Yongluan Zhou,Lidan Shou,Xuan Shang,Ke Chen

DOI: https://doi.org/10.1145/2675743.2771837

2015-01-01

Abstract:With the vision of the emergence of streaming data marketplaces, we study the problem of how to use a scalable dissemination infrastructure, composed by a number of brokers, to disseminate anonymized streaming data to a large number of clients. To satisfy the clients, who are trusted at different anonymity levels and have their own urgencies in requiring the data, we propose to deeply integrate the anonymization process into the dissemination infrastructure. More specifically, we extend the existing anonymization algorithms to derive the anonymity data from other anonymity data with different privacy constraints rather than only from the original microdata, in a technique which we call version derivation. With this flexibility, the anonymous data can be generated as needed, according to the available bandwidth, on the way from the data source to the end clients. Exploiting such new opportunities, we formulate the problem of dissemination planning which aims at minimizing the information loss of the disseminated data. Furthermore, we design two dissemination plan optimization strategies to solve the problem. The experimental study using both synthetic and real datasets verifies the effectiveness of our approach.

Kun Guo,Qishan Zhang

DOI: https://doi.org/10.1016/j.knosys.2013.03.007

IF: 8.139

2013-01-01

Knowledge-Based Systems

Abstract:Research on the anonymization of static data has made great progress in recent years. Generalization and suppression are two common technologies for quasi-identifiers' anonymization. However, the characteristics of data streams, such as potential infinity and high dynamicity, make the anonymization of data streams different from the anonymization of static data. The methods for static data anonymization cannot be directly applied to anonymizing data streams. In this paper, a novel k-anonymization approach for data streams based on clustering is proposed. In order to speed up the anonymization process and reduce the information loss, the new approach scans a stream in one turn to recognize and reuse the clusters satisfying the k-anonymity principle. The time constraints on tuple publication and cluster reuse, which are specific to data streams, are considered as well. Furthermore, the approach is improved to conform to the @?-diversity principle. The experiments conducted on the real datasets show that the proposed methods are both efficient and effective.

Qian Wang,Zhiwei Xu,Shengzhi Qu

DOI: https://doi.org/10.4304/jsw.6.10.1945-1952

2011-01-01

Journal of Software

Abstract:k-anonymity is an important model in the field of privacy protection and it is an effective method to prevent privacy disclosure in micro-data release. However, it is ineffective for the attribute disclosure by the homogeneity attack. The existing models based on k-anonymity have solved this problem to a certain extent, but they did not distinguish the different values of the sensitive attribute, processed a series of unnecessary generalization and expanded the information loss when they protect the sensitive attribute. Based on k-anonymity, this paper proposed a model based on average leakage probability and probability difference of sensitive attribute value. It is not only an effective method to deal with the problem of attributes disclosure that k-anonymity cannot deal, but also to realize different levels of protection to the various sensitive attribute values. It has reduced the generalization to the data in the most possibility during the procedure and ensures the most effectiveness of quasi-identifier attributes. Greedy generalization algorithm based on the generalization information loss is also proposed in this paper. To choose the generalization attributes, the information loss is considered and the importance of generalization attribute to sensitive attribute is accounted as well. Comparison experiment and performance experiment are made to the proposed model. The experiment results show that the model is feasible.

GUO Kun,ZHANG Qi-Shan

DOI: https://doi.org/10.3724/sp.j.1001.2013.04330

2013-01-01

Journal of Software

Abstract:In order to prevent the disclosure of sensitive information and protect users’ privacy,the generalization and suppression of technology is often used to anonymize the quasi-identifiers of the data before its sharing.Data streams are inherently infinite and highly dynamic which are very different from static datasets,so that the anonymization of data streams needs to be capable of solving more complicated problems.The methods for anonymizing static datasets cannot be applied to data streams directly.In this paper,an anonymization approach for data streams is proposed with the analysis of the published anonymization methods for data streams.This approach scans the data only once to recognize and reuse the clusters that satisfy the anonymization requirements for speeding up the anonymization process.Experimental results on the real dataset show that the proposed method can reduce the information loss that is caused by generalization and suppression and also satisfies the anonymization requirements and has low time and space complexity.

