Note: This metadata was prepared by the CRAWDAD team and verified by the data set (or tool) authors. We have made every effort to ensure its accuracy, but urge all users to consider the metadata and data carefully and be sure that their use in research is consistent with the nature and limitations of the data. We welcome any corrections.
This metadata was prepared based on the following reference(s):
|
version
| v. 2006-09-26
(prev version)
v. 2006-03-25
(equivalent to v0.8)
|
changes
since
v. 2006-03-05 | This release is stable enough and has been tested in Debian systems. |
|
bibtex
|
@MISC{tools-sanitize-generic-AnonTool-2006-09-26,
author = {D. Koukis and Spiros Antonatos and D. Antoniades and E. P. Markatos and P. Trimintzios and Michalis Fukarakis},
title = {{CRAWDAD} tool tools/sanitize/generic/AnonTool (v. 2006-09-26)},
howpublished = {Downloaded from http://crawdad.cs.dartmouth.edu/tools/sanitize/generic/AnonTool},
month = sep,
year = 2006
}
|
| metadata last modified | 2006-11-09 |
| summary | AnonTool, an open-source implementation of Anonymization API,
provides an easy to use, flexible and efficient library of functions that can
be used to anonymize live traffic, or packet traces in libpcap file format.
Currently, IP, TCP/UDP, HTTP, FTP and Netflow v5 and v9 are supported.
Three ready-to-use applications have been implemented on top of this library; one provides
basic anonymization functionality for the IP/TCP/UDP protocols, and two
more which can perform anonymization on every field of a Netflow datagram,
one for v5 and one for v9 respectively. |
| release date | 2006-09-26 |
|
web site
| http://www.ics.forth.gr/dcs/Activities/Projects/anontool.html |
|
wiki
|
go to the wiki page for this tool
|
| keyword | packet trace, tcpdump |
| authors | D. Koukis
Spiros Antonatos
D. Antoniades
E. P. Markatos
P. Trimintzios
Michalis Fukarakis
|
| license | /*
* anontool Copyright Notice, License and Disclaimer
*
* Copyright 2006 by Antonatos Spiros, Koukis Demetres and Foukarakis Michael
*
* Permission to use, copy, modify, and distribute this software and its
* documentation for any purpose and without fee is hereby granted, provided
* that the above copyright notice appear in all copies and that both the
* copyright notice and this permission notice and warranty disclaimer appear
* in supporting documentation, and that the names of the authors not be used
* in advertising or publicity pertaining to distribution of the software without
* specific, written prior permission.
*
* The authors disclaim all warranties with regard to this software, including all
* implied warranties of merchantability and fitness. In no event shall we be liable
* for any special, indirect or consequential damages or any damages whatsoever
* resulting from loss of use, data or profits, whether in an action of contract,
* negligence or other tortious action, arising out of or in connection with the
* use or performance of this software.
*/ |
| support | The tool is being maintained by mfukar@ics.forth.gr and antonat@ics.forth.gr.
Please report any bugs you come across.
Autoconf and automake support are currently on their way.
If you want anonymization for another protocol to be implemented, drop us a line,
we might even consider it. Be informed, however, that the tool was designed with
the thought of new protocols being added constantly in mind, so it follows a simple
modular architecture to allow this, without requiring extensive knowledge of the code. |
| build | Compilation:
-Just make :) (pcap, libnet, pcre libraries needed)
Debian users can do : apt-get install libnet1 libpcre3 libpcap0.8
to install dependencies
-anonlib.so is the shared library containing the anonymization framework.
-There are 3 anonymization applications provided, in the folder applications/
-Also in the applications/ folder, are included 2 small tcpdump traces for testing
(small_trace -> various TCP traffic, netflow_v9_small -> what it says) |
| output | anonymized network traces |
| parameters | see the usage for details |
| usage | The first of these, is a sample application that uses the framework in order to anonymize TCP and UDP packets.
