{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:25:54Z","timestamp":1750307154725,"version":"3.41.0"},"reference-count":54,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2008,12,26]],"date-time":"2008-12-26T00:00:00Z","timestamp":1230249600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001808","name":"Commission for Technology and Innovation","doi-asserted-by":"publisher","award":["project no. 11623.2 PFES-ES"],"award-info":[{"award-number":["project no. 11623.2 PFES-ES"]}],"id":[{"id":"10.13039\/501100001808","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004963","name":"Seventh Framework Programme","doi-asserted-by":"publisher","award":["G.A. no. 257315"],"award-info":[{"award-number":["G.A. no. 257315"]}],"id":[{"id":"10.13039\/501100004963","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2011,12]]},"abstract":"<jats:p>Today, there is a fundamental imbalance in cybersecurity. While attackers act more and more globally and coordinated, network defense is limited to examine local information only due to privacy concerns. To overcome this privacy barrier, we use secure multiparty computation (MPC) for the problem of aggregating network data from multiple domains. We first optimize MPC comparison operations for processing high volume data in near real-time by not enforcing protocols to run in a constant number of synchronization rounds. We then implement a complete set of basic MPC primitives in the SEPIA library. For parallel invocations, SEPIA's basic operations are between 35 and several hundred times faster than those of comparable MPC frameworks. Using these operations, we develop four protocols tailored for distributed network monitoring and security applications: the entropy, distinct count, event correlation, and top-k protocols. Extensive evaluation shows that the protocols are suitable for near real-time data aggregation. For example, our top-k protocol PPTKS accurately aggregates counts for 180,000 distributed IP addresses in only a few minutes. Finally, we use SEPIA with real traffic data from 17 customers of a backbone network to collaboratively detect, analyze, and mitigate distributed anomalies. Our work follows a path starting from theory, going to system design, performance evaluation, and ending with measurement. Along this way, it makes a first effort to bridge two very disparate worlds: MPC theory and network monitoring and security practices.<\/jats:p>","DOI":"10.1145\/2043628.2043632","type":"journal-article","created":{"date-parts":[[2011,12,27]],"date-time":"2011-12-27T15:22:22Z","timestamp":1324999342000},"page":"1-30","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":9,"title":["Privacy-preserving distributed network troubleshooting\u2014bridging the gap between theory and practice"],"prefix":"10.1145","volume":"14","author":[{"given":"Martin","family":"Burkhart","sequence":"first","affiliation":[{"name":"ETH Zurich"}]},{"given":"Xenofontas","family":"Dimitropoulos","sequence":"additional","affiliation":[{"name":"ETH Zurich"}]}],"member":"320","published-online":{"date-parts":[[2008,12,26]]},"reference":[{"volume-title":"Proceedings of the EUROCRYPT.","author":"Aggarval G.","key":"e_1_2_1_1_1","unstructured":"Aggarval , G. , Mishra , N. , and Pinkas , B . 2004. Secure Computation of the kth-Ranked Element . In Proceedings of the EUROCRYPT. Aggarval, G., Mishra, N., and Pinkas, B. 2004. Secure Computation of the kth-Ranked Element. In Proceedings of the EUROCRYPT."},{"volume-title":"Proceedings of the International Conference on Very Large Data Bases (VLDB).","author":"Akbarinia R.","key":"e_1_2_1_2_1","unstructured":"Akbarinia , R. , Pacitti , E. , and Valduriez , P . 2007. Best position algorithms for top-k queries . In Proceedings of the International Conference on Very Large Data Bases (VLDB). Akbarinia, R., Pacitti, E., and Valduriez, P. 2007. Best position algorithms for top-k queries. In Proceedings of the International Conference on Very Large Data Bases (VLDB)."},{"volume-title":"Proceedings of the Privacy Enhancing Technologies Symposium (PETS).","author":"Applebaum B.","key":"e_1_2_1_3_1","unstructured":"Applebaum , B. , Ringberg , H. , Freedman , M. J. , Caesar , M. , and Rexford , J . 2010. Collaborative, privacy-preserving data aggregation at scale . In Proceedings of the Privacy Enhancing Technologies Symposium (PETS). Applebaum, B., Ringberg, H., Freedman, M. J., Caesar, M., and Rexford, J. 2010. Collaborative, privacy-preserving data aggregation at scale. In Proceedings of the Privacy Enhancing Technologies Symposium (PETS)."},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/872757.872764"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/72981.72995"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/100216.100287"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455804"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/62212.62213"},{"volume-title":"Proceedings of the 14th USENIX Security Symposium.","author":"Bethencourt J.","key":"e_1_2_1_9_1","unstructured":"Bethencourt , J. , Franklin , J. , and Vernon , M . 