taming the devil
play

Taming the Devil: Techniques for Evaluating Anonymized Network Data - PowerPoint PPT Presentation

Jul 19, 2023 •253 likes •660 views

Taming the Devil: Techniques for Evaluating Anonymized Network Data Scott Coull 1 , Charles Wright 1 , Angelos Keromytis 2 , Fabian Monrose 1 , Michael Reiter 3 Johns Hopkins University 1 Columbia University 2 University of North Carolina - Chapel

  1. Taming the Devil: Techniques for Evaluating Anonymized Network Data Scott Coull 1 , Charles Wright 1 , Angelos Keromytis 2 , Fabian Monrose 1 , Michael Reiter 3 Johns Hopkins University 1 Columbia University 2 University of North Carolina - Chapel Hill 3

  2. The Network Data Sanitization Problem Anonymize a packet trace or flow log s.t.: � 1. Researchers gain maximum utility 2. Adversaries w/ auxiliary information do not learn sensitive information Anon. Network Network Data Data Anonymization 2

  3. Methods of Sanitization � Pseudonyms for IPs � Strict prefix-preserving [FXAM04] � Partial prefix-preserving [PAPL06] � Transaction-specific [OBA05] � Other data fields anonymized in reaction to attacks � e.g., time stamps are quantized due to clock skew attack [KBC05] 3

  4. Notable Attacks � Several active and passive attacks exist… � Active probing [BA05, BAO05,KAA06] � Host profiling [CWCMR07,RCMT08] � Identifying web pages [KAA06, CCWMR07] 4

  5. The Underlying Problem � Attacks can be generalized as follows: 1. Identifying information is encoded in the anonymized data • Host behaviors for profiling attacks 2. Adversary has external information on true identities • Public information on services offered by a host 3. Adversary maps true identities to pseudonyms 5

  6. Our Goals 1. Find objects at risk of deanonymization 2. Compare anonymization systems and policies 3. Model hypothetical attack scenarios Focus on ‘natural’ sources of information leakage � 6

  7. Related Work � Definitions of Anonymity � k-Anonymity [SS98], l -Diversity [MGKV05], and t-Closeness[LLV07] � Information theoretic metrics � Analysis of anonymity in mixnets [SD02][DSCP02] � An orthogonal method for evaluating network data [RCMT08] 7

  8. Outline � Adversarial Model � Defining Objects � Auxiliary Information � Calculating Anonymity � Evaluation 8

  9. Adversarial Model � Adversary’s goal: map an anonymized object to its unanonymized counterpart Anon. Network Network Data Data 10.0.0.2 50.20.2.1 10.0.0.1 20% 75% 10.0.0.100 5% 9

  10. Defining Objects � Consider network data as a database � n rows, m columns � Each row is a packet (or flow) record � Each column is a data field ( e.g., source port) � Fields can induce a probability distribution � Sample space defined by values in the field � Represented by random variables in our analysis 10

  11. Defining Objects Local Remote ID Local IP Remote IP Port Port 1 10.0.0.1 80 192.168.2.5 1052 2 10.0.0.2 3069 10.0.1.5 80 3 10.0.0.1 80 192.168.2.10 4059 4 10.0.0.1 21 192.168.6.11 5024 … 11

  12. Defining Objects Local IP 1 0.9 10.0.0.1 0.8 0.75 0.7 10.0.0.2 0.6 0.5 10.0.0.1 0.4 0.3 0.25 10.0.0.1 0.2 0.1 … 0 10.0.0.1 10.0.0.2 12

  13. Defining Objects � Combinations of fields can leak information even if the fields are indistinguishable in isolation � A real-world adversary has a directed plan of attack on a certain subset of fields � Our analysis must consider a much larger set of potential fields � Use feature selection methods based on mutual information to find related fields � Limits computational requirements 13

