|
| This Article | ||
| ||
| Share | ||
| Bibliographic References | ||
| Add to: | ||
 Digg  Furl  Spurl  Blink  Simpy  Google  Del.icio.us  Y!MyWeb | ||
| Search | ||
| ||
The Second International Conference on Availability, Reliability and Security (ARES'07)
A New Classification Scheme for Anonymization of Real Data Used in IDS Benchmarking
Vienna, Austria
April 10-April 13
ISBN: 0-7695-2775-2
| ASCII Text | x | ||
| Vidar Evenrud Seeberg, Slobodan Petrovic, "A New Classification Scheme for Anonymization of Real Data Used in IDS Benchmarking," 2012 Seventh International Conference on Availability, Reliability and Security, pp. 385-390, The Second International Conference on Availability, Reliability and Security (ARES'07), 2007. | |||
| BibTex | x | ||
| @article{ 10.1109/ARES.2007.9, author = {Vidar Evenrud Seeberg and Slobodan Petrovic}, title = {A New Classification Scheme for Anonymization of Real Data Used in IDS Benchmarking}, journal ={2012 Seventh International Conference on Availability, Reliability and Security}, volume = {0}, year = {2007}, isbn = {0-7695-2775-2}, pages = {385-390}, doi = {http://doi.ieeecomputersociety.org/10.1109/ARES.2007.9}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, } | |||
| RefWorks Procite/RefMan/Endnote | x | ||
| TY - CONF JO - 2012 Seventh International Conference on Availability, Reliability and Security TI - A New Classification Scheme for Anonymization of Real Data Used in IDS Benchmarking SN - 0-7695-2775-2 SP385 EP390 A1 - Vidar Evenrud Seeberg, A1 - Slobodan Petrovic, PY - 2007 KW - null VL - 0 JA - 2012 Seventh International Conference on Availability, Reliability and Security ER - | |||
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ARES.2007.9
Artificially generated network traffic sources for IDS benchmarking have been harshly criticized because of their inability to realistically simulate networks. Benchmarking data sets based on real data have many advantages over the artificially generated ones, but due to privacy concerns and legal restrictions such original data sets cannot be widely distributed. Their anonymization ("sanitization") is necessary in order to be used in IDS testing. In this paper, we define a new variable strength filter-in methodology of anonymization of IDS benchmarking data sets. It is based on an original classification criterion used to categorize informational objects in network data according to the action to be performed on them in the anonymization process. The action depends on the possibility of these objects to disclose sensitive information. We analyze the possibility of disclosing sensitive information by various http header fields. We also study influence of application of the new anonymization methodology on percentage of attacks detectable by an IDS. Experimental results show that a great number of the attacks present in the input data without anonymization are still detectable by the tested IDS even after the application of the strongest anonymization scheme defined by our methodology. Although the new anonymization method focuses on application data, it could also be used in the link, network, and transport protocol contexts.
Citation:
Vidar Evenrud Seeberg, Slobodan Petrovic, "A New Classification Scheme for Anonymization of Real Data Used in IDS Benchmarking," ares, pp.385-390, The Second International Conference on Availability, Reliability and Security (ARES'07), 2007
Usage of this product signifies your acceptance of the Terms of Use.