Xuan Ding,Lan Zhang,Zhiguo Wan,Ming Gu

DOI: https://doi.org/10.1109/glocom.2011.6133607

2011-01-01

Abstract:Online social network data are increasingly made publicly available to third parties. Recent studies show that it is possible to recover sensitive information from the released data and several anonymization techniques have been proposed to protect individual privacy. However, most of the existing defenses have focused on ``one-time'' releases and do not take into consideration the re- publication of dynamic social network data. Re- publishing data periodically is a natural result of social network evolution and an emerging requirement of dynamic social network analysis. In this paper, we show that by utilizing correlations between sequential releases, the adversary can achieve high precision in de-anonymization of the released data, suppressing the uncertainty of re-identifying each release separately and synthesizing the results afterwards. Besides, we combine structural knowledge with node attributes to compromise graph modification based defenses. With experiments on real data, this work is the first to demonstrate feasibility of de-anonymizing dynamic social networks and should arouse concern for future works on privacy preservation in social network data publishing.

Wei-Han Lee,Changchang Liu,Shouling Ji,Prateek Mittal,Ruby Lee

DOI: https://doi.org/10.5220/0006192501260135

2017-01-01

Abstract:The risks of publishing privacy-sensitive data have received considerable attention recently. Several de-anonymization attacks have been proposed to re-identify individuals even if data anonymization techniques were applied. However, there is no theoretical quantification for relating the data utility that is preserved by the anonymization techniques and the data vulnerability against de-anonymization attacks. In this paper, we theoretically analyze the de-anonymization attacks and provide conditions on the utility of the anonymized data (denoted by anonymized utility) to achieve successful de-anonymization. To the best of our knowledge, this is the first work on quantifying the relationships between anonymized utility and de-anonymization capability. Unlike previous work, our quantification analysis requires no assumptions about the graph model, thus providing a general theoretical guide for developing practical de-anonymization/anonymization techniques. Furthermore, we evaluate state-of-the-art de-anonymization attacks on a real-world Facebook dataset to show the limitations of previous work. By comparing these experimental results and the theoretically achievable de-anonymization capability derived in our analysis, we further demonstrate the ineffectiveness of previous de-anonymization attacks and the potential of more powerful de-anonymization attacks in the future.

Honglu Jiang,Jiguo Yu,Chunqiang Hu,Cheng Zhang,Xiuzhen Cheng

DOI: https://doi.org/10.1016/j.procs.2018.03.089

2018-01-01

Procedia Computer Science

Abstract:The data of social networks contains a large amount of personal information, of which may be public or insignificant, but some may be sensitive and private. Once the user privacy leaked, it may bring a variety of troubles for users. Holders of social networking data first conduct anonymization before the data is published. However, the simple anonymity method does not play a very good protection. At present, a number of de-anonymization attacks for the data releasing of social networks have arisen. These de-anonymization attacks are mostly based on the network structure with the use of feature matching and other methods. In this paper, we model the social network as a Structure-Attribute (SA) framework which integrates the structural characteristics of social networks and social node properties, adding some attribute nodes to the social network. The similarity measurement of social network nodes is proposed, with the consideration of the structure similarity and attribute similarity. The accuracy of node matching and de-anonymization is greatly improved. We conduct our de-anonymization based on the realistic dataset to verify the accuracy and efficiency.

