A method to compress and anonymize packet traces

  title={A method to compress and anonymize packet traces},
  author={Markus Peuhkuri},
  booktitle={IMW '01},
  • M. Peuhkuri
  • Published in IMW '01 1 November 2001
  • Computer Science
Data volume and privacy issues are one of problems related to large-scale packet capture. Utilizing flow nature of Internet traffic can reduce data volume. Removing sensitive information such as IP addresses enchanges privacy. Our method makes possible to have same replacement value for given IP address even if capture location or time is different. 

Figures and Tables from this paper

Anonymization of IP Traffic Monitoring Data: Attacks on Two Prefix-Preserving Anonymization Schemes and Some Proposed Remedies
A suite of three algorithms employing packet injection and frequency analysis, which can compromise individual addresses protected with prefix-preserving anonymization in multilinear time are presented and an algorithm that strengthens some hash-based anonymization methods is introduced.
Anonymization Techniques for URLs and Filenames
A new method is presented that can anonymize strings such as URLs while preserving a maximum amount of information useful to researchers.
Circumventing IP-address pseudonymization
It turns out that the packet injection itself, as well as the extraction of the corresponding anonymized header data, are the most time-consuming steps.
On the Design of Fast Prefix-Preserving IP Address Anonymization Scheme
Traffic traces are generally anonymized before used in analysis. Prefix-preserving anonymization is often used to avoid privacy issues as well as preserve prefix relationship after anonymization. To
Anonym: A tool for anonymization of the Internet traffic
An anonymization tool that executes multilevel anonymization and displays analysis results is proposed and implemented and architecture and features of the tool are described and discussed and analysis of un-anonymized and anonymized datasets are discussed.
α-MON: Anonymized Passive Traffic Monitoring
Packet measurements are essential for several applications, such as cyber-security, accounting and troubleshooting. They, however, threaten privacy by exposing sensitive information. Anonymization
α-MON: Traffic Anonymizer for Passive Monitoring
The impact of z-anonymity on traffic measurements is quantified, finding that it introduces minimal error when it comes to finding heavy-hitter services.
SANTT: Sharing Anonymized Network Traffic Traces among Researchers
SANTT employs a novel prefix-preserving anonymization method to sanitize privacy information in packets and takes advantage of specific high-speed traffic capturing hardware to share valuable network traffic traces safely and widely.
SCRUB-tcpdump: A multi-level packet anonymizer demonstrating privacy/analysis tradeoffs
It is proposed that optimal network data sharing needs to have different levels of anonymization tailored to the participating organizations in order to tradeoff the risks of potential loss or disclosure of sensitive information.
Comparison of Traffic Trace Anonymization Tools
This paper intends to compare the Crypto-PAn, Lucent’s extensions to Crypto- PAn, Anontool, and FLAIM, and compare the cumulative distribution function of the anonymized data.


Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
A simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point is discussed.
IP Header Compression
This document describes how to compress multiple IP headers and TCP and UDP headers per hop over point to point links. The methods can be applied to of IPv6 base and extension headers, IPv4 headers,
User Datagram Protocol
UDP does not guarantee reliability or ordering in the way that TCP does, but its stateless nature is also useful for servers that answer small queries from huge numbers of clients.
Compressing TCP/IP Headers for Low-Speed Serial Links
This RFC describes a method for compressing the headers of TCP/IP datagrams to improve performance over low speed serial links. The motivation, implementation and performance of the method are
A Parameterizable Methodology for Internet Traffic Flow Profiling
This methodology differs from many previous studies that have concentrated on end-point definitions of flows in terms of state derived from observing the explicit opening and closing of TCP connections, by defining flows based on traffic satisfying various temporal and spatial locality conditions, as observed at internal points of the network.
TCP Selective Acknowledgement Options
TCP may experience poor performance when multiple packets are lost from one window of data. With the limited information available from cumulative acknowledgments, a TCP sender can only learn about a
Senie, “Network IngressFiltering: Defeating Denial of ServiceAttackswhich employ IP SourceAddress Spoofing,
  • Requestfor CommentsRFC2827,InternetEngineer ing TaskForce,May
  • 2000
IP HeaderCompression
  • Requestfor CommentsRFC 2507, InternetEngineering TaskForce,Feb. 1999.
  • 1999
Internet Protocol Request for Comments RFC 791, Internet Engineering Task Force, Sept. 1981. .I. Postel
  • Internet Protocol Request for Comments RFC 791, Internet Engineering Task Force, Sept. 1981. .I. Postel
  • 1980