Computer Science – Cryptography and Security
Scientific paper
2007-12-07
Computer Science
Cryptography and Security
* Updated version. * 17 pages
Scientific paper
Anonymization is the process of removing or hiding sensitive information in logs. Anonymization allows organizations to share network logs while not exposing sensitive information. However, there is an inherent trade off between the amount of information revealed in the log and the usefulness of the log to the client (the utility of a log). There are many anonymization techniques, and there are many ways to anonymize a particular log (that is, which fields to anonymize and how). Different anonymization policies will result in logs with varying levels of utility for analysis. In this paper we explore the effect of different anonymization policies on logs. We provide an empirical analysis of the effect of varying anonymization policies by looking at the number of alerts generated by an Intrusion Detection System. This is the first work to thoroughly evaluate the effect of single field anonymization policies on a data set. Our main contributions are to determine a set of fields that have a large impact on the utility of a log.
Lakkaraju Kiran
Slagell Adam
No associations
LandOfFree
Evaluating the Utility of Anonymized Network Traces for Intrusion Detection does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.
If you have personal experience with Evaluating the Utility of Anonymized Network Traces for Intrusion Detection, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Evaluating the Utility of Anonymized Network Traces for Intrusion Detection will most certainly appreciate the feedback.
Profile ID: LFWR-SCP-O-324855