Scrub-Tcpdump: A Multi-Level Packet Anonymizer Demonstrating Privacy/Analysis Tradeoffs

To promote sharing of packet traces across security domains we introduce SCRUB-tcpdump, a tool that adds multi-field multi-option anonymization to tcpdump functionality. Experimental results show how SCRUB-tcpdump provides flexibility to balance the often conflicting requirements for privacy protection versus security analysis. Specifically, we demonstrate with empirical experimentation how different SCRUB-tcpdump anonymization options applied to the same data set can result in different levels of privacy protection and security analysis. Based on these results we propose that optimal network data sharing needs to have different levels of anonyinization tailored to the participating organizations in order to tradeoff the risks of potential loss or disclosure of sensitive information.