Outsourcing Security Analysis with Anonymized Logs

As security monitoring grows both more complicated and more sophisticated, there is an increased demand for outsourcing these tasks to managed security service providers (MSSPs). However, the core problem of sharing private security logs creates a barrier to the widespread adoption of this business model. In this paper we analyze the logs used for security analysis with the concern of privacy and propose the constraints on anonymization of security monitor logs. We believe if the anonymization solution fulfills the constraints, MSSPs can detect the attacks efficiently and protect privacy simultaneously

[1]  Joachim Biskup,et al.  Recent Advances in Intrusion Detection , 2000, Lecture Notes in Computer Science.

[2]  Yoichi Shinoda,et al.  Vulnerabilities of Passive Internet Threat Monitors , 2005, USENIX Security Symposium.

[3]  Mary K. Vernon,et al.  Mapping Internet Sensors with Probe Response Attacks , 2005, USENIX Security Symposium.

[4]  William Yurcik,et al.  Sharing computer network logs for security and privacy: a motivation for new methodologies of anonymization , 2005, Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005..

[5]  William Yurcik,et al.  The evolution of storage service providers: techniques and challenges to outsourcing storage , 2005, StorageSS '05.

[6]  Joachim Biskup,et al.  Threshold-based identity recovery for privacy enhanced applications , 2000, CCS.

[7]  Joachim Biskup,et al.  On Pseudonymization of Audit Data for Intrusion Detection , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[8]  Jason Lee,et al.  The devil and packet trace anonymization , 2006, CCRV.

[9]  Kai Rannenberg,et al.  Pseudonymous audit for privacy enhanced intrusion detection , 1997, SEC.

[10]  William Yurcik,et al.  CANINE : A Combined Conversion and Anonymization Tool for Processing NetFlows for Security , 2005 .

[11]  Yifan Li,et al.  SCRUB-PA: A Multi-Level Multi-Dimensional Anonymization Tool for Process Accounting , 2006, ArXiv.

[12]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[13]  Vitaly Shmatikov,et al.  Privacy-Preserving Sharing and Correlation of Security Alerts , 2004, USENIX Security Symposium.

[14]  Mostafa Ammar,et al.  Prefix-preserving IP address anonymization , 2004 .

[15]  Erland Jonsson,et al.  Privacy vs. Intrusion Detection Analysis , 1999, Recent Advances in Intrusion Detection.

[16]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[17]  AllmanMark,et al.  The devil and packet trace anonymization , 2006 .

[18]  Ulrich Flegel Pseudonymizing Unix Log Files , 2002, InfraSec.

[19]  William Yurcik,et al.  Outsourcing Internet Security: Economic Analysis of Incentives for Managed Security Service Providers , 2005, WINE.

[20]  Yifan Li,et al.  Internet Security Visualization Case Study: Instrumenting a Network for NetFlow Security Visualization Tools , 2005 .