Shouling Ji,Weiqing Li,Mudhakar Srivatsa,Raheem Beyah

2014-01-01

Abstract:When people utilize social applications and services, their privacy suffers potential serious threat. In this paper, we present a novel, robust, and effective de-anonymization attack to mobility trace data and social data. First, we design a Unified Similarity (US) measurement which takes account of local and global structural characteristics of data, information obtained from auxiliary data, and knowledge inherited from on-going de-anonymization results. By analyzing the measurement on real data sets, we find that some data can potentially be de-anonymized accurately and the other can be de-anonymized in a coarse granularity. Utilizing this property, we present a US based De-Anonymization (DA) framework, which iteratively de-anonymizes data with accuracy guarantee. Then, to de-anonymize large scale data without the knowledge on the overlap size between the anonymized data and the auxiliary data, we generalize DA to an Adaptive De-Anonymization (ADA) framework. By smartly working on two core matching subgraphs, ADA achieves high de-anonymization accuracy and reduces computational overhead. Finally, we examine the presented de-anonymization attack on three well known mobility traces: St Andrews, Infocom06, and Smallblue, and three social data sets: ArnetMiner, Google+, and Facebook. The experimental results demonstrate that the presented de-anonymization framework is very effective and robust to noise. For instance, utilizing the knowledge of one seed mapping merely, 93.2% of the data in Smallblue can be successfully de-anonymized; utilizing the knowledge of ten seed mappings, August 13, 2014 DRAFT

Wei-Han Lee,Changchang Liu,Shouling Ji,Prateek Mittal,Ruby Lee

DOI: https://doi.org/10.48550/arXiv.1801.05534

2018-01-17

Abstract:It is important to study the risks of publishing privacy-sensitive data. Even if sensitive identities (e.g., name, social security number) were removed and advanced data perturbation techniques were applied, several de-anonymization attacks have been proposed to re-identify individuals. However, existing attacks have some limitations: 1) they are limited in de-anonymization accuracy; 2) they require prior seed knowledge and suffer from the imprecision of such seed information. We propose a novel structure-based de-anonymization attack, which does not require the attacker to have prior information (e.g., seeds). Our attack is based on two key insights: using multi-hop neighborhood information, and optimizing the process of de-anonymization by exploiting enhanced machine learning techniques. The experimental results demonstrate that our method is robust to data perturbations and significantly outperforms the state-of-the-art de-anonymization techniques by up to $10\times$ improvement.

Social and Information Networks

WANG Ji-lin,WU Qian-hong,CHEN De-ren,WANG Yu-min

DOI: https://doi.org/10.3321/j.issn:1000-436x.2005.02.019

2005-01-01

Abstract:The study of anonymous techniques was surveyed, corresponding definitions such as link-ability, anonymity and pseudonymity being differentiated, mechanisms used to realize anonymous communication such as Crowds, onion routing and Mix nets being discussed. New issues in the study of the technology of anonymity measurement, anonymous signature algorithm including ring signature and group signature and how to establish mutual trust in anonymous application was given out in the end.

Cheng Zhang,Shang Wu,Honglu Jiang,Yawei Wang,Jiguo Yu,Xiuzhen Cheng

DOI: https://doi.org/10.1007/978-3-030-34980-6_29

2019-01-01

Abstract:Online Social Networks (OSNs) have transformed the way that people socialize. However, when OSNs bring people convenience, privacy leakages become a growing worldwide problem. Although several anonymization approaches are proposed to protect information of user identities and social relationships, existing de-anonymization techniques have proved that users in the anonymized network can be re-identified by using an external reference social network collected from the same network or other networks with overlapping users. In this paper, we propose a novel social network de-anonymization mechanism to explore the impact of user attributes on the accuracy of de-anonymization. More specifically, we propose an approach to quantify diversities of user attribute values and select valuable attributes to generate the multipartite graph. Next, we partition this graph into communities, and then map users on the community level and the network level respectively. Finally, we employ a real-world dataset collected from Sina Weibo to evaluate our approach, which demonstrates that our mechanism can achieve a better de-anonymization accuracy compared with the most influential de-anonymization method.

