1: \documentclass[10pt]{IEEEtran}
2: %\documentclass[twocolumn, 11pt]{IEEEtran}
3:
4: \usepackage[letterpaper,hmargin=1.0in,vmargin=1.0in]{geometry}
5: \usepackage{graphicx}
6: \usepackage{subfigure}
7: \usepackage{listings}
8:
9: \newcommand{\flaim}{FLAIM }
10: %\bibliographystyle{plain}
11: \bibliographystyle{IEEE}
12:
13: \begin{document}
14: \centerfigcaptionstrue
15: \date{}
16: \title{\Large{\bf FLAIM: A Multi-level Anonymization Framework for
17: Computer and Network Logs}}
18: \author{Adam Slagell \ \ \ \ \ \ \ \ Kiran Lakkaraju \ \ \ \ \ \ \ \ Katherine Luo\\ \\National Center for Supercomputing Applications (NCSA) \\ University of Illinois at Urbana-Champaign\\ \{{\it slagell,kiran,xluo1}\}{\it @ncsa.uiuc.edu}}
19: \maketitle
20:
21: \input{abstract}
22: \input{intro}
23: \input{overview}
24: \input{arch}
25: \input{anony}
26: \input{related}
27: \input{conclusion}
28: \input{ack}
29:
30: \begin{thebibliography}{444}
31:
32: \bibitem{Biskup00a}
33: Biskup, J., and Flegel, U., ``On Pseudonymization of Audit Data for
34: Intrusion Detection," {\it USENIX Workshop on Design Issues in
35: Anonymity and Unobservability}, Jul. 2000.
36:
37: \bibitem{Biskup00b}
38: Biskup, J., and Flegel, U., ``Transaction-Based Pseudonyms in Audit
39: Data for Privacy Respecting Intrusion Detection," {\it Third International
40: Workshop on the Recent Advances in Intrusion Detection (RAID 2000)},
41: Toulouse, France, Oct. 2000.
42:
43: \bibitem{Bloom70}
44: Bloom, B.H., ``Space/Time Trade-offs in Hash Coding with Allowable
45: Errors,'', {\it Communications of the ACM}, vol. 13, no. 7,
46: pp. 422--426, 1970.
47:
48: \bibitem{Flegel02}
49: Flegel, U., ``Pseudonymizing UNIX Log Files," {\it Infrastructure
50: Security, International Conference (InfraSec 2002)}, Bristol, UK, Oct.
51: 2002.
52:
53: \bibitem{gorman06}
54: Gorman, S., ``NSA Killed System that Sifted Phone Data Legally,'' {\it The Baltimore Sun}, May 17, 2006.
55:
56: \bibitem{IANA}
57: IANA IPv4 Protocol Numbers Assignment,\\ http://www.iana.org/assignments/protocol-numbers, Mar. 2006.
58:
59: \bibitem{Markoff05}
60: Markoff, J., and Bergman, L., ``Internet Attack is called Broad and Long
61: Lasting,'' {\it New York Times}, sec. A, pg. 1, col. 1, May 10, 2005.
62:
63: \bibitem{Lincoln04}
64: Lincoln, P., Porras, P., and Shmatikov, V., ``Privacy-Preserving
65: Sharing and Correlation of Security Alerts," $13^{th}$ {\it USENIX Security
66: Symposium}, San Diego, CA, Aug. 2004.
67:
68: \bibitem{Lundin99}
69: Lundin, E., and Jonsson, E., ``Privacy vs Intrusion Detection
70: Analysis," {\it Second International Workshop on the Recent Advances in
71: Intrusion Detection (RAID '99)}, West Lafayette, IN, Sep. 1999.
72:
73: \bibitem{Pang03}
74: Pang, R., and Paxson, V., ``A High-Level Programming Environment for
75: Packet Trace Anonymization and Transformation," {\it ACM SIGCOMM
76: Conference}, Karlsruhe, Germany, Aug. 2003.
