Sheng Zhong,Zhiqiang Yang,Tingting Chen

DOI: https://doi.org/10.1016/j.ins.2009.05.004

IF: 8.1

2009-01-01

Information Sciences

Abstract:To protect individual privacy in data mining, when a miner collects data from respondents, the respondents should remain anonymous. The existing technique of Anonymity-Preserving Data Collection partially solves this problem, but it assumes that the data do not contain any identifying information about the corresponding respondents. On the other hand, the existing technique of Privacy-Enhancing k-Anonymization can make the collected data anonymous by eliminating the identifying information. However, it assumes that each respondent submits her data through an unidentified communication channel. In this paper, we propose k-Anonymous Data Collection, which has the advantages of both Anonymity-Preserving Data Collection and Privacy-Enhancing k-Anonymization but does not rely on their assumptions described above. We give rigorous proofs for the correctness and privacy of our protocol, and experimental results for its efficiency. Furthermore, we extend our solution to the fully malicious model, in which a dishonest participant can deviate from the protocol and behave arbitrarily.

Qian Wang,Zhiwei Xu,Shengzhi Qu

DOI: https://doi.org/10.4304/jsw.6.10.1945-1952

2011-01-01

Journal of Software

Abstract:k-anonymity is an important model in the field of privacy protection and it is an effective method to prevent privacy disclosure in micro-data release. However, it is ineffective for the attribute disclosure by the homogeneity attack. The existing models based on k-anonymity have solved this problem to a certain extent, but they did not distinguish the different values of the sensitive attribute, processed a series of unnecessary generalization and expanded the information loss when they protect the sensitive attribute. Based on k-anonymity, this paper proposed a model based on average leakage probability and probability difference of sensitive attribute value. It is not only an effective method to deal with the problem of attributes disclosure that k-anonymity cannot deal, but also to realize different levels of protection to the various sensitive attribute values. It has reduced the generalization to the data in the most possibility during the procedure and ensures the most effectiveness of quasi-identifier attributes. Greedy generalization algorithm based on the generalization information loss is also proposed in this paper. To choose the generalization attributes, the information loss is considered and the importance of generalization attribute to sensitive attribute is accounted as well. Comparison experiment and performance experiment are made to the proposed model. The experiment results show that the model is feasible.

Wei Jiang,Chris Clifton

DOI: https://doi.org/10.1007/s00778-006-0008-z

2006-08-05

The VLDB Journal

Abstract:Abstractk-anonymity provides a measure of privacy protection by preventing re-identification of data to fewer than a group of k data items. While algorithms exist for producing k-anonymous data, the model has been that of a single source wanting to publish data. Due to privacy issues, it is common that data from different sites cannot be shared directly. Therefore, this paper presents a two-party framework along with an application that generates k-anonymous data from two vertically partitioned sources without disclosing data from one site to the other. The framework is privacy preserving in the sense that it satisfies the secure definition commonly defined in the literature of Secure Multiparty Computation.

computer science, information systems, hardware & architecture

Sai Wu,Xiaoli Wang,Sheng Wang,Zhenjie Zhang,Anthony K. H. Tung

DOI: https://doi.org/10.1109/tkde.2013.93

IF: 9.235

2014-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:In crowdsourcing database, human operators are embedded into the database engine and collaborate with other conventional database operators to process the queries. Each human operator publishes small HITs (Human Intelligent Task) to the crowdsourcing platform, which consists of a set of database records and corresponding questions for human workers. The human workers complete the HITs and return the results to the crowdsourcing database for further processing. In practice, published records in HITs may contain sensitive attributes, probably causing privacy leakage so that malicious workers could link them with other public databases to reveal individual private information. Conventional privacy protection techniques, such as K-Anonymity , can be applied to partially solve the problem. However, after generalizing the data, the result of standard K-Anonymity algorithms may render uncontrollable information loss and affects the accuracy of crowdsourcing. In this paper, we first study the tradeoff between the privacy and accuracy for the human operator within data anonymization process. A probability model is proposed to estimate the lower bound and upper bound of the accuracy for general K-Anonymity approaches. We show that searching the optimal anonymity approach is NP-Hard and only heuristic approach is available. The second contribution of the paper is a general feedback-based K-Anonymity scheme. In our scheme, synthetic samples are published to the human workers, the results of which are used to guide the selection on anonymity strategies. We apply the scheme on Mondrian algorithm by adaptively cutting the dimensions based on our feedback results on the synthetic samples. We evaluate the performance of the feedback-based approach on U.S. census dataset, and show that given a predefined $K$ , our proposal outperforms standard K-Anonymity approaches on retaining the effectiveness of crowdsourcing.