Honglu Jiang,Jiguo Yu,Xiuzhen Cheng,Cheng Zhang,Bei Gong,Haotian Yu

DOI: https://doi.org/10.1109/tcss.2021.3082901

2022-01-01

IEEE Transactions on Computational Social Systems

Abstract:Online social networks have gained tremendous popularity and have dramatically changed the way we communicate in recent years. However, the publishing of social network data raises more and more privacy concerns. To protect user privacy, social networking data are usually anonymized before being released. Nevertheless, existing anonymization techniques do not have sufficient protection effects. A large number of deanonymization attacks have arisen, and they mainly make use of either network topology or node attribute information to successfully reidentify anonymized users. In this article, we model a social network as a structure-attribute network (SAN) integrating the structural characteristics and the attribute information associated with social network users. A novel similarity measurement of social network nodes is proposed by considering the structural similarity and attribute similarity. A two-phase scheme is then designed to perform deanonymization by first dividing a social network (graph) into smaller subgraphs based on spectral graph partitioning and then applying the proposed deanonymization algorithm on each matched subgraph pair. We simulate the deanonymization attack with extensive experiments on three real-world datasets, and the experimental results demonstrate that our approach can improve the accuracy and time complexity of deanonymization compared with the state of the art.

Wei-Han Lee,Changchang Liu,Shouling Ji,Prateek Mittal,Ruby B. Lee

DOI: https://doi.org/10.1007/978-3-319-93354-2_5

2018-01-01

Abstract:An increasing amount of data are becoming publicly available over the Internet. These data are released after applying some anonymization techniques. Recently, researchers have paid significant attention to analyzing the risks of publishing privacy-sensitive data. Even if data anonymization techniques were applied to protect privacy-sensitive data, several de-anonymization attacks have been proposed to break their privacy. However, no theoretical quantification for relating the data vulnerability against de-anonymization attacks and the data utility that is preserved by the anonymization techniques exists. In this paper, we first address several fundamental open problems in the structure-based de-anonymization research by establishing a formal model for privacy breaches on anonymized data and quantifying the conditions for successful de-anonymization under a general graph model. To the best of our knowledge, this is the first work on quantifying the relationship between anonymized utility and de-anonymization capability. Our quantification works under very general assumptions about the distribution from which the data are drawn, thus providing a theoretical guide for practical de-anonymization/anonymization techniques. Furthermore, we use multiple real-world datasets including a Facebook dataset, a Collaboration dataset, and two Twitter datasets to show the limitations of the state-of-the-art de-anonymization attacks. From these experimental results, we demonstrate the ineffectiveness of previous de-anonymization attacks and the potential of more powerful de-anonymization attacks in the future, by comparing the theoretical de-anonymization capability proposed by us with the practical experimental results of the state-of-the-art de-anonymization methods.

Shouling Ji,Weiqing Li,Mudhakar Srivatsa,Jing Selena He,Raheem Beyah

DOI: https://doi.org/10.1145/2894760

2016-01-01

ACM Transactions on Information and System Security

Abstract:When people utilize social applications and services, their privacy suffers a potential serious threat. In this article, we present a novel, robust, and effective de-anonymization attack to mobility trace data and social data. First, we design a Unified Similarity (US) measurement, which takes account of local and global structural characteristics of data, information obtained from auxiliary data, and knowledge inherited from ongoing de-anonymization results. By analyzing the measurement on real datasets, we find that some data can potentially be de-anonymized accurately and the other can be de-anonymized in a coarse granularity. Utilizing this property, we present a US-based De-Anonymization (DA) framework, which iteratively de-anonymizes data with accuracy guarantee. Then, to de-anonymize large-scale data without knowledge of the overlap size between the anonymized data and the auxiliary data, we generalize DA to an Adaptive De-Anonymization (ADA) framework. By smartly working on two core matching subgraphs, ADA achieves high de-anonymization accuracy and reduces computational overhead. Finally, we examine the presented de-anonymization attack on three well-known mobility traces: St Andrews, Infocom06, and Smallblue, and three social datasets: ArnetMiner, Google+, and Facebook. The experimental results demonstrate that the presented de-anonymization framework is very effective and robust to noise.

