Yi Ren,Zhiting Xiao

DOI: https://doi.org/10.1109/icfcc.2010.5497524

2010-01-01

Abstract:The current release control methods consider the balance between privacy protection and usability for individual privacy data, but that balance for a released data set is not considered. In this paper, a release method based on game theory is proposed to ensure both the protection and the usability of privacy for a released data set.

Li Kuang,Yujia Zhu,Shuqi Li,Xuejin Yan,Han Yan,Shuiguang Deng

DOI: https://doi.org/10.1155/2018/3486529

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:With the rapid development of sensor acquisition technology, more and more data are collected, analyzed, and encapsulated into application services. However, most of applications are developed by untrusted third parties. Therefore, it has become an urgent problem to protect users’ privacy in data publication. Since the attacker may identify the user based on the combination of user’s quasi-identifiers and the fewer quasi-identifier fields result in a lower probability of privacy leaks, therefore, in this paper, we aim to investigate an optimal number of quasi-identifier fields under the constraint of trade-offs between service quality and privacy protection. We first propose modelling the service development process as a cooperative game between the data owner and consumers and employing the Stackelberg game model to determine the number of quasi-identifiers that are published to the data development organization. We then propose a way to identify when the new data should be learned, as well, a way to update the parameters involved in the model, so that the new strategy on quasi-identifier fields can be delivered. The experiment first analyses the validity of our proposed model and then compares it with the traditional privacy protection approach, and the experiment shows that the data loss of our model is less than that of the traditional k-anonymity especially when strong privacy protection is applied.

Hongfa Ding,Changgen Peng,Youliang Tian,Shuwen Xiang

DOI: https://doi.org/10.1109/NaNA.2019.00052

2019-01-01

Abstract:More and more security and privacy issues are arising as new technologies, such as big data and cloud computing, are widely applied in nowadays. For decreasing the privacy breaches in access control system under opening and cross-domain environment. In this paper, we suggest a game and risk based access model for privacy preserving by employing Shannon information and game theory. After defining the notions of Privacy Risk and Privacy Violation Access, a high-level framework of game theoretical risk based access control is proposed. Further, we present formulas for estimating the risk value of access request and user, construct and analyze the game model of the proposed access control by using a multi-stage two player game. There exists sub-game perfect Nash equilibrium each stage in the risk based access control and it's suitable to protect the privacy by limiting the privacy violation access requests.

Yan Leng,Yijun Chen,Xiaowen Dong,Junfeng Wu,Guodong Shi

DOI: https://doi.org/10.2139/ssrn.3875878

2021-01-01

SSRN Electronic Journal

Abstract:There exists a growing concern about the privacy threats inherently encoded in the increasingly available behavioral data. In this paper, we focus on online service providers over which users reveal preferences (e.g., ratings or reviews) as publicly available behavioral data. We model users' strategic interactions in making these decisions as quadratic games on networks, where a user's payoff depends not only on their actions but also on their neighbors in a social interaction network. Based on the assumption that the observed preferences correspond to the Nash equilibrium of the game, we investigate whether eavesdroppers or competitors having access to such behavioral data could potentially infer or even thoroughly learn the hidden social interaction network from the observed user actions, leading to privacy risks at a system level for the platform. We introduce three notions of privacy risks on networks: fundamental privacy, conditional privacy, and practical privacy. We establish necessary and sufficient conditions for fundamental and conditional privacy of the social interaction structure, suggesting that at the system level, such interaction structure is not facing a critical risk of being fully exposed regardless of the amount of data available. To study practical privacy, we further propose and analyze a novel learning framework by solving a joint optimization problem for the network structure and the individual marginal benefits in the game. Extensive experiments on synthetic and real-world data demonstrate the effectiveness of the proposed framework, hence illustrating that behavioral data indeed present substantial privacy risks in practice. Broadly, this study enriches the network privacy literature and provides implications for online platforms by revealing the unexpected consequence of leaking network connections due to public consumer revealed preferences.

