Cyber-security research by ISPs: A NetFlow and DNS Anonymization Policy
| Title | Cyber-security research by ISPs: A NetFlow and DNS Anonymization Policy |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Fejrskov, M., Pedersen, J. M., Vasilomanolakis, E. |
| Date Published | June 2020 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-6428-1 |
| Keywords | anonymization, cyber-security, DNS, IPFIX, ISP, NetFlow, policy-based governance, privacy, pubcrawl, security policies |
| Abstract | Internet Service Providers (ISPs) have an economic and operational interest in detecting malicious network activity relating to their subscribers. However, it is unclear what kind of traffic data an ISP has available for cyber-security research, and under which legal conditions it can be used. This paper gives an overview of the challenges posed by legislation and of the data sources available to a European ISP. DNS and NetFlow logs are identified as relevant data sources and the state of the art in anonymization and fingerprinting techniques is discussed. Based on legislation, data availability and privacy considerations, a practically applicable anonymization policy is presented. |
| DOI | 10.1109/CyberSecurity49315.2020.9138869 |
| Citation Key | fejrskov_cyber-security_2020 |