SCRUB-tcpdump: A Multi-Level Packet AnonymizerDemonstrating Privacy/Analysis Tradeoffs

William Yurcik; Clay Woolam; Greg Hellings; Latifur Khan; Bhavani Thuraisingham

3rd International ICST Workshop on the Value of Security through Collaboration

Research Article

SCRUB-tcpdump: A Multi-Level Packet AnonymizerDemonstrating Privacy/Analysis Tradeoffs

Cite: BibTeX Plain Text

@INPROCEEDINGS{10.1109/SECCOM.2007.4550306,
    author={William Yurcik and Clay Woolam and Greg Hellings and Latifur Khan and Bhavani Thuraisingham},
    title={SCRUB-tcpdump: A Multi-Level Packet AnonymizerDemonstrating Privacy/Analysis Tradeoffs},
    proceedings={3rd International ICST Workshop on the Value of Security through Collaboration},
    publisher={IEEE},
    proceedings_a={SECOVAL},
    year={2008},
    month={6},
    keywords={anonymization  data obfuscation  network data sharing  network intrusion detection  network monitoring  network packet traces  privacy protection  security data sharing},
    doi={10.1109/SECCOM.2007.4550306}
}

William Yurcik
Clay Woolam
Greg Hellings
Latifur Khan
Bhavani Thuraisingham
Year: 2008
SCRUB-tcpdump: A Multi-Level Packet AnonymizerDemonstrating Privacy/Analysis Tradeoffs
SECOVAL
IEEE
DOI: 10.1109/SECCOM.2007.4550306

William Yurcik¹, Clay Woolam²^,*, Greg Hellings²^,*, Latifur Khan²^,*, Bhavani Thuraisingham²^,*

1: University of Illinois at Urbana-Champaign, USA
2: University of Texas at Dallas, USA

*Contact email: cpw02100@utdallas.edu, gsh062000@utdallas.edu, lkhan@utdallas.edu, brahavani.thuraisingham@utdallas.edu

Abstract

To promote sharing of packet traces across security domains we introduce SCRUB-tcpdump, a tool that adds multi-field multi-option anonymization to tcpdump functionality. Experimental results show how SCRUB-tcpdump provides flexibility to balance the often conflicting requirements for privacy protection versus security analysis. Specifically, we demonstrate with empirical experimentation how different SCRUB-tcpdump anonymization options applied to the same data set can result in different levels of privacy protection and security analysis. Based on these results we propose that optimal network data sharing needs to have different levels of anonymization tailored to the participating organizations in order to tradeoff the risks of potential loss or disclosure of sensitive information.

Keywords: anonymization data obfuscation network data sharing network intrusion detection network monitoring network packet traces privacy protection security data sharing

Published: 2008-06-24
Publisher: IEEE
Modified: 2011-08-03

: http://dx.doi.org/10.1109/SECCOM.2007.4550306

SCRUB-tcpdump: A Multi-Level Packet AnonymizerDemonstrating Privacy/Analysis Tradeoffs

Abstract

About EAI

Community

Publish with EAI