Sharing computer network logs for security and privacy: a motivation for new methodologies of anonymization

Abstract: Logs are one of the most fundamental resources to any security professional. It is widely recognized by the government and industry that it is both beneficial and desirable to share logs for the purpose of security research. However, the sharing is not happening or not to the degree or magnitude that is desired. Organizations are reluctant to share logs because of the risk of exposing sensitive information to potential attackers. We believe this reluctance remains high because current anonymization techniques … Show more

“…The authors in [27] propose a system that analyzes the level of entropy in the dis- Lately, the importance of audit trails in security analysis has motivated researchers to propose various methods of log anonymization and security analysis [72,73,74,75,76,77]. This is in contrast to our solution which preserves anonymity.…”

“…Moreover, the work in [75] introduces practical tools that can be used toward the pseudonymization of log files 665 in Unix systems. The authors in [77] conduct a survey of current research attempts on sharing log files and log anonymization tools. They elaborate on the problem and present a detailed road-map to cope with the issues germane to large-scale log sharing.…”

An efficient and easily deployable method for dealing with DoS in SIP services

“…The authors in [27] propose a system that analyzes the level of entropy in the dis- Lately, the importance of audit trails in security analysis has motivated researchers to propose various methods of log anonymization and security analysis [72,73,74,75,76,77]. This is in contrast to our solution which preserves anonymity.…”

“…Moreover, the work in [75] introduces practical tools that can be used toward the pseudonymization of log files 665 in Unix systems. The authors in [77] conduct a survey of current research attempts on sharing log files and log anonymization tools. They elaborate on the problem and present a detailed road-map to cope with the issues germane to large-scale log sharing.…”

An efficient and easily deployable method for dealing with DoS in SIP services

“…Motivations for sharing data for security purposes are summarized in [23]. While there is a consensus for the exchange of logs as the data sharing medium, there are on the order of 20 commonly implemented network system logs so selecting which logs to share is an important question citesiam03,ictsm03.…”

“…At the USENIX Security Symposium in 2004, SRI researchers proposed a repository to which sensors would send anonymized alerts which are then analyzed and publicly announced [14]. While there are potential problems with their proposed encryption schemes noted in [23], more importantly the level of coordination across the Internet for this type of scheme is likely impractical as well as any public repository being an open target for attackers to evade, subvert, or disable. At the USENIX Security Symposium in 2005, two papers were presented on attacker detection and subversion of public repositories of alert information.…”

“…They leverage economies of scale by assembling skilled security professionals and a security support infrastructure that can be shared across multiple organizations [6]. MSSPs can also correlate attacks across organizational boundaries to provide a more effective response [23]. However, MSSPs must handle sensitive data that is either protected by privacy laws, such as employee and customer data, or highly valuable to competitors, such as volumes, applications, or potentially useful to malicious attackers, such as network and system configuration information.…”

Outsourcing Security Analysis with Anonymized Logs

Requirements of Information Reductions for Cooperating Intrusion Detection Agents