Abstract:Logs are one of the most fundamental resources to any security professional. It is widely recognized by the government and industry that it is both beneficial and desirable to share logs for the purpose of security research. However, the sharing is not happening or not to the degree or magnitude that is desired. Organizations are reluctant to share logs because of the risk of exposing sensitive information to potential attackers. We believe this reluctance remains high because current anonymization techniques … Show more
“…The authors in [27] propose a system that analyzes the level of entropy in the dis- Lately, the importance of audit trails in security analysis has motivated researchers to propose various methods of log anonymization and security analysis [72,73,74,75,76,77]. This is in contrast to our solution which preserves anonymity.…”
Section: Related Workmentioning
confidence: 97%
“…Moreover, the work in [75] introduces practical tools that can be used toward the pseudonymization of log files 665 in Unix systems. The authors in [77] conduct a survey of current research attempts on sharing log files and log anonymization tools. They elaborate on the problem and present a detailed road-map to cope with the issues germane to large-scale log sharing.…”
“…The authors in [27] propose a system that analyzes the level of entropy in the dis- Lately, the importance of audit trails in security analysis has motivated researchers to propose various methods of log anonymization and security analysis [72,73,74,75,76,77]. This is in contrast to our solution which preserves anonymity.…”
Section: Related Workmentioning
confidence: 97%
“…Moreover, the work in [75] introduces practical tools that can be used toward the pseudonymization of log files 665 in Unix systems. The authors in [77] conduct a survey of current research attempts on sharing log files and log anonymization tools. They elaborate on the problem and present a detailed road-map to cope with the issues germane to large-scale log sharing.…”
“…Motivations for sharing data for security purposes are summarized in [23]. While there is a consensus for the exchange of logs as the data sharing medium, there are on the order of 20 commonly implemented network system logs so selecting which logs to share is an important question citesiam03,ictsm03.…”
Section: Related Workmentioning
confidence: 99%
“…At the USENIX Security Symposium in 2004, SRI researchers proposed a repository to which sensors would send anonymized alerts which are then analyzed and publicly announced [14]. While there are potential problems with their proposed encryption schemes noted in [23], more importantly the level of coordination across the Internet for this type of scheme is likely impractical as well as any public repository being an open target for attackers to evade, subvert, or disable. At the USENIX Security Symposium in 2005, two papers were presented on attacker detection and subversion of public repositories of alert information.…”
Section: Related Workmentioning
confidence: 99%
“…They leverage economies of scale by assembling skilled security professionals and a security support infrastructure that can be shared across multiple organizations [6]. MSSPs can also correlate attacks across organizational boundaries to provide a more effective response [23]. However, MSSPs must handle sensitive data that is either protected by privacy laws, such as employee and customer data, or highly valuable to competitors, such as volumes, applications, or potentially useful to malicious attackers, such as network and system configuration information.…”
Abstract-As security monitoring grows both more complicated and more sophisticated, there is an increased demand for outsourcing these tasks to Managed Security Service Providers (MSSPs). However, the core problem of sharing private security logs creates a barrier to the widespread adoption of this business model. In this paper we analyze the logs used for security analysis with the concern of privacy and propose the constraints on anonymization of security monitor logs. We believe if the anonymization solution fulfills the constraints, MSSPs can detect the attacks efficiently and protect privacy simultaneously.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.