Guofei Chai,Miao Xu,Wenyuan Xu,Zhiyun Lin

DOI: https://doi.org/10.1155/2012/648058

IF: 1.938

2012-01-01

International Journal of Distributed Sensor Networks

Abstract:Due to the shared nature of wireless communication media, a powerful adversary can eavesdrop on the entire radio communication in the network and obtain the contextual communication statistics, for example, traffic volumes, transmitter locations, and so forth. Such information can reveal the location of the sink around which the data traffic exhibits distinctive patterns. To protect the sink-location privacy from a powerful adversary with a global view, we propose to achieve k-anonymity in the network so that at least k entities in the network are indistinguishable to the nodes around the sink with regard to communication statistics. Arranging the location of k entities is complex as it affects two conflicting goals: the routing energy cost and the achievable privacy level, and both goals are determined by a nonanalytic function. We model such a positioning problem as a nonlinearly constrained nonlinear optimization problem. To tackle it, we design a generic-algorithm-based quasi-optimal (GAQO) method that obtains quasi-optimal solutions at quadratic time. The obtained solutions closely approximate the optima with increasing privacy requirements. Furthermore, to solve k-anonymity sink-location problems more efficiently, we develop an artificial potential-based quasi-optimal (APQO) method that is of linear time complexity. Our extensive simulation results show that both algorithms can effectively find solutions hiding the sink among a large number of network nodes.

Sheng Zhong

DOI: https://doi.org/10.3233/fi-2009-82

2009-01-01

Fundamenta Informaticae

Abstract:When a database owner needs to disclose her data, she can k-anonymize her data to protect the involved individuals' privacy. However, if the data is distributed between two owners, then it is an open question whether the two owners can jointly k-anonymize the union of their data, such that the information suppressed in one owner's data is not revealed to the other owner. In this paper, we study this problemof distributed k-anonymization. We have two major results: First, it is impossible to design an unconditionally private protocol that implements any normal k-anonymization function, where normal k-anonymization functions are a very broad class of k-anonymization functions. Second, we give an efficent protocol that implements a normal k-anonymization function and show that it is private against polynomial-time adversaries. Our results have many potential applications and can be extended to three or more parties.

Ting YANG,Zhi XUE,Yong SHI

DOI: https://doi.org/10.13274/j.cnki.hdzj.2016.12.002

2016-01-01

Abstract:By mining data,enterprise can provide more accurate,attentive service,obtaining greater benefits.But data mining also brings huge challenges,personal privacy is one of them.How to protect users' privacy information and to preserve data usability when mining data,privacy-preserving data publishing technology emerges.This article briefly describes its K-anonymity model,discusses sensitive attribute deeply,proposes joint sensitivity matrix.Finally combined with the clustering algorithm,it proposes the method.The result shows that it can really strengthen the protection of sensitive attribute privacy.

Jinling Song,Liming Huang,Gang Wang,Yan Kang,Haibin Liu

DOI: https://doi.org/10.3303/cet1546031

2015-01-01

Abstract:Even if k-anonymity model can prevent publishing data from disclosing privacy effectively and efficiently, due to the uneven distribution of the sensitive data, ordinary k-anonymization method cannot guarantee each tuple satisfying the personalized privacy requirement of it's data owner although the publishing table has been satisfied k-anonymity constraint. The reason which k-anonymity table fails to satisfy personalized privacy requirement is analyzed firstly, then Correlate degree of Sensitive Values, Leakage Collection, privacy disclosure metric and data quality metric are presented. At last an anonymization method satisfying personalized privacy requirements is presented, in which a utility-driven adaptive clustering method is proposed to partition tuples with similar best data quality.

