Tanja Auge,Nic Scharlau,Andreas Heuer

DOI: https://doi.org/10.48550/arXiv.2101.04432

2021-01-12

Databases

Abstract:Given a query result of a big database, why-provenance can be used to calculate the necessary part of this database, consisting of so-called witnesses. If this database consists of personal data, privacy protection has to prevent the publication of these witnesses. This implies a natural conflict of interest between publishing original data (provenance) and protecting these data (privacy). In this paper, privacy goes beyond the concept of personal data protection. The paper gives an extended definition of privacy as intellectual property protection. If the provenance information is not sufficient to reconstruct a query result, additional data such as witnesses or provenance polynomials have to be published to guarantee traceability. Nevertheless, publishing this provenance information might be a problem if (significantly) more tuples than necessary can be derived from the original database. At this point, it is already possible to violate privacy policies, provided that quasi identifiers are included in this provenance information. With this poster, we point out fundamental problems and discuss first proposals for solutions.

Bingzhe Wu,Shiwan Zhao,ChaoChao Chen,Haoyang Xu,Li Wang,Xiaolu Zhang,Guangyu Sun,Jun Zhou

DOI: https://doi.org/10.48550/arxiv.1908.07882

2019-01-01

Abstract:In this paper, we aim to understand the generalization properties of generative adversarial networks (GANs) from a new perspective of privacy protection. Theoretically, we prove that a differentially private learning algorithm used for training the GAN does not overfit to a certain degree, i.e., the generalization gap can be bounded. Moreover, some recent works, such as the Bayesian GAN, can be re-interpreted based on our theoretical insight from privacy protection. Quantitatively, to evaluate the information leakage of well-trained GAN models, we perform various membership attacks on these models. The results show that previous Lipschitz regularization techniques are effective in not only reducing the generalization gap but also alleviating the information leakage of the training dataset.

Chaobin Liu,Shixi Chen,Shuigeng Zhou,Jihong Guan,Yao Ma

DOI: https://doi.org/10.1016/j.ins.2019.06.022

IF: 8.1

2019-01-01

Information Sciences

Abstract:Privacy has received increasing concerns in publication of datasets that contain sensitive information. Preventing privacy disclosure and providing useful information to legitimate users for data mining are conflicting goals. Generalization and randomized response methods were proposed in database community to tackle this problem. However, both of them have postulated the same prior belief for all transactions, which might be wrong modeling and lead to privacy breach. Besides, generalization and randomized response methods usually require a privacy controlling parameter to control the tradeoff between privacy and data quality, which may put the data publishers in a dilemma. In this paper, a novel privacy preserving method for data publication is proposed based on conditional probability distribution and machine learning techniques, which can achieve different prior beliefs for different transactions. A basic cross sampling algorithm and a complete cross sampling algorithm are designed respectively for the settings of single sensitive attribute and multiple sensitive attributes, and an improved complete algorithm is developed by using Gibbs sampling, in order to enhance data utility when data are not sufficient. Our method can offer stronger privacy guarantee, while, as shown in the extensive experiments, retaining better data utility. (C) 2019 The Authors. Published by Elsevier Inc.

Xiang-Yang Li,Chunhong Zhang,Taeho Jung,Jianwei Qian,Linlin Chen

DOI: https://doi.org/10.1109/infocom.2016.7524584

2016-01-01

Abstract:We propose a graph-based framework for privacy preserving data publication, which is a systematic abstraction of existing anonymity approaches and privacy criteria. Graph is explored for dataset representation, background knowledge specification, anonymity operation design, as well as attack inferring analysis. The framework is designed to accommodate various datasets including social networks, relational tables, temporal and spatial sequences, and even possible unknown data models. The privacy and utility measurements of the anonymity datasets are also quantified in terms of graph features. Our experiments show that the framework is capable of facilitating privacy protection by different anonymity approaches for various datasets with desirable performance.

