On the Effects of Network Trace Anonymization

Student: Somdutta Bose
Sponsor: unfunded project

Network intrusion detection and prevention systems analyze network traces looking for the unexpected, the known bad, or that which is outside a given set of specification defining “good.” When this analysis is outsourced, sites typically anonymize the data in order to protect the privacy of those at the site, or to conceal sensitive information that they are legally bound (or otherwise desire) to keep internal to their organization. This project asks the question, “how does the sanitization affect the detection rate?”