taming the devil
play

Taming the Devil: Techniques for Evaluating Anonymized Network Data - PowerPoint PPT Presentation

Jul 19, 2023 •253 likes •660 views

Taming the Devil: Techniques for Evaluating Anonymized Network Data Scott Coull 1 , Charles Wright 1 , Angelos Keromytis 2 , Fabian Monrose 1 , Michael Reiter 3 Johns Hopkins University 1 Columbia University 2 University of North Carolina - Chapel

  1. Taming the Devil: Techniques for Evaluating Anonymized Network Data Scott Coull 1 , Charles Wright 1 , Angelos Keromytis 2 , Fabian Monrose 1 , Michael Reiter 3 Johns Hopkins University 1 Columbia University 2 University of North Carolina - Chapel Hill 3

  2. The Network Data Sanitization Problem Anonymize a packet trace or flow log s.t.: � 1. Researchers gain maximum utility 2. Adversaries w/ auxiliary information do not learn sensitive information Anon. Network Network Data Data Anonymization 2

  3. Methods of Sanitization � Pseudonyms for IPs � Strict prefix-preserving [FXAM04] � Partial prefix-preserving [PAPL06] � Transaction-specific [OBA05] � Other data fields anonymized in reaction to attacks � e.g., time stamps are quantized due to clock skew attack [KBC05] 3

  4. Notable Attacks � Several active and passive attacks exist… � Active probing [BA05, BAO05,KAA06] � Host profiling [CWCMR07,RCMT08] � Identifying web pages [KAA06, CCWMR07] 4

  5. The Underlying Problem � Attacks can be generalized as follows: 1. Identifying information is encoded in the anonymized data • Host behaviors for profiling attacks 2. Adversary has external information on true identities • Public information on services offered by a host 3. Adversary maps true identities to pseudonyms 5

  6. Our Goals 1. Find objects at risk of deanonymization 2. Compare anonymization systems and policies 3. Model hypothetical attack scenarios Focus on ‘natural’ sources of information leakage � 6

  7. Related Work � Definitions of Anonymity � k-Anonymity [SS98], l -Diversity [MGKV05], and t-Closeness[LLV07] � Information theoretic metrics � Analysis of anonymity in mixnets [SD02][DSCP02] � An orthogonal method for evaluating network data [RCMT08] 7

  8. Outline � Adversarial Model � Defining Objects � Auxiliary Information � Calculating Anonymity � Evaluation 8

  9. Adversarial Model � Adversary’s goal: map an anonymized object to its unanonymized counterpart Anon. Network Network Data Data 10.0.0.2 50.20.2.1 10.0.0.1 20% 75% 10.0.0.100 5% 9

  10. Defining Objects � Consider network data as a database � n rows, m columns � Each row is a packet (or flow) record � Each column is a data field ( e.g., source port) � Fields can induce a probability distribution � Sample space defined by values in the field � Represented by random variables in our analysis 10

  11. Defining Objects Local Remote ID Local IP Remote IP Port Port 1 10.0.0.1 80 192.168.2.5 1052 2 10.0.0.2 3069 10.0.1.5 80 3 10.0.0.1 80 192.168.2.10 4059 4 10.0.0.1 21 192.168.6.11 5024 … 11

  12. Defining Objects Local IP 1 0.9 10.0.0.1 0.8 0.75 0.7 10.0.0.2 0.6 0.5 10.0.0.1 0.4 0.3 0.25 10.0.0.1 0.2 0.1 … 0 10.0.0.1 10.0.0.2 12

  13. Defining Objects � Combinations of fields can leak information even if the fields are indistinguishable in isolation � A real-world adversary has a directed plan of attack on a certain subset of fields � Our analysis must consider a much larger set of potential fields � Use feature selection methods based on mutual information to find related fields � Limits computational requirements 13