Zhiqiang Gao,Yutao Wang,Yanyu Duan,Yun Wang,Zhensheng Peng

DOI: https://doi.org/10.1504/ijica.2018.092587

2018-01-01

International Journal of Innovative Computing and Applications

Abstract:Policedata is an important source of social media data and can be regarded as a technical assistance to increase government accountability and transparency. Notably, it contains large amounts of personal private information that should be preserved deliberately. However, sharing and publishing policedata through private or public cloud infrastructure are still faced with tremendously potential threats and challenges recently. Unfortunately, existing researches regarding privacy preserving data publishing (PPDP) fail to cope with the aforementioned problems. Our work aims to propose a systematic multi-level privacy preserving data publishing (ML-PPDP) architecture. Moreover, a personalised multi-level privacy preserving (pML-PPDP) mechanism that developed from the combination of k-anonymity, l-diversity, t-closeness and differential privacy is designed for policedata publishing. Our solution authorised users with different privileges to different privacy-preserving levels. Experimental results of pML-PPDP mechanism on datasets collected from policedata website are implemented under our proposed ML-PPDP architecture with satisfactory trade-off between privacy and utility.

Zhihui Wang,Yun Zhu,Xuchen Zhou

DOI: https://doi.org/10.1007/978-3-030-18590-9_85

2019-01-01

Abstract:For data openness and sharing, we need to publish data and protect sensitive data at the same time. This paper provides the users with a system to realize privacy-preserving data publishing, which is implemented based on differential privacy. It has the following characteristics: (1) the raw data are first imported into a database and then are used to generate synthetic data for publishing; (2) a user can choose different privacy preservation levels for the synthetic data; (3) a subset of the attributes can been chosen to be synthesized while keeping the others untouched.

Li Kuang,Yujia Zhu,Shuqi Li,Xuejin Yan,Han Yan,Shuiguang Deng

DOI: https://doi.org/10.1155/2018/3486529

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:With the rapid development of sensor acquisition technology, more and more data are collected, analyzed, and encapsulated into application services. However, most of applications are developed by untrusted third parties. Therefore, it has become an urgent problem to protect users’ privacy in data publication. Since the attacker may identify the user based on the combination of user’s quasi-identifiers and the fewer quasi-identifier fields result in a lower probability of privacy leaks, therefore, in this paper, we aim to investigate an optimal number of quasi-identifier fields under the constraint of trade-offs between service quality and privacy protection. We first propose modelling the service development process as a cooperative game between the data owner and consumers and employing the Stackelberg game model to determine the number of quasi-identifiers that are published to the data development organization. We then propose a way to identify when the new data should be learned, as well, a way to update the parameters involved in the model, so that the new strategy on quasi-identifier fields can be delivered. The experiment first analyses the validity of our proposed model and then compares it with the traditional privacy protection approach, and the experiment shows that the data loss of our model is less than that of the traditional k-anonymity especially when strong privacy protection is applied.

Mingxuan Yuan,Lei Chen,Weixiong Rao,Hong Mei

DOI: https://doi.org/10.1109/icdm.2012.62

2012-01-01

Abstract:The privacy protection of graph data has become more and more important in recent years. Many works have been proposed to publish a privacy preserving graph. All these works prefer publishing a graph, which guarantees the protection of certain privacy with the smallest change to the original graph. However, there is no guarantee on how the utilities are preserved in the published graph. In this paper, we propose a general fine-grained adjusting framework to publish a privacy protected and utility preserved graph. With this framework, the data publisher can get a trade-off between the privacy and utility according to his customized preferences. We used the protection of a weighted graph as an example to demonstrate the implementation of this framework.

Fangyu Yu,Beisi Zhou,Tun Lu,Ning Gu

DOI: https://doi.org/10.1007/978-981-13-3044-5_3

2018-01-01

Abstract:Provenance, which can be applied to assure quality, to reinforce reliability, to track fault, and to reproduce process in the end product, refers to record the lifecycle of a piece of data or thing that accounts for its generation, transformation, manipulation, and consumption, together with an explanation of how and why it got to the present place. Recently, due to its extensive applicative domains, the provenance modeling problems have brought to attention of scientific researchers significantly. In this paper, an overview of core components regarding provenance models in existing literature is presented, with a wide width from modelling methods, model comparison, and model practice, to specified issues. In addition, a collaborative model called CollabPG, was built based on the characteristics of multidisciplinary collaboration. Finally, we discussed several issues in relevance with provenance models. This paper mainly presents an overall exploration and analysis, so that potential insights could be provided for both expert and common users to select or design a provenance-based model in arbitrary applications especially multidisciplinary collaboration.

