Research Article
Sharing Network Logs for Computer Forensics: A New Tool for the Anonymization of NetFlow Records
@INPROCEEDINGS{10.1109/SECCMW.2005.1588293, author={Adam Slagell and Yifan Li}, title={Sharing Network Logs for Computer Forensics: A New Tool for the Anonymization of NetFlow Records}, proceedings={1st International ICST Workshop on Computer Network Forensics Research Workshop}, publisher={IEEE}, proceedings_a={CNFR}, year={2006}, month={2}, keywords={}, doi={10.1109/SECCMW.2005.1588293} }- Adam Slagell
Yifan Li
Year: 2006
Sharing Network Logs for Computer Forensics: A New Tool for the Anonymization of NetFlow Records
CNFR
ICST
DOI: 10.1109/SECCMW.2005.1588293
Abstract
The authors have begun to address the problem of anonymized data with the development of a new prototype tool CANINE: Converter and ANonymizer for Investigating Netflow Events. Originally, just a NetFlow converter, CANINE has been adapted to anonymize 8 of the most common fields found in all NetFlow formats. Most of these fields can be anonymized in multiple ways providing trade-offs between security and utility. This is the first tool the authors are aware of that supports many levels of anonymization and is the only NetFlow anonymizer of which we are aware ?? besides a previous, less advanced tool they developed. This article is organized as follows. part 2 discusses related work in log anonymization. Part 3 discusses CANINE??s anonymization algorithms and design decisions in depth. Finally, part 4 concludes and presents future work on CANINE and the anonymization of other log types.