Xiaohui Li,Chaoyang Chen,Feng Liu,Bo Li,Yajun Wang

DOI: https://doi.org/10.1088/1757-899x/719/1/012011

2020-01-01

Abstract:In order to protect the user privacy in the big data environment, We propose a security method based on game theory through trust management mechanism. The main contribution of this paper include:(1) analysis service game relationship in the big data environment,(2)combine trust evaluation with decision management, and apply game theory to design a user-centric scheme to protect privacy,(3)proposing a service selection method. By using game theory to restrict the service interaction between the users and services in big data, we introduce some factors corresponding game model. we then apply the trust evaluation and decision management to describe the relationship and trust quantify in which we propose a method for service selection to implement user privacy protection. Simulation results show that the proposed method is effective and can apply the dynamic game of incomplete information relationship between user and service to make decisions on the service selection, thus providing customized privacy protection.

Lei Xu,Chunxiao Jiang,Jian Wang,Yong Ren,Jian Yuan,Mohsen Guizani

DOI: https://doi.org/10.1109/ICC.2015.7249454

2015-01-01

Abstract:Privacy issues arising in the process of collecting, publishing and mining individuals' personal data have attracted much attention in recent years. In this paper, we consider a scenario where a data collector collects data from data providers and then publish the data to a data user. To protect data providers' privacy, the data collector performs anonymization on the data. Anonymization usually causes a decline of data utility on which the data user's profit depends, meanwhile, data providers' would provide more data if anonymity is strongly guaranteed. How to make a trade-off between privacy protection and data utility is an important question for data collector. In this paper we model the interactions among data providers/collector/user as a game, and propose a general approach to find the Nash equilibriums of the game. To elaborate the analysis, we also present a specific game formulation which takes k-anonymity as the anonymization method. Simulation results show that the game theoretical analysis can help the data collector to deal with the privacy-utility trade-off.

Datong Wu,Xiaotong Wu,Jiaquan Gao,Genlin Ji,Taotao Wu,Xuyun Zhang,Wanchun Dou

DOI: https://doi.org/10.1007/978-981-15-9129-7_15

2020-01-01

Abstract:Privacy preservation has been one of the biggest concerns in data sharing and publishing. The wide-spread application of data sharing and publishing contributes to the utilization of data, but brings a severe risk of privacy leakage. Although the corresponding privacy preservation techniques have been proposed, it is inevitable to decrease the accuracy of data. More importantly, it is a challenge to analyze the behaviors and interactions among different participants, including data owners, collectors and adversaries. For data owners and collectors, they need to select proper privacy preservation mechanisms and parameters to maximize their utility under a certain amount of privacy guarantee. For data adversaries, their objective is to get the sensitive information by various attack measurements. In this paper, we survey the related work of game theory-based privacy preservation under data sharing and publishing. We also discuss the possible trends and challenges of the future research. Our survey provides a systematic and comprehensive understanding about privacy preservation problems under data sharing and publishing.

Lei Xu,Chunxiao Jiang,Yi Qian,Yong Ren

DOI: https://doi.org/10.1007/978-3-319-77965-2_2

2018-01-01

Abstract:Collecting and publishing personal data may lead to the disclosure of individual privacy. In this chapter, we consider a scenario where a data collector collects data from data providers and then publish the data to a data miner. To protect data providers’ privacy, the data collector performs anonymization on the data. Anonymization usually causes a decline of data utility on which the data miner’s profit depends, meanwhile, data providers would provide more data if anonymity is strongly guaranteed. How to make a trade-off between privacy protection and data utility is an important question for data collector. We model the interactions among data providers, data collector and data miner as a game. A backward induction-based approach is proposed to find the Nash equilibria of the game. To elaborate the analysis, we also present a specific game formulation which uses k-anonymity as the privacy model. Simulation results show that the game theoretic analysis can help the data collector to achieve a better trade-off between privacy and utility.

