Over the last several years, there has been an emerging interest in the development of wide-area data collection and analysis centers to help identify, track, and formulate responses to the ever-growing number of coordinated attacks and malware infections that plague computer networks worldwide. As large-scale network threats continue to evolve in sophistication and extend to widely deployed applications, we expect that interest in collaborative security monitoring infrastructures will continue to grow, because such attacks may not be easily diagnosed from a single point in the network. The intent of this position paper is not to argue the necessity of Internet-scale security data sharing infrastructures, as there is ample research [13, 48, 51, 54, 41, 47, 42] and operational examples [43, 17, 32, 53] that already make this case. Instead, we observe that these well-intended activities raise a unique set of risks and challenges.

We outline some of the most salient issues faced by global network security centers, survey proposed defense mechanisms, and pose several research challenges to the computer security community. We hope that this position paper will serve as a stimulus to spur groundbreaking new research in protection and analysis technologies that can facilitate the collaborative sharing of network security data while keeping data contributors safe and secure.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Rakesh Agrawal , Ramakrishnan Srikant, Privacy-preserving data mining, Proceedings of the 2000 ACM SIGMOD international conference on Management of data, p.439-450, May 15-18, 2000, Dallas, Texas, United States
	2	Back, A., Goldberg, I., and Shostack, A. Freedom Systems 2.1 security issues and analysis. http://www.freehaven.net/anonbib/cache/freedom21-security.pdf, May 2001.
	3	Adam Back , Ulf Möller , Anton Stiglic, Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems, Proceedings of the 4th International Workshop on Information Hiding, p.245-257, April 25-27, 2001
	4	Oliver Berthold , Hannes Federrath , Stefan Köpsell, Web MIXes: a system for anonymous and unobservable Internet access, International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability, p.115-129, January 2001, Berkeley, California, United States
	5	John Bethencourt , Jason Franklin , Mary Vernon, Mapping internet sensors with probe response attacks, Proceedings of the 14th conference on USENIX Security Symposium, p.13-13, July 31-August 05, 2005, Baltimore, MD
	6	Avrim Blum , Cynthia Dwork , Frank McSherry , Kobbi Nissim, Practical privacy: the SuLQ framework, Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 13-15, 2005, Baltimore, Maryland  [doi>10.1145/1065167.1065184]
	7	Burnside, M., and Keromytis, A. Low latency anonymity with mix rings. In Proc. 9th International Information Security Conference (ISC) (2006), pp. 32--45.
	8	Jan Camenisch , Anna Lysyanskaya, An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation, Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, p.93-118, May 06-10, 2001
	9	David L. Chaum, Untraceable electronic mail, return addresses, and digital pseudonyms, Communications of the ACM, v.24 n.2, p.84-90, Feb. 1981  [doi>10.1145/358549.358563]
	10	Chawla, S., Dwork, C., McSherry, F., Smith, A., and Wee, H. Towards privacy in public databases. In Proc. 2nd Theory of Cryptography Conference (TCC) (2005), pp. 363--385.
	11	Chung, S., and Mok, A. Allergy attack against automatic signature generation. In Proc. Recent Advances in Intrusion Detection: 9th International Symposium (RAID) (2006), pp. 61--80.
	12	Ian Clarke , Oskar Sandberg , Brandon Wiley , Theodore W. Hong, Freenet: a distributed anonymous information storage and retrieval system, International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability, p.46-66, January 2001, Berkeley, California, United States
	13	Hervé Debar , Andreas Wespi, Aggregation and Correlation of Intrusion-Detection Alerts, Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, p.85-103, October 10-12, 2001
	14	Dingledine, R., Mathewson, N., and Syverson, P. Reputation in P2P anonymity systems. In Proc. Workshop on Economics of Peer-to-Peer Systems (2003).