2005. Mapping internet sensors with probe response attacks . In Proceedings of the 14th USENIX Security Symposium. Bethencourt, J., Franklin, J., and Vernon, M. 2005. Mapping internet sensors with probe response attacks. In Proceedings of the 14th USENIX Security Symposium."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-88313-5_13"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03549-4_20"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1644893.1644897"},{"volume-title":"Proceedings of INFOCOM.","author":"Brauckhoff D.","key":"e_1_2_1_13_1","unstructured":"Brauckhoff , D. , Salamatian , K. , and May , M . 2009b. Applying PCA for Traffic Anomaly Detection: Problems and Solutions . In Proceedings of INFOCOM. Brauckhoff, D., Salamatian, K., and May, M. 2009b. Applying PCA for Traffic Anomaly Detection: Problems and Solutions. In Proceedings of INFOCOM."},{"volume-title":"Proceedings of the International Conference on Computer Communications and Networks (ICCCN).","author":"Burkhart M.","key":"e_1_2_1_14_1","unstructured":"Burkhart , M. and Dimitropoulos , X . 2010. Fast privacy-preserving top-k queries using secret sharing . In Proceedings of the International Conference on Computer Communications and Networks (ICCCN). Burkhart, M. and Dimitropoulos, X. 2010. Fast privacy-preserving top-k queries using secret sharing. In Proceedings of the International Conference on Computer Communications and Networks (ICCCN)."},{"volume-title":"Proceedings of the 19th USENIX Security Symposium.","author":"Burkhart M.","key":"e_1_2_1_15_1","unstructured":"Burkhart , M. , Strasser , M. , Many , D. , and Dimitropoulos , X . 2010. SEPIA: Privacy-Preserving Aggregation of Multi-Domain Network Events and Statistics . In Proceedings of the 19th USENIX Security Symposium. Burkhart, M., Strasser, M., Many, D., and Dimitropoulos, X. 2010. SEPIA: Privacy-Preserving Aggregation of Multi-Domain Network Events and Statistics. In Proceedings of the 19th USENIX Security Symposium."},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/874063.875553"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/564691.564731"},{"volume-title":"Proceedings of the Network and Distributed Systems Society Symposium (NDSS). The Internet Society.","author":"Chow S. S. M.","key":"e_1_2_1_18_1","unstructured":"Chow , S. S. M. , Lee , J.-H. , and Subramanian , L . 2009. Two-party computation model for privacy-preserving queries over distributed databases . In Proceedings of the Network and Distributed Systems Society Symposium (NDSS). The Internet Society. Chow, S. S. M., Lee, J.-H., and Subramanian, L. 2009. Two-party computation model for privacy-preserving queries over distributed databases. In Proceedings of the Network and Distributed Systems Society Symposium (NDSS). The Internet Society."},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/11681878_15"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-00468-1_10"},{"volume-title":"Proceedings of the Theory of Cryptography Conference (TCC).","author":"Damg","key":"e_1_2_1_21_1","unstructured":"Damg &angst;rd, I., Meldgaard , S. , and Nielsen , J. B . 2011. Perfectly Secure Oblivious RAM Without Random Oracles . In Proceedings of the Theory of Cryptography Conference (TCC). Damg&angst;rd, I., Meldgaard, S., and Nielsen, J. B. 2011. Perfectly Secure Oblivious RAM Without Random Oracles. In Proceedings of the Theory of Cryptography Conference (TCC)."},{"key":"e_1_2_1_22_1","volume-title":"Proceedings of the ACM Conference on Information and Knowledge Management (CIKM).","author":"Duan Y.","year":"2009","unstructured":"Duan , Y. 2009 . Differential privacy for sum queries without external noise . In Proceedings of the ACM Conference on Information and Knowledge Management (CIKM). Duan, Y. 2009. Differential privacy for sum queries without external noise. In Proceedings of the ACM Conference on Information and Knowledge Management (CIKM)."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.5555\/1791834.1791836"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/237661.237715"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/375551.375567"},{"key":"e_1_2_1_26_1","volume-title":"Proceedings of the EUROCRYPT. Lecture Notes in Computer Science","volume":"3027","author":"Freedman M. J.","unstructured":"Freedman , M. J. , Nissim , K. , and Pinkas , B . 2004. Efficient private matching and set intersection . In Proceedings of the EUROCRYPT. Lecture Notes in Computer Science , vol. 3027 , Springer Berlin, 1--19. Freedman, M. J., Nissim, K., and Pinkas, B. 2004. Efficient private matching and set intersection. In Proceedings of the EUROCRYPT. Lecture Notes in Computer Science, vol. 3027, Springer Berlin, 1--19."},{"volume-title":"Proceedings of CRYPTO.","author":"Gennaro R.","key":"e_1_2_1_27_1","unstructured":"Gennaro , R. , Ishai , Y. , Kushilevitz , E. , and Rabin , T . 2002. On 2-round secure multiparty computation . In Proceedings of CRYPTO. Gennaro, R., Ishai, Y., Kushilevitz, E., and Rabin, T. 2002. On 2-round secure multiparty computation. In Proceedings of CRYPTO."