GE Xin-jing,ZHU Jian-ming

DOI: https://doi.org/10.3969/j.issn.1002-137x.2011.11.037

2011-01-01

Computer Science

Abstract:Privacy preserving distributed data mining has become an important issue in the data mining.Based on economic perspectives,game theory has been applied to privacy preserving data mining,which is a relatively new area of research.This paper studied the strategies of parties(two-party or multi-party) by using a complete information static game theory framework for the privacy preserving distributed data mining,where each party tries to maximize its own utility.Research results show that the semi-honest adversary strategy of parties(two-party or multi-party) is Pareto dominance and Nash equilibrium under certain conditions in distributed data mining;and non-collusion strategy of parties(multi-party) is not a Nash equilibrium under the assumption of semi-honest adversary behavior,then the mixed strategy Nash equilibrium was given.So this paper has some theoretical and practical implication for the strategy of parties in privacy preserving distributed data mining.

Di Zhuang,J. Morris Chang

DOI: https://doi.org/10.48550/arXiv.2005.04369

2020-05-09

Abstract:In the big data era, more and more cloud-based data-driven applications are developed that leverage individual data to provide certain valuable services (the utilities). On the other hand, since the same set of individual data could be utilized to infer the individual's certain sensitive information, it creates new channels to snoop the individual's privacy. Hence it is of great importance to develop techniques that enable the data owners to release privatized data, that can still be utilized for certain premised intended purpose. Existing data releasing approaches, however, are either privacy-emphasized (no consideration on utility) or utility-driven (no guarantees on privacy). In this work, we propose a two-step perturbation-based utility-aware privacy-preserving data releasing framework. First, certain predefined privacy and utility problems are learned from the public domain data (background knowledge). Later, our approach leverages the learned knowledge to precisely perturb the data owners' data into privatized data that can be successfully utilized for certain intended purpose (learning to succeed), without jeopardizing certain predefined privacy (training to fail). Extensive experiments have been conducted on Human Activity Recognition, Census Income and Bank Marketing datasets to demonstrate the effectiveness and practicality of our framework.

Cryptography and Security,Artificial Intelligence,Machine Learning

Wei Li,Chunqiang Hu,Tianyi Song,Jiguo Yu,Xiaoshuang Xing,Zhipeng Cai

DOI: https://doi.org/10.1109/pac.2018.00014

2018-01-01

Abstract:Thanks to the development and popularity of context-aware applications, the quality of users' life has been improved through a wide variety of customized services. Meanwhile, users are suffering severe risk of privacy leakage and their privacy concerns are growing over time. To tackle the contradiction between the serious privacy issues and the growing privacy concerns in context-aware applications, in this paper, we propose a privacy-preserving data collection scheme by incorporating the complicated interactions among user, attacker, and service provider into a three-antithetic-party game. Under such a novel game model, we identify and rigorously prove the best strategies of the three parties and the equilibriums of the games. Furthermore, we evaluate the performance of our proposed data collection game by performing extensive numerical experiments, confirming that the user's data privacy can be effective preserved.

Mulugeta Kassaw Tefera,Xiaolong Yang

DOI: https://doi.org/10.3390/s19071581

IF: 3.9

2019-04-01

Sensors

Abstract:Recently, the growing ubiquity of location-based service (LBS) technology has increased the likelihood of users’ privacy breaches due to the exposure of their real-life information to untrusted third parties. Extensive use of such LBS applications allows untrusted third-party adversarial entities to collect large quantities of information regarding users’ locations over time, along with their identities. Due to the high risk of private information leakage using resource-constrained smart mobile devices, most LBS users may not be adequately encouraged to access all LBS applications. In this paper, we study the use of game theory to protect users against private information leakage in LBSs due to malicious or selfish behavior of third-party observers. In this study, we model a scenario of privacy protection gameplay between a privacy protector and an outside visitor and then derive the situation of the prisoner’s dilemma game to analyze the traditional privacy protection problems. Based on the analysis, we determine the corresponding benefits to both players using a point of view that allows the visitor to access a certain amount of information and denies further access to the user’s private information when exposure of privacy is forthcoming. Our proposed model uses the collection of private information about historical access data and current LBS access scenario to effectively determine the probability that the visitor’s access is an honest one. Moreover, we present the procedures involved in the privacy protection model and framework design, using game theory for decision-making. Finally, by employing a comparison analysis, we perform some experiments to assess the effectiveness and superiority of the proposed game-theoretic model over the traditional solutions.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Jun Du,Chunxiao Jiang,Shui Yu,Kwang-Cheng Chen,Yong Ren