Sun Guangzhong,Wei Shen,Xie Xing

2013-01-01

Abstract:In this paper,we illustrate the importance of privacy protection with an Internet case. Then we introduce some frequently-used anonymized methods in privacy protection,and present practical ways to de-anonymize data in some popular fields: rating recommendation system,social network and blogs. We believe the publication of data is beneficial to academic research,but we still need to work hard on privacy protection.

Luoyi Fu,Xinzhe Fu,Zhongzhao Hu,Zhiying Xu,Xinbing Wang

DOI: https://doi.org/10.48550/arXiv.1703.09028

2017-07-27

Abstract:A crucial privacy-driven issue nowadays is re-identifying anonymized social networks by mapping them to correlated cross-domain auxiliary networks. Prior works are typically based on modeling social networks as random graphs representing users and their relations, and subsequently quantify the quality of mappings through cost functions that are proposed without sufficient rationale. Also, it remains unknown how to algorithmically meet the demand of such quantifications, i.e., to find the minimizer of the cost functions. We address those concerns in a more realistic social network modeling parameterized by community structures that can be leveraged as side information for de-anonymization. By Maximum A Posteriori (MAP) estimation, our first contribution is new and well justified cost functions, which, when minimized, enjoy superiority to previous ones in finding the correct mapping with the highest probability. The feasibility of the cost functions is then for the first time algorithmically characterized. While proving the general multiplicative inapproximability, we are able to propose two algorithms, which, respectively, enjoy an \epsilon-additive approximation and a conditional optimality in carrying out successful user re-identification. Our theoretical findings are empirically validated, with a notable dataset extracted from rare true cross-domain networks that reproduce genuine social network de-anonymization. Both theoretical and empirical observations also manifest the importance of community information in enhancing privacy inferencing.

Social and Information Networks,Cryptography and Security,Networking and Internet Architecture

Zhang Cheng,Jiang Honglu,Cheng Xiuzhen,Zhao Feng,Cai Zhipeng,Tian Zhi

DOI: https://doi.org/10.1007/s00779-019-01287-0

2019-01-01

Personal and Ubiquitous Computing

Abstract:Social networks have gained tremendous popularity recently. Millions of people use social network apps to share precious moments with friends and family. Users are often asked to provide personal information such as name, gender, and address when using social networks. However, as the social network data are collected, analyzed, and re-published at a large scale, personal information might be misused by unauthorized third parties and even attackers. Therefore, extensive research has been carried out to protect the data from privacy violations in social networks. The most popular technique is graph perturbation, which modifies the local topological structure of a social network user (a vertex) via various randomization techniques before the social graph data is published. Nevertheless, graph anonymization may affect the usability of the data as random noises are introduced, decreasing user experience. Therefore, a trade-off between privacy protection and data usability must be sought. In this paper, we employ various graph and application utility metrics to investigate this trade-off. More specifically, we conduct an empirical study by implementing five state-of-the-art anonymization algorithms to analyze the graph and application utilities on a Facebook and a Twitter dataset. Our results indicate that most anonymization algorithms can partially or conditionally preserve the graph and application utilities and any single anonymization algorithm may not always perform well on different datasets. Finally, drawing on the reviewed graph anonymization techniques, we provide a brief overview on future research directions and challenges involved therein.

Cheng Zhang,Honglu Jiang,Yawei Wang,Qin Hu,Jiguo Yu,Xiuzhen Cheng

DOI: https://doi.org/10.1007/978-3-030-23597-0_37

2019-01-01

Abstract:Online social networks provide platforms for people to interact with each other and share moments of their daily life. The online social network data are valuable for both academic and business studies, and are usually processed by anonymization methods before being published to third parties. However, several existing de-anonymization techniques can re-identify the users in anonymized networks. In light of this, we explore the impact of user attributes in social network de-anonymization in this paper. More specifically, we first quantify the significance of attributes in a social network, based on which we propose an attribute-based similarity measure; then we design an algorithm by exploiting attribute-based similarity to de-anonymize social network data; finally we employ a real-world dataset collected from Sina Weibo to conduct experiments, which demonstrate that our design can significantly improve the de-anonymization accuracy compared with a well-known baseline algorithm.

