Guided Research Proposal Anonymization of SNMP traces

Simple Network Management Protocol (SNMP) is a protocol to access management and control information of network devices. It is a very lightweight protocol capable of easily monitoring thousands of devices simultaneously. Therefore, SNMP is used extensively in enterprise networks and by ISPs, especially for monitoring purposes. It is believed that SNMP is used differently in different environments and various SNMP agents perform differently. People guess where possible problems might be and do optimizations for assumed bottlenecks. However, it is not understood how exactly SNMP performs in practice, what are the various interactions and where exactly the real problems are as there is no data available to the research community from operators of large networks. The operators are concerned about the privacy of their networks’ users and afraid of providing potential attackers with sensitive information about their network allowing for easier break-ins. The proposed project aims at anonymization of SNMP traces so that SNMP traces could be made available. Being able to remove sensitive data out of SNMP traffic traces and anonymize these traces in such a way that privacy or security of the originating network would not be endangered while still leaving enough information in the anonymized traces to be useful for network research, would be of great help. Obtaining these traces would help clarify how exactly SNMP is used, allow to study interaction patterns of different SNMP implementations, compare performance and evaluate different SNMP approaches.