  14. Defining Objects � A feature is a group of correlated fields � Calculate normalized mutual information � Group into pairs if mutual information > t � Merge groups that share a field in to a feature � A feature distribution is the joint distribution over the fields in the feature 14

  15. Defining Objects Local Remote ID Local IP Remote IP Port Port 1 10.0.0.1 80 192.168.2.5 1052 2 10.0.0.2 3069 10.0.1.5 80 3 10.0.0.1 80 192.168.2.10 4059 4 10.0.0.1 21 192.168.6.11 5024 … 15

  16. Defining Objects Local Local IP Port 1 0.9 10.0.0.1 80 0.8 0.7 10.0.0.2 3069 0.6 0.5 0.5 0.4 10.0.0.1 80 0.3 0.25 0.25 0.2 10.0.0.1 21 0.1 0 … 10.0.0.1, 10.0.0.1, 10.0.0.2, 80 21 3069 16

  17. Defining objects � An object is a set of feature distributions over records produced due its presence � e.g., host objects – feature distributions induced by records sent from or received by a given host 17

  18. Defining Objects Local Remote ID Local IP Remote IP Port Port 1 10.0.0.1 80 192.168.2.5 1052 2 10.0.0.2 3069 10.0.1.5 80 3 10.0.0.1 80 192.168.2.10 4059 4 10.0.0.1 21 192.168.6.11 5024 … 18

  19. Defining Objects Local Remote ID Local IP Remote IP Port Port 1 1 10.0.0.1 80 192.168.2.5 1052 0.9 0.8 0.7 0.66 0.6 0.5 0.4 0.33 0.3 0.2 3 10.0.0.1 80 192.168.2.10 4059 0.1 0 10.0.0.1, 80 10.0.0.1, 21 4 10.0.0.1 21 192.168.6.11 5024 … 19

  20. Defining Objects 10.0.0.1 Local Remote ID Local IP Remote IP Port Port 1 1 10.0.0.1 80 192.168.2.5 1052 0.9 0.8 0.7 0.66 0.6 0.5 0.4 0.33 0.3 0.2 3 10.0.0.1 80 192.168.2.10 4059 0.1 0 10.0.0.1, 80 10.0.0.1, 21 1 0.9 0.8 4 10.0.0.1 21 192.168.6.11 5024 0.7 0.6 0.5 0.4 0.33 0.33 0.33 0.3 0.2 0.1 0 192.168.2.5, 192.168.2.10, 192.168.6.11, … 1052 4059 5024 20

  21. Adversarial Model Anon. Network Network Data Data 10.0.0.2 50.20.2.1 10.0.0.1 20% 75% 10.0.0.100 5% 21

  22. Adversarial Model Anon. Network Network Data Data 10.0.0.2 50.20.2.1 1 0.9 0.8 0.7 0.66 0.6 0.5 0.4 0.33 0.3 0.2 0.1 0 10.0.0.1 10.0.0.1, 80 10.0.0.1, 21 1 0.9 20% 0.8 0.7 0.6 0.5 0.4 0.33 0.33 0.33 0.3 0.2 0.1 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 1052 4059 5024 1 0.9 0.8 0.7 0.66 1 0.6 0.5 0.4 0.33 0.9 0.3 0.2 0.8 0.1 0 10.0.0.1, 80 10.0.0.1, 21 0.7 0.66 0.6 1 0.5 0.9 0.8 0.4 0.7 0.33 0.6 0.5 0.3 0.4 0.33 0.33 0.33 0.3 0.2 0.2 0.1 75% 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 0.1 1052 4059 5024 0 10.0.0.1, 80 10.0.0.1, 21 10.0.0.100 1 0.9 0.8 0.7 5% 0.6 0.5 1 0.9 0.4 0.8 0.33 0.33 0.33 0.7 0.66 0.3 0.6 0.5 0.4 0.33 0.2 0.3 0.2 0.1 0.1 0 10.0.0.1, 80 10.0.0.1, 21 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 1052 4059 5024 1 0.9 0.8 0.7 0.6 0.5 0.4 0.33 0.33 0.33 0.3 0.2 0.1 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 1052 4059 5024 22

