ONTAS: Flexible and Scalable Online Network Traffic Anonymization System

Access to packet traces is required not only to detect and diagnose various network issues related to performance and security, but also to train intelligent learning models enabling networks that can run themselves. However, packets in a network carry a lot of information which can be used to personally identify users and their online behavior. This requires network operators to anonymize packet traces before sharing them with other researchers and analysts. Existing tools anonymize packet traces in an offline manner, which incurs significant computational, storage, and memory overhead-limiting their ability to scale as the volume of the collected packet trace increases. In this paper, we present the design and implementation of an Online Network Traffic Anonymization System, ONTAS, which can flexibly anonymize packet traces in the data plane itself using modern PISA-based programmable switches.