Deep packet anonymization

11 years 8 months ago
Deep packet anonymization
Network traces of Internet attacks are among the most valuable resources for network analysts and security researchers. However, organizations and researchers are usually reluctant to share their network data, as network packets may contain private or sensitive information. To alleviate the problem of information leakage, network traces are often anonymized before being shared. Typical anonymization approaches sanitize, or in some cases completely remove, certain packet header fields, higher-level protocol fields, or even payload information that could reveal the source and destination of an attack incident. Although there exists a variety of network trace anonymization techniques, in this paper we show that in certain cases they are proven inadequate, because attack traces may contain sensitive information not only in the packet headers and the packet payload, which are both exposed “on the wire,” but also in the encrypted payload of the self-decrypting shellcode carried in the...
Michalis Foukarakis, Demetres Antoniades, Michalis
Added 19 May 2010
Updated 19 May 2010
Type Conference
Year 2009
Authors Michalis Foukarakis, Demetres Antoniades, Michalis Polychronakis
Comments (0)