  23. Auxiliary Information � Auxiliary information captures the adversary’s external knowledge � Initially, adversary only has knowledge obtained from meta-data � As adversary deanonymizes objects, new knowledge is gained � Used to iteratively refine mapping between anonymized and unanonymized objects 23

  24. Auxiliary Information Local IP: Prefix-Preserving Anonymized Unanonymized Values Values 50.20.2.1 {10.0.0.1, …, 10.0.0.255} 50.20.2.2 {10.0.0.1, …, 10.0.0.255} 50.20.2.3 {10.0.0.1, …, 10.0.0.255} … … 24

  25. Auxiliary Information Local IP: Prefix-Preserving Anonymized Unanonymized Values Values 50.20.2.1 {10.0.0.1} 50.20.2.2 {10.0.0.2, 10.0.0.3} 50.20.2.3 {10.0.0.2, 10.0.0.3} … … 25

  26. Adversarial Model Anon. Network Network Data Data 10.0.0.2 50.20.2.1 1 0.9 0.8 0.7 0.66 0.6 0.5 0.4 0.33 0.3 0.2 0.1 0 10.0.0.1 10.0.0.1, 80 10.0.0.1, 21 1 0.9 20% 0.8 0.7 0.6 0.5 0.4 0.33 0.33 0.33 0.3 0.2 0.1 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 1052 4059 5024 1 0.9 0.8 0.7 0.66 1 0.6 0.5 0.4 0.33 0.9 0.3 0.2 0.8 0.1 0 10.0.0.1, 80 10.0.0.1, 21 0.7 0.66 0.6 1 0.5 0.9 0.8 0.4 0.7 0.33 0.6 0.5 0.3 0.4 0.33 0.33 0.33 0.3 0.2 0.2 0.1 75% 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 0.1 1052 4059 5024 0 10.0.0.1, 80 10.0.0.1, 21 10.0.0.100 1 0.9 0.8 0.7 5% 0.6 0.5 1 0.9 0.4 0.8 0.33 0.33 0.33 0.7 0.66 0.3 0.6 0.5 0.4 0.33 0.2 0.3 0.2 0.1 0.1 0 10.0.0.1, 80 10.0.0.1, 21 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 1052 4059 5024 1 0.9 0.8 0.7 0.6 0.5 0.4 0.33 0.33 0.33 0.3 0.2 0.1 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 1052 4059 5024 26

  27. Adversarial Model Anon. Network Network 19 {1, …, 1024} Data Data 32 {1, …, 1024} 50 {1, …, 1024} … … 10.0.0.2 50.20.2.1 1 0.9 0.8 0.7 0.66 0.6 0.5 0.4 0.33 0.3 0.2 0.1 0 10.0.0.1 10.0.0.1, 80 10.0.0.1, 21 1 0.9 20% 0.8 0.7 0.6 0.5 0.4 0.33 0.33 0.33 0.3 0.2 0.1 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 1052 4059 5024 1 0.9 0.8 0.7 0.66 1 0.6 0.5 0.4 0.33 0.9 0.3 0.2 0.8 0.1 0 10.0.0.1, 80 10.0.0.1, 21 0.7 0.66 0.6 1 0.5 0.9 0.8 0.4 0.7 0.33 0.6 0.5 0.3 0.4 0.33 0.33 0.33 0.3 0.2 0.2 0.1 75% 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 0.1 1052 4059 5024 0 10.0.0.1, 80 10.0.0.1, 21 10.0.0.100 1 0.9 0.8 0.7 5% 0.6 0.5 1 0.9 0.4 0.8 0.33 0.33 0.33 0.7 0.66 0.3 0.6 0.5 0.4 0.33 0.2 0.3 0.2 0.1 0.1 0 10.0.0.1, 80 10.0.0.1, 21 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 1052 4059 5024 1 0.9 0.8 0.7 0.6 0.5 0.4 0.33 0.33 0.33 0.3 0.2 0.1 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 1052 4059 5024 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Devil Figures What is the devil figure archetype in a story? Definition: The devil figure

