Anonimização de Incidentes de Segurança com Reidentificação Controlada
Resumo
Este trabalho apresenta o AnonLFI, um framework híbrido para anonimizar relatos de incidentes de segurança escritos em linguagem natural. A proposta busca viabilizar o uso desses dados por Large Language Models (LLMs), ao mesmo tempo em que protege informações sensíveis da própria IA. O framework combina pseudoanonimização determinística, reconhecimento de entidades nomeadas (NER) e expressões regulares para tratar dados não estruturados, preservando o contexto original e permitindo reidentificação controlada quando necessário. O trabalho define requisitos específicos para anonimização reutilizável no contexto de CSIRTs, avalia ferramentas existentes e demonstra, com base na análise de 763 incidentes reais, que o framework alcança 97,38% de eficácia sem gerar falsos positivos. Os resultados demonstram a eficácia da ferramenta em anonimizar dados de incidentes de segurança reais, preservando o contexto e a utilidade das informações para análise.Referências
AI, E. (2025). spacy: Industrial-strength natural language processing. [link].
Aleroud, A., Yang, F., Pallaprolu, S. C., Chen, Z., and Karabatis, G. (2021). Anonymization of network traces data through condensation-based differential privacy. Digital Threats, 2(4).
ANT Lab, I. (2018). cryptopant ip address anonymization library. [link].
Face, H. (2025). Transformers documentation.
Fejrskov, M., Pedersen, J. M., and Vasilomanolakis, E. (2020). Cyber-security research by isps: A netflow and dns anonymization policy. In Cyber Security, pages 1–8.
Fisk, G., Ardi, C., Pickett, N., Heidemann, J., Fisk, M., and Papadopoulos, C. (2015). Privacy principles for sharing cyber security data. In IEEE S&P, pages 193–197. IEEE.
Github (2024). Ip recognizer has bugs when ipv6 contains double colon ‘::‘ · issue 1476 · microsoft/presidio.
Gunay, M., Keles, B., and Hizlan, R. (2024). Llms-in-the-loop part 2: Expert small ai models for anonymization and de-identification of phi across multiple languages.
Haber, A. C., Sax, U., and Prasser, F. (2022). Open tools for quantitative anonymization of tabular phenotype data: literature review. Briefings in Bioinformatics, 23.
Imperva (2025). What is data anonymization | pros, cons & common techniques. [link].
ISO/IEC/IEEE (2018). ISO/IEC/IEEE 29148:2018 - Systems and software engineering — Life cycle processes — Requirements engineering.
Koukis, D., Antonatos, S., Antoniades, D., Markatos, E., and Trimintzios, P. (2006). A generic anonymization framework for network traffic. In IEEE ECC, pages 2302–2309.
Majeed, A. and Lee, S. (2020). Anonymization techniques for privacy preserving data publishing: A comprehensive survey. IEEE access, 9:8512–8545.
Majeed, A. and Lee, S. (2021). Anonymization techniques for privacy preserving data publishing: A comprehensive survey. IEEE Access, 9:8512–8545.
Microsoft (2025). Presidio: Open-source pii anonymization and detection. [link].
Murthy, S., Bakar, A. A., Rahim, F. A., and Ramli, R. (2019). A comparative study of data anonymization techniques. In IEEE BigDataSecurity, pages 306–309. IEEE.
Plonka, D. (2003). ip2anonip. [link].
Portillo-Dominguez, A. O. and Ayala-Rivera, V. Towards an efficient log data protection in software systems through data minimization and anonymization. In 2019 7th CONISOFT.
Prasser, F., Kohlmayer, F., Spengler, H., and Kuhn, K. A. (2017). ARX - a comprehensive tool for anonymizing biomedical data. AMIA Annual Symposium Proceedings.
Rasic, A. (2020). Anonymization of event logs for network security monitoring. Master’s thesis, Concordia University. Unpublished.
Senavirathne, N. and Torra, V. (2020). On the role of data anonymization in machine learning privacy. In IEEE TrustCom, pages 664–675.
