differentially private network trace analysis
play

Differentially-Private Network Trace Analysis Frank McSherry and - PowerPoint PPT Presentation

Oct 17, 2023 •294 likes •496 views

Differentially-Private Network Trace Analysis Frank McSherry and Ratul Mahajan Microsoft Research Overview . 1 Overview Question : Is it possible to conduct network trace analyses in a way that provides strict formal differential

  1. Differentially-Private Network Trace Analysis Frank McSherry and Ratul Mahajan Microsoft Research

  2. Overview . 1

  3. Overview Question : Is it possible to conduct network trace analyses in a way that provides strict formal “differential privacy” guarantees? Methodology : Select a representative sample of network trace analyses from the literature, reproduce with differential privacy. Results : We were able to reproduce every analysis we attempted. The privacy/accuracy trade-off varied by analysis; caveats hold. Toolkit and analyses we wrote are available at: http://research.microsoft.com/pinq/networking.aspx 2

  4. Network Trace Analysis Much of networking research relies on access to good, rich data. Network traces (long lists of observed packets) are one example. The research process is complicated by a tension between: Utility : The trace should reflect actual network behavior. Privacy : The trace could reflect actual network behavior. While this looks irreconcilable, there is an important difference. Utility requirements are typically for aggregate statistics. Privacy requirements are typically for individual behavior. Not obviously hopeless. But, how to proceed? 3

  5. Privacy in NTA: Related Work We aren’t the first people to look at privacy in trace analysis. Not going to be the last, either. Some examples of other approaches: Trace anonymization : Sometimes it works, sometimes it doesn’t. Prefix-preserving anonymization is a good example of challenge. Code to Data : Data unmolested, but code may be inscrutable. Current proposals either seem to rely on experts ( eg SC2D, trol) or leak [bounded amounts of] arbitrary information (Mittal et al). Secure Multi-party Computation : Same as for Code to Data. Our aim : Formal guarantees first. As useful as possible next. 4

  6. Differential Privacy Differential privacy formally constrains computations to conceal the presence or absence of individual records: Definition : A randomized M gives ǫ -differential privacy iff: for all input datasets A , B and any possible output S , Pr[ M ( A ) = S ] Pr[ M ( B ) = S ] × exp( ǫ × | A ⊖ B | ) . ≤ Ensures : Any event S “equally likely” with/without your data. 1. Doesn’t prevent disclosure. Ensures disclosure not our fault. 2. No computational / informational assumptions of attackers. 3. Agnostic to record type. Could be PII, binary data, anything. Simplest example of DP computation is Count + Noise. 5

  7. Privacy Integrated Queries PINQ : Common platform for differentially-private data analyses. 1. Provides interface to data that looks very much like LINQ. 2. All access through the interface gives differential privacy . ? ? ? Analysts write arbitrary LINQ code against data sets, using C#. No privacy expertise needed to produce analyses. (but it helps) We are going to try to write Network Trace Analyses using PINQ. 6

  8. What’s the Hard Part? While DP has many great features, it comes with challenges too: Some we will deal with here: 1. Achieving DP involves perturbing answers to queries (noise). A : Reframe analyses using statistically robust measurements. 2. Programming in PINQ requires high-level, declarative queries. A : This can certainly require some creativity/reinterpretation. Some are still challenges, and should be discussed (none fatal): 3. Masking just a few packets does not mask a “person”. 4. The guarantees degrade the more a dataset is “used”. 5. ... more ... 7

  9. Worm Fingerprinting in LINQ One view of a worm (from Singh et al) is as a payload seen destined for many distinct source and destination IP addresses. aavar trace = LoadTrace(); // type can be as simple as Packet[] aa aavar worms = trace.GroupBy(pkt => pkt.Payload) aavar worms = trace.Where(group => group.Select(pkt => pkt.SrcIP) aavar worms = trace.Where(group => group.Distinct() aavar worms = trace.Where(group => group.Count() > srcThreshold) aavar worms = trace.Where(group => group.Select(pkt => pkt.DstIP) aavar worms = trace.Where(group => group.Distinct() aavar worms = trace.Where(group => group.Count() > dstThreshold); aa aaConsole.WriteLine(worms.Count()); Identifies worms and then reports their number. 8