Devil Figures What is the devil figure archetype in a story? Definition: The devil figure

Devil Figures What is the devil figure archetype in a story? Definition: The devil figure represents a devil incarnate. They often offer worldly goods, fame, and knowledge in exchange for souls. The figure's main purpose is to distract or

440 views • 15 slides
Better the Devil You Know Who or what is the devil? The name commonly given to the fallen

Better the Devil You Know Who or what is the devil? The name commonly given to the fallen

Better the Devil You Know Who or what is the devil? The name commonly given to the fallen angels...it denotes Lucifer their chief, as in Matthew 25v41, the Devil and his angels...it is clearly taught that the devil and the other

368 views • 26 slides
Red Devil Mine Red Devil Mine Mike McCrum, BLM Alaska Doug Cox, Ph.D., BLM Natl Operations

Red Devil Mine Red Devil Mine Mike McCrum, BLM Alaska Doug Cox, Ph.D., BLM Natl Operations

U.S. Department of the Interior Bureau of Land Management Risk Assessment for Mercury Releases to the Kuskokwim River from the BLM Red Devil Mine Red Devil Mine Mike McCrum, BLM Alaska Doug Cox, Ph.D., BLM Natl Operations Center Red Devil

570 views • 31 slides
Whoever makes a practice of sinning is of the devil, for the devil has been sinning from the

Whoever makes a practice of sinning is of the devil, for the devil has been sinning from the

1 John 3:8a (ESV) Whoever makes a practice of sinning is of the devil, for the devil has been sinning from the beginning. Philippians 3:18-20 (NIV) As I have often told you before and now tell you again even with tears, many live as

263 views • 23 slides
Red Devil Mine Risk Assessment for Mercury Releases to the Kuskokwim River from the BLM Red Devil

Red Devil Mine Risk Assessment for Mercury Releases to the Kuskokwim River from the BLM Red Devil

U.S. Department of the Interior Bureau of Land Management Red Devil Mine Risk Assessment for Mercury Releases to the Kuskokwim River from the BLM Red Devil Mine Doug Cox, Ph.D., BLM Natl OperaDons Center Red Devil Mine 1 U.S. Department of the

449 views • 13 slides
Software Tool Seminar WS1516 - Taming the Snake November 4, 2015 1 Taming the Snake 1.1

Software Tool Seminar WS1516 - Taming the Snake November 4, 2015 1 Taming the Snake 1.1

Software Tool Seminar WS1516 - Taming the Snake November 4, 2015 1 Taming the Snake 1.1 Understanding how Python works in N simple steps (with N still growing) 1.2 Step 0. What this talk is about (and what it isnt) Four basic things you

266 views • 12 slides
Red Devil Mine Human Health Risk Assessment for Mercury Releases to the Kuskokwim River from the

Red Devil Mine Human Health Risk Assessment for Mercury Releases to the Kuskokwim River from the

U.S. Department of the Interior Bureau of Land Management Red Devil Mine Human Health Risk Assessment for Mercury Releases to the Kuskokwim River from the BLM Red Devil Mine Doug Cox, Ph.D., BLM Natl OperaFons Center Red Devil Mine 1 U.S.

653 views • 43 slides
Return of the Devil in the Details: Delving Deep into Convolutional Nets Ken Chatfield - Karen

Return of the Devil in the Details: Delving Deep into Convolutional Nets Ken Chatfield - Karen

Return of the Devil in the Details: Delving Deep into Convolutional Nets Ken Chatfield - Karen Simonyan - Andrea Vedaldi - Andrew Zisserman University of Oxford The Devil is still in the Details 2011 2014 Comparing Apples to Apples:

575 views • 28 slides
In Bed With The Devil: Recognizing Human Teratogenic Exposures Jan M. Friedman, MD, PhD Jan M.