  14. Defining Objects � A feature is a group of correlated fields � Calculate normalized mutual information � Group into pairs if mutual information > t � Merge groups that share a field in to a feature � A feature distribution is the joint distribution over the fields in the feature 14

  15. Defining Objects Local Remote ID Local IP Remote IP Port Port 1 10.0.0.1 80 192.168.2.5 1052 2 10.0.0.2 3069 10.0.1.5 80 3 10.0.0.1 80 192.168.2.10 4059 4 10.0.0.1 21 192.168.6.11 5024 … 15

  16. Defining Objects Local Local IP Port 1 0.9 10.0.0.1 80 0.8 0.7 10.0.0.2 3069 0.6 0.5 0.5 0.4 10.0.0.1 80 0.3 0.25 0.25 0.2 10.0.0.1 21 0.1 0 … 10.0.0.1, 10.0.0.1, 10.0.0.2, 80 21 3069 16

  17. Defining objects � An object is a set of feature distributions over records produced due its presence � e.g., host objects – feature distributions induced by records sent from or received by a given host 17

  18. Defining Objects Local Remote ID Local IP Remote IP Port Port 1 10.0.0.1 80 192.168.2.5 1052 2 10.0.0.2 3069 10.0.1.5 80 3 10.0.0.1 80 192.168.2.10 4059 4 10.0.0.1 21 192.168.6.11 5024 … 18

  19. Defining Objects Local Remote ID Local IP Remote IP Port Port 1 1 10.0.0.1 80 192.168.2.5 1052 0.9 0.8 0.7 0.66 0.6 0.5 0.4 0.33 0.3 0.2 3 10.0.0.1 80 192.168.2.10 4059 0.1 0 10.0.0.1, 80 10.0.0.1, 21 4 10.0.0.1 21 192.168.6.11 5024 … 19

  20. Defining Objects 10.0.0.1 Local Remote ID Local IP Remote IP Port Port 1 1 10.0.0.1 80 192.168.2.5 1052 0.9 0.8 0.7 0.66 0.6 0.5 0.4 0.33 0.3 0.2 3 10.0.0.1 80 192.168.2.10 4059 0.1 0 10.0.0.1, 80 10.0.0.1, 21 1 0.9 0.8 4 10.0.0.1 21 192.168.6.11 5024 0.7 0.6 0.5 0.4 0.33 0.33 0.33 0.3 0.2 0.1 0 192.168.2.5, 192.168.2.10, 192.168.6.11, … 1052 4059 5024 20

  21. Adversarial Model Anon. Network Network Data Data 10.0.0.2 50.20.2.1 10.0.0.1 20% 75% 10.0.0.100 5% 21

  22. Adversarial Model Anon. Network Network Data Data 10.0.0.2 50.20.2.1 1 0.9 0.8 0.7 0.66 0.6 0.5 0.4 0.33 0.3 0.2 0.1 0 10.0.0.1 10.0.0.1, 80 10.0.0.1, 21 1 0.9 20% 0.8 0.7 0.6 0.5 0.4 0.33 0.33 0.33 0.3 0.2 0.1 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 1052 4059 5024 1 0.9 0.8 0.7 0.66 1 0.6 0.5 0.4 0.33 0.9 0.3 0.2 0.8 0.1 0 10.0.0.1, 80 10.0.0.1, 21 0.7 0.66 0.6 1 0.5 0.9 0.8 0.4 0.7 0.33 0.6 0.5 0.3 0.4 0.33 0.33 0.33 0.3 0.2 0.2 0.1 75% 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 0.1 1052 4059 5024 0 10.0.0.1, 80 10.0.0.1, 21 10.0.0.100 1 0.9 0.8 0.7 5% 0.6 0.5 1 0.9 0.4 0.8 0.33 0.33 0.33 0.7 0.66 0.3 0.6 0.5 0.4 0.33 0.2 0.3 0.2 0.1 0.1 0 10.0.0.1, 80 10.0.0.1, 21 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 1052 4059 5024 1 0.9 0.8 0.7 0.6 0.5 0.4 0.33 0.33 0.33 0.3 0.2 0.1 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 1052 4059 5024 22