	15	Roger Dingledine , Nick Mathewson , Paul Syverson, Tor: the second-generation onion router, Proceedings of the 13th conference on USENIX Security Symposium, p.21-21, August 09-13, 2004, San Diego, CA
	16	Irit Dinur , Kobbi Nissim, Revealing information while preserving privacy, Proceedings of the twenty-second ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, p.202-210, June 09-11, 2003, San Diego, California  [doi>10.1145/773153.773173]
	17	DShield. http://www.dshield.org, 2006.
	18	Alexandre Evfimievski , Johannes Gehrke , Ramakrishnan Srikant, Limiting privacy breaches in privacy preserving data mining, Proceedings of the twenty-second ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, p.211-222, June 09-11, 2003, San Diego, California  [doi>10.1145/773153.773174]
	19	Xinwen Fu , Bryan Graham , Riccardo Bettati , Wei Zhao, On Effectiveness of Link Padding for Statistical Traffic Analysis Attacks, Proceedings of the 23rd International Conference on Distributed Computing Systems, p.340, May 19-22, 2003
	20	Carrie Gates , Michael Collins , Michael Duggan , Andrew Kompanek , Mark Thomas, More Netflow Tools for Performance and Security, Proceedings of the 18th USENIX conference on System administration, November 14-19, 2004, Atlanta, GA
	21	Krishnaram Kenthapadi , Nina Mishra , Kobbi Nissim, Simulatable auditing, Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 13-15, 2005, Baltimore, Maryland  [doi>10.1145/1065167.1065183]
	22	Jon Kleinberg , Christos Papadimitriou , Prabhakar Raghavan, Auditing Boolean attributes, Journal of Computer and System Sciences, v.66 n.1, p.244-253, 01 February 2003  [doi>10.1016/S0022-0000(02)00036-3]
	23	Tadayoshi Kohno , Andre Broido , K. C. Claffy, Remote Physical Device Fingerprinting, Proceedings of the 2005 IEEE Symposium on Security and Privacy, p.211-225, May 08-11, 2005  [doi>10.1109/SP.2005.18]
	24	Balachander Krishnamurthy , Subhabrata Sen , Yin Zhang , Yan Chen, Sketch-based change detection: methods, evaluation, and applications, Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement, October 27-29, 2003, Miami Beach, FL, USA  [doi>10.1145/948205.948236]
	25	Levine, B., Reiter, M., Wang, C., and Wright, M. Timing attacks in low-latency mix systems. In Proc. 8th International Conference on Financial Cryptography (2004), pp. 251--265.
	26	Patrick Lincoln , Phillip Porras , Vitally Shmatikov, Privacy-preserving sharing and correction of security alerts, Proceedings of the 13th conference on USENIX Security Symposium, p.17-17, August 09-13, 2004, San Diego, CA
	27	Lipmaa, H. Group signature schemes. http://www.cs.ut.ee/~lipmaa/crypto/link/signature/group.php, 2006.
	28	Locasto, M., Parekh, J., Keromytis, A., and Stolfo, S. Towards collaborative security and P2P intrusion detection. In Proc. IEEE Information Assurance Workshop (2005), pp. 333--339.
	29	David A. Maltz , Jibin Zhan , Geoffrey Xie , Hui Zhang , Gísli Hjálmtýsson , Albert Greenberg , Jennifer Rexford, Structure preserving anonymization of router configuration data, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy  [doi>10.1145/1028788.1028819]
	30	John McHugh , Carrie Gates, Locality: a new paradigm for thinking about normal behavior and outsider threat, Proceedings of the 2003 workshop on New security paradigms, August 18-21, 2003, Ascona, Switzerland  [doi>10.1145/986655.986657]
	31	Steven J. Murdoch , George Danezis, Low-Cost Traffic Analysis of Tor, Proceedings of the 2005 IEEE Symposium on Security and Privacy, p.183-195, May 08-11, 2005  [doi>10.1109/SP.2005.12]
	32	myNetWatchman. http://www.mynetwatchman.com, 2006.
	33	Arvind Narayanan , Vitaly Shmatikov, Obfuscated databases and group privacy, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA  [doi>10.1145/1102120.1102135]
	34	Newsome, J., Karp, B., and Song, D. Paragraph: Thwarting signature learning by training maliciously. In Proc. Recent Advances in Intrusion Detection: 9th International Symposium (RAID) (2006), pp. 81--105.