In Bed With The Devil: Recognizing Human Teratogenic Exposures Jan M. Friedman, MD, PhD Jan M.

In Bed With The Devil: Recognizing Human Teratogenic Exposures Jan M. Friedman, MD, PhD Jan M. Friedman, MD, PhD In Bed With The Devil The only way we ever know that an exposure is teratogenic in humans is to recognize that it causes

640 views • 28 slides
Taming Pointers A Symbolic Approach Jianwen Zhu jzhu@eecg.toronto.edu Electrical and Computer

Taming Pointers A Symbolic Approach Jianwen Zhu jzhu@eecg.toronto.edu Electrical and Computer

Taming Pointers A Symbolic Approach Jianwen Zhu jzhu@eecg.toronto.edu Electrical and Computer Engineering University of Toronto 04 p.1/33 J. Zhu c Outline An Old Problem A New Strategy Taming Context Sensitivity Result and

1.43k views • 100 slides
Taming Effects in a Dependent World Pierre-Marie Pdrot Max Planck Institute for Software

Taming Effects in a Dependent World Pierre-Marie Pdrot Max Planck Institute for Software

. . . . . . . . . . . . . . . Taming Effects in a Dependent World Pierre-Marie Pdrot Max Planck Institute for Software Systems Journes Nationales Gocal-LAC 14th November 2017 P.-M. Pdrot (MPI-SWS) Taming efgects in a

1.09k views • 90 slides
Taming Your Dragon: From No QA to Fully Integrated QA

Taming Your Dragon: From No QA to Fully Integrated QA

W7 Test Transformation Wednesday, October 23rd, 2019 11:30 AM Taming Your Dragon: From No QA to Fully Integrated QA Presented

880 views • 51 slides
Agenda I. Call to order Sun Devil Rewards ElDiablito 201920 Officers Amira de la Garza

Agenda I. Call to order Sun Devil Rewards ElDiablito 201920 Officers Amira de la Garza

Monthly Membership Meeting In-Person: Tempe CPCOM120 and Downtown Phoenix UCENT 317 ZOOM from your desktop or mobile device: https://asu.zoom.us/j/481527897 October 30, 219 | 12 to 1 p.m. Agenda I. Call to order Sun Devil Rewards

512 views • 18 slides
TAMING NG T THE C CAVEMAN: STRESS MANAGEMENT FOR THE NEW AGE Diana F. Hott, LCSW CEAP

TAMING NG T THE C CAVEMAN: STRESS MANAGEMENT FOR THE NEW AGE Diana F. Hott, LCSW CEAP

TAMING NG T THE C CAVEMAN: STRESS MANAGEMENT FOR THE NEW AGE Diana F. Hott, LCSW CEAP www.dianafhottlcsw.com (c) 2013 Diana F. Hott LCSW TAMING T THE C CAVEM EMAN (c) 2013 Diana F. Hott LCSW The physical and emotional reaction people

245 views • 13 slides
Taming the Many Headed Dragon: Collaborative Models and Systems Issues Presentation for Putting

Taming the Many Headed Dragon: Collaborative Models and Systems Issues Presentation for Putting

Taming the Many Headed Dragon: Collaborative Models and Systems Issues Presentation for Putting the Pieces Together for Children and Families September 2011 Taming the Many Headed Dragon: Collaborative Models and Systems Issues Maria

282 views • 27 slides
Your JDK 8 The Devil is in the Dark Dr. Michael Eichberg Software Technology Group Department

Your JDK 8 The Devil is in the Dark Dr. Michael Eichberg Software Technology Group Department

Your JDK 8 The Devil is in the Dark Dr. Michael Eichberg Software Technology Group Department of Computer Science Technische Universitt Darmstadt www.opal-project.de Some Facts The Java 8 Development Kit consists of: 1.651 packages, which

