Correlating network events and transferring labels in the presence of IP address anonymisation

Abstract

The availability of labelled data, i.e. ground-truth or reference data, is typically a requirement for performing network research, especially for network security research. Labelled data, however, are sparsely available. Data sets present in repositories such as CAIDA or PREDICT are mostly missing labels and have IP addresses anonymised. Especially the latter compounds correlating these data sets with third-party information in order to assign labels a posteriori. To address this problem, we propose a scheme to anonymise IP addresses such that later correlation is still possible, without compromising security of either data sponsoring entity. The scheme we propose is based on Crypto-PAn [1] and is able to correlate events using anonymised IP addresses as correlation keys, without restricting choice of the cryptographic secret.