[Bro] Packet anonymization using Bro

Slagell, Adam J slagell at illinois.edu
Fri Oct 12 07:42:10 PDT 2012

I don't know how useful this will be, but I have attached a chapter of a book I wrote that provides a good survey of anonymization. You may find it useful, especially the references. However, it is a bit out of date (2008).

Regarding the anonymization capabilities of Bro, those no longer work in the 2.x series. You can try to merge them in and work through the errors, or use an old version of Bro.

:Adam Slagell

On Oct 12, 2012, at 6:22 AM, Pratik Narang <pratik.cse.bits at gmail.com<mailto:pratik.cse.bits at gmail.com>> wrote:

I read a research article about packet trace anonymization co-authored by a researcher from ICIR using Bro in its approach.
The paper:
A High-level Programming Environment for Packet Trace Anonymization and Transformation
Ruoming Pang, Department of Computer Science, Princeton University
Vern Paxson, International Computer Science Institute

To quote the authors, "We implemented the anonymizer as an extension to Bro [16], a network intrusion detection system, to take advantage of its application
parsers and its built-in language support for policy scripts."

I am quite new to IDSs and have hardly touched Bro. But this work of packet anonymization concerns my research area and if Bro provides such functionality (or extensiblity) then I would love to explore it.
Can some Bro users point out to me if such an anonymizer is officially a part of Bro, or maybe as a third-party plug in? My research concerns Deep Packet Anonymization at IP layer and beyond for the headers and the payloads for P2P networks.


Bro mailing list
bro at bro-ids.org<mailto:bro at bro-ids.org>


Adam J. Slagell, CISO, CISSP
Chief Information Security Officer
National Center for Supercomputing Applications
University of Illinois at Urbana-Champaign

"Under the Illinois Freedom of Information Act (FOIA), any written communication to or from University employees regarding University business is a public record and may be subject to public disclosure."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20121012/fa3762d0/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Slagell-4.doc
Type: application/msword
Size: 282624 bytes
Desc: Slagell-4.doc
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20121012/fa3762d0/attachment.doc 

More information about the Bro mailing list