Elham Shamsinejad,Touraj Banirostam,Mir Mohsen Pedram,Amir Masoud Rahmani

DOI: https://doi.org/10.1007/s11265-024-01920-z

2024-05-26

Journal of Signal Processing Systems

Abstract:Big data privacy preservation is a critical challenge for data mining and data analysis. Existing methods for anonymizing big data streams using k-anonymity algorithms may cause high data loss, low data quality, and identity disclosure. In this paper, we propose a novel model for anonymizing big data streams using in-memory processing. The model uses a Spark framework to parallelize the anonymization process and a one-time clustering algorithm to avoid multiple iterations and allocate the data to optimal clusters. We evaluate the performance and effectiveness of the model using a real-world dataset and compare it with three popular k-anonymity algorithms: CRUE, Mean-Shift, and DBSCAN. The results show that the model has the lowest data loss and the highest data quality for different data sizes and k-values. The model is scalable, robust, adaptable, and flexible. The model can provide better data for data mining and data analysis while protecting data privacy and preventing data disclosure.

computer science, information systems,engineering, electrical & electronic

Nicolas Ruiz

2024-02-25

Abstract:Although the bulk of the research in privacy and statistical disclosure control is designed for static data, more and more data are often collected as continuous streams, and extensions of popular privacy tools and models have been proposed for this scenario. However, most of these proposals require buffers, where incoming individuals are momentarily stored, anonymized, and then released following a delay, thus considering a data stream as a succession of batches while it is by nature continuous. Having a delay unavoidably alters data freshness but also, more critically, inordinately exerts constraints on what can be achieved in terms of protection and information preservation. By considering randomized response, and specifically its recent bistochastic extension, in the context of dynamic data, this paper proposes a protocol for the anonymization of data streams that achieves zero delay while exhibiting formal privacy guarantees. Using a new tool in the privacy literature that introduces the concept of elementary plausible deniability, we show that it is feasible to achieve an atomic processing of individuals entering a stream, in-stead of proceeding by batches. We illustrate the application of the proposed approach by an empirical example.

Cryptography and Security

Sai Wu,Xiaoli Wang,Sheng Wang,Zhenjie Zhang,Anthony K. H. Tung

DOI: https://doi.org/10.1109/tkde.2013.93

IF: 9.235

2014-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:In crowdsourcing database, human operators are embedded into the database engine and collaborate with other conventional database operators to process the queries. Each human operator publishes small HITs (Human Intelligent Task) to the crowdsourcing platform, which consists of a set of database records and corresponding questions for human workers. The human workers complete the HITs and return the results to the crowdsourcing database for further processing. In practice, published records in HITs may contain sensitive attributes, probably causing privacy leakage so that malicious workers could link them with other public databases to reveal individual private information. Conventional privacy protection techniques, such as K-Anonymity , can be applied to partially solve the problem. However, after generalizing the data, the result of standard K-Anonymity algorithms may render uncontrollable information loss and affects the accuracy of crowdsourcing. In this paper, we first study the tradeoff between the privacy and accuracy for the human operator within data anonymization process. A probability model is proposed to estimate the lower bound and upper bound of the accuracy for general K-Anonymity approaches. We show that searching the optimal anonymity approach is NP-Hard and only heuristic approach is available. The second contribution of the paper is a general feedback-based K-Anonymity scheme. In our scheme, synthetic samples are published to the human workers, the results of which are used to guide the selection on anonymity strategies. We apply the scheme on Mondrian algorithm by adaptively cutting the dimensions based on our feedback results on the synthetic samples. We evaluate the performance of the feedback-based approach on U.S. census dataset, and show that given a predefined $K$ , our proposal outperforms standard K-Anonymity approaches on retaining the effectiveness of crowdsourcing.

Jianqiang Li,Ji-Jiang Yang,Yu Zhao,Bo Liu

DOI: https://doi.org/10.1080/17517575.2012.688223

2013-01-01

Enterprise Information Systems

Abstract:Data sharing in today's information society poses a threat to individual privacy and organisational confidentiality. k-anonymity is a widely adopted model to prevent the owner of a record being re-identified. By generalising and/or suppressing certain portions of the released dataset, it guarantees that no records can be uniquely distinguished from at least other k-1 records. A key requirement for the k-anonymity problem is to minimise the information loss resulting from data modifications. This article proposes a top-down approach to solve this problem. It first considers each record as a vertex and the similarity between two records as the edge weight to construct a complete weighted graph. Then, an edge cutting algorithm is designed to divide the complete graph into multiple trees/components. The Large Components with size bigger than 2k-1 are subsequently split to guarantee that each resulting component has the vertex number between k and 2k-1. Finally, the generalisation operation is applied on the vertices in each component (i.e. equivalence class) to make sure all the records inside have identical quasi-identifier values. We prove that the proposed approach has polynomial running time and theoretical performance guarantee O(k). The empirical experiments show that our approach results in substantial improvements over the baseline heuristic algorithms, as well as the bottom-up approach with the same approximate bound O(k). Comparing to the baseline bottom-up O(logk)-approximation algorithm, when the required k is smaller than 50, the adopted top-down strategy makes our approach achieve similar performance in terms of information loss while spending much less computing time. It demonstrates that our approach would be a best choice for the k-anonymity problem when both the data utility and runtime need to be considered, especially when k is set to certain value smaller than 50 and the record set is big enough to make the runtime have to be taken into account.