  10. Worm Fingerprinting in PINQ One view of a worm (from Singh et al) is as a payload seen destined for many distinct source and destination IP addresses. aavar trace = LoadTrace(); // type is now PINQueryable<Packet> aa aavar worms = trace.GroupBy(pkt => pkt.Payload) aavar worms = trace.Where(group => group.Select(pkt => pkt.SrcIP) aavar worms = trace.Where(group => group.Distinct() aavar worms = trace.Where(group => group.Count() > srcThreshold) aavar worms = trace.Where(group => group.Select(pkt => pkt.DstIP) aavar worms = trace.Where(group => group.Distinct() aavar worms = trace.Where(group => group.Count() > dstThreshold); aa aaConsole.WriteLine(worms.Count(epsilon)); Identifies worms and then reports their number, approximately. 9

  11. Building Analysis Tools At this point, we can start to build useful tools in PINQ. For example: Cumulative Density Functions. (Approach 1/3) IEnumerable<double> CDF(PINQueryable<int> input, int maximum, double epsilon) { foreach (var entry in Enumerable.Range(0, maximum)) yield return input.Where(x => x < entry) .Count(epsilon / maximum); } 10

  12. Building Analysis Tools At this point, we can start to build useful tools in PINQ. For example: Cumulative Density Functions. (Approach 2/3) IEnumerable<double> CDF(PINQueryable<int> input, int maximum, double epsilon) { var tally = 0; var parts = input.Partition(Enumerable.Range(0, maximum), x => x); foreach (var entry in Enumerable.Range(0, maximum)) { tally = tally + parts[entry].Count(epsilon); yield return tally; } } 11

  13. Building Analysis Tools At this point, we can start to build useful tools in PINQ. For example: Cumulative Density Functions. (Approach 3/3) IEnumerable<double> CDF(PINQueryable<int> input, int maximum, double epsilon) { if (maximum == 0) yield return input.Count(epsilon); else { var parts = input.Partition(new int[] { 0, 1 } , x => x / (maximum / 2)); foreach (var count in CDF(parts[0], maximum / 2, epsilon) yield return count; var cache = parts[0].Count(epsilon); parts[1] = parts[1].Select(x => x - maximum / 2); foreach (var count in CDF(parts[1], maximum / 2, epsilon) yield return count + cache; } } 12

  14. Example: CDFs, eps = 0.1 700,000 600,000 500,000 400,000 300,000 200,000 100,000 50 100 150 200 250 Blue = CDF1, Green = CDF2, Red = CDF3 13

  15. Example: CDFs, eps = 0.1 20,000 18,000 16,000 14,000 12,000 10,000 8000 6000 4000 2000 2 4 6 8 10 12 14 16 18 20 Blue = CDF1, Green = CDF2, Red = CDF3 14

  16. Another Tool: Strings Given a collection of strings, list the frequently occurring strings. Sounds like bad privacy, but +/- one record is still hidden. aa// enumerates frequently occurring strings in input starting with prefix aaIEnumerable<string> Strings(PINQueryable<string> input, string prefix) aa { aaaaa// split input into those equal to prefix, and those that are prefixes aaaaavar exact = input.Partition(new bool[] { true, false } , x => x == prefix); aaaaa aaaaa// if we have enough records equal to prefix, return it aaaaaif (exact[true].Count(epsilon) > confidence / epsilon) aaaaaaaayield return prefix; aaaaa aaaaa// other records contribute to each possible extension of prefix aaaaavar parts = exact[false].Partition(keys, x => x[prefix.Length]); aaaaaforeach (var key in keys) aaaaaaaaif (parts[key].Count(epsilon) > confidence / epsilon) aaaaaaaaaaaforeach (var result in Strings(parts[key], prefix + key)) aaaaaaaaaaaaaayield return result; aa } 15

  17. Example: Strings, eps = 0.1 Finding frequent hex strings in (hashes of) packet payloads: aaStrings(trace.Select(packet => packet.Payload), "", 0.1); Top 10 payload recovered, in order, with relatively small error. hash(payload) true count est. count % err 3038504 3038500.005 -0.000 2D2816FECDCAB780 92494 92505.050 0.012 F389B84545A38BAF 41600 41606.893 0.017 E41903DCF7D86F2F 40279 40287.970 0.022 6F7E03DC833D6F2F 40084 40087.437 0.009 CD4F03DCE10E6F2F 37431 37448.584 0.047 B68503DCCA446F2F 36526 36537.877 0.033 58B403DC6C736F2F 29625 29624.397 -0.002 41EA03DC55A96F2F 20715 20711.169 -0.018 9FBB03DCB37A6F2F 18976 18980.823 0.025 7EEEB845D1088BAF 16

