Network Data is a valuable commodity. There is a great need of real-life network data both in research community as well as in the industry. Stakeholders of data are reluctant to part with it unless there exists high confidence that this will incur no loss of business, competitiveness, reputation, etc. Researchers want the data to forward research, accumulate grants, etc. In order to deal with both of these contradictory concerns traffic trace anonymization is the answer, which hides sensitive

more »

... nformation while preserves empirical value of the trace. However, the network data becomes invaluable when immediately available after a recent incident for inspection and analysis. Offline Anonymization of traffic traces poses a significant delay to these forensic activities along with other applications of the traffic capture. To make traffic capture immediately available as well as to eradicate security threat of the temporary storage of raw traffic capture, online anonymization is the only solution. Further, modern distributed, co-operative systems rely on shared traffic traces across multiple organizational boundaries. Not only must this data meet stringent timing constraints, but it must also address the potential privacy and security concerns that might arise. Typical traffic trace anonymization techniques are either too slow, requiring offline processing or do not address the ability of an attacker to conduct inference attacks in order to counter any obfuscation. In fact, many inference attacks like statistical finger-printing, known plain-text, port evaluation, traffic injection can survive the anonymization approach and can be iv used to de-anonymize the objects in the anonymized trace. The inherent graph structure of the trace becomes very handy in such attacks. Due to this significant need for real-time anonymization to defend against inference attacks we propose Real-time Netshuffle; a complete online graph distortion technique. Real-time Netshuffle provides an additional layer of security, in concert with other online network traffic trace anonymization schemes, while imposing only minimal damage to the empirical value of the data.