Large-scale collection and sanitization of network security data: Risks and challenges

Proceedings New Security Paradigms Workshop

Volumn , Issue , 2007, Pages 57-64

  Porras, Phillip ^a   Shmatikov, Vitaly ^b  

^a SRI INTERNATIONAL   (United States)

^b UNIVERSITY OF TEXAS AT AUSTIN   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COLLABORATIVE SECURITY; COORDINATED ATTACKS; LARGE-SCALE COLLECTION; NETWORK SECURITY DATA;

COMPUTER CRIME; COMPUTER SUPPORTED COOPERATIVE WORK; INFORMATION DISSEMINATION; INTERNET; LARGE SCALE SYSTEMS; RISK ANALYSIS;

SECURITY OF DATA;

EID: 36949014927     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1278940.1278949     Document Type: Conference Paper

References (54)

1. AGRAWAL, R., AND SRIKANT, R. Privacy-preserving data mining. In Proc. ACM SIGMOD International Conference on Management of Data (2000), pp. 439-450.
2. BACK, A., GOLDBERG, I., AND SHOSTACK, A. Freedom Systems 2.1 security issues and analysis, http://www.freehaven.net/ anonbib/cache/freedom21-security.pdf, May 2001.
3. BACK, A., MÖLLER, U., AND STIGLIC, A. Traffic analysis attacks and trade-offs in anonymity providing systems. In Proc. 4th International Workshop on Information Hiding (2001), vol. 2137 of LNCS, pp. 245-257.
4. BERTHOLD, O., FEDERRATH, H., AND KÖPSELL, S. Web MIXes: a system for anonymous and unobservable Internet access. In Proc. Workshop on Design Issues in Anonymity and Unobservability (2000), pp. 115-129.
5. BETHENCOURT, J., FRANKLIN, J., AND VERNON, M. Mapping Internet sensors with probe response attacks. In Proc. 14th USENIX Security Symposium (2005), pp. 193-208.
6. BLUM, A., DWORK, C., MCSHERRY, F., AND NISSIM, K. Practical privacy: the SuLQ framework. In Proc. 24th ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems (PODS) (2005), pp. 128-138.
7. BURNSIDE, M., AND KEROMYTIS, A. Low latency anonymity with mix rings. In Proc. 9th International Information Security Conference (ISC) (2006), pp. 32-45.
8. CAMENISCH, J., AND LYSYANSKAYA, A. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In Proc. Advances in Cryptology - EUROCRYPT (2001), pp. 93-118.
9. CHAUM, D. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24, 2 (1981), 84-88.
10. CHAWLA, S., DWORK, C., MCSHERRY, F., SMITH, A., AND WEE, H. Towards privacy in public databases. In Proc. 2nd Theory of Cryptography Conference (TCC) (2005), pp. 363-385.
11. CHUNG, S., AND MOK, A. Allergy attack against automatic signature generation. In Proc. Recent Advances in Intrusion Detection: 9th International Symposium (RAID) (2006), pp. 61-80.
12. CLARKE, I., SANDBERG, O., WILEY, B., AND HONG, T. Freenet: A distributed anonymous information storage and retrieval system. In Proc. International Workshop on Design Issues in Anonymity and Unobservability (2001), vol. 2009 of LNCS, Springer-Verlag, pp. 46-66.
13. DEBAR, H., AND WESPI, A. Aggregation and correlation of intrusion-detection alerts. In Proc. Recent Advances in Intrusion Detection: 4th International Symposium (RAID) (2001), pp. 85-103.
14. DINGLEDINE, R., MATHEWSON, N., AND SYVERSON, P. Reputation in P2P anonymity systems. In Proc. Workshop on Economics of Peer-to-Peer Systems (2003).
15. DINGLEDINE, R., MATHEWSON, N., AND SYVERSON, P. Tor: the second-generation onion router. In Proc. 13th USENIX Security Symposium (2004), pp. 303-320.
16. DINUR, I., AND NISSIM, K. Revealing information while preserving privacy. In Proc. 22nd ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems (PODS) (2003), pp. 202-210.
17. DSHIELD. http://www.dshield.org, 2006.
18. EVFIMIEVSKI, A., GEHRKE, J., AND SRIKANT, R. Limiting privacy breaches in privacy-preserving data, mining. In Proc. 22nd ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems (PODS) (2003), pp. 211-222.
19. FU, X., GRAHAM, B., BETTATI, R., AND ZHAO, W. On effectiveness of link padding for statistical traffic analysis attacks. In Proc. 23rd IEEE Conference on Distributed Computing Systems (2003), pp. 340-349.
20. GATES, C., COLLINS, M., DUGGAN, M., KOMPANEK, A., AND THOMAS, M. More Netflow tools: For performance and security. In Proc. 18th Conference on Systems Administration (LISA) (2004), pp. 121-132.
21. KENTHAPADI, K., MISHRA, N., AND NISSIM, K. Simulatable auditing. In Proc. 24th ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems (PODS) (2005), pp. 118-127.
22. KLEINBERG, J., PAPADIMITRIOU, C., AND RAGHAVAN, P. Auditing Boolean attributes. J. Comput. Syst. Sci. 66, 1 (2003), 244-253.
23. KOHNO, T., BROIDO, A., AND CLAFFY, K. Remote physical device fingerprinting. In Proc. IEEE Symposium on Security and Privacy (2005), pp. 211-225.
24. KRISHNAMURTHY, B., SEN, S., ZHANG, Y., AND CHEN, Y. Sketch-based change detection: methods, evaluation, and applications. In Proc. 3rd ACM SIGCOMM Conference on Internet Measurement (2003), pp. 235-247.