DOI: https://doi.org/10.1109/globalsip.2016.7905993

2016-01-01

Abstract:Users of social networks can be connected with each other by different communities according to professions, living locations and personal interests. As each user on the social network platforms stores and shows a large amount of personal data, the privacy protection raises as a major concern. This paper establishes a game theoretic framework to model users' interactions to influence users' strategies to take the privacy protection or not. To model the relationship of user communities, we introduce the community-structured evolutionary dynamics. Users' interactions can only happen among those who have at least one common community. Then we analyze the dynamics of users' privacy protection behavior based on the proposed community structured evolutionary game theoretic framework. Results show that social network managers need to provide appropriate security service b and payment mechanism c to ensure that cost performance b/c is larger than the critical cost performance, which can promote the spread of the privacy security behavior over the network. Moreover, results can help to design appropriate structure of the social network and control the convergence speed that all users take the privacy protection.

Shengling Wang,Lina Shi,Qin Hu,Junshan Zhang,Xiuzhen Cheng,Jiguo Yu

DOI: https://doi.org/10.1109/tifs.2021.3099699

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The growing threat of personal data breach in data trading pinpoints an urgent need to develop countermeasures for preserving individual privacy. The state-of-the-art work either endows the data collector with the responsibility of data privacy or reports only a privacy-preserving version of the data. The basic assumption of the former approach that the data collector is trustworthy does not always hold true in reality, whereas the latter approach reduces the value of data. In this paper, we investigate the privacy leakage issue from the root source. Specifically, we take a fresh look to reverse the inferior position of the data provider by making her dominate the game with the collector to solve the dilemma in data trading. To that aim, we propose the noisy-sequentially zero-determinant (NSZD) strategies by tailoring the classical zero-determinant strategies, originally designed for the simultaneous-move game, to adapt to the noisy sequential game. NSZD strategies can empower the data provider to unilaterally set the expected payoff of the data collector or enforce a positive relationship between her and the data collector's expected payoffs. Both strategies can stimulate a rational data collector to behave honestly, boosting a healthy data trading market. Numerical simulations are used to examine the impacts of key parameters and the feasible region where the data provider can be an NSZD player. Finally, we prove that the data collector cannot employ NSZD to further dominate the data market for deteriorating privacy leakage.

Chao Yu,Yuliang Shi

DOI: https://doi.org/10.14257/ijgdc.2014.7.4.12

2014-01-01

International Journal of Grid and Distributed Computing

Abstract:With the development of cloud computing, more and more service providers deploy multitenant applications to the cloud. Multi-tenant data is stored by non-fully trusted SaaS service providers, and the protection of data privacy attracts more attention. This paper proposes a privacy protection strategy customization framework. This framework considers the privacy protection needs, SaaS application performance, the interests of both tenants and SaaS service providers, and analyzes the whole privacy protection strategy formulation process based on the Nash equilibrium, then establishes the game model of privacy protection, finally obtains the privacy protection strategy by analyzing of the game model. The experiments show that the privacy protection game model has better feasibility and effectiveness.

