Assessing Data Usefulness for Failure Analysis in Anonymized System Logs

TL;DR

This paper evaluates the effectiveness of a novel hashing-based anonymization method for system logs in high-performance computing systems, focusing on balancing data privacy with the ability to detect system failures.

Contribution

It introduces a new metric to assess data usefulness of anonymized logs and studies the applicability of collision-resistant hashing for failure analysis.

Findings

Hashing-based anonymization preserves key failure indicators.

The usefulness metric effectively evaluates anonymized log data.

The approach balances privacy with system failure detection capabilities.

Abstract

System logs are a valuable source of information for the analysis and understanding of systems behavior for the purpose of improving their performance. Such logs contain various types of information, including sensitive information. Information deemed sensitive can either directly be extracted from system log entries by correlation of several log entries, or can be inferred from the combination of the (non-sensitive) information contained within system logs with other logs and/or additional datasets. The analysis of system logs containing sensitive information compromises data privacy. Therefore, various anonymization techniques, such as generalization and suppression have been employed, over the years, by data and computing centers to protect the privacy of their users, their data, and the system as a whole. Privacy-preserving data resulting from anonymization via generalization and suppression may lead to significantly decreased data usefulness, thus, hindering the intended analysis for understanding the system behavior. Maintaining a balance between data usefulness and privacy preservation, therefore, remains an open and important challenge. Irreversible encoding of system logs using collision-resistant hashing algorithms, such as SHAKE-128, is a novel approach previously introduced by the authors to mitigate data privacy concerns. The present work describes a study of the applicability of the encoding approach from earlier work on the system logs of a production high performance computing system. Moreover, a metric is introduced to assess the data usefulness of the anonymized system logs to detect and identify the failures encountered in the system.