Phil Fazio
David Kotz
ABSTRACT
Anonymization is critical prior to sharing wireless-network traces within the research community, to protect both personal and organizational sensitive information from disclosure. One difficulty in anonymization, or more generally, sanitization, is that users lack information about the quality of a sanitization result, such as how much privacy risk a sanitized trace may expose, and how much research utility the sanitized trace may retain. We propose a framework, NetSANI, that allows users to analyze and control the privacy/utility tradeoff in network sanitization. NetSANI can accommodate most of the currently available privacy and utility metrics for network trace sanitization. This framework provides a set of APIs for analyzing the privacy/utility tradeoff by comparing the changes in privacy and utility levels of a trace for a sanitization operation. We demonstrate the framework with an quantitative evaluation on wireless-network traces.
- M. Balazinska and P. Castro. Characterizing mobility and network usage in a corporate wireless local-area network. In Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys), pages 303--316, 2003. Google Scholar
Digital Library
- T. Brekne, A. Årnes, and A. Øslebø. Anonymization of IP traffic monitoring data: Attacks on two prefix-preserving anonymization schemes and some proposed remedies. In Proceedings of the International Symposium on Privacy Enhancing Technologies (PET), volume 3856 of Lecture Notes in Computer Science, pages 179--196, 2005. Google ScholarDigital Library
- J. Brickell and V. Shmatikov. The cost of privacy: destruction of data-mining utility in anonymized data publishing. In Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD), pages 70--78, 2008. Google ScholarDigital Library
- Cooperative Association for Internet Data Analysis (CAIDA). www.caida.org, 2008.Google Scholar
- S. Clauß. A framework for quantification of linkability within a privacy-enhancing identity management system. In Proceedings Emerging Trends in Information and Communication Security, volume 3995 of Lecture Notes in Computer Science, pages 191--205, 2006. Google ScholarDigital Library
- S. Coull, C. Wright, F. Monrose, A. Keromytis, and M. Reiter. Taming the Devil: Techniques for evaluating anonymized network data. In Proceedings of the Annual Symposium on Network and Distributed System Security (NDSS), February 2008.Google Scholar
- S. E. Coull, F. Monrose, M. K. Reiter, and M. D. Bailey. The Challenges of Effectively Anonymizing Network Data. In Proceedings of the Cybersecurity Applications & Technology Conference For Homeland Security (CATCH), pages 230--236, March 2009. Google ScholarDigital Library
- Community Resource for Archiving Wireless Data At Dartmouth (CRAWDAD). www.crawdad.org, 2010.Google Scholar
- Internet measurement data catalog (DatCat). www.datcat.org, 2010.Google Scholar
- D. J. Kelly, R. A. Raines, M. R. Grimaila, R. O. Baldwin, and B. E. Mullins. A survey of state-of-the-art in anonymity metrics. In Proceedings of the ACM Workshop on Network Data Anonymization (NDA), pages 31--40, 2008. Google ScholarDigital Library
- D. Koukis, S. Antonatos, and K. G. Anagnostakis. On the privacy risks of publishing anonymized IP network traces. In Proceedings of the International Conference on Communications and Multimedia Security (CMS), volume 4237 of Lecture Notes in Computer Science, pages 22--32, 2006. Google ScholarDigital Library
- D. Koukis, S. Antonatos, D. Antoniades, E. P. Markatos, and P. Trimintzios. A generic anonymization framework for network traffic. In Proceedings of the IEEE International Conference on Communications (ICC), volume 5, June 2006.Google ScholarCross Ref
- K. Lakkaraju and A. Slagell. Evaluating the utility of anonymized network traces for intrusion detection. In Proceedings of the International Conference on Security and Privacy in Communication Networks (SecureComm), pages 1--8, 2008. Google ScholarDigital Library
- C. Y. Ma, D. K. Yau, N. K. Yip, and N. S. Rao. Privacy vulnerability of published anonymous mobility traces. In Proc. of the International Conference on Mobile Computing and Networking (MobiCom), pages 185--196, 2010. Google ScholarDigital Library
- R. Pang, M. Allman, V. Paxson, and J. Lee. The devil and packet trace anonymization. ACM SIGCOMM Computer Communication Review, 36(1):29--38, 2006. Google ScholarDigital Library
- Protected Repository for the Defense of Infrastructure against Cyber Threats (PREDICT). www.predict.org, 2010.Google Scholar
- A. Serjantov and G. Danezis. Towards an information theoretic metric for anonymity. In Proceedings of the International Symposium on Privacy Enhancing Technologies (PET), volume 2482 of Lecture Notes in Computer Science, pages 41--53, 2002. Google ScholarDigital Library
- K. Tan, G. Yan, J. Yeo, and D. Kotz. Privacy analysis of user association logs in a large-scale wireless LAN. In Proceedings of the 30th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM) mini-conference, April 2011.Google ScholarCross Ref
- K. Tan, J. Yeo, M. E. Locasto, and D. Kotz. Catch, clean, and release: A survey of obstacles and opportunities for network trace sanitization. In Privacy-Aware Knowledge Discovery: Novel Applications and New Techniques. Chapman and Hall/CRC Press, December 2010.Google Scholar
- M. Woo, J. P. Reiter, A. Oganian, and A. F. Karr. Global measures of data utility in microdata masked for disclosure limitation. Journal of Privacy and Confidentiality, 1:111--124, 2009.Google ScholarCross Ref
- J. Yeo, K. Tan, and D. Kotz. User survey regarding the needs of network researchers in trace-anonymization tools. Technical Report TR2009--658, Dartmouth College, 2009.Google Scholar
Index Terms
- Short paper: the NetSANI framework for analysis and fine-tuning of network trace sanitization
Recommendations
Privacy-safe network trace sharing via secure queries
NDA '08: Proceedings of the 1st ACM workshop on Network data anonymizationPrivacy concerns relating to sharing network traces have traditionally been handled via sanitization, which includes removal of sensitive data and IP address anonymization. We argue that sanitization is a poor solution for data sharing that offers ...
Toward sensitive document release with privacy guarantees
Privacy has become a serious concern for modern Information Societies. The sensitive nature of much of the data that are daily exchanged or released to untrusted parties requires that responsible organizations undertake appropriate privacy protection ...
Commoner Privacy And A Study On Network Traces
ACSAC '17: Proceedings of the 33rd Annual Computer Security Applications ConferenceDifferential privacy has emerged as a promising mechanism for privacy-safe data mining. One popular differential privacy mechanism allows researchers to pose queries over a dataset, and adds random noise to all output points to protect privacy. While ...
Comments