Abstract
Networking researchers and engineers rely on network packet traces for understanding network behavior, developing models, and evaluating network performance. Although the bulk of published packet traces implement a form of address anonymization to hide sensitive information, it has been unclear if such anonymization techniques are sufficient to address the privacy concerns of users and organizations.
In this paper we attempt to quantify the risks of publishing anonymized packet traces. In particular, we examine whether statistical identification techniques can be used to uncover the identities of users and their surfing activities from anonymized packet traces. Our results show that such techniques can be used by any Web server that is itself present in the packet trace and has sufficient resources to map out and keep track of the content of popular Web sites to obtain information on the network-wide browsing behavior of its clients. Furthermore, we discuss how scan sequences identified in the trace can easily reveal the mapping from anonymized to real IP addresses.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Google’s directory, http://directory.google.com
The internet traffic archive, http://www.acm.org/sigs/sigcomm/ITA
NLANR network traffic packet header traces, http://pma.nlanr.net/Traces/
Nlanr passive measurement and analysis, http://pma.nlanr.net/PMA/
Remote OS detection via TCP/IP Stack FingerPrinting (June 2002), http://www.insecure.org/nmap/nmap-fingerprinting-article.html
Anagnostakis, K.G., Ioannidis, S., Miltchev, S., Ioannidis, J., Greenwald, M.B., Smith, J.M.: Efficient packet monitoring for network management. In: Proceedings of the 8th IEEE/IFIP Network Operations and Management Symposium (NOMS), April 2002, pp. 423–436 (2002)
Berners-Lee, T., Fielding, R., Frystyk, H.: RFC 1945: Hypertext Transfer Protocol — HTTP/1.0 (May 1996)
Brewington, B.E., Cybenko, G.: How dynamic is the Web?. Computer Networks (Amsterdam, Netherlands: 1999) 33(1–6), 257–276 (2000)
Fielding, R., Gettys, J., Mogul, J., Nielsen, H., Berners-Lee, T.: Hypertext transfer protocol - HTTP/1.1. RFC 2616 (June 1999)
Hintz, A.: Fingerprinting websites using traffic analysis. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 171–178. Springer, Heidelberg (2003)
Jiang, H., Dovrolis, C.: Passive estimation of tcp round-trip times. Computer Communications Review (July 2002)
Jin, S., Bestavros, A.: Sources and characteristics of web temporal locality. In: MASCOTS, pp. 28–35 (2000)
Mathis, M., Semke, J., Mahdavi, J., Ott, T.: The macroscopic behavior of the TCP congestion avoidance algorithm. ACM Computer Communication Review 27(3) (July 1997)
Minshall, G.: Tcpdpriv: Program for eliminating confidential information from traces (2005), http://ita.ee.lbl.gov/html/contrib/tcpdpriv.html
Mogul, J.: Trace anonymization misses the point. Presentation on WWW, Panel on Web Measurements (2002)
Pang, R., Paxson, V.: A High-Level Programming Environment for Packet Trace Anonymization and Transformation. In: Proceedings of the ACM SIGCOMM Conference (August 2003)
Pang, R., Allman, M., Paxson, V., Lee, J.: The devil and packet trace anonymization (January 2006)
Paxson, V., Floyd, S.: Wide-area traffic: the failure of Poisson modeling. In: Proceedings of ACM SIGCOMM, pp. 257–268 (August 1994)
Sun, Q., Simon, D.R., Wang, Y., Russell, W., Padmanabhan, V.N., Qiu, L.: Statistical identification of encrypted web browsing traffic. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA (May 2002)
Ylonen, T.: Thoughts on how to mount an attack on tcpdprivs “-a50” option, http://ita.ee.lbl.gov/html/contrib/attack50/attack50.html
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2006 IFIP International Federation for Information Processing
About this paper
Cite this paper
Koukis, D., Antonatos, S., Anagnostakis, K.G. (2006). On the Privacy Risks of Publishing Anonymized IP Network Traces. In: Leitold, H., Markatos, E.P. (eds) Communications and Multimedia Security. CMS 2006. Lecture Notes in Computer Science, vol 4237. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11909033_3
Download citation
DOI: https://doi.org/10.1007/11909033_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-47820-1
Online ISBN: 978-3-540-47823-2
eBook Packages: Computer ScienceComputer Science (R0)