Lu Yang,Xingshu Chen,Yonggang Luo,Xiao Lan,Wei Wang

DOI: https://doi.org/10.26599/TST.2020.9010031

2022-01-01

Abstract:The prevalence of missing values in the data streams collected in real environments makes them impossible to ignore in the privacy preservation of data streams. However, the development of most privacy preservation methods does not consider missing values. A few researches allow them to participate in data anonymization but introduce extra considerable information loss. To balance the utility and privacy preservation of incomplete data streams, we present a utility-enhanced approach for Incomplete Data strEam Anonymization (IDEA). In this approach, a slide-window-based processing framework is introduced to anonymize data streams continuously, in which each tuple can be output with clustering or anonymized clusters. We consider the dimensions of attribute and tuple as the similarity measurement, which enables the clustering between incomplete records and complete records and generates the cluster with minimal information loss. To avoid the missing value pollution, we propose a generalization method that is based on maybe match for generalizing incomplete data. The experiments conducted on real datasets show that the proposed approach can efficiently anonymize incomplete data streams while effectively preserving utility.

Sheng Zhong,Zhiqiang Yang,Rebecca N. Wright

DOI: https://doi.org/10.1145/1065167.1065185

2005-01-01

Abstract:In order to protect individuals' privacy, the technique of k -anonymization has been proposed to de-associate sensitive attributes from the corresponding identifiers. In this paper, we provide privacy-enhancing methods for creating k -anonymous tables in a distributed scenario. Specifically, we consider a setting in which there is a set of customers, each of whom has a row of a table, and a miner, who wants to mine the entire table. Our objective is to design protocols that allow the miner to obtain a k -anonymous table representing the customer data, in such a way that does not reveal any extra information that can be used to link sensitive attributes to corresponding identifiers, and without requiring a central authority who has access to all the original data. We give two different formulations of this problem, with provably private solutions. Our solutions enhance the privacy of k -anonymization in the distributed scenario by maintaining end-to-end privacy from the original customer data to the final k -anonymous results.

Shouling Ji,Weiqing Li,Mudhakar Srivatsa,Raheem Beyah

2014-01-01

Abstract:When people utilize social applications and services, their privacy suffers potential serious threat. In this paper, we present a novel, robust, and effective de-anonymization attack to mobility trace data and social data. First, we design a Unified Similarity (US) measurement which takes account of local and global structural characteristics of data, information obtained from auxiliary data, and knowledge inherited from on-going de-anonymization results. By analyzing the measurement on real data sets, we find that some data can potentially be de-anonymized accurately and the other can be de-anonymized in a coarse granularity. Utilizing this property, we present a US based De-Anonymization (DA) framework, which iteratively de-anonymizes data with accuracy guarantee. Then, to de-anonymize large scale data without the knowledge on the overlap size between the anonymized data and the auxiliary data, we generalize DA to an Adaptive De-Anonymization (ADA) framework. By smartly working on two core matching subgraphs, ADA achieves high de-anonymization accuracy and reduces computational overhead. Finally, we examine the presented de-anonymization attack on three well known mobility traces: St Andrews, Infocom06, and Smallblue, and three social data sets: ArnetMiner, Google+, and Facebook. The experimental results demonstrate that the presented de-anonymization framework is very effective and robust to noise. For instance, utilizing the knowledge of one seed mapping merely, 93.2% of the data in Smallblue can be successfully de-anonymized; utilizing the knowledge of ten seed mappings, August 13, 2014 DRAFT

Raymond Chi-Wing Wong,Yubao Liu,Jian Yin,Zhilan Huang,Ada Wai-Chee Fu,Jian Pei

DOI: https://doi.org/10.1007/978-3-540-72524-4_75

2007-01-01

Abstract:Privacy-preserving data publication for data mining is to protect sensitive information of individuals in published data while the distortion to the data is minimized. Recently, it is shown that (α, k )- anonymity is a feasible technique when we are given some sensitive attribute(s) and quasi-identifier attributes. In previous work, generalization of the given data table has been used for the anonymization. In this paper, we show that we can project the data onto two tables for publishing in such a way that the privacy protection for (α, k )-anonymity can be achieved with less distortion. In the two tables, one table contains the undisturbed non-sensitive values and the other table contains the undisturbed sensitive values. Privacy preservation is guaranteed by the lossy join property of the two tables. We show by experiments that the results are better than previous approaches.

