Feistel network-based prefix-preserving network trace anonymization

Date

2022-05

Authors

Dandyan, Shaveta

Journal Title

Journal ISSN

Volume Title

Publisher

Faculty of Graduate Studies and Research, University of Regina

Abstract

Network traces represent a critical piece of data for the network security analysts to ensure the security of the data and detecting/correcting network issues. Due to lack of expertise, companies are forced to outsource their network traces to third parties to perform analytics on the traces and provide security feedbacks and recommendations. In fact, outsourcing network traces to third party analysts for monitoring and analytics is a common service requested by companies. However, these companies are reluctant to share their network traces, as they comprise sensitive information (e.g., IP addresses), which may be exploited for attacks. Therefore, such sensitive information needs to be hidden before outsourcing the network traces. Network trace anonymization is a solution that provides the privacy of the data and preserving its utility. The latter is important for the analytics, that is, the data needs to be anonymized (some information are changed), in such a way the essence of the data remains valid. Otherwise, the analytics provided by third party analysts cannot reflect the actual state of the network. Existing solutions, such as CryptoPAN, preserves the data utility (by preserving the IP prefixes), but are vulnerable to semantic attacks. In this thesis, we propose an anonymization solution, which is based on the Feistel network and preserves the data privacy and utility at the same time. Besides, the proposed solution requires less computation and resources, since it is based on the Feistel network that guarantees the anonymization and de-anonymization with the same architecture. The Feistel network is widely used in cryptography because of its flexible structure. Thus, in this thesis, we adapt it to perform both the anonymization and de-anonymization. We validate our solution using Kddcup99 dataset, from which distinct IP addresses have been filtered to better measure the data leakage (dual of privacy) provided by our solution. The obtained results show that the proposed solution provides consistent results throughout the different traces under the same experimental parameters. We evaluate the security of our solution using the avalanche property, which is widely used to measure the security of encryption systems. Moreover, the efficacy of our solution is evaluated against Injection attacks. Overall, the obtained results, avalanche property and resistance to Injection attacks, are appealing.

Description

A Thesis Submitted to the Faculty of Graduate Studies and Research in Partial Fulfillment for the Requirements for the Degree of Master of Science in Computer Science, University of Regina. xv, 105 p.

Keywords

Citation

Collections