Privacy-Preserving Anonymization of System and Network Event Logs Using Salt-Based Hashing and Temporal Noise

TL;DR

This paper presents a set of novel anonymization techniques for system and network logs that protect privacy by obfuscating PII while maintaining the logs' usefulness for analysis.

Contribution

It introduces salt-based hashing for IP addresses, range-mapped hashing for ports, and an order-preserving timestamp scheme with noise, enabling privacy-preserving yet analyzable logs.

Findings

Effective privacy protection demonstrated through entropy and leakage metrics.

Preservation of log structure and utility confirmed by collision and correlation analysis.

Open-source tool facilitates practical deployment and reproducibility.

Abstract

System and network event logs are essential for security analytics, threat detection, and operational monitoring. However, these logs often contain Personally Identifiable Information (PII), raising significant privacy concerns when shared or analyzed. A key challenge in log anonymization is balancing privacy protection with the retention of sufficient structure for meaningful analysis. Overly aggressive anonymization can destroy contextual integrity, while weak techniques risk re-identification through linkage or inference attacks. This paper introduces novel field-specific anonymization methods that address this trade-off. For IP addresses, we propose a salt-based hashing technique applied at the per-octet level, preserving both subnet and host structure to enable correlation across various log entries while ensuring non-reversibility. For port numbers, full-value hashing with range mapping maintains interpretability. We also present an order-preserving timestamp anonymization scheme using adaptive noise injection, which obfuscates exact times without disrupting event sequences. An open-source tool implementing these techniques has been released to support practical deployment and reproducible research. Evaluations using entropy metrics, collision rates, and residual leakage analysis demonstrate that the proposed approach effectively protects privacy while preserving analytical utility.