},
        doi={10.1109/SECCOM.2007.4550306}
    }
    
  • William Yurcik
    Clay Woolam
    Greg Hellings
    Latifur Khan
    Bhavani Thuraisingham
    Year: 2008
    SCRUB-tcpdump: A Multi-Level Packet AnonymizerDemonstrating Privacy/Analysis Tradeoffs
    SECOVAL
    IEEE
    DOI: 10.1109/SECCOM.2007.4550306
William Yurcik1, Clay Woolam2,*, Greg Hellings2,*, Latifur Khan2,*, Bhavani Thuraisingham2,*
  • 1: University of Illinois at Urbana-Champaign, USA
  • 2: University of Texas at Dallas, USA
*Contact email: cpw02100@utdallas.edu, gsh062000@utdallas.edu, lkhan@utdallas.edu, brahavani.thuraisingham@utdallas.edu

Abstract

To promote sharing of packet traces across security domains we introduce SCRUB-tcpdump, a tool that adds multi-field multi-option anonymization to tcpdump functionality. Experimental results show how SCRUB-tcpdump provides flexibility to balance the often conflicting requirements for privacy protection versus security analysis. Specifically, we demonstrate with empirical experimentation how different SCRUB-tcpdump anonymization options applied to the same data set can result in different levels of privacy protection and security analysis. Based on these results we propose that optimal network data sharing needs to have different levels of anonymization tailored to the participating organizations in order to tradeoff the risks of potential loss or disclosure of sensitive information.