sharing computer network logs for security and privacy a motivation for new methodologies o

《sharing computer network logs for security and privacy a motivation for new methodologies o》由会员上传分享，免费在线阅读，更多相关内容在教育资源-天天文库。

1、SharingComputerNetworkLogsforSecurityandPrivacy:AMotivationforNewMethodologiesofAnonymizationAdamJSlagellandWilliamYurcikNationalCenterforSupercomputingApplicationsUniversityofIllinois{slagell,byurcik}@ncsa.uiuc.eduAbstractLogsareoneofthemostfundamentalresourcestoanysecurityprofessi

2、onal.Itiswidelyrecognizedbythegovernmentandindustrythatitisbothbeneficialanddesirabletosharelogsforthepurposeofsecurityresearch.However,thesharingisnothappeningornottothedegreeormagnitudethatisdesired.Organizationsarereluctanttosharelogsbecauseoftheriskofexposingsensitiveinformationt

3、opotentialattackers.Webelievethisreluctanceremainshighbecausecurrentanonymizationtechniquesareweakandone-size-fits-all—orbetterput,onesizetriestofitall.Wemustdevelopstandardsandmakeanonymizationavailableatvaryinglevels,strikingabalancebetweenprivacyandutility.Organizationshavedifferent

4、needsandtrustotherorganizationstodifferentdegrees.Theymustbeabletomapmultipleanonymizationlevelswithdefinedriskstothetrustlevelstheysharewith(would-be)receivers.Itisnotuntilthereareindustrystandardsformultiplelevelsofanonymizationthatwewillbeabletomoveforwardandachievethegoalofwidespr

5、eadsharingoflogsforsecurityresearchers.1IntroductionLogdataisessentialtosecurityoperationteamsatanyorganizationlargeenoughtohavefull-timesecuritypersonnel.WhileIDSsoperateonstreamingdata,matchingsignaturesandproducingalerts,itisstillnecessaryforhumanbeingstoexaminelogstounderstandth

6、esealerts.Logsalsoformthecoresourceofevidenceforcomputerforensicinvestigationsfollowingsecurityincidents.Thecurrentstate-of-the-artisforeachautonomousorganizationtouselogdatatolocallyoptimizearXiv:cs/0409005v1[cs.CR]3Sep2004networkmanagementandsecurityprotection.Forinstance,itmayonl

7、ybewhentheythemselvesarescannedbyanindividualthatanorganizationwillblockaparticularIPaddress.Administratorsmaymissthebiggerpictureandnotseethattheyarejustapieceofalargertarget.Furthermore,administratorsmayonlystarttoscantheirownnetworkforaparticularvulnerabilityonceanattackerhasexpl

8、oiteditontheirsyste