77:
78: \bibitem{Pang06}
79: Pang, R., Allman, M., Paxson, V., and Lee, J., ``The Devil and Packet Trace
80: Anonymization,'' {\it ACM SIGCOMM Computer Communications Review},
81: vol. 36, no. 1, pp. 29--38, Jan. 2006.
82:
83: \bibitem{poulsen04}
84: Poulsen, K., ``California Reports Massive Data Breach,'' {\it
85: SecurityFocus News}, http://www.securityfocus.com/, October 19, 2004.
86:
87: \bibitem{CAIDA}
88: Shannon, C., Moore, D., and Keys, K., ``The Internet Measurement Data
89: Catalog,'' {\it ACM SIGCOMM Computer Communications Review}, vol. 35,
90: no. 5, pp. 97--100, Oct. 2005.
91:
92: \bibitem{Slagell04}
93: Slagell, A., Wang, J., and Yurcik, W., ``Network Log Anonymization:
94: Application of Crypto-PAn to Cisco NetFlows,'' {\it Workshop on
95: Secure Knowledge Management}, Buffalo, Ny, Sep. 2004.
96:
97: \bibitem{Slagell04b}
98: Slagell, A., and Yurcik, W., ``Sharing Compuer and Network Logs for
99: Security and Privacy: A Motivation for New Methodologies of
100: ANonymization'', {\it ACM Computing research Repository (CoRR)},
101: Technical Report cs.CR/0409005; Sep. 2004.
102:
103: \bibitem{Slagell05}
104: Slagell, A., and Yurcik, W., ``Sharing Computer Network Logs for Security
105: and Privacy: A Motivation for New Methodologies of Anonymization,'' {\it
106: SECOVAL: The Workshop on the Value of Security through Collaboration},
107: Athens, Greece, Sep. 2005.
108:
109: \bibitem{Slagell05b}
110: Slagell, A., Li, Y., and Luo, K., ``Sharing Network Logs for
111: Computer Forensics: A New tool for the Anonymization of NetFlow
112: Records,'' {\it Computer Network Forensics Research Workshop}, Athens,
113: bGreece, Sep. 2005.
114:
115: \bibitem{Sobirey97}
116: Sobirey, M., Fischer-Hubner, S., and Rannenburg, K., ``Pseudo-nymous
117: Audit for Privacy Enhanced Intrusion Detection,'' {\it IFIP TC11
118: b $13^{th}$ International Conference on Information Security},
119: Copenhagen, Denmark, May, 1997.
120:
121: \bibitem{Vrable05}
122: Vrable, M., Ma, J., Chen, J., Moore, D., Vandekieft, E., Snoeren, A.,
123: Voelker, G., and Savage, S., ``Scalability, Fidelity and Containment in
124: the Potemkin Virtual Honeyfarm,'' $20^{th}$ {\it ACM Symposium on Operating
125: Systems Principles (SOSP 2005)}, Brighton, UK, Oct. 2005.
126:
127: \bibitem{Xu01}
128: Xu, J., Fan, J., Ammar, M. H., and Moon, S. B., ``On the Design and
129: Performance of Prefix-Preserving IP Traffic Trace Anonymization,''
130: {\it ACM SIGCOMM Internet Measurement Workshop}, San Francisco, CA,
131: Nov. 2001.
132:
133: \bibitem{Xu02}
134: Xu, J., Fan, J., Ammar, M. H., and Moon, S. B., ``Prefix-Preserving IP
135: Address Anonymization: Measurement-based Security Evaluation and a New
136: Cryptography-based Scheme," $10^{th}$ {\it IEEE International
137: Conference on Network Protocols}, Paris, France, Nov. 2002.
138:
139: \bibitem{Yin05}
140: Yin, X., Yurcik, W., and Slagell, A., ``The Design of
141: Vis-FlowConnect-IP: a Link Analysis System for IP Security Situational
142: Awareness,'' {\it First International Workshop on Information
143: Assurance (IWIA)}, College PArk, MD, Mar. 2005.
144:
145: \end{thebibliography}
146:
147: \end{document}
148: