Towards packet anonymization by automatically inferring sensitive application fields

Real network traffic is an important asset for research and development in the field of network security, but due to privacy concerns of leaking personal and host information, acquiring real traffic is quite restricted in practice. Over the past years, researchers have developed anonymization techniques to specify sensitive application fields or patterns to be hidden, but the specification will take great effort to investigate the sensitivity of a large number of application fields beforehand, and can be inaccurate due to the lack of patterns for some sensitive information. This work presents an innovative method towards automatically inferring where sensitive information is in the application messages. The method can leverage existing application protocol parsers to locate the application fields or optionally infer the fields by clustering and aligning similar application messages. After that, this method can infer the degree of sensitivity of application fields with the C4.5 decision tree algorithm based on the three measures: entropy, diversity, and one-to-one mapping. The experimental results demonstrate that the inference of sensitivity is effective with low false-negative and acceptable false-positive rates.