[logs] Re: Anonymizing System Logs

From: Stefano Zanero (zanero@private)
Date: Tue Jan 23 2007 - 10:03:17 PST


Tom Le wrote:

> Make sure you modify the timestamps.  

This would make the data less useful for people doing time sequence
analysis experiments (such as myself :)

> a static mapping.  But you do give away some security as some
> information can be reversed engineered from the logs with static
> mappings.

Same consideration as above applies !

> Finally, you can consider the concept of "polluting" your own data. 

You could apply the concepts of k-anonymity to this in some way, but I'd
advise against inserting noise... if you do any kind of analysis for new
pattern extraction algorithms, you'll end up with a lot of nonsense.

Stefano
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis



This archive was generated by hypermail 2.1.3 : Sun Jan 28 2007 - 17:25:28 PST