Login | Register

Anonymization of Event Logs for Network Security Monitoring


Anonymization of Event Logs for Network Security Monitoring

Rasic, Alis (2020) Anonymization of Event Logs for Network Security Monitoring. Masters thesis, Concordia University.

[thumbnail of Rasic_MSc_S2020.pdf]
Text (application/pdf)
Rasic_MSc_S2020.pdf - Accepted Version


A managed security service provider (MSSP) must collect security event logs from
their customers’ network for monitoring and cybersecurity protection. These logs
need to be processed by the MSSP before displaying it to the security operation
center (SOC) analysts. The employees generate event logs during their working hours
at the customers’ site. One challenge is that collected event logs consist of personally
identifiable information (PII) data; visible in clear text to the SOC analysts or any
user with access to the SIEM platform.
We explore how pseudonymization can be applied to security event logs to help
protect individuals’ identities from the SOC analysts while preserving data utility
when possible. We compare the impact of using different pseudonymization functions
on sensitive information or PII. Non-deterministic methods provide higher level of
privacy but reduced utility of the data.
Our contribution in this thesis is threefold. First, we study available architectures
with different threat models, including their strengths and weaknesses. Second, we
study pseudonymization functions and their application to PII fields; we benchmark
them individually, as well as in our experimental platform. Last, we obtain valuable
feedbacks and lessons from SOC analysts based on their experience.
Existing works[43, 44, 48, 39] are generally restricting to the anonymization of
the IP traces, which is only one part of the SOC analysts’ investigation of PCAP
files inspection. In one of the closest work[47], the authors provide useful, practical
anonymization methods for the IP addresses, ports, and raw logs.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Rasic, Alis
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Information Systems Security
Date:February 2020
Thesis Supervisor(s):Wang, Lingyu
ID Code:986484
Deposited By: ALIS RASIC
Deposited On:26 Jun 2020 13:34
Last Modified:26 Jun 2020 13:34
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top