Jun Du,Chunxiao Jiang,Kwang-Cheng Chen,Yong Ren,H. Vincent Poor

DOI: https://doi.org/10.1109/tifs.2017.2758756

IF: 7.231

2018-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Social networks have attracted billions of users and supported a wide range of interests and practices. Users of social networks can be connected with each other by different communities according to professions, living locations, and personal interests. With the development of diverse social network applications, academic researchers, and practicing engineers pay increasing attention to the related technology. As each user on the social network platforms typically stores and shares a large amount of personal data, the privacy of such user-related information raises serious concerns. Most research on privacy protection relies on specific information security techniques such as anonymization or access control. However, the protection of privacy depends heavily on the incentive mechanisms of social networks, like users' psychological decisions on security execution and socio-economic considerations. For example, the desire to influence the behaviors of other people may change a user's choice of security setting. In this paper, a game theoretic framework is established to model users' interactions that influence users' decisions as to whether to undertake privacy protection or not. To model the relationship of user communities, community-structured evolutionary dynamics are introduced, in which interactions of users can only happen among those users who have at least one community in common. Then the dynamics of the users' strategies to take a specific privacy protection or not is analyzed based on the proposed community structured evolutionary game theoretic framework. Experiments show that the proposed framework is effective in modeling the users' relationships and privacy protection behaviors. Moreover, results can also help social network managers to design appropriate security service and payment mechanisms to encourage their users to take the privacy protection, which can promote the spreading of privacy behavior throughout the network.

Zhiyu Wan,Yevgeniy Vorobeychik,Weiyi Xia,Yongtai Liu,Myrna Wooders,Jia Guo,Zhijun Yin,Ellen Wright Clayton,Murat Kantarcioglu,Bradley A Malin

DOI: https://doi.org/10.1126/sciadv.abe9986

2021-12-10

Abstract:Person-specific biomedical data are now widely collected, but its sharing raises privacy concerns, specifically about the re-identification of seemingly anonymous records. Formal re-identification risk assessment frameworks can inform decisions about whether and how to share data; current techniques, however, focus on scenarios where the data recipients use only one resource for re-identification purposes. This is a concern because recent attacks show that adversaries can access multiple resources, combining them in a stage-wise manner, to enhance the chance of an attack’s success. In this work, we represent a re-identification game using a two-player Stackelberg game of perfect information, which can be applied to assess risk, and suggest an optimal data sharing strategy based on a privacy-utility tradeoff. We report on experiments with large-scale genomic datasets to show that, using game theoretic models accounting for adversarial capabilities to launch multistage attacks, most data can be effectively shared with low re-identification risk.