Ping Zhao,Hongbo Jiang,Chen Wang,Haojun Huang

DOI: https://doi.org/10.1109/HPCC/SmartCity/DSS.2018.00106

2018-01-01

Abstract:Internet of Things (IoT) applications bring in a great convenience for human's life, but users' data privacy concern is the major barrier towards the development of IoT. k-Anonymity is a method to protect users' data privacy, but it is presently known to suffer from inference attacks. Thus far, existing work only relies on a number of experimental examples to validate k-anonymity's performance against inference attacks, and thereby lacks of a theoretical guarantee. To tackle this issue, in this paper we propose the first theoretical foundation that gives a non-asymptotic bound on the performance of k-anonymity against inference attacks, taking into consideration of adversaries' background information. The main idea is to first quantify adversaries' background information, and from the point of the view of adversaries, classify users' data into four kinds: independent with unknown data values, local dependent with unknown data values, independent with certain known data values, and local dependent with certain known data values. We then move one step further, theoretically proving the bound on the performance of k-anonymity corresponding to each of the four kinds of users' data through cooperating with the noiseless privacy. We argue that such a theoretical foundation links k-anonymity with noiseless privacy, theoretically proving k-anonymity provides noiseless privacy. Additionally, our work theoretically explains why k-anonymity is vulnerable to inference attacks using the modified Stein method. We believe that our work can bridge the gap between design and evaluation, enabling a designer to construct a more practical k-anonymity technique in real-life scenarios to resist inference attacks.<bold> </bold>

Fagen Song,Tinghuai Ma,Yuan Tian,Mznah Al-Rodhaan

DOI: https://doi.org/10.1109/access.2019.2919165

IF: 3.9

2019-01-01

IEEE Access

Abstract:A new k-anonymous method which is different from traditional k-anonymous was proposed to solve the problem of privacy protection. Specifically, numerical data achieves k-anonymous by adding noises, and categorical data achieves k-anonymous by using randomization. Using the above two methods, the drawback that at least k elements must have the same quasi identifier in the k-anonymous data set has been solved. Since the process of finding anonymous equivalence is very time consuming, a two-step clustering method is used to divide the original data set into equivalence classes. First, the original data set is divided into several different sub-datasets, and then the equivalence classes are formed in the sub-datasets, thus greatly reducing the computational cost of finding anonymous equivalence classes. The experiments are conducted on three different data sets, and the results show that the proposed method is more efficient and the information loss of anonymous dataset is much smaller.

Wei Jiang,Chris Clifton

DOI: https://doi.org/10.1007/s00778-006-0008-z

2006-08-05

The VLDB Journal

Abstract:Abstractk-anonymity provides a measure of privacy protection by preventing re-identification of data to fewer than a group of k data items. While algorithms exist for producing k-anonymous data, the model has been that of a single source wanting to publish data. Due to privacy issues, it is common that data from different sites cannot be shared directly. Therefore, this paper presents a two-party framework along with an application that generates k-anonymous data from two vertically partitioned sources without disclosing data from one site to the other. The framework is privacy preserving in the sense that it satisfies the secure definition commonly defined in the literature of Secure Multiparty Computation.

computer science, information systems, hardware & architecture

Manish Kesarwani,Akshar Kaul,Stefano Braghin,Naoise Holohan,Spiros Antonatos

DOI: https://doi.org/10.48550/arXiv.2108.04780

2021-08-11

Abstract:Data protection algorithms are becoming increasingly important to support modern business needs for facilitating data sharing and data monetization. Anonymization is an important step before data sharing. Several organizations leverage on third parties for storing and managing data. However, third parties are often not trusted to store plaintext personal and sensitive data; data encryption is widely adopted to protect against intentional and unintentional attempts to read personal/sensitive data. Traditional encryption schemes do not support operations over the ciphertexts and thus anonymizing encrypted datasets is not feasible with current approaches. This paper explores the feasibility and depth of implementing a privacy-preserving data publishing workflow over encrypted datasets leveraging on homomorphic encryption. We demonstrate how we can achieve uniqueness discovery, data masking, differential privacy and k-anonymity over encrypted data requiring zero knowledge about the original values. We prove that the security protocols followed by our approach provide strong guarantees against inference attacks. Finally, we experimentally demonstrate the performance of our data publishing workflow components.

