A Framework for Utility-Driven Network Trace Anonymization

The publication of network traces is critical for network research but their release is highly constrained by privacy and security concerns. The importance of a framework for anonymizing traces to provide different levels of security and utility to promote trace publication has been identified in the literature. However, the current state-of-art anonymization techniques have failed to provide the guarantees on privacy and security. In this paper, we propose a framework in which a trace owner can match an anonymizing transformation with the requirements of analysts. The trace owner can release multiple transformed traces, each customized to an analysts needs, or a single transformation satisfying all requirements. The framework enables formal reasoning about anonymization policies, for example to verify that a given trace has utility for the analyst, or to obtain the most secure anonymization for the desired level of utility. We validate our techniques by applying them to a real enterprise network trace and measuring the success of attacks by an informed adversary. The proposed framework is extensible and it allows for the addition of anonymization techniques as they evolve.