Packet anonymization using Bro

I read a research article about packet trace anonymization co-authored by a researcher from ICIR using Bro in its approach.
The paper:

A High-level Programming Environment for Packet Trace Anonymization and Transformation
Ruoming Pang, Department of Computer Science, Princeton University

Vern Paxson, International Computer Science Institute

To quote the authors, “We implemented the anonymizer as an extension to Bro [16], a network intrusion detection system, to take advantage of its application
parsers and its built-in language support for policy scripts.”

I am quite new to IDSs and have hardly touched Bro. But this work of packet anonymization concerns my research area and if Bro provides such functionality (or extensiblity) then I would love to explore it.
Can some Bro users point out to me if such an anonymizer is officially a part of Bro, or maybe as a third-party plug in? My research concerns Deep Packet Anonymization at IP layer and beyond for the headers and the payloads for P2P networks.


I don’t know how useful this will be, but I have attached a chapter of a book I wrote that provides a good survey of anonymization. You may find it useful, especially the references. However, it is a bit out of date (2008).

Regarding the anonymization capabilities of Bro, those no longer work in the 2.x series. You can try to merge them in and work through the errors, or use an old version of Bro.

:Adam Slagell

Slagell-4.doc (276 KB)

It indeed used to be part of Bro, but we've removed that part in 2.0
as it hadn't been maintained for quite a while. The last version which
had the code was 1.5.x, but it was already broken in there.


I think it was actually only broken if you enabled the connection compressor. I know there was someone using it at Case Western not too long ago.


I think I remember more issues, at least with the shipped anonymizer
scripts and I believe also with the interface to the HTTP parser. But
I don't recall the specifics.


Thank you all. This was good help me.