},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/277697.277716"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/28395.28420"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1080091.1080118"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1179601.1179620"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1177080.1177099"},{"volume-title":"Proceedings of the 13th USENIX Security Symposium.","author":"Lincoln P.","key":"e_1_2_1_33_1","unstructured":"Lincoln , P. , Porras , P. , and Shmatikov , V . 2004. Privacy-preserving sharing and correlation of security alerts . In Proceedings of the 13th USENIX Security Symposium. Lincoln, P., Porras, P., and Shmatikov, V. 2004. Privacy-preserving sharing and correlation of security alerts. In Proceedings of the 13th USENIX Security Symposium."},{"volume-title":"Proceedings of the SIGCOMM Workshop on Hot Topics in Networking (HotNets). ACM.","author":"Machiraju S.","key":"e_1_2_1_34_1","unstructured":"Machiraju , S. and Katz , R. H . 2004. Verifying global invariants in multi-provider distributed systems . In Proceedings of the SIGCOMM Workshop on Hot Topics in Networking (HotNets). ACM. Machiraju, S. and Katz, R. H. 2004. Verifying global invariants in multi-provider distributed systems. In Proceedings of the SIGCOMM Workshop on Hot Topics in Networking (HotNets). ACM."},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/1005566.1005569"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1851182.1851199"},{"volume-title":"Proceedings of the Conference on Theory and Practice of Public Key Cryptography (PKC).","author":"Nishide T.","key":"e_1_2_1_37_1","unstructured":"Nishide , T. and Ohta , K . 2007. Multiparty computation for interval, equality, and comparison without bit-decomposition protocol . In Proceedings of the Conference on Theory and Practice of Public Key Cryptography (PKC). Nishide, T. and Ohta, K. 2007. Multiparty computation for interval, equality, and comparison without bit-decomposition protocol. In Proceedings of the Conference on Theory and Practice of Public Key Cryptography (PKC)."},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1162666.1162667"},{"volume-title":"Proceedings of INFOCOM.","author":"Ranjan S.","key":"e_1_2_1_39_1","unstructured":"Ranjan , S. , Shah , S. , Nucci , A. , Munaf\u00f2 , M. M. , Cruz , R. L. , and Muthukrishnan , S. M . 2007. Dowitcher: Effective worm detection and containment in the internet core . In Proceedings of INFOCOM. Ranjan, S., Shah, S., Nucci, A., Munaf\u00f2, M. M., Cruz, R. L., and Muthukrishnan, S. M. 2007. Dowitcher: Effective worm detection and containment in the internet core. In Proceedings of INFOCOM."},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2008.10.013"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/1162678.1162687"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/1111322.1111326"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/11935308_15"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/359168.359176"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1352664.1352673"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.28"},{"key":"e_1_2_1_48_1","unstructured":"SWITCH. The Swiss education and research network. http:\/\/www.switch.ch.  SWITCH. The Swiss education and research network. http:\/\/www.switch.ch."},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/1658939.1658972"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2011.07.008"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE.2005.112"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2008.167"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2005.82"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.5555\/1382436.1382751"},{"volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS).","author":"Yegneswaran V.","key":"e_1_2_1_55_1","unstructured":"Yegneswaran , V. , Barford , P. , and Jha , S . 2004. Global intrusion detection in the DOMINO overlay system . In Proceedings of the Network and Distributed System Security Symposium (NDSS). Yegneswaran, V., Barford, P., and Jha, S. 2004. Global intrusion detection in the DOMINO overlay system. In Proceedings of the Network and Distributed System Security Symposium (NDSS)."}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2043628.2043632","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2043628.2043632","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:54:19Z","timestamp":1750240459000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2043628.2043632"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,12,26]]},"references-count":54,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2011,12]]}},"alternative-id":["10.1145\/2043628.2043632"],"URL":"https:\/\/doi.org\/10.1145\/2043628.2043632","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"type":"print","value":"1094-9224"},{"type":"electronic","value":"1557-7406"}],"subject":[],"published":{"date-parts":[[2008,12,26]]},"assertion":[{"value":"2010-10-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2011-07-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2008-12-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}