  23. Auxiliary Information � Auxiliary information captures the adversary’s external knowledge � Initially, adversary only has knowledge obtained from meta-data � As adversary deanonymizes objects, new knowledge is gained � Used to iteratively refine mapping between anonymized and unanonymized objects 23

  24. Auxiliary Information Local IP: Prefix-Preserving Anonymized Unanonymized Values Values 50.20.2.1 {10.0.0.1, …, 10.0.0.255} 50.20.2.2 {10.0.0.1, …, 10.0.0.255} 50.20.2.3 {10.0.0.1, …, 10.0.0.255} … … 24

  25. Auxiliary Information Local IP: Prefix-Preserving Anonymized Unanonymized Values Values 50.20.2.1 {10.0.0.1} 50.20.2.2 {10.0.0.2, 10.0.0.3} 50.20.2.3 {10.0.0.2, 10.0.0.3} … … 25

  26. Adversarial Model Anon. Network Network Data Data 10.0.0.2 50.20.2.1 1 0.9 0.8 0.7 0.66 0.6 0.5 0.4 0.33 0.3 0.2 0.1 0 10.0.0.1 10.0.0.1, 80 10.0.0.1, 21 1 0.9 20% 0.8 0.7 0.6 0.5 0.4 0.33 0.33 0.33 0.3 0.2 0.1 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 1052 4059 5024 1 0.9 0.8 0.7 0.66 1 0.6 0.5 0.4 0.33 0.9 0.3 0.2 0.8 0.1 0 10.0.0.1, 80 10.0.0.1, 21 0.7 0.66 0.6 1 0.5 0.9 0.8 0.4 0.7 0.33 0.6 0.5 0.3 0.4 0.33 0.33 0.33 0.3 0.2 0.2 0.1 75% 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 0.1 1052 4059 5024 0 10.0.0.1, 80 10.0.0.1, 21 10.0.0.100 1 0.9 0.8 0.7 5% 0.6 0.5 1 0.9 0.4 0.8 0.33 0.33 0.33 0.7 0.66 0.3 0.6 0.5 0.4 0.33 0.2 0.3 0.2 0.1 0.1 0 10.0.0.1, 80 10.0.0.1, 21 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 1052 4059 5024 1 0.9 0.8 0.7 0.6 0.5 0.4 0.33 0.33 0.33 0.3 0.2 0.1 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 1052 4059 5024 26

  27. Adversarial Model Anon. Network Network 19 {1, …, 1024} Data Data 32 {1, …, 1024} 50 {1, …, 1024} … … 10.0.0.2 50.20.2.1 1 0.9 0.8 0.7 0.66 0.6 0.5 0.4 0.33 0.3 0.2 0.1 0 10.0.0.1 10.0.0.1, 80 10.0.0.1, 21 1 0.9 20% 0.8 0.7 0.6 0.5 0.4 0.33 0.33 0.33 0.3 0.2 0.1 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 1052 4059 5024 1 0.9 0.8 0.7 0.66 1 0.6 0.5 0.4 0.33 0.9 0.3 0.2 0.8 0.1 0 10.0.0.1, 80 10.0.0.1, 21 0.7 0.66 0.6 1 0.5 0.9 0.8 0.4 0.7 0.33 0.6 0.5 0.3 0.4 0.33 0.33 0.33 0.3 0.2 0.2 0.1 75% 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 0.1 1052 4059 5024 0 10.0.0.1, 80 10.0.0.1, 21 10.0.0.100 1 0.9 0.8 0.7 5% 0.6 0.5 1 0.9 0.4 0.8 0.33 0.33 0.33 0.7 0.66 0.3 0.6 0.5 0.4 0.33 0.2 0.3 0.2 0.1 0.1 0 10.0.0.1, 80 10.0.0.1, 21 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 1052 4059 5024 1 0.9 0.8 0.7 0.6 0.5 0.4 0.33 0.33 0.33 0.3 0.2 0.1 0 192.168.2.5, 192.168.2.10, 192.168.6.11, 1052 4059 5024 27

