The devil and packet trace anonymization
Authors:	Ruoming Pang Mark Allman Vern Paxson Jason Lee
Published:	SIGCOMM Comput. Commun. Rev., 2006
URL:	http://portal.acm.org/citation.cfm?id=1111322.1111330 www.icir.org/enterprise-tracing/devil-ccr-jan06.pdf
ENTRY DATE:	2008-06-16
ABSTRACT:	Releasing network measurement data---including packet traces---to the research community is a virtuous activity that promotes solid research. However, in practice, releasing anonymized packet traces for public use entails many more vexing considerations than just the usual notion of how to scramble IP addresses to preserve privacy. Publishing traces requires carefully balancing the security needs of the organization providing the trace with the research usefulness of the anonymized trace. In this paper we recount our experiences in (i) securing permission from a large site to release packet header traces of the site's internal traffic, (ii) implementing the corresponding anonymization policy, and (iii) validating its correctness. We present a general tool, tcpmkpub, for anonymizing traces, discuss the process used to determine the particular anonymization policy, and describe the use of metadata accompanying the traces to provide insight into features that have been obfuscated by anonymization