25. LEVINE, B., REITER, M., WANG, C., AND WRIGHT, M. Timing attacks in low-latency mix systems. In Proc. 8th International Conference on Financial Cryptography (2004), pp. 251-265.
26. LINCOLN, P., PORRAS, P., AND SHMATIKOV, V. Privacy-preserving sharing and correlation of security alerts. In Proc. 13th USENIX Security Symposium (2004), pp. 239-254.
27. LIPMAA, H. Group signature schemes. http://www.cs.ut.ee/ "lipmaa/crypto/link/signature/group.php, 2006.
28. LOCASTO, M., PAREKH, J., KEROMYTIS, A., AND STOLFO, S. Towards collaborative security and P2P intrusion detection. In Proc. IEEE Information Assurance Workshop (2005), pp. 333-339.
29. MALTZ, D., ZHAN, J., XIE, G., ZHANG, H., HJÁLMTÝSSON, G., GREENBERG, A., AND REXFORD, J. Structure preserving anonymization of router configuration data. In Proc. 4th ACM SIGCOMM Conference on Internet Measurement (2004), pp. 239-244.
30. MCHUGH, J., AND GATES, C. Locality: a new paradigm for thinking about normal behavior and outsider threat. In Proc. New Security Paradigms Workshop (2003), pp. 3-10.
31. MURDOCH, S., AND DANEZIS, G. Low-cost traffic analysis of Tor. In Proc. IEEE Symposium on Security and Privacy (2005), pp. 183-195.
32. MYNETWATCHMAN. http://www.mynetwatchman.com, 2006.
33. NARAYANAN, A., AND SHMATIKOV, V. Obfuscated databases and group privacy. In Proc. 12th ACM Conference on Computer and Communications Security (CCS) (2005), pp. 102-111.
34. NEWSOME, J., KARP, B., AND SONG, D. Paragraph: Thwarting signature learning by training maliciously. In Proc. Recent Advances in Intrusion Detection: 9th International Symposium (RAID) (2006), pp. 81-105.
35. ØVERLIER, L., AND SYVERSON, P. Locating hidden servers. In Proc. IEEE Symposium on Security and Privacy (2006), pp. 100-114.
36. PANG, R., ALLMAN, M., PAXSON, V., AND LEE, J. The devil and packet trace anonymization. ACM SIGCOMM Computer Communication Review 36, 1 (2006), 29-38.
37. PANG, R., AND PAXSON, V. A high-level programming environment for packet trace anonymization and transformation. In Proc. ACM SIGCOMM (2003), pp. 339-351.
38. PERDISCI, R., DAGON, D., LEE, W., FOGLA, P., AND SHARIF, M. Misleading worm signature generators using deliberate noise injection. In Proc. IEEE Symposium on Security and Privacy (2006), pp. 17-31.
39. SERJANTOV, A., DINGLEDINE, R., AND SYVERSON, P. From a trickle to flood: active attacks on several mix types. In Proc. 5th International Workshop on Information Hiding (2002), pp. 36-52.
40. SERJANTOV, A., AND SEWELL, P. Passive attack analysis for connect ion-based anonymity systems. In Proc. 8th European Symposium on Research in Computer Security (2003), vol. 2808 of LNCS, pp. 116-131.
41. SLAGELL, A., AND YURCIK, W. Sharing computer network logs for security and privacy: a motivation for new methodologies of anonymization. In Proc. SECOVAL: The Workshop on the Value of Security through Collaboration (2005).
42. SPITZNER, L. Know your enemy: Honeynets. http://project. honeynet.org/papers/honeynet, 2005.
43. SYMANTEC. DeepSight threat management system. http://tms.symantec.com, 2006.
44. SYVERSON, P., TSUDIK, G., REED, M., AND LANDWEHR, C. Towards an analysis of onion routing security. In Proc. Workshop on Design Issues in Anonymity and Unobservabitity (2000), vol. 2009 of LNCS, pp. 96-114.
45. TCPDPRIV. Program for eliminating confidential information from traces. http://ita.ee.lbl.gov/html/contrib/tcpdpriv.html, 2006.
46. TEMPLETON, S., AND LEVITT, K. A requires/provides model for computer attacks. In Proc. New Security Paradigms Workshop (2001), pp. 31-38.
47. VALDES, A., FONG, M., AND SKINNER, K. Data cube indexing of large-scale Infosec repositories. In Proc. Australian Computer Emergency Response Team Conference (2006).
48. VALDES, A., AND SKINNER, K. Probabilistic alert correlation. In Proc. Recent Advances in Intrusion Detection: 4th International Symposium (RAID) (2001), pp. 54-68.
49. WALSH, K., AND SIRER, E. G. Experience with an object reputation system for peer-to-peer filesharing. In Proc. 3rd Symposium on Networked Systems Design and Implementation (NSDI) (2006).
50. WANG, G. Bibliography on group-oriented signatures, http://www.i2r.a-star.edu.sg/icsd/staff/guilin/bible/group-oriented.htm, 2006.
51. XU, D., AND NING, P. Privacy-preserving alert correlation: a concept hierarchy based approach. In Proc. 21st Annual Computer Security Applications Conference (ACSAC) (2005), pp. 537-546.
52. XU, J., FAN, J., AMMAR, M., AND MOON, S. On the design and performance of prefix-preserving IP traffic trace anonymization. In Proc. 1st ACM SIGCOMM Workshop on Internet Measurement (2001), pp. 263-266.
53. YEGNESWARAN, V., BARFORD, P., AND PLONKA, D. On the design and use of Internet sinks for network abuse monitoring. In Proc. Recent Advances in Intrusion Detection: 7th International Symposium (RAID) (2004), pp. 146-165.
54. YEGNESWARAN, V., BARFORD, P., AND ULLRICH, J. Internet intrusions: global characteristics and prevalence. In Proc. ACM SIGMETRICS (2003), pp. 138-147.