Aston Zhang,Xing Xie,Kevin Chen-Chuan Chang,Carl A. Gunter,Jiawei Han,XiaoFeng Wang

DOI: https://doi.org/10.5441/002/edbt.2014.53

2014-01-01

Abstract:Anonymized user datasets are often released for research or industry applications. As an example, t.qq.com released its anonymized users’ profile, social interaction, and recommendation log data in KDD Cup 2012 to call for recommendation algorithms. Since the entities (users and so on) and edges (links among entities) are of multiple types, the released social network is a heterogeneous information network. Prior work has shown how privacy can be compromised in homogeneous information networks by the use of specific types of graph patterns. We show how the extra information derived from heterogeneity can be used to relax these assumptions. To characterize and demonstrate this added threat, we formally define privacy risk in an anonymized heterogeneous information network to identify the vulnerability in the possible way such data are released, and further present a new de-anonymization attack that exploits the vulnerability. Our attack successfully de-anonymized most individuals involved in the data—for an anonymized 1,000user t.qq.com network of density 0.01, the attack precision is over 90% with a 2.3-million-user auxiliary network.

Shouling Ji,Weiqing Li,Mudhakar Srivatsa,Jing Selena He,Raheem Beyah

DOI: https://doi.org/10.1145/2894760

2016-01-01

ACM Transactions on Information and System Security

Abstract:When people utilize social applications and services, their privacy suffers a potential serious threat. In this article, we present a novel, robust, and effective de-anonymization attack to mobility trace data and social data. First, we design a Unified Similarity (US) measurement, which takes account of local and global structural characteristics of data, information obtained from auxiliary data, and knowledge inherited from ongoing de-anonymization results. By analyzing the measurement on real datasets, we find that some data can potentially be de-anonymized accurately and the other can be de-anonymized in a coarse granularity. Utilizing this property, we present a US-based De-Anonymization (DA) framework, which iteratively de-anonymizes data with accuracy guarantee. Then, to de-anonymize large-scale data without knowledge of the overlap size between the anonymized data and the auxiliary data, we generalize DA to an Adaptive De-Anonymization (ADA) framework. By smartly working on two core matching subgraphs , ADA achieves high de-anonymization accuracy and reduces computational overhead. Finally, we examine the presented de-anonymization attack on three well-known mobility traces: St Andrews, Infocom06, and Smallblue, and three social datasets: ArnetMiner, Google+, and Facebook. The experimental results demonstrate that the presented de-anonymization framework is very effective and robust to noise. The source code and employed datasets are now publicly available at SecGraph [2015].

Hong Li,Cheng Zhang,Yunhua He,Xiuzhen Cheng,Yan Liu,Limin Sun

DOI: https://doi.org/10.1007/978-3-319-42836-9_30

2016-01-01

Abstract:To protect users' privacy, online social network data are usually anonymized before being sold to or shared with third parities. Various structure-based approaches have been proposed to de-anonymize the social network data. In this paper, we study the limitations of the existing structure-based de-anonymization methods and propose an enhanced de-anonymization algorithm. The basic idea of our algorithm is to leverage the structural transformations of the social graph to de-anonymize the social network data. We also define a new similarity measure that is more robust for de-anonymization. We use the arXiv dataset to evaluate our algorithm, and the experiment results show that our method can significantly improve the de-anonymization rate.