  18. Worm Fingerprinting: Redux Actually enumerating payloads with significant src/dst counts: aa// enumerates actual payloads with high src/dst dispersal aaIEnumerable<string> FindWorms(PINQueryable<Packet> trace) aa { aaaaavar loads = Strings(trace.Select(packet => packet.Payload), ""); aa aaaaavar parts = trace.Partition(loads, packet => packet.Payload); aa aaaaaforeach (var load in loads) aaaaa { aaaaaaaavar srcCount = parts[load].Select(packet => packet.SrcIP) aaaaaaaavar srcCount = parts[name].Distinct() aaaaaaaavar srcCount = parts[name].Count(epsilon); aa aaaaaaaavar dstCount = parts[load].Select(packet => packet.DstIP) aaaaaaaavar dstCount = parts[name].Distinct() aaaaaaaavar dstCount = parts[name].Count(epsilon); aa aaaaaaaaif (srcCount > srcThreshold && dstCount > dstThreshold) aaaaaaaaaaayield return load + " " + srcCount + " " + dstCount; aaaaa } aa } 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Estimating the Variance of Complex Differentially Private Algorithms Robert Ashmead JSM 2019,

Estimating the Variance of Complex Differentially Private Algorithms Robert Ashmead JSM 2019,

Estimating the Variance of Complex Differentially Private Algorithms Robert Ashmead JSM 2019, Denver, Colorado Collaborators John Abowd, Philip Leclerc, and William Sexton of the U.S. Census Bureau and the entire team working on differentially

314 views • 30 slides
Verifying Differentially Private Bayesian Inference Marco Gaboardi University of Dundee Joint

Verifying Differentially Private Bayesian Inference Marco Gaboardi University of Dundee Joint

Verifying Differentially Private Bayesian Inference Marco Gaboardi University of Dundee Joint work with G. Barthe, G.P . Farina, E.J. Gallego Arias, A.Gordon, Differentially Private vs Probabilistic Inference Differential Probabilistic

1.06k views • 102 slides
Trace-Share: Towards Provable Network Traffic Measurement and Analysis Special Session on Network

Trace-Share: Towards Provable Network Traffic Measurement and Analysis Special Session on Network

Trace-Share: Towards Provable Network Traffic Measurement and Analysis Special Session on Network Security at Prague Embedded Systems Workshop (PESW 2019) June 28, 2019 Milan Cermak Institute of Computer Science, Masaryk University, Brno 2 3

440 views • 20 slides
Development, Evaluation, and Management of Differentially Private ML Pipelines on

Development, Evaluation, and Management of Differentially Private ML Pipelines on

Development, Evaluation, and Management of Differentially Private ML Pipelines on MyChosenDataset Assignment XX Name 1 (UNI 1), Name 2 (UNI 2) Name 1, Name 2 1 Overview Brief summary of your completed assignments and main results.

193 views • 8 slides
Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets

Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets

Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets Network Traffic Measurement and Analysis Conference (TMA 2018) June 28, 2018 Milan Cermak et al. Institute of Computer Science, Masaryk University, Brno

575 views • 25 slides
Differentially-Private Federated Linear Bandits Introduction Federated Learning Contextual

Differentially-Private Federated Linear Bandits Introduction Federated Learning Contextual

Differentially- Private Federated Linear Bandits Dubey and Pentland June 2020 Differentially-Private Federated Linear Bandits Introduction Federated Learning Contextual Bandits Summary Background Abhimanyu Dubey and Alex Pentland

437 views • 20 slides
Differentially Private Oblivious RAM Sameer Wagh , Paul Cuff , Prateek Mittal July 24,

Differentially Private Oblivious RAM Sameer Wagh , Paul Cuff , Prateek Mittal July 24,

Differentially Private Oblivious RAM Sameer Wagh , Paul Cuff , Prateek Mittal July 24, 2019 Princeton University, Renaissance Technologies Introduction: Oblivious RAM Access data privately from private database. 1