Qun Ni,Shouhuai Xu,Elisa Bertino,Ravi Sandhu,Weili Han

DOI: https://doi.org/10.1007/978-3-642-04219-5_5

2009-01-01

Abstract:Provenance access control has been recognized as one of the most important components in an enterprise-level provenance system. However, it has only received little attention in the context of data security research. One important challenge in provenance access control is the lack of an access control language that supports its specific requirements, e.g., the support of both fine-grained policies and personal preferences, and decision aggregation from different applicable policies. In this paper, we propose an access control language tailored to these requirements.

Mingzheng Wang,Zhengrui Jiang,Yu Zhang,Haifang Yang

DOI: https://doi.org/10.1287/ijoc.2017.0791

2018-01-01

Abstract:Privacy-preserving data publishing has received much attention in recent years. Prior studies have developed various algorithms such as generalization, anatomy, and L-diversity slicing to protect individuals’ privacy when transactional data are published for public use. These existing algorithms, however, all have certain limitations. For instance, generalization protects identity privacy well but loses a considerable amount of information. Anatomy prevents attribute disclosure and lowers information loss, but fails to protect membership privacy. The more recent probability L-diversity slicing algorithm overcomes some shortcomings of generalization and anatomy, but cannot shield data from more subtle types of attacks such as skewness attack and similarity attack. To meet the demand of data owners with high privacy-preserving requirement, this study develops a novel method named t-closeness slicing (TCS) to better protect transactional data against various attacks. The time complexity of TCS is log-linear, hence the algorithm scales well with large data. We conduct experiments using three transactional data sets and find that TCS not only effectively protects membership privacy, identity privacy, and attribute privacy, but also preserves better data utility than benchmarking algorithms.The online supplement is available at https://doi.org/10.1287/ijoc.2017.0791 .

Guan Wang,Zutao Zhu,Wenliang Du,Zhouxuan Teng

DOI: https://doi.org/10.1109/ICDM.2008.118

2008-01-01

Abstract:Privacy-Preserving Data Re-publishing (PPDR) deals with publishing microdata in dynamic scenarios. Due to privacy concerns, data must be disguised before being published. Research in privacy-preserving data publishing (PPDP) has proposed many such methods on static data. In PPDR, multiple appeared records can be used to infer private information of other records. Therefore, inference channels exist among different releases. To understand the privacy property of data re-publishing, we need to analyze the impact of these inference channels. Previous studies show such analysis when data are updated or disguised in special ways, however, no general method has been proposed. Using the Maximum Entropy Modeling method, we have developed a general solution. Our method can conduct inference analysis when data are arbitrarily updated or arbitrarily disguised using either generalization or bucketization, two most common data disguise methods in PPDR. Through analysis and experiments, we demonstrate the advantage and the effectiveness of our method.

Datong Wu,Xiaotong Wu,Jiaquan Gao,Genlin Ji,Taotao Wu,Xuyun Zhang,Wanchun Dou

DOI: https://doi.org/10.1007/978-981-15-9129-7_15

2020-01-01

Abstract:Privacy preservation has been one of the biggest concerns in data sharing and publishing. The wide-spread application of data sharing and publishing contributes to the utilization of data, but brings a severe risk of privacy leakage. Although the corresponding privacy preservation techniques have been proposed, it is inevitable to decrease the accuracy of data. More importantly, it is a challenge to analyze the behaviors and interactions among different participants, including data owners, collectors and adversaries. For data owners and collectors, they need to select proper privacy preservation mechanisms and parameters to maximize their utility under a certain amount of privacy guarantee. For data adversaries, their objective is to get the sensitive information by various attack measurements. In this paper, we survey the related work of game theory-based privacy preservation under data sharing and publishing. We also discuss the possible trends and challenges of the future research. Our survey provides a systematic and comprehensive understanding about privacy preservation problems under data sharing and publishing.