Recommend

Devil Figures What is the devil figure archetype in a story? Definition: The devil figure

Devil Figures What is the devil figure archetype in a story? Definition: The devil figure

Devil Figures What is the devil figure archetype in a story? Definition: The devil figure represents a devil incarnate. They often offer worldly goods, fame, and knowledge in exchange for souls. The figure's main purpose is to distract or

440 views • 15 slides
Better the Devil You Know Who or what is the devil? The name commonly given to the fallen

Better the Devil You Know Who or what is the devil? The name commonly given to the fallen

Better the Devil You Know Who or what is the devil? The name commonly given to the fallen angels...it denotes Lucifer their chief, as in Matthew 25v41, the Devil and his angels...it is clearly taught that the devil and the other

368 views • 26 slides
Red Devil Mine Red Devil Mine Mike McCrum, BLM Alaska Doug Cox, Ph.D., BLM Natl Operations

Red Devil Mine Red Devil Mine Mike McCrum, BLM Alaska Doug Cox, Ph.D., BLM Natl Operations

U.S. Department of the Interior Bureau of Land Management Risk Assessment for Mercury Releases to the Kuskokwim River from the BLM Red Devil Mine Red Devil Mine Mike McCrum, BLM Alaska Doug Cox, Ph.D., BLM Natl Operations Center Red Devil

570 views • 31 slides
Whoever makes a practice of sinning is of the devil, for the devil has been sinning from the

Whoever makes a practice of sinning is of the devil, for the devil has been sinning from the

1 John 3:8a (ESV) Whoever makes a practice of sinning is of the devil, for the devil has been sinning from the beginning. Philippians 3:18-20 (NIV) As I have often told you before and now tell you again even with tears, many live as

263 views • 23 slides
Red Devil Mine Risk Assessment for Mercury Releases to the Kuskokwim River from the BLM Red Devil

Red Devil Mine Risk Assessment for Mercury Releases to the Kuskokwim River from the BLM Red Devil

U.S. Department of the Interior Bureau of Land Management Red Devil Mine Risk Assessment for Mercury Releases to the Kuskokwim River from the BLM Red Devil Mine Doug Cox, Ph.D., BLM Natl OperaDons Center Red Devil Mine 1 U.S. Department of the

449 views • 13 slides
Software Tool Seminar WS1516 - Taming the Snake November 4, 2015 1 Taming the Snake 1.1

Software Tool Seminar WS1516 - Taming the Snake November 4, 2015 1 Taming the Snake 1.1

Software Tool Seminar WS1516 - Taming the Snake November 4, 2015 1 Taming the Snake 1.1 Understanding how Python works in N simple steps (with N still growing) 1.2 Step 0. What this talk is about (and what it isnt) Four basic things you

266 views • 12 slides
Red Devil Mine Human Health Risk Assessment for Mercury Releases to the Kuskokwim River from the

Red Devil Mine Human Health Risk Assessment for Mercury Releases to the Kuskokwim River from the

U.S. Department of the Interior Bureau of Land Management Red Devil Mine Human Health Risk Assessment for Mercury Releases to the Kuskokwim River from the BLM Red Devil Mine Doug Cox, Ph.D., BLM Natl OperaFons Center Red Devil Mine 1 U.S.

653 views • 43 slides
Return of the Devil in the Details: Delving Deep into Convolutional Nets Ken Chatfield - Karen

Return of the Devil in the Details: Delving Deep into Convolutional Nets Ken Chatfield - Karen

Return of the Devil in the Details: Delving Deep into Convolutional Nets Ken Chatfield - Karen Simonyan - Andrea Vedaldi - Andrew Zisserman University of Oxford The Devil is still in the Details 2011 2014 Comparing Apples to Apples:

575 views • 28 slides
In Bed With The Devil: Recognizing Human Teratogenic Exposures Jan M. Friedman, MD, PhD Jan M.