898 views • 55 slides
Differentially-Private Deep Learning from an Optimization Perspective Presenter: Liyao Xiang

Differentially-Private Deep Learning from an Optimization Perspective Presenter: Liyao Xiang

Differentially-Private Deep Learning from an Optimization Perspective Presenter: Liyao Xiang Shanghai Jiao Tong University 4/30/2019 Privacy Threat Personal information in big data era Is anonymization sufficient to protect user

463 views • 18 slides
Differentially Private Model Publishing for Deep Learning Lei Yu, Ling Liu, Calton Pu , Mehmet

Differentially Private Model Publishing for Deep Learning Lei Yu, Ling Liu, Calton Pu , Mehmet

Differentially Private Model Publishing for Deep Learning Lei Yu, Ling Liu, Calton Pu , Mehmet Emre Gursoy, Stacey Truex School of Computer Science, College of Computing Georgia Institute of Technology This work is partially sponsored by NSF

594 views • 30 slides
Differentially Private Algorithm and Auction Configuration Ellen Vitercik CMU, Theory Lunch

Differentially Private Algorithm and Auction Configuration Ellen Vitercik CMU, Theory Lunch

Differentially Private Algorithm and Auction Configuration Ellen Vitercik CMU, Theory Lunch October 11, 2017 Joint work with Nina Balcan and Travis Dick $1 Prices learned from purchase histories can reveal information about individual

949 views • 79 slides
Differentially Private Distributed Convex Optimization via Functional Perturbation Erfan Nozari

Differentially Private Distributed Convex Optimization via Functional Perturbation Erfan Nozari

Differentially Private Distributed Convex Optimization via Functional Perturbation Erfan Nozari Department of Mechanical and Aerospace Engineering University of California, San Diego http://carmenere.ucsd.edu/erfan July 6, 2016 Joint work with

826 views • 63 slides
Lo Locally Differentially Private Frequency Es Esti timati tion on Ex Exploi oiti ting Con

Lo Locally Differentially Private Frequency Es Esti timati tion on Ex Exploi oiti ting Con

Lo Locally Differentially Private Frequency Es Esti timati tion on Ex Exploi oiti ting Con Consi sistency Tianhao Wang Purdue University Joint work with Milan Lopuha-Zwakenberg, Zitao Li, Boris Skoric, Ninghui Li 1 Privacy in

336 views • 14 slides
Releasing a Differentially Private Password Frequency Corpus from 70 Million Yahoo! Passwords

Releasing a Differentially Private Password Frequency Corpus from 70 Million Yahoo! Passwords

Releasing a Differentially Private Password Frequency Corpus from 70 Million Yahoo! Passwords Jeremiah Blocki Purdue University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to Data Sharing including Privacy and Fairness What

915 views • 52 slides
Differentially Private Recommender Systems David Madras University of Toronto April 4, 2017

Differentially Private Recommender Systems David Madras University of Toronto April 4, 2017

Differentially Private Recommender Systems David Madras University of Toronto April 4, 2017 David Madras (University of Toronto) DP Recommender Systems April 4, 2017 1 / 24 Introduction Today Ill be discussing Differentially Private

505 views • 24 slides
Towards Practical Differentially Private Convex Optimization ROGER JOSEPH P. DAWN SONG IYENGAR

Towards Practical Differentially Private Convex Optimization ROGER JOSEPH P. DAWN SONG IYENGAR

Towards Practical Differentially Private Convex Optimization ROGER JOSEPH P. DAWN SONG IYENGAR NEAR UNIVERSITY OF CARNEGIE MELLON UNIVERSITY OF CALIFORNIA, BERKELEY UNIVERSITY VERMONT OM THAKKAR ABHRADEEP LUN WANG THAKURTA BOSTON

693 views • 20 slides
Differentially Private Markov Chain Monte Carlo o 2 , Onur Dikmen 3 and Antti Honkela 1 a 1

Differentially Private Markov Chain Monte Carlo o 2 , Onur Dikmen 3 and Antti Honkela 1 a 1

Differentially Private Markov Chain Monte Carlo o 2 , Onur Dikmen 3 and Antti Honkela 1 a 1 , Joonas J Mikko Heikkil alk Equal contribution 1 University of Helsinki 2 Aalto University 3 Halmstad University NeurIPS, 12 December

