An IP Address Anonymization Scheme with Multiple Access Levels

  • Qianli Zhang
  • Xing Li
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3961)


Real world traffic traces are important for Internet research, but public available traffic traces are rare for privacy concerns. IP address anonymization may serve to avoid privacy issues. There are many IP address anonymization schemes according to different requirements and trustworthy levels of the expected users. However, anonymized traces often have to address several groups of researchers at the same time, each with a distinct trustworthy level. Previously known IP address anonymization schemes have to be applied separately to form multiple copies each corresponding to a scheme. In this paper, we propose a scheme which will anonymize the original trace into one single trace, and with different knowledge (secret key) users may recover different traces from it.


Block Cipher Original Trace Special Address Monitor Network Anonymization Process 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    McGregor, T., Braun, H., Brown, J.: The NLANR network analysis infrastructure. IEEE Communications Magazine 38(5), 122–128 (2000)CrossRefGoogle Scholar
  2. 2.
    The Internet traffic archive (April 2000),
  3. 3.
    Peuhkuri, M.: A Method to Compress and Anonymize Packet Traces. In: SIGCOMM IMW (2001)Google Scholar
  4. 4.
    Pang, R., Paxson, V.: A high-level programming environment for packet trace anonymization and transformation. In: SIGCOMM (2003)Google Scholar
  5. 5.
    Slagell, A., Yurcik, W.: Sharing Computer Network Logs for Security and Privacy: A Motivation for New Methodologies of Anonymization. In: SECOVAL: The Workshop on the Value of Security through Collaboration, held in conjunction with SecureComm, Athens, Greece (September 2005)Google Scholar
  6. 6.
    Li, Y., Slagell, A., Luo, K., Yurcik, W.: CANINE: A Combined Converter and Anonymizer Tool for Processing NetFlows for Security. In: International Conference on Telecommunication Systems - Modeling and Analysis (ICTSM), Dallas, Texas, November 17-20 (2005)Google Scholar
  7. 7.
    Minshall, G.: TCPdpriv Command Manual (1996)Google Scholar
  8. 8.
    Cho, K., Mitsuya, K., Kato, A.: Traffic data repository at the wide project. In: Proceedings of USENIX 2000 Annual Technical Conference: FREENIX Track, San Diego, CA (June 2000)Google Scholar
  9. 9.
    Xu, J., Fan, J., Ammar, M.H., Moon, S.B.: On the design and performance of prefix-preserving IP traffic trace anonymization. In: SIGCOMM IMW (2001)Google Scholar
  10. 10.
    Slagell, A., Wang, J., Yurcik, W.: Network Log Anonymization: Application of Crypto-PAn to Cisco NetFlows. In: Secure Knowledge Management Workshop, Buffalo, NY (2004)Google Scholar
  11. 11.
    Xu, J., Fan, J., Ammar, M.H., Moon, S.B.: Prefix-preserving IP address anonymization: measurement based security evaluation and a new cryptography-based scheme. In: ICNP (2002)Google Scholar
  12. 12.
    Daemen, J., Rijmen, V.: AES proposal: Rijndael, Tech. Rep., Computer Security Resource Center, National Institute of Standards and Technology (February 2001),
  13. 13.
    Krawczyk, H., Bellare, M., Canetti, R.: RFC 2104: HMAC: Keyed-Hashing for Message Authentication (February 1997)Google Scholar
  14. 14.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography, p. 269. CRC Press, New York (1997)MATHGoogle Scholar
  15. 15.
    Ylonen, T.: Thoughts on how to mount an attack on tpcpdriv’s ”-50” option. In: TCPpdpriv source distribution (1996)Google Scholar
  16. 16.
  17. 17.
    Fyodor: nmap manual page,

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Qianli Zhang
    • 1
  • Xing Li
    • 1
  1. 1.Tsinghua UniversityBeijingChina

Personalised recommendations