In Bed With The Devil: Recognizing Human Teratogenic Exposures Jan M. Friedman, MD, PhD Jan M.

In Bed With The Devil: Recognizing Human Teratogenic Exposures Jan M. Friedman, MD, PhD Jan M. Friedman, MD, PhD In Bed With The Devil The only way we ever know that an exposure is teratogenic in humans is to recognize that it causes

640 views • 28 slides
Taming Pointers A Symbolic Approach Jianwen Zhu jzhu@eecg.toronto.edu Electrical and Computer

Taming Pointers A Symbolic Approach Jianwen Zhu jzhu@eecg.toronto.edu Electrical and Computer

Taming Pointers A Symbolic Approach Jianwen Zhu jzhu@eecg.toronto.edu Electrical and Computer Engineering University of Toronto 04 p.1/33 J. Zhu c Outline An Old Problem A New Strategy Taming Context Sensitivity Result and

1.43k views • 100 slides
Taming Effects in a Dependent World Pierre-Marie Pdrot Max Planck Institute for Software

Taming Effects in a Dependent World Pierre-Marie Pdrot Max Planck Institute for Software

. . . . . . . . . . . . . . . Taming Effects in a Dependent World Pierre-Marie Pdrot Max Planck Institute for Software Systems Journes Nationales Gocal-LAC 14th November 2017 P.-M. Pdrot (MPI-SWS) Taming efgects in a

1.09k views • 90 slides
Taming Your Dragon: From No QA to Fully Integrated QA

Taming Your Dragon: From No QA to Fully Integrated QA

W7 Test Transformation Wednesday, October 23rd, 2019 11:30 AM Taming Your Dragon: From No QA to Fully Integrated QA Presented

880 views • 51 slides
Agenda I. Call to order Sun Devil Rewards ElDiablito 201920 Officers Amira de la Garza

Agenda I. Call to order Sun Devil Rewards ElDiablito 201920 Officers Amira de la Garza

Monthly Membership Meeting In-Person: Tempe CPCOM120 and Downtown Phoenix UCENT 317 ZOOM from your desktop or mobile device: https://asu.zoom.us/j/481527897 October 30, 219 | 12 to 1 p.m. Agenda I. Call to order Sun Devil Rewards

512 views • 18 slides
TAMING NG T THE C CAVEMAN: STRESS MANAGEMENT FOR THE NEW AGE Diana F. Hott, LCSW CEAP

TAMING NG T THE C CAVEMAN: STRESS MANAGEMENT FOR THE NEW AGE Diana F. Hott, LCSW CEAP

TAMING NG T THE C CAVEMAN: STRESS MANAGEMENT FOR THE NEW AGE Diana F. Hott, LCSW CEAP www.dianafhottlcsw.com (c) 2013 Diana F. Hott LCSW TAMING T THE C CAVEM EMAN (c) 2013 Diana F. Hott LCSW The physical and emotional reaction people

245 views • 13 slides
Taming the Many Headed Dragon: Collaborative Models and Systems Issues Presentation for Putting

Taming the Many Headed Dragon: Collaborative Models and Systems Issues Presentation for Putting

Taming the Many Headed Dragon: Collaborative Models and Systems Issues Presentation for Putting the Pieces Together for Children and Families September 2011 Taming the Many Headed Dragon: Collaborative Models and Systems Issues Maria

282 views • 27 slides
Your JDK 8 The Devil is in the Dark Dr. Michael Eichberg Software Technology Group Department

Your JDK 8 The Devil is in the Dark Dr. Michael Eichberg Software Technology Group Department