237 views • 21 slides
De-anonymizing Data CompSci 590.03 Instructor: Ashwin

De-anonymizing Data CompSci 590.03 Instructor: Ashwin

Source (h?p://xkcd.org/834/) De-anonymizing Data CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 2 : 590.03 Fall 13 1 Outline Recap

1.15k views • 83 slides
K-Anonymity & Social Networks CompSci 590.03 Instructor: Ashwin Machanavajjhala (Some slides

K-Anonymity & Social Networks CompSci 590.03 Instructor: Ashwin Machanavajjhala (Some slides

K-Anonymity & Social Networks CompSci 590.03 Instructor: Ashwin Machanavajjhala (Some slides adapted from [Hay et al, SIGMOD (tutorial) 2011]) Lecture 4 : 590.03 Fall 12 1 Announcements Project ideas are posted on the site. You are

1.26k views • 38 slides
Data Anonymization - Generalization Algorithms Li Xiong, Slawek Goryczka CS573 Data Privacy and

Data Anonymization - Generalization Algorithms Li Xiong, Slawek Goryczka CS573 Data Privacy and

Data Anonymization - Generalization Algorithms Li Xiong, Slawek Goryczka CS573 Data Privacy and Anonymity Generalization and Suppression Generalization Suppression Replace the value with a less Do not release a Z2 = {410**}

1.27k views • 52 slides
Learning to de-anonymize social networks A machine learning approach to social graph

Learning to de-anonymize social networks A machine learning approach to social graph

Learning to de-anonymize social networks A machine learning approach to social graph de-anonymization Kumar Sharad October 28, 2016 Royal Holloway, University of London ACM Workshop on Artificial Intelligence and Security, Vienna, Austria

1.01k views • 69 slides
Data Masking and Anonymization for PostgreSQL 1 The Anonymization Challenge 8 Strategies

Data Masking and Anonymization for PostgreSQL 1 The Anonymization Challenge 8 Strategies

Data Masking and Anonymization for PostgreSQL 1 The Anonymization Challenge 8 Strategies PostgreSQL Anonymizer The Future 2 3 My Story 4 LETS DO THIS ! jailer pgantomizer ARX pgsync anomyze-it anonymizer mat2 Talend open

1.12k views • 77 slides
Design for a data Anonymization Competition 2018 Hiroaki Kikuchi (Meiji Univ.) PETS 2017,

Design for a data Anonymization Competition 2018 Hiroaki Kikuchi (Meiji Univ.) PETS 2017,

Design for a data Anonymization Competition 2018 Hiroaki Kikuchi (Meiji Univ.) PETS 2017, Minneapolis, US Criticize to past PWSCUP 1. Hidden algorithm Players submit the anonymized data without showing source or algorithm. Not able to

690 views • 21 slides
Key parse TCP assembly Offline Online capture anonymize Anon. One-Way Interface Key (anon.

Key parse TCP assembly Offline Online capture anonymize Anon. One-Way Interface Key (anon.

anonymize Anon. Key parse TCP assembly Offline Online capture anonymize Anon. One-Way Interface Key (anon. trace) parse TCP assembly Enc. Key decrypt Offline Online encrypt Encrypted Raw Data capture Capture Hardware Closed-box VM anonymize

838 views • 40 slides
k IP IP: a Measured Approach ch to IPv6 Ad Addres ess An Anon onymiz ization ion MAPRG

k IP IP: a Measured Approach ch to IPv6 Ad Addres ess An Anon onymiz ization ion MAPRG

k IP IP: a Measured Approach ch to IPv6 Ad Addres ess An Anon onymiz ization ion MAPRG Meeting Prague, July 20, 2017 David Plonka <plonka@akamai.com> kI kIP: : a Me Measured Approach to IPv6 Address Anonymizati tion

873 views • 64 slides

More recommend