Improving network security by sanitizing network topological information to encapsulate particular network topology
Securing data is crucial in a world where attackers will attempt to gain access to personal and business information that, for privacy reasons, we want to protect. Information on a network topology can be used by an adversary to undermine a network. To preserve this information, access to the data can be restricted. What if, however, we want to share the information with another party to allow analysis on the data? How can we ensure that the privacy of our data is protected while still providing accurate analysis? Summarizing the information of network topology may not allow for any analysis to be performed on the data. Sanitization, on the other hand, explores methods to mask the network topology information in such a way that the network’s characteristics will be hiding while still providing an analyst with data on which she can run statistics. There exists a tenuous balance between the need for privacy of the unsanitized network data and the accuracy of the analysis on the sanitized data. The goal is to effectively hide the raw data while the analysis on the sanitized data produces the same results as if performed on the raw data. By exploring the network characteristics, we can determine possible statistics that may derive from the data. We proposed a standard syntax for defining a network. From the syntax and the topology characteristics, sanitization schemes are detailed explaining the balance between privacy and statistical accuracy. IP addressing ramifications and the concerns when sanitizing are also identified.
A thesis submitted to the Department of Computer Science, in partial fulfillment of the requirements for the award of master of science degree in information technology
Network security, Network topology, Sanitization