YANG Haifang,ZHANG Lingling,WANG Mingzheng,HU Xiangpei

DOI: https://doi.org/10.13587/j.cnki.jieem.2023.05.012

2023-01-01

Abstract:In the era of big data,personal data has become one of the important resources in every field of scientific research,business analysis,medical services,social computing and so on.The sharing and application of personal data can produce great economic or social value.However,the improper use of personal data is easy to disclose personal privacy information.How to solve the contradiction between data application and personal privacy has become one of the current research hotspots.When personal data is shared and used,it is necessary to delete the explicit identifier attributes like name of the individuals in advance,but the attacker can still reveal the identity privacy or some sensitive information of individuals,through one or more non-sensitive values of the quasiidentifier attributes（QI）,such as gender,age,and region,or some values of the sensitive attributes（SA）,such as salary and disease,in this data set.Most current data privacy studies often assume that the data set has simply one-to-one relationship between individuals and records,which is called single-record data.In order to protect personal privacy in single-record data,scholars have come up with a variety of typical privacy anonymous models,such as k-anonymity,l-diversity,（α,k）-anonymity,t-closeness andβ-likelihood,etc.But in practice,there are a large number of data sets in which one individual may correspond to multiple records,short for multi-record data.If these above privacy models are directly applied on the multi-record data,it may cause some new privacy risks.To protect the privacy of Individuals in multi-record data,several scholars have proposed Identity-reversed（IR） privacy models like IR k-anonymity,IR l-diversity and IR（α,β）-anonymity,as well as enhanced privacy models such as EIR（α,β）-diversity and EIR l-diversity,when considering that the background knowledge related to only QI information is known to the attacker;and a few numbers of scholars have developed（k,k m ）-anonymity and（k,l）-diversity models,supposing that the attacker may know the background knowledge of either QI information or SA information.However,all of these models cannot provide adequate protection for the privacy of individuals in multi-record data.This research analyzes the privacy disclosure problem in the situation of multi-record data when an attacker has more stronger background knowledge,and proposes a new privacy-preserving model as well as the corresponding algorithm to satisfy the stricter privacy needs in applications of multi-record data.In the first part,it discusses all kinds of the privacy risks in the situations that an attacker knows the background knowledge related to either one of and both of the QI and SA information and indicates the defects of the current privacy models.Also,it presents a new privacy disclosure problem named unclosed itemset fingerprint attack（UCIFA）,which is based on the attacking by using strong background knowledge.In the second part,to overcome the UCIFA problem,it requires each person’ s whole sensitive values expressed as the form of an itemset should be closed.If an individual’s SA itemset cannot satisfy the closure constraint by partitioning the records of individuals into several groups,then this itemset should be further processed by the mean of cracking.Based on these,a new privacy model named closure and enhanced identity-reserved l-diversity（CEIR l-diversity） is present,which requires that the QI values and the SA values of each individual should satisfy EIR l-diversity and the closure constraint respectively.In the third part,it develops an algorithm called data anonymization based on closure and enhanced l-diversity（DACEL） to make the multi-record data satisfy CEIR l-diversity.It consists of three core steps:firstly,dividing the records in a multi-record dataset into several QI-groups,so that the records of individuals in each group have similar QI-values and satisfy the constraint of EIR l-diversity;secondly,in each QI-group,cracking the sensitive itemset of each individual that contains non-closed subsets into several small itemsets,each of which must satisfy the closure constraint;finally,in each QI-group,generalizing the QI-values of all records to make the anonymized data table satisfy CEIR l-diversity.In the fourth part,the proposed privacy model and its corresponding algorithm,referring as CEL-method,is compared with two kinds of leading-edge methods on two public multi-record data sets.The results show that the CEL-method has robust performance on efficiently achieving the highest level of privacy protection for multi-record data at the cost of small information loss.In summary,in the practice of personal data application,attackers may have different levels of background knowledge to disclose personal privacy information.The privacy-preserving method proposed in this research is of universal significance for the application of multi-record data privacy protection in practice.

Shengling Wang,Luyun Li,Weiman Sun,Junqi Guo,Rongfang Bie,Kai Lin

DOI: https://doi.org/10.3390/s17020339

2017-02-10

Abstract:In a context sensing system in which a sensor-equipped mobile phone runs an unreliable context-aware application, the application can infer the user's contexts, based on which it provides personalized services. However, the application may sell the user's contexts to some malicious adversaries to earn extra profits, which will hinder its widespread use. In the real world, the actions of the user, the application and the adversary in the context sensing system affect each other, so that their payoffs are constrained mutually. To figure out under which conditions they behave well (the user releases, the application does not leak and the adversary does not retrieve the context), we take advantage of game theory to analyze the context sensing system. We use the extensive form game and the repeated game, respectively, to analyze two typical scenarios, single interaction and multiple interaction among three players, from which Nash equilibriums and cooperation conditions are obtained. Our results show that the reputation mechanism for the context-sensing system in the former scenario is crucial to privacy preservation, so is the extent to which the participants are concerned about future payoffs in the latter one.

Xiaotong Wu,Genlin Ji,Wanchun Dou,Shui Yu,Lianyong Qi

DOI: https://doi.org/10.1145/3384943.3409427

2020-01-01

Abstract:With the rapid growth of mobile network and infrastructures, location-related services accross multiple domains have received a great deal of attention. However, privacy is always an important problem that has a great influence on services. In order to research the attack and defence of privacy, we present the existing game-theoretic literatures for their interactions about mobile location privacy problems. We first demonstrate the necessity of game theory applied to location privacy. Then, we divide the literatures into four types according to different game players. Next, we describe the detailed content and analyse the equilibrium of privacy games. In addition, we also provide the works based on mechanism design to motive the defenders to increase the defence in various contexts. Finally, we also discuss the possible trends and challenges of the future research. Our survey provides a systematic and comprehensive understanding about location privacy preservation problems in mobile network.