	35	Lasse Overlier , Paul Syverson, Locating Hidden Servers, Proceedings of the 2006 IEEE Symposium on Security and Privacy, p.100-114, May 21-24, 2006  [doi>10.1109/SP.2006.24]
	36	Ruoming Pang , Mark Allman , Vern Paxson , Jason Lee, The devil and packet trace anonymization, ACM SIGCOMM Computer Communication Review, v.36 n.1, January 2006  [doi>10.1145/1111322.1111330]
	37	Ruoming Pang , Vern Paxson, A high-level programming environment for packet trace anonymization and transformation, Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, August 25-29, 2003, Karlsruhe, Germany  [doi>10.1145/863955.863994]
	38	Roberto Perdisci , David Dagon , Wenke Lee , Prahlad Fogla , Monirul Sharif, MisleadingWorm Signature Generators Using Deliberate Noise Injection, Proceedings of the 2006 IEEE Symposium on Security and Privacy, p.17-31, May 21-24, 2006  [doi>10.1109/SP.2006.26]
	39	Andrei Serjantov , Roger Dingledine , Paul F. Syverson, From a Trickle to a Flood: Active Attacks on Several Mix Types, Revised Papers from the 5th International Workshop on Information Hiding, p.36-52, October 07-09, 2002
	40	Serjantov, A., and Sewell, P. Passive attack analysis for connection-based anonymity systems. In Proc. 8th European Symposium on Research in Computer Security (2003), vol. 2808 of LNCS, pp. 116--131.
	41	Slagell, A., and Yurcik, W. Sharing computer network logs for security and privacy: a motivation for new methodologies of anonymization. In Proc. SECOVAL: The Workshop on the Value of Security through Collaboration (2005).
	42	Spitzner, L. Know your enemy: Honeynets. http://project.honeynet.org/papers/honeynet, 2005.
	43	Symantec. DeepSight threat management system. http://tms.symantec.com, 2006.
	44	Paul Syverson , Gene Tsudik , Michael Reed , Carl Landwehr, Towards an analysis of onion routing security, International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability, p.96-114, January 2001, Berkeley, California, United States
	45	Tcpdpriv. Program for eliminating confidential information from traces. http://ita.ee.lbl.gov/html/contrib/tcpdpriv.html, 2006.
	46	Steven J. Templeton , Karl Levitt, A requires/provides model for computer attacks, Proceedings of the 2000 workshop on New security paradigms, p.31-38, September 18-21, 2000, Ballycotton, County Cork, Ireland  [doi>10.1145/366173.366187]
	47	Valdes, A., Fong, M., and Skinner, K. Data cube indexing of large-scale Infosec repositories. In Proc. Australian Computer Emergency Response Team Conference (2006).
	48	Alfonso Valdes , Keith Skinner, Probabilistic Alert Correlation, Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, p.54-68, October 10-12, 2001
	49	Kevin Walsh , Emin Gün Sirer, Experience with an object reputation system for peer-to-peer filesharing, Proceedings of the 3rd conference on Networked Systems Design & Implementation, p.1-1, May 08-10, 2006, San Jose, CA
	50	Wang, G. Bibliography on group-oriented signatures. http://www.i2r.a-star.edu.sg/icsd/staff/guilin/bible/group-oriented.htm, 2006.
	51	Dingbang Xu , Peng Ning, Privacy-Preserving Alert Correlation: A Concept Hierarchy Based Approach, Proceedings of the 21st Annual Computer Security Applications Conference, p.537-546, December 05-09, 2005  [doi>10.1109/CSAC.2005.45]
	52	Jun Xu , Jinliang Fan , Mostafa Ammar , Sue B. Moon, On the design and performance of prefix-preserving IP traffic trace anonymization, Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, November 01-02, 2001, San Francisco, California, USA  [doi>10.1145/505202.505234]
	53	Yegneswaran, V., Barford, P., and Plonka, D. On the design and use of Internet sinks for network abuse monitoring. In Proc. Recent Advances in Intrusion Detection: 7th International Symposium (RAID) (2004), pp. 146--165.
	54	Vinod Yegneswaran , Paul Barford , Johannes Ullrich, Internet intrusions: global characteristics and prevalence, Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, June 11-14, 2003, San Diego, CA, USA