网络取证与隐私问题的分级方法

2019 International Conference on Computing, Networking and Communications (ICNC) Pub Date : 2019-02-01 DOI:10.1109/ICCNC.2019.8685654

William Brockelsby, R. Dutta

{"title":"网络取证与隐私问题的分级方法","authors":"William Brockelsby, R. Dutta","doi":"10.1109/ICCNC.2019.8685654","DOIUrl":null,"url":null,"abstract":"Anomaly detection in recent or historic traffic traces is a typical approach in applying network forensics to analyze previous security incidents in networks, as well as for real-time network monitoring for detecting intrusions or other security incidents without known signatures. However, even in the aftermath of a security incident, privacy expectations of legitimate users remain a primary concern. In this paper, we describe our findings regarding the preference of network administrators for releasing data. We then go on to describe a methodology that balances the motivations of preserving maximum privacy for legitimate users and obtaining maximum possible information regarding potentially anomalous behavior. Our methodology is based on a graded approach to progressing from highly anonymized data to further disclosure for targeted traffic streams. In particular, we show that it is possible to obtain significant progress from highly aggregated data that is typically considered essentially valueless for the purpose of anomaly detection. We present the result of these first steps as executed on a real enterprise network, showing how the graded approach can work in practice.","PeriodicalId":161815,"journal":{"name":"2019 International Conference on Computing, Networking and Communications (ICNC)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"A Graded Approach to Network Forensics with Privacy Concerns\",\"authors\":\"William Brockelsby, R. Dutta\",\"doi\":\"10.1109/ICCNC.2019.8685654\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Anomaly detection in recent or historic traffic traces is a typical approach in applying network forensics to analyze previous security incidents in networks, as well as for real-time network monitoring for detecting intrusions or other security incidents without known signatures. However, even in the aftermath of a security incident, privacy expectations of legitimate users remain a primary concern. In this paper, we describe our findings regarding the preference of network administrators for releasing data. We then go on to describe a methodology that balances the motivations of preserving maximum privacy for legitimate users and obtaining maximum possible information regarding potentially anomalous behavior. Our methodology is based on a graded approach to progressing from highly anonymized data to further disclosure for targeted traffic streams. In particular, we show that it is possible to obtain significant progress from highly aggregated data that is typically considered essentially valueless for the purpose of anomaly detection. We present the result of these first steps as executed on a real enterprise network, showing how the graded approach can work in practice.\",\"PeriodicalId\":161815,\"journal\":{\"name\":\"2019 International Conference on Computing, Networking and Communications (ICNC)\",\"volume\":\"23 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-02-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 International Conference on Computing, Networking and Communications (ICNC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCNC.2019.8685654\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 International Conference on Computing, Networking and Communications (ICNC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCNC.2019.8685654","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

最近或历史流量轨迹异常检测是应用网络取证分析网络中以前的安全事件，以及实时监控网络以检测入侵或其他未知签名的安全事件的一种典型方法。然而，即使在安全事件之后，合法用户的隐私期望仍然是主要关注的问题。在本文中，我们描述了我们关于网络管理员对发布数据的偏好的发现。然后，我们继续描述一种方法，该方法平衡了为合法用户保护最大隐私和获取有关潜在异常行为的最大可能信息的动机。我们的方法是基于从高度匿名数据到进一步披露目标流量流的分级方法。特别是，我们表明，从高度聚合的数据中获得重大进展是可能的，而这些数据通常被认为对于异常检测来说基本上是没有价值的。我们给出了在真实的企业网络上执行这些第一步的结果，展示了分级方法在实践中如何工作。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Graded Approach to Network Forensics with Privacy Concerns

Anomaly detection in recent or historic traffic traces is a typical approach in applying network forensics to analyze previous security incidents in networks, as well as for real-time network monitoring for detecting intrusions or other security incidents without known signatures. However, even in the aftermath of a security incident, privacy expectations of legitimate users remain a primary concern. In this paper, we describe our findings regarding the preference of network administrators for releasing data. We then go on to describe a methodology that balances the motivations of preserving maximum privacy for legitimate users and obtaining maximum possible information regarding potentially anomalous behavior. Our methodology is based on a graded approach to progressing from highly anonymized data to further disclosure for targeted traffic streams. In particular, we show that it is possible to obtain significant progress from highly aggregated data that is typically considered essentially valueless for the purpose of anomaly detection. We present the result of these first steps as executed on a real enterprise network, showing how the graded approach can work in practice.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2019 International Conference on Computing, Networking and Communications (ICNC)

自引率

0.00%

发文量