Xianmang He,HuaHui Chen,Yefang Chen,Yihong Dong,Peng Wang,Zhenhua Huang

DOI: https://doi.org/10.1007/978-3-642-30217-6_34

2012-01-01

Abstract:Privacy is one of major concerns when data containing sensitive information needs to be released for ad hoc analysis, which has attracted wide research interest on privacy-preserving data publishing in the past few years. One approach of strategy to anonymize data is generalization. In a typical generalization approach, tuples in a table was first divided into many QI (quasi-identifier)-groups such that the size of each QI-group is no less than k . Clustering is to partition the tuples into many clusters such that the points within a cluster are more similar to each other than points in different clusters. The two methods share a common feature: distribute the tuples into many small groups. Motivated by this observation, we propose a clustering-based k -anonymity algorithm, which achieves k -anonymity through clustering. Extensive experiments on real data sets are also conducted, showing that the utility has been improved by our approach.

Wen Jin,Rong Ge,Weining Qian

DOI: https://doi.org/10.1007/11731139_72

2006-01-01

Abstract:The challenge of privacy-preserving data mining lies in respecting privacy requirements while discovering the original interesting patterns or structures. Existing methods loose the correlations among attributes by transforming the different attributes independently, or cannot guarantee the minimum abstraction level required by legal policies. In this paper, we propose a novel privacy-preserving transformation framework for distance-based mining operations based on the concept of privacy-preserving MicroClusters that satisfy a privacy constraint as well as a significance constraint. Our framework well extends the robustness of the state-of-the-art k-anonymity model by introducing a privacy constraint (minimum radius) while keeping its effectiveness by a significance constraint (minimum number of corresponding data records). The privacy-preserving MicroClusters are made public for data mining purposes, but the original data records are kept private. We present efficient methods for generating and maintaining privacy-preserving MicroClusters and show that data mining operations such as clustering can easily be adapted to the public data represented by MicroClusters instead of the private data records. The experiment demonstrates that the proposed methods achieve accurate clusterings results while preserving the privacy.

Zhiqiang Yang,Sheng Zhong,Rebecca N. Wright

DOI: https://doi.org/10.1145/1081870.1081909

2005-01-01

Abstract:ABSTRACTProtection of privacy has become an important problem in data mining. In particular, individuals have become increasingly unwilling to share their data, frequently resulting in individuals either refusing to share their data or providing incorrect data. In turn, such problems in data collection can affect the success of data mining, which relies on sufficient amounts of accurate data in order to produce meaningful results. Random perturbation and randomized response techniques can provide some level of privacy in data collection, but they have an associated cost in accuracy. Cryptographic privacy-preserving data mining methods provide good privacy and accuracy properties. However, in order to be efficient, those solutions must be tailored to specific mining tasks, thereby losing generality.In this paper, we propose efficient cryptographic techniques for online data collection in which data from a large number of respondents is collected anonymously, without the help of a trusted third party. That is, our solution allows the miner to collect the original data from each respondent, but in such a way that the miner cannot link a respondent's data to the respondent. An advantage of such a solution is that, because it does not change the actual data, its success does not depend on the underlying data mining problem. We provide proofs of the correctness and privacy of our solution, as well as experimental data that demonstrates its efficiency. We also extend our solution to tolerate certain kinds of malicious behavior of the participants.

Manish Kesarwani,Akshar Kaul,Stefano Braghin,Naoise Holohan,Spiros Antonatos

DOI: https://doi.org/10.48550/arXiv.2108.04780

2021-08-11

Abstract:Data protection algorithms are becoming increasingly important to support modern business needs for facilitating data sharing and data monetization. Anonymization is an important step before data sharing. Several organizations leverage on third parties for storing and managing data. However, third parties are often not trusted to store plaintext personal and sensitive data; data encryption is widely adopted to protect against intentional and unintentional attempts to read personal/sensitive data. Traditional encryption schemes do not support operations over the ciphertexts and thus anonymizing encrypted datasets is not feasible with current approaches. This paper explores the feasibility and depth of implementing a privacy-preserving data publishing workflow over encrypted datasets leveraging on homomorphic encryption. We demonstrate how we can achieve uniqueness discovery, data masking, differential privacy and k-anonymity over encrypted data requiring zero knowledge about the original values. We prove that the security protocols followed by our approach provide strong guarantees against inference attacks. Finally, we experimentally demonstrate the performance of our data publishing workflow components.