497 views • 11 slides
Contact-based Fault Injections and Power Analysis on RFID Tags Michael Hutter, Jrn-Marc Schmidt,

Contact-based Fault Injections and Power Analysis on RFID Tags Michael Hutter, Jrn-Marc Schmidt,

VLSI Institute for Applied Information Processing and Communications (IAIK) VLSI &amp; Security Contact-based Fault Injections and Power Analysis on RFID Tags Michael Hutter, Jrn-Marc Schmidt, Thomas Plos ECCTD 2009 Institute for Applied

514 views • 16 slides
Seminar 6: Side-Channel Attacks Aleksei Ivanov Tartu University aivanov@math.ut.ee MTAT.07.006

Seminar 6: Side-Channel Attacks Aleksei Ivanov Tartu University aivanov@math.ut.ee MTAT.07.006

MTAT.07.006 Research Seminar in Cryptography Seminar 6: Side-Channel Attacks Aleksei Ivanov Tartu University aivanov@math.ut.ee MTAT.07.006 Research Seminar in Cryptography, 24.10.2005 Seminar 6: Side-Channel Attacks, Aleksei Ivanov 1

382 views • 16 slides
Side-Channel &amp; Fault Attacks Ruggero Susella System Research &amp; Applications Security

Side-Channel &amp; Fault Attacks Ruggero Susella System Research &amp; Applications Security

Side-Channel &amp; Fault Attacks Ruggero Susella System Research &amp; Applications Security Rodmap STMicroelectronics 2018/12/06 2 ST Who are we ? STMicroelectronics 3 A global semiconductor leader 2017 revenues of $8.35B

1.32k views • 107 slides
Partial Key Exposure: Generalized Framework to Attack RSA Santanu Sarkar Cryptology Research

Partial Key Exposure: Generalized Framework to Attack RSA Santanu Sarkar Cryptology Research

Partial Key Exposure: Generalized Framework to Attack RSA Santanu Sarkar Cryptology Research Group Indian Statistical Institute, Kolkata 12 December 2011 Santanu Sarkar Partial Key Exposure: Generalized Framework to Attack RSA Outline of the

478 views • 24 slides
How Earthquake Risk Depends on the Closeness to a Fault: Symmetry-Based Geometric Analysis Aaron

How Earthquake Risk Depends on the Closeness to a Fault: Symmetry-Based Geometric Analysis Aaron

How Earthquake Risk Depends on the Closeness to a Fault: Symmetry-Based Geometric Analysis Aaron Velasco 1 , Solymar Ayala Cortez 1 Olga Kosheleva 2 , and Vladik Kreinovich 3 1 Department of Geological Sciences 2 Department of Teacher Education 3

562 views • 23 slides
SPAE A Single Pass Authenticated Encryption scheme Philippe Elbaz-Vincent 1 , Cyril Hugounenq 1 ,

SPAE A Single Pass Authenticated Encryption scheme Philippe Elbaz-Vincent 1 , Cyril Hugounenq 1 ,

Motivations Design of SPAE Security of the scheme Performances SPAE A Single Pass Authenticated Encryption scheme Philippe Elbaz-Vincent 1 , Cyril Hugounenq 1 , Sbastien Riou 2 1 Univ. Grenoble Alpes / Institut Fourier,

519 views • 27 slides
Embedded System Security Professor Patrick McDaniel Charles Sestito Fall 2015 Embedded System

Embedded System Security Professor Patrick McDaniel Charles Sestito Fall 2015 Embedded System

Embedded System Security Professor Patrick McDaniel Charles Sestito Fall 2015 Embedded System Microprocessor used as a component in a device and is designed for a specific control function within a device Used In: Cell Phones

560 views • 31 slides
Design Automation for Cryptography Anupam Chattopadhyay Assistant Professor, School of Computer

Design Automation for Cryptography Anupam Chattopadhyay Assistant Professor, School of Computer

Design Automation for Cryptography Anupam Chattopadhyay Assistant Professor, School of Computer Science and Engineering School of Physical and Mathematical Sciences, Nanyang Technological University June 7, 2017 Motivation Security not a

669 views • 27 slides

More recommend