Differentially-Private Network Trace Analysis

  • Frank McSherry
  • Ratul Mahajan

Proceedings of SIGCOMM 2010 |

Published by Association for Computing Machinery, Inc.

We consider the potential for network trace analysis while providing the guarantees of “differential privacy.” While differential privacy provably obscures the presence or absence of individual records in a dataset, it has two major limitations: analyses must (presently) be expressed in a higher level declarative language; and the analysis results are randomized before returning to the analyst.

We report on our experiences conducting a diverse set of analyses in a differentially private manner. We are able to express all of our target analyses, though for some of them an approximate expression is required to keep the error-level low. By running these analyses on real datasets, we find that the error introduced for the sake of privacy is often (but not always) low even at high levels of privacy. We factor our learning into a toolkit that will be likely useful for other analyses. Overall, we conclude that differential privacy shows promise for a broad class of network analyses.

Publication Downloads

Differentially Private Network-Trace-Analysis Tools

August 18, 2010

Research and analysis related to computer networks is often hampered by the tension between the need for accurate network packet traces to study, and the concern that these traces may contain sensitive information. Starting from recent work on differential privacy, we have produced a toolkit and a collection of standard network trace analyses using these tools that guarantee differential privacy. The download demonstrates the tools, and how they can be used to analyze network trace data while providing strong privacy guarantees.

Download Data