Cryptography and Security

Tiancheng Li,Ninghui Li

DOI: https://doi.org/10.1016/j.datak.2007.06.015

IF: 1.5

2008-01-01

Data & Knowledge Engineering

Abstract:When releasing microdata for research purposes, one needs to preserve the privacy of respondents while maximizing data utility. An approach that has been studied extensively in recent years is to use anonymization techniques such as generalization and suppression to ensure that the released data table satisfies the k-anonymity property. A major thread of research in this area aims at developing more flexible generalization schemes and more efficient searching algorithms to find better anonymizations (i.e., those that have less information loss).

Hitesh Chhinkaniwala,Sanjay Garg

DOI: https://doi.org/10.48550/arXiv.1403.5250

2014-03-20

Abstract:Huge volume of data from domain specific applications such as medical, financial, telephone, shopping records and individuals are regularly generated. Sharing of these data is proved to be beneficial for data mining application. Since data mining often involves data that contains personally identifiable information and therefore releasing such data may result in privacy breaches. On one hand such data is an important asset to business decision making by analyzing it. On the other hand data privacy concerns may prevent data owners from sharing information for data analysis. In order to share data while preserving privacy, data owner must come up with a solution which achieves the dual goal of privacy preservation as well as accuracy of data mining task mainly clustering and classification. Privacy Preserving Data Publishing (PPDP) is a study of eliminating privacy threats like linkage attack while preserving data utility by anonymizing data set before publishing. Proposed work is an extension to k-anonymization where Privacy Gain (PrGain) has been computed for selective anonymization for set of tuples. Classification and clustering characteristics of original data and anonymized data using proposed algorithm have been evaluated in terms of information loss, execution time, and privacy achieved. Algorithm has been processed against standard data sets and analysis shows that values for sensitive attributes are being preserved with minimal information loss.

Methodology,Cryptography and Security

Khaled El Emam,Fida Kamal Dankar

DOI: https://doi.org/10.1197/jamia.M2716

Abstract:Objective: There is increasing pressure to share health information and even make it publicly available. However, such disclosures of personal health information raise serious privacy concerns. To alleviate such concerns, it is possible to anonymize the data before disclosure. One popular anonymization approach is k-anonymity. There have been no evaluations of the actual re-identification probability of k-anonymized data sets. Design: Through a simulation, we evaluated the re-identification risk of k-anonymization and three different improvements on three large data sets. Measurement: Re-identification probability is measured under two different re-identification scenarios. Information loss is measured by the commonly used discernability metric. Results: For one of the re-identification scenarios, k-Anonymity consistently over-anonymizes data sets, with this over-anonymization being most pronounced with small sampling fractions. Over-anonymization results in excessive distortions to the data (i.e., high information loss), making the data less useful for subsequent analysis. We found that a hypothesis testing approach provided the best control over re-identification risk and reduces the extent of information loss compared to baseline k-anonymity. Conclusion: Guidelines are provided on when to use the hypothesis testing approach instead of baseline k-anonymity.

Raymond Chi-Wing Wong,Yubao Liu,Jian Yin,Zhilan Huang,Ada Wai-Chee Fu,Jian Pei

DOI: https://doi.org/10.1007/978-3-540-72524-4_75

2007-01-01

Abstract:Privacy-preserving data publication for data mining is to protect sensitive information of individuals in published data while the distortion to the data is minimized. Recently, it is shown that (α, k )- anonymity is a feasible technique when we are given some sensitive attribute(s) and quasi-identifier attributes. In previous work, generalization of the given data table has been used for the anonymization. In this paper, we show that we can project the data onto two tables for publishing in such a way that the privacy protection for (α, k )-anonymity can be achieved with less distortion. In the two tables, one table contains the undisturbed non-sensitive values and the other table contains the undisturbed sensitive values. Privacy preservation is guaranteed by the lossy join property of the two tables. We show by experiments that the results are better than previous approaches.