Your JDK 8 The Devil is in the Dark Dr. Michael Eichberg Software Technology Group Department of Computer Science Technische Universitt Darmstadt www.opal-project.de Some Facts The Java 8 Development Kit consists of: 1.651 packages, which

237 views • 21 slides
1 Peter 5:8, Be sober [stable in your thinking], be vigilant; because your adversary the devil

1 Peter 5:8, Be sober [stable in your thinking], be vigilant; because your adversary the devil

1 Peter 5:8, Be sober [stable in your thinking], be vigilant; because your adversary the devil walks about like a roaring lion, seeking whom he may devour. 1 Peter 5:9, Resist him, steadfast in the faith [doctrine], Job 1:1,

452 views • 26 slides
Taming UTF-8 in pdfTeX Frank Mittelbach TUG 2019, Palo Alto A short history lession part 2

Taming UTF-8 in pdfTeX Frank Mittelbach TUG 2019, Palo Alto A short history lession part 2

Presentation given at the TUG 2019 Conference, Palo Alto 1 file version: August 25, 2019 0:02 Taming UTF-8 in pdfT EX Frank Mittelbach Abstract To understand the concepts in pdfL A T EX for processing UTF-8 encoded files it is helpful to

237 views • 5 slides
The Cure for Worldliness And War James 4:7- 10 7 Submit therefore to God. Resist the devil and

The Cure for Worldliness And War James 4:7- 10 7 Submit therefore to God. Resist the devil and

The Cure for Worldliness And War James 4:7- 10 7 Submit therefore to God. Resist the devil and he will flee from you. 8 Draw near to God and He will draw near to you. Cleanse your hands, you sinners; and purify your hearts, you

339 views • 21 slides
Washington is Paying Attention to Biomedical Research: Is the Devil in the Details? Mary

Washington is Paying Attention to Biomedical Research: Is the Devil in the Details? Mary

Washington is Paying Attention to Biomedical Research: Is the Devil in the Details? Mary Woolley, President, Research!America April 9, 2015 Wake Forest School of Medicine Bo/McCreight Distinguished Lecturer Series Its good to be back in

626 views • 62 slides
Taming the Beast Workshop Bayesian inference of species tree Species & gene trees *BEAST

Taming the Beast Workshop Bayesian inference of species tree Species & gene trees *BEAST

Taming the Beast Taming the Beast Workshop Bayesian inference of species tree Species & gene trees *BEAST Species tree prior Multispecies coalescent Bayesian inference of species tree Molecular clock model Felsenstein likelihood and

205 views • 19 slides
Running with the Devil: Mechanical Sympathetic Networking Todd L. Montgomery @toddlmontgomery

Running with the Devil: Mechanical Sympathetic Networking Todd L. Montgomery @toddlmontgomery

Running with the Devil: Mechanical Sympathetic Networking Todd L. Montgomery @toddlmontgomery Informatica Ultra Messaging Architecture Tail of a Networking Stack Beastie Direct Descendants FreeBSD NetBSD OpenBSD ... Darwin (Mac OS X)

427 views • 17 slides
Beware of the THIEF Be alert and of sober mind. Your enemy the devil prowls around like a

Beware of the THIEF Be alert and of sober mind. Your enemy the devil prowls around like a

Beware of the THIEF Be alert and of sober mind. Your enemy the devil prowls around like a roaring lion looking for someone to devour. 1 Peter 5:8 God's Plans for us are good! We need to KNOW it and BELIEVE it! Jeremiah 29:11 Satan also has

815 views • 11 slides
Taming the SOA Beast SOA introduces complexity as well as new organizational impacts. We need to

Taming the SOA Beast SOA introduces complexity as well as new organizational impacts. We need to

Taming the SOA Beast SOA introduces complexity as well as new organizational impacts. We need to re-think the process. December 2008 Why SOA? Business Effectiveness Agility, responsiveness to market/competitive dynamics Business

513 views • 24 slides

More recommend