AnonLFI 2.0: Extensible Architecture for PII Pseudonymization in CSIRTs with OCR and Technical Recognizers
Cristhian Kapelinski, Douglas Lautert, Beatriz Machado, Diego Kreutz
TL;DR
The paper addresses the challenge of preserving analytical utility while protecting PII in CSIRT data. It presents AnonLFI 2.0, a modular architecture that uses HMAC-SHA256 pseudonymization, structure-preserving processors, OCR for image-based PII, and specialized technical recognizers to enable reversible pseudonymization and federated data sharing. It extends the prior AnonLFI 1.0 with a four-component design, an OCR pipeline, native JSON/XML/XLSX processing, and an auditable CLI for re-identification, achieving strong precision and useful F1 scores in two case studies. The approach enhances security, data utility, and regulatory compliance for threat analytics and LLM training datasets, supporting scalable, auditable, and shareable cybersecurity datasets.
Abstract
This work presents AnonLFI 2.0, a modular pseudonymization framework for CSIRTs that uses HMAC SHA256 to generate strong and reversible pseudonyms, preserves XML and JSON structures, and integrates OCR and technical recognizers for PII and security artifacts. In two case studies involving OCR applied to PDF documents and an OpenVAS XML report, the system achieved perfect precision and F1 scores of 76.5 and 92.13, demonstrating its effectiveness for securely preparing complex cybersecurity datasets.