The enormous amount of traffic data gathered by network monitoring systems poses a serious threat on the privacy of the network customers. To face this issue, this paper promotes a new approach to privacy-preserving network monitoring. With concrete reference to a simplified anomaly detection scenario, we show how a monitoring application can be decomposed in two parts running in different components. A front-end stage is devised to capture raw (unprotected) packets and process them "on-the-fly" through performance/memory efficient data structures, and specifically Counting Bloom Filters. Captured packets are then cryptographically protected and delivered to a back-end stage along with suitably designed cryptographic material determined by the output of the counting filter. The system is conceived to technically restrict decryption only to data packets which are classified as belonging to a flow for which an anomalous behavior is suspected. The remaining traffic is by construction guaranteed that no further data processing nor, to some extent, statistical analysis may occur in the system back-end. Although the anomaly detection application used as operative reference throughout this work is somewhat simplified with respect to real-world approaches, the resulting problem is significantly more complex than traditional pattern searching techniques over encrypted data. Hence, albeit preliminary and with room for improvements, we believe that our proposed approach suggests new promising research directions in privacy-preserving network monitoring.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Douglas C. Sicker , Paul Ohm , Dirk Grunwald, Legal issues surrounding monitoring during network research, Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, p.141-148, October 24-26, 2007, San Diego, California, USA  [doi>10.1145/1298306.1298307]
	2	Article 29 Data Protection Working Party, WP 136, Opinion 4/2007 on the concept of personal data, 20 June, 2007; available at http://ec.europa.eu/justice_home/fsj/privacy/ docs/wpdocs/2007/wp136_en.pdf
	3	Ruoming Pang , Mark Allman , Vern Paxson , Jason Lee, The devil and packet trace anonymization, ACM SIGCOMM Computer Communication Review, v.36 n.1, January 2006  [doi>10.1145/1111322.1111330]
	4	William Yurcik , Clay Woolam , Greg Hellings , Latifur Khan , Bhavani Thuraisingham, Privacy/Analysis Tradeoffs in Sharing Anonymized Packet Traces: Single-Field Case, Proceedings of the 2008 Third International Conference on Availability, Reliability and Security, p.237-244, March 04-07, 2008  [doi>10.1109/ARES.2008.189]
	5	A. Hintz, "Fingerprinting Websites Using Traffic Analysis Privacy Enhancing Technologies", Proc. Privacy Enhancing Technologies (PET) Workshop, April 2002.
	6	G. Bissias, M. Liberatore, D. Jensen, B. Levine, "Privacy Vulnerabilities in Encrypted HTTP Streams", Proc. Privacy Enhancing Technologies (PET) Workshop, May 2005.
	7	M. Crotti, F. Gringoli, P. Pelosato, L. Salgarelli, "A statistical approach to IP-level classification of network traffic", IEEE International Conference on Communications, June 2006.
	8	B. Ribeiro, G. Miklau, D. Towsley, W. Chen, J. Jay, "Analyzing Privacy in Enterprise Packet Trace Anonymization", 15th Network & Distributed System Security Symp., San Diego, USA; Feb. 2008.
	9	M. Foukarakis, D. Antoniades, S. Antonatos, E. P. Markatos, "On the Anonymization and Deanonymization of NetFlow Traffic", Proc. of FloCon 2008. Jan. 2008, Savannah, USA.
	10	Cristian Estan , George Varghese, New directions in traffic measurement and accounting, Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications, August 19-23, 2002, Pittsburgh, Pennsylvania, USA
	11	Sriram Ramabhadran , George Varghese, Efficient implementation of a statistics counter architecture, Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, June 11-14, 2003, San Diego, CA, USA
	12	A. Broder, M. Mitzenmacher, "Network Applications of Bloom Filters: A Survey", Internet Mathematics, Volume 1, Issue 4, pp. 485--509, 2005.
	13	Flavio Bonomi , Michael Mitzenmacher , Rina Panigrahy , Sushil Singh , George Varghese, An improved construction for counting bloom filters, Proceedings of the 14th conference on Annual European Symposium, p.684-695, September 11-13, 2006, Zurich, Switzerland  [doi>10.1007/11841036_61]
	14	D. Ficara, S. Giordano, G. Procissi, F. Vitucci, "MultiLayer Compressed Counting Bloom Filters", 27th Conf. on Computer Commun, IEEE INFOCOM 2008, Phoenix, USA, April 2008.
	15	Adi Shamir, How to share a secret, Communications of the ACM, v.22 n.11, p.612-613, Nov. 1979  [doi>10.1145/359168.359176]
	16	Oded Goldreich , Shafi Goldwasser , Silvio Micali, How to construct random functions, Journal of the ACM (JACM), v.33 n.4, p.792-807, Oct. 1986  [doi>10.1145/6490.6503]
	17	S. Kelly, S. Frankel, "Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec", IETF Request for Comments, RFC 4868, May 2007.
	18	Dawn Xiaodong Song , David Wagner , Adrian Perrig, Practical Techniques for Searches on Encrypted Data, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.44, May 14-17, 2000
	19	Nikita Borisov , Ian Goldberg , David Wagner, Intercepting mobile communications: the insecurity of 802.11, Proceedings of the 7th annual international conference on Mobile computing and networking, p.180-189, July 2001, Rome, Italy  [doi>10.1145/381677.381695]