Cryptography and Security

Jian Pei,Jian Xu,Zhibin Wang,Wei Wang,Ke Wang

DOI: https://doi.org/10.1109/ssdbm.2007.16

2007-01-01

Abstract:K-anonymity is a simple yet practical mechanismto protect privacy against attacks of re-identifying individuals by joining multiple public data sources. All existing methods achieving k-anonymity assume implicitly that the data objects to be anonymized are given once and fixed. However, in many applications, the real world data sources are dynamic. In this paper, we investigate the problem of maintaining k-anonymity against incremental updates, and propose a simple yet effective solution. We analyze how inferences from multiple releases may temper the k-anonymity of data, and propose the monotonic incremental anonymization property. The general idea is to progressively and consistently reduce the generalization granularity as incremental updates arrive. Our new approach guarantees the k-anonymity on each release, and also on the inferred table using multiple releases. At the same time, our new approach utilizes the more and more accumulated data to reduce the information loss.

Xianmang He,HuaHui Chen,Yefang Chen,Yihong Dong,Peng Wang,Zhenhua Huang

DOI: https://doi.org/10.1007/978-3-642-30217-6_34

2012-01-01

Abstract:Privacy is one of major concerns when data containing sensitive information needs to be released for ad hoc analysis, which has attracted wide research interest on privacy-preserving data publishing in the past few years. One approach of strategy to anonymize data is generalization. In a typical generalization approach, tuples in a table was first divided into many QI (quasi-identifier)-groups such that the size of each QI-group is no less than k . Clustering is to partition the tuples into many clusters such that the points within a cluster are more similar to each other than points in different clusters. The two methods share a common feature: distribute the tuples into many small groups. Motivated by this observation, we propose a clustering-based k -anonymity algorithm, which achieves k -anonymity through clustering. Extensive experiments on real data sets are also conducted, showing that the utility has been improved by our approach.

Md Ileas Pramanik,Raymond Y. K. Lau,Wenping Zhang

DOI: https://doi.org/10.1109/icebe.2016.024

2016-01-01

Abstract:With the rise of the Social Web, there is increasingly more tendency to share personal records, and even make them publicly available on the Internet. However, such a wide spread disclosure of personal data has raised serious privacy concerns. If the released dataset is not properly anonymized, individual privacy will be at great risk. K-anonymity is a popular and practical approach to anonymize datasets. In this study, we use a new clustering approach to achieve k-anonymity through enhanced data distortion that assures minimal information loss. During a clustering process, we include an additional constraint, minimal information loss, which is not incorporated into traditional clustering approaches. Our proposed algorithm supports a data release process such that data will not be distorted more than they are needed to achieve k-anonymity. We also develop more appropriate metrics for measuring the quality of generalization. The new metrics are suitable for both numeric and categorical attributes. Our experimental results show that the proposed algorithm causes significantly less information loss than existing clustering algorithms.

Rahul A. Patil,Pramod D. Patil

DOI: https://doi.org/10.1007/s11280-024-01244-9

2024-01-21

World Wide Web

Abstract:Because of the processing of continuous unstructured large streams of data, mining real-time streaming data is a more challenging research issue than mining static data. The privacy issue persists when sensitive data is included in streaming data. In recent years, there has been significant progress in research on the anonymization of static data. For the anonymization of quasi-identifiers, two typical strategies are generalization and suppression. However, the high dynamicity and potential infinite properties of the streaming data make it a challenging task. To end this, we propose a novel Efficient Approximation and Privacy Preservation Algorithms (EAPPA) framework in this paper to achieve efficient data pre-processing from the live streaming and its privacy preservation with minimum Information Loss (IL) and computational requirements. As the existing privacy preservation solutions for streaming data suffer from the challenges of redundant data, we first propose the efficient technique of data approximation with data pre-processing. We design the Flajolet Martin (FM) algorithm for robust and efficient approximation of unique elements in the data stream with a data cleaning mechanism. We fed the periodically approximated and pre-processed streaming data to the anonymization algorithm. Using adaptive clustering, we propose innovative k-anonymization and l-diversity privacy principles for data streams. The proposed approach scans a stream to detect and reuse clusters that fulfill the k-anonymity and l-diversity criteria for reducing anonymization time and IL. The experimental results reveal the efficiency of the EAPPA framework compared to state-of-art methods.

computer science, information systems, software engineering