Fagen Song,Tinghuai Ma,Yuan Tian,Mznah Al-Rodhaan

DOI: https://doi.org/10.1109/access.2019.2919165

IF: 3.9

2019-01-01

IEEE Access

Abstract:A new k-anonymous method which is different from traditional k-anonymous was proposed to solve the problem of privacy protection. Specifically, numerical data achieves k-anonymous by adding noises, and categorical data achieves k-anonymous by using randomization. Using the above two methods, the drawback that at least k elements must have the same quasi identifier in the k-anonymous data set has been solved. Since the process of finding anonymous equivalence is very time consuming, a two-step clustering method is used to divide the original data set into equivalence classes. First, the original data set is divided into several different sub-datasets, and then the equivalence classes are formed in the sub-datasets, thus greatly reducing the computational cost of finding anonymous equivalence classes. The experiments are conducted on three different data sets, and the results show that the proposed method is more efficient and the information loss of anonymous dataset is much smaller.

Jian Pei,Jian Xu,Zhibin Wang,Wei Wang,Ke Wang

DOI: https://doi.org/10.1109/ssdbm.2007.16

2007-01-01

Abstract:K-anonymity is a simple yet practical mechanismto protect privacy against attacks of re-identifying individuals by joining multiple public data sources. All existing methods achieving k-anonymity assume implicitly that the data objects to be anonymized are given once and fixed. However, in many applications, the real world data sources are dynamic. In this paper, we investigate the problem of maintaining k-anonymity against incremental updates, and propose a simple yet effective solution. We analyze how inferences from multiple releases may temper the k-anonymity of data, and propose the monotonic incremental anonymization property. The general idea is to progressively and consistently reduce the generalization granularity as incremental updates arrive. Our new approach guarantees the k-anonymity on each release, and also on the inferred table using multiple releases. At the same time, our new approach utilizes the more and more accumulated data to reduce the information loss.

Jinbao Wang,Yingshu Li,Donghua Yang,Hong Gao,Guangchun Luo,Jianzhong Li

DOI: https://doi.org/10.1109/access.2017.2766669

IF: 3.9

2017-01-01

IEEE Access

Abstract:Location-based services (LBS) leveraged by ubiquitous mobile devices have brought great convenience to mobile users in various aspects, including communication, information exchange, social activities, and so on. However, privacy concerns arise at the same time, since the users need to submit their locations and query contents to the LBS servers. To this end, location privacy and query privacy have been recognized. In particular, this paper focuses on query privacy for preventing the leakage of users' query contents. Cloaking region-based techniques using untrusted servers and client-based k-anonymity approaches have been devised to preserve query privacy in LBS. However, these works suffer from single point of failure or insufficiency of query privacy. To address this issue, we investigate effective k-anonymity-based solutions for query privacy in LBS. We formulate a probabilistic framework PkA, under which k-anonymity-based mechanisms can be initiated, and analyze a recent proposed algorithm DLS as an instance of PkA. An algorithm circle segment is presented to provide effective query privacy when query interests have similar prior probability. To obtain more effective query privacy in general cases, we propose two algorithms MEE and MER, which optimize two individual privacy metrics, denoted expected entropy and expected max-min ratio, adopted in this paper. We recognize two practical properties - No More Leakage and k-Effectiveness for effective query privacy, and our proposed algorithms satisfy both of No More Leakage and k-Effectiveness. We conduct evaluation based on real-life data sets and synthetic distributions of query interests, and the evaluation results demonstrate that our proposed algorithms produce significantly improved query privacy.

Yalong Dong,Zude Li,Xiaojun Ye

DOI: https://doi.org/10.1007/978-3-540-78849-2_28

2008-01-01

Abstract:In k-anonymity modeling process, it is widely assumed that a relational table of microdata is published with a single sensitive attribute. This assumption is too simple and unreasonable. We observe that multiple sensitive attributes in one or more tables may incur privacy inference violations that are not visible tinder the single sensitive attribute assumption. In this paper, a new (k, l)-anonymity model is introduced beyond the existed e-diversity mechanism, which is an improved microdata publication model that can effectively prevent these multiple-attributed privacy violations. The (k, e)-anonymity process consists of two phases: k-anonymization on identifying attributes and e-diversity on sensitive attributes. The related (k, l)-anonymity algorithms are proposed and the data generalization metric is provided for minimizing the anonymization cost. A running example illustrates this technique in detail, which also convinces its effectiveness.