Slagell, A., Lakkaraju, K., and Luo, K. (2006). Flaim: A multi-level anonymization framework for computer and network logs.
Staab, R., Vero, M., Balunović, M., and Vechev, M. (2024). Large language models are advanced anonymizers. arXiv preprint arXiv:2402.13846.
Tempest (2021). Desmistificando a anonimização de dados | sidechannel. [link].
Templ, M., Kowarik, A., and Meindl, B. (2015). Statistical disclosure control for micro-data using the R package sdcMicro. Journal of Statistical Software, 67(4):1–36.
UFRGS (2022). A inteligência artificial generativa e a proteção dos dados pessoais, da privacidade e da propriedade intelectual.
Varanda, A., Santos, L., de C. Costa, R. L., Oliveira, A., and Rabadão, C. (2021). Log pseudonymization: Privacy maintenance in practice. Journal of Information Security and Applications, 63:103021.
Wiest, I. C., Wolf, F., Leßmann, M.-E., van Treeck, M., Ferber, D., Zhu, J., Boehme, H., Bressem, K. K., Ulrich, H., Ebert, M. P., et al. (2024). Llm-aix: An open source pipeline for information extraction from unstructured medical text based on privacy preserving large language models. medRxiv.
Wolf, T., Debut, L., Sanh, V., Chaumond, J., Delangue, C., Moi, A., Cistac, P., Rault, T., Louf, R., Funtowicz, M., and Brew, J. (2019). Huggingface’s transformers: State-of-the-art natural language processing. CoRR, abs/1910.03771.
Xu, J., Fan, J., Ammar, M., and Moon, S. B. (2001). On the design and performance of prefix-preserving ip traffic trace anonymization. In ACM SIGCOMM IMW.
Yan, B., Li, K., Xu, M., Dong, Y., Zhang, Y., Ren, Z., and Cheng, X. (2024). On protecting the data privacy of large language models (llms): A survey.
Yang, L., Tian, M., Xin, D., Cheng, Q., and Zheng, J. (2024). AI-driven anonymization: Protecting personal data privacy while leveraging machine learning.
Zhang, J., Borisov, N., and Yurcik, W. (2006). Outsourcing security analysis with anonymized logs. In 2006 Securecomm and Workshops, pages 1–9.
Aleroud, A., Yang, F., Pallaprolu, S. C., Chen, Z., and Karabatis, G. (2021). Anonymization of network traces data through condensation-based differential privacy. Digital Threats, 2(4).
ANT Lab, I. (2018). cryptopant ip address anonymization library. [link].
Face, H. (2025). Transformers documentation.
Fejrskov, M., Pedersen, J. M., and Vasilomanolakis, E. (2020). Cyber-security research by isps: A netflow and dns anonymization policy. In Cyber Security, pages 1–8.
Fisk, G., Ardi, C., Pickett, N., Heidemann, J., Fisk, M., and Papadopoulos, C. (2015). Privacy principles for sharing cyber security data. In IEEE S&P, pages 193–197. IEEE.
Github (2024). Ip recognizer has bugs when ipv6 contains double colon ‘::‘ · issue 1476 · microsoft/presidio.
Gunay, M., Keles, B., and Hizlan, R. (2024). Llms-in-the-loop part 2: Expert small ai models for anonymization and de-identification of phi across multiple languages.
Haber, A. C., Sax, U., and Prasser, F. (2022). Open tools for quantitative anonymization of tabular phenotype data: literature review. Briefings in Bioinformatics, 23.
Imperva (2025). What is data anonymization | pros, cons & common techniques. [link].
ISO/IEC/IEEE (2018). ISO/IEC/IEEE 29148:2018 - Systems and software engineering — Life cycle processes — Requirements engineering.
Koukis, D., Antonatos, S., Antoniades, D., Markatos, E., and Trimintzios, P. (2006). A generic anonymization framework for network traffic. In IEEE ECC, pages 2302–2309.