The tool is able to anonymize IP addresses, tcp ports, TCP/UDP payload, checksums, IP options, as well as printing
the packets. The application reads packets from a pcap trace file or from an network interface and dumps the anonymized
packets to a pcap file. Note that -f or -i option must preceed all other options
./anon_packets [ -f input_file | -i interface ] [-a -t -d -c -z -p -h] output
-a ANONYMIZE IP addresses (PREFIX, MAP, ZERO)
-t ANONYMIZE TCP ports (MAP, ZERO)
-d ANONYMIZE TCP/UDP payload (STRIP, ZERO, HASH)
-c Fix checksums
-z Zero tcp and ip options
-p Print anonymized packets
-h Print this help message
Examples:
1) Prefix-preserving anonymization for IP addressses, mapping to intergers for TCP ports, zero TCP/IP options,
replace TCP/UDP payload with hash and fix checksums. Read packets from pcap file input_file and dump anonymized
packets to pcap file output_file
./anon_packets -f input_file -c -z -a PREFIX -t MAP -d HASH output_file
2) Map IP addressses to integers, zero TCP/IP options, remove TCP/UDP payload with hash, fix checksums and print
anonymized packets.Read packets from eth0 interface and dump anonymized packets to pcap file output_file
./anon_packets -i eth0 -p -c -z -a MAP -d STRIP output_file |
| usage | The second and third applications are able to perform anonymization of Netflow datagrams, as exported by a Cisco router. The Netflow
datagram export format is defined in excruciating detail here:
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_white_paper09186a00800a3db9.shtml (version 9)
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/nfc/nfc_3_0/nfc_ug/nfcform.htm (version 5, amongst others)
Every field that might be included in a Netflow datagram can be anonymized. The application, as probably expected, can read from a pcap
compatible trace file or a live NIC and dump the anonymized packets to a pcap compatible file.
One could as easily feed the file to another NIC through the use of UNIX pipes and tools such as tcpreplay.
Run ./anonymize_netflow_v9 or ./anonymize_netflow_v5 for a message explaining the usage of those 2 applications. Most options
are common with previous two applications |
| algorithm | The key point is configurability where the user can define
any anonymization policy as a series of functions that are
applied on packets. Our main design goal is to facilitate
the development of custom anonymization tools, that are able
to implement both simple and complex policies, in only a few
lines of simple code. The usefulness of the output trace
depends solely on the decisions of the user and the anonymization
policy that is defined and is not addressed in this work.
The major advantage of our framework is that it works up
to application-level offering a large set of anonymization
primitives and in parallel trying to optimize the necessary
functions. All in all this work constitutes currently the most
complete framework for anonymization of realtime traffic
and offline traces. Furthermore, the framework is implemented
in a modular way so it is fully extensible in terms
of functionality, protocols and new traffic sources. Finally,
we measured the performance of our anonymization primitives
and their combination. Our results have shown that in
most commonly used policies, AAPI outperforms existing
similar applications, which offer only a subset of the AAPI
functionality.
For detailed algorithm, please refer to [koukis-anonymization].
Also, please read the API.txt (linked below) for the API
documentation. It contains all needed fields and functions to develop
you own applications along with source code of a sample application. |
| download url | Download (330 KB tar.gz) from US UK |
| download url | Download (9 KB API document) from US UK |
| limitation | |
|
category
| inproceedings |
| authors | D. Koukis
S. Antonatos
D. Antoniades
E.P. Markatos
P. Trimintzios
|
| title | A Generic Anonymization Framework for Network Traffic |
| booktitle | Proceedings of the IEEE International Conference on Communications (ICC) |
| month | --06-- |
| year | 2006 |
| volume | 5 |
| address | Istanbul, Turkey |
| publisher | IEEE Computer Society Press |
| download url | http://www.ics.forth.gr/dcs/Activities/papers/anon.icc06.pdf |
| abstract | Lack of trust is one of the main reasons for the limited cooperation between
different organizations. The privacy of users is of paramount importance to
administrators and organizations, which are reluctant to cooperate between each
other and exchange network traffic traces. The main reasons behind reluctance
to exchange monitored data are the protection of the users's privacy and the
fear of information leakage about the internal infrastructure. Anonymization is
the technique to overcome this reluctance and enhance the cooperation between
different organizations with the smooth exchange of monitored data. Today,
several organizations provide network traffic traces that are anonymized by
software utilities or ad-hoc solutions that offer limited flexibility. The
result of this approach is the creation of unrealistic traces, inappropriate
for use in evaluation experiments. Furthermore, the need for fast on-line
anonymization has recently emerged as cooperative defense mechanisms have to
share network traffic. Our effort focuses on the design and implementation of a
generic and flexible anonymization framework that provides extended
functionality, covering multiple aspects of anonymization needs and allowing
fine-tuning of privacy protection level. The proposed framework is composed by
an anonymization application programming interface (AAPI). The performance
results show that AAPI outperforms existing tools, while offering significantly
more anonymization primitives. |
| keywords | measurement |
| keywords | wireless |
| keywords | tools_sanitize_generic_AnonTool |
| keywords | crawdad |
| related data/tools | tools/sanitize/generic/AnonTool
|
