Research Article
Evaluating the Utility of Anonymized Network Traces for Intrusion Detection
@INPROCEEDINGS{10.1145/1460877.1460899, author={Kiran Lakkaraju and Adam Slagell}, title={Evaluating the Utility of Anonymized Network Traces for Intrusion Detection}, proceedings={4th International ICST Conference on Security and Privacy in Communication Networks}, publisher={ACM}, proceedings_a={SECURECOMM}, year={2008}, month={9}, keywords={Anonymization Data Sanitization FLAIM Intrusion Detection Metrics}, doi={10.1145/1460877.1460899} }- Kiran Lakkaraju
Adam Slagell
Year: 2008
Evaluating the Utility of Anonymized Network Traces for Intrusion Detection
SECURECOMM
ACM
DOI: 10.1145/1460877.1460899
Abstract
To intelligently create policies governing the anonymization of network logs, one must analyze the effects of anonymization on both the security and utility of sanitized data. In this paper, we focus on analyzing the utility of network traces post-anonymization. Any measure of utility is subjective to the type of analysis being performed. This work focuses on utility for the task of attack detection since attack detection is an important part of an incident responders daily responsibilities. We employ a methodology we developed that analyzes the effect of anonymization on Intrusion Detection Systems (IDS), and we provide the first rigorous analysis of single field anonymization on IDS effectiveness. Through this work we can begin to answer the questions of whether the field affects anonymization more than the algorithm; which fields have a larger impact on utility; and which anonymization algorithms have a larger impact on utility.