Majeed, A. and Lee, S. (2020). Anonymization techniques for privacy preserving data publishing: A comprehensive survey. IEEE access, 9:8512–8545.
Majeed, A. and Lee, S. (2021). Anonymization techniques for privacy preserving data publishing: A comprehensive survey. IEEE Access, 9:8512–8545.
Microsoft (2025). Presidio: Open-source pii anonymization and detection. [link].
Murthy, S., Bakar, A. A., Rahim, F. A., and Ramli, R. (2019). A comparative study of data anonymization techniques. In IEEE BigDataSecurity, pages 306–309. IEEE.
Plonka, D. (2003). ip2anonip. [link].
Portillo-Dominguez, A. O. and Ayala-Rivera, V. Towards an efficient log data protection in software systems through data minimization and anonymization. In 2019 7th CONISOFT.
Prasser, F., Kohlmayer, F., Spengler, H., and Kuhn, K. A. (2017). ARX - a comprehensive tool for anonymizing biomedical data. AMIA Annual Symposium Proceedings.
Rasic, A. (2020). Anonymization of event logs for network security monitoring. Master’s thesis, Concordia University. Unpublished.
Senavirathne, N. and Torra, V. (2020). On the role of data anonymization in machine learning privacy. In IEEE TrustCom, pages 664–675.
Slagell, A., Lakkaraju, K., and Luo, K. (2006). Flaim: A multi-level anonymization framework for computer and network logs.
Staab, R., Vero, M., Balunović, M., and Vechev, M. (2024). Large language models are advanced anonymizers. arXiv preprint arXiv:2402.13846.
Tempest (2021). Desmistificando a anonimização de dados | sidechannel. [link].
Templ, M., Kowarik, A., and Meindl, B. (2015). Statistical disclosure control for micro-data using the R package sdcMicro. Journal of Statistical Software, 67(4):1–36.
UFRGS (2022). A inteligência artificial generativa e a proteção dos dados pessoais, da privacidade e da propriedade intelectual.
Varanda, A., Santos, L., de C. Costa, R. L., Oliveira, A., and Rabadão, C. (2021). Log pseudonymization: Privacy maintenance in practice. Journal of Information Security and Applications, 63:103021.
Wiest, I. C., Wolf, F., Leßmann, M.-E., van Treeck, M., Ferber, D., Zhu, J., Boehme, H., Bressem, K. K., Ulrich, H., Ebert, M. P., et al. (2024). Llm-aix: An open source pipeline for information extraction from unstructured medical text based on privacy preserving large language models. medRxiv.
Wolf, T., Debut, L., Sanh, V., Chaumond, J., Delangue, C., Moi, A., Cistac, P., Rault, T., Louf, R., Funtowicz, M., and Brew, J. (2019). Huggingface’s transformers: State-of-the-art natural language processing. CoRR, abs/1910.03771.
Xu, J., Fan, J., Ammar, M., and Moon, S. B. (2001). On the design and performance of prefix-preserving ip traffic trace anonymization. In ACM SIGCOMM IMW.
Yan, B., Li, K., Xu, M., Dong, Y., Zhang, Y., Ren, Z., and Cheng, X. (2024). On protecting the data privacy of large language models (llms): A survey.
Yang, L., Tian, M., Xin, D., Cheng, Q., and Zheng, J. (2024). AI-driven anonymization: Protecting personal data privacy while leveraging machine learning.
Zhang, J., Borisov, N., and Yurcik, W. (2006). Outsourcing security analysis with anonymized logs. In 2006 Securecomm and Workshops, pages 1–9.
Publicado
01/09/2025
Como Citar
BANDEL, Carolina Tompsen; ESTEVES, João Pedro Ramires; GUERRA, Kalian Pereira; BERTHOLDO, Leandro M.; KREUTZ, Diego; MIANI, Rodrigo S..
Anonimização de Incidentes de Segurança com Reidentificação Controlada. In: SIMPÓSIO BRASILEIRO DE CIBERSEGURANÇA (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 97-113.
DOI: https://doi.org/10.5753/sbseg.2025.11433.