Shouling Ji,Weiqing Li,Neil Zhenqiang Gong,Prateek Mittal,Raheem A. Beyah

DOI: https://doi.org/10.14722/ndss.2015.23096

2015-01-01

Abstract:In this paper, we conduct the first comprehensive quantification on the perfect de-anonymizability and partial deanonymizability of real world social networks with seed information in general scenarios, where a social network can follow an arbitrary distribution model. This quantification provides the theoretical foundation for existing structure based de-anonymization attacks (e.g., [1][2][3]) and closes the gap between de-anonymization practice and theory. Besides that, our quantification can serve as a testing-stone for the effectiveness of anonymization techniques, i.e., researchers can employ our quantified structural conditions to evaluate the potential deanonymizability of the anonymized social networks. Based on our quantification, we conduct a large scale evaluation on the de-anonymizability of 24 various real world social networks by quantitatively showing: 1) the conditions for perfect and (1− ε) de-anonymization of a social network, where ε specifies the tolerated de-anonymization error, and 2) the number of users of a social network that can be successfully de-anonymized. Furthermore, we show that, both theoretically and experimentally, the overall structural information based de-anonymization attack is much more powerful than the seed knowledge-only based deanonymization attack, and even without any seed information, a social network can be perfectly or partially de-anonymized. Finally, we discuss the implications of this work. Our findings are expected to shed light on the future research in the structural data anonymization and de-anonymization area, and to help data owners evaluate their structural data vulnerability before data sharing and publishing.

Shouling Ji,Prateek Mittal,Raheem Beyah

DOI: https://doi.org/10.1109/comst.2016.2633620

2017-01-01

Abstract:Nowadays, many computer and communication systems generate graph data. Graph data span many different domains, ranging from online social network data from networks like Facebook to epidemiological data used to study the spread of infectious diseases. Graph data are shared regularly for many purposes including academic research and for business collaborations. Since graph data may be sensitive, data owners often use various anonymization techniques that often compromise the resulting utility of the anonymized data. To make matters worse, there are several state-of-the-art graph data de-anonymization attacks that have proven successful in recent years. In this paper, we survey the graph data anonymization, de-anonymization, and de-anonymizability quantification techniques in the past decade. Specifically, we systematically classify, summarize, and analyze state-of-the-art graph data anonymization, de-anonymization, and de-anonymizability quantification techniques. For existing graph data anonymization techniques, we classify them into six categories and analyze their utility performance with respect to 15 fundamental graph utility metrics and seven high-level application utility metrics. For existing de-anonymization attacks, we classify them into two categories and examine their performance with respect to scalability, practicability, robustness, etc. We also analyze the resistance of existing graph anonymization techniques against existing graph de-anonymizaiton attacks. For existing de-anonymizability quantifications, we classify them according to whether they consider seed information or not, and analyze them in terms of their soundness. Our analysis demonstrates that: 1) most anonymization schemes can partially or conditionally preserve most graph utility while losing some application utility and 2) state-of-the-art anonymization schemes are vulnerable to several or all of the emerging structure-based de-anonymization attacks. The actual vulnerability of each anonymization algorithm depends on how much and which data utility it preserves. Based on our summarization and analysis, we discuss the research evolution, future directions, and challenges in the research area of graph data anonymization, de-anonymization, and de-anonymizability quantification.

Hao Fu,Aston Zhang,Xing Xie

DOI: https://doi.org/10.1145/2700836

IF: 5

2015-01-01

ACM Transactions on Intelligent Systems and Technology

Abstract:The study of online social networks has attracted increasing interest. However, concerns are raised for the privacy risks of user data since they have been frequently shared among researchers, advertisers, and application developers. To solve this problem, a number of anonymization algorithms have been recently developed for protecting the privacy of social graphs. In this article, we proposed a graph node similarity measurement in consideration with both graph structure and descriptive information, and a deanonymization algorithm based on the measurement. Using the proposed algorithm, we evaluated the privacy risks of several typical anonymization algorithms on social graphs with thousands of nodes from Microsoft Academic Search, LiveJournal, and the Enron email dataset, and a social graph with millions of nodes from Tencent Weibo. Our results showed that the proposed algorithm was efficient and effective to deanonymize social graphs without any initial seed mappings. Based on the experiments, we also pointed out suggestions on how to better maintain the data utility while preserving privacy.