Privacy-Preserving Anonymization of System and Network Event Logs Using Salt-Based Hashing and Temporal Noise

• URL: http://arxiv.org/abs/2507.21904v1
• Date: Tue, 29 Jul 2025 15:16:42 GMT
• Title: Privacy-Preserving Anonymization of System and Network Event Logs Using Salt-Based Hashing and Temporal Noise
• Authors: Shreyas Bargale, Akshit Vakati Venkata, Jaimandeep Singh, Chester Rebeiro,
• Abstract summary: Event logs contain Personally Identifiable Information (PII)<n>Overly aggressive anonymization can destroy contextual integrity, while weak techniques risk re-identification through linkage or inference attacks.<n>This paper introduces novel field-specific anonymization methods that address this trade-off.
• Score: 5.85293491327449
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: System and network event logs are essential for security analytics, threat detection, and operational monitoring. However, these logs often contain Personally Identifiable Information (PII), raising significant privacy concerns when shared or analyzed. A key challenge in log anonymization is balancing privacy protection with the retention of sufficient structure for meaningful analysis. Overly aggressive anonymization can destroy contextual integrity, while weak techniques risk re-identification through linkage or inference attacks. This paper introduces novel field-specific anonymization methods that address this trade-off. For IP addresses, we propose a salt-based hashing technique applied at the per-octet level, preserving both subnet and host structure to enable correlation across various log entries while ensuring non-reversibility. For port numbers, full-value hashing with range mapping maintains interpretability. We also present an order-preserving timestamp anonymization scheme using adaptive noise injection, which obfuscates exact times without disrupting event sequences. An open-source tool implementing these techniques has been released to support practical deployment and reproducible research. Evaluations using entropy metrics, collision rates, and residual leakage analysis demonstrate that the proposed approach effectively protects privacy while preserving analytical utility.

Related papers

• DATABench: Evaluating Dataset Auditing in Deep Learning from an Adversarial Perspective [59.66984417026933]
  We introduce a novel taxonomy, classifying existing methods based on their reliance on internal features (IF) (inherent to the data) versus external features (EF) (artificially introduced for auditing)<n>We formulate two primary attack types: evasion attacks, designed to conceal the use of a dataset, and forgery attacks, intending to falsely implicate an unused dataset.<n>Building on the understanding of existing methods and attack objectives, we further propose systematic attack strategies: decoupling, removal, and detection for evasion; adversarial example-based methods for forgery.<n>Our benchmark, DATABench, comprises 17 evasion attacks, 5 forgery attacks, and 9
  arXiv  Detail & Related papers  (2025-07-08T03:07:15Z)
• Towards Anonymous Neural Network Inference [0.0]
  funion is a system providing end-to-end sender-receiver unlinkability for neural network inference.<n>Users can anonymously store input tensors in pseudorandom storage locations, commission compute services to process them via the neural network, and retrieve results with no traceable connection between input and output parties.
  arXiv  Detail & Related papers  (2025-05-23T22:05:20Z)
• Robust Utility-Preserving Text Anonymization Based on Large Language Models [80.5266278002083]
  Anonymizing text that contains sensitive information is crucial for a wide range of applications.<n>Existing techniques face the emerging challenges of the re-identification ability of large language models.<n>We propose a framework composed of three key components: a privacy evaluator, a utility evaluator, and an optimization component.
  arXiv  Detail & Related papers  (2024-07-16T14:28:56Z)
• A Federated Learning Approach for Multi-stage Threat Analysis in Advanced Persistent Threat Campaigns [25.97800399318373]
  Multi-stage threats like advanced persistent threats (APT) pose severe risks by stealing data and destroying infrastructure. APTs use novel attack vectors and evade signature-based detection by obfuscating their network presence. This paper proposes a novel 3-phase unsupervised federated learning (FL) framework to detect APTs.
  arXiv  Detail & Related papers  (2024-06-19T03:34:41Z)
• Seagull: Privacy preserving network verification system [0.0]
  This paper introduces a novel approach to verify the correctness of configurations in the internet backbone governed by the BGP protocol. Not only does our proposed solution effectively address scalability concerns, but it also establishes a robust privacy framework.
  arXiv  Detail & Related papers  (2024-02-14T05:56:51Z)
• The Adversarial Implications of Variable-Time Inference [47.44631666803983]
  We present an approach that exploits a novel side channel in which the adversary simply measures the execution time of the algorithm used to post-process the predictions of the ML model under attack. We investigate leakage from the non-maximum suppression (NMS) algorithm, which plays a crucial role in the operation of object detectors. We demonstrate attacks against the YOLOv3 detector, leveraging the timing leakage to successfully evade object detection using adversarial examples, and perform dataset inference.
  arXiv  Detail & Related papers  (2023-09-05T11:53:17Z)
• RARE: Robust Masked Graph Autoencoder [45.485891794905946]
  Masked graph autoencoder (MGAE) has emerged as a promising self-supervised graph pre-training (SGP) paradigm. We propose a novel SGP method termed Robust mAsked gRaph autoEncoder (RARE) to improve the certainty in inferring masked data.
  arXiv  Detail & Related papers  (2023-04-04T03:35:29Z)
• ByzSecAgg: A Byzantine-Resistant Secure Aggregation Scheme for Federated Learning Based on Coded Computing and Vector Commitment [61.540831911168226]
  ByzSecAgg is an efficient secure aggregation scheme for federated learning.<n>ByzSecAgg is resistant to Byzantine attacks and privacy leakages.
  arXiv  Detail & Related papers  (2023-02-20T11:15:18Z)
• SaCoFa: Semantics-aware Control-flow Anonymization for Process Mining [4.806322013167162]
  We argue for privacy preservation that incorporates a process semantics. We show how, based on the exponential mechanism, semantic constraints are incorporated to ensure differential privacy of the query result.
  arXiv  Detail & Related papers  (2021-09-17T12:26:49Z)
• A Distance Measure for Privacy-preserving Process Mining based on Feature Learning [5.250561515565923]
  We show how embeddings of events enable the definition of a distance measure for traces to guide event log anonymization. Our experiments with real-world data indicate that anonymization using this measure, compared to a syntactic one, yields logs that are closer to the original log in various dimensions.
  arXiv  Detail & Related papers  (2021-07-14T09:44:28Z)
• Graph-Homomorphic Perturbations for Private Decentralized Learning [64.26238893241322]
  Local exchange of estimates allows inference of data based on private data. perturbations chosen independently at every agent, resulting in a significant performance loss. We propose an alternative scheme, which constructs perturbations according to a particular nullspace condition, allowing them to be invisible.
  arXiv  Detail & Related papers  (2020-10-23T10:35:35Z)
• CryptoSPN: Privacy-preserving Sum-Product Network Inference [84.88362774693914]
  We present a framework for privacy-preserving inference of sum-product networks (SPNs) CryptoSPN achieves highly efficient and accurate inference in the order of seconds for medium-sized SPNs.
  arXiv  Detail & Related papers  (2020-02-03T14:49:18Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.