Yong-Feng Ge,Hua Wang,Jinli Cao,Yanchun Zhang,Xiaohong Jiang

DOI: https://doi.org/10.1007/s11280-024-01241-y

2024-01-17

World Wide Web

Abstract:The privacy-preserving data publishing (PPDP) problem has gained substantial attention from research communities, industries, and governments due to the increasing requirements for data publishing and concerns about data privacy. However, achieving a balance between preserving privacy and maintaining data quality remains a challenging task in PPDP. This paper presents an information-driven distributed genetic algorithm (ID-DGA) that aims to achieve optimal anonymization through attribute generalization and record suppression. The proposed algorithm incorporates various components, including an information-driven crossover operator, an information-driven mutation operator, an information-driven improvement operator, and a two-dimensional selection operator. Furthermore, a distributed population model is utilized to improve population diversity while reducing the running time. Experimental results confirm the superiority of ID-DGA in terms of solution accuracy, convergence speed, and the effectiveness of all the proposed components.

computer science, information systems, software engineering

童云海,陶有东,唐世渭,杨冬青

DOI: https://doi.org/10.3724/sp.j.1001.2010.03466

2010-01-01

Journal of Software

Abstract:In the research of privacy preserving data publishing, the present method always removes the individual identification attributes and then anonymizes the quasi-identifier attributes. This paper analyzes the situation of multiple records one individual and proposes the principle of identity-reserved anonymity. This method reserves more information while maintaining the individual privacy. The generalization and loss-join approaches are developed to meet this requirement. The algorithms are evaluated in an experimental scenario, reserving more information and demonstrating practical applicability of the approaches.

Zhihui Wang,Yun Zhu,Xinyuan Mi

DOI: https://doi.org/10.1109/icdmw60847.2023.00046

2023-01-01

Abstract:Data privacy preservation has been an important problem worthy of study. With the deepening of research, more targeted solutions for different requirements are proposed. Considering that in the most cases, only some of the data are sensitive, and there is no need to provide privacy preservation for non-sensitive data. This paper mainly addresses the problem of privacy preservation only for the sensitive attributes, and the non-sensitive data can be shared with the original values. A privacy preservation approach is presented in this paper, which synthesizes the values of sensitive data attributes and keeps the values of non-sensitive data attributes untouched during data publishing. The experimental results show that this approach can reduce the loss of information and thus improve the utility of published data.

Raymond Chi-Wing Wong,Yubao Liu,Jian Yin,Zhilan Huang,Ada Wai-Chee Fu,Jian Pei

2007-01-01

Abstract:Privacy-preserving data publication for data mining is to protect sensitive information of individuals in published data while the distortion to the data is minimized. Recently, it is shown that (a, k)anonymity is a feasible technique when we are given some sensitive attribute(s) and quasi- identifier attributes. In previous work, generalization of the given data table has been used for the anonymization. In this paper, we show that we can project the data onto two tables for publishing in such a way that the privacy protection for (a, k)-anonymity can be achieved with less distortion. In the two tables, one table contains the undisturbed non-sensitive values and the other table contains the undisturbed sensitive values. Privacy preservation is guaranteed by the lossy join property of the two tables. We show by experiments that the results are better than previous approaches.

Zhen Yang,Yongfeng Huang,Xing Li,Wenyu Wang

DOI: https://doi.org/10.3970/cmc.2018.03697

2018-01-01

Abstract:To cope with privacy leakage caused by multimedia outsourcing and sharing, data provenance is used to analyze leaked multimedia and provide reactive accountability. Existing schemes of multimedia provenance are based on watermarking protocols. In an outsourcing scenario, existing schemes face two severe challenges: 1) when data leakage occurs, there exists a probability that data provenance results can be repudiated, in which case data provenance tracking fails; and 2) when outsourced data are shared, data encryption transfer causes key management burden outside the schemes, and privacy leakage threatens users. In this paper, we propose a novel data provenance scheme with an improved LUT-based fingerprinting protocol, which integrates an asymmetric watermarking protocol, robust watermark algorithm and homomorphic encryption and digital signatures to achieve full non-repudiation provenance. We build an in-scheme stream cipher to protect outsourced multimedia data from privacy leakage and complicated key management. Our scheme is also lightweight and easy to deploy. Extensive security and performance analysis compares our scheme with the state of the art. The results show that our scheme has not only better provenance security and data confidentiality but also higher efficiency for multimedia outsourcing, sharing and provenance.

Xiao Han,Yuncong Yang,Junjie Wu,Hui Xiong

DOI: https://doi.org/10.1109/tkde.2023.3331568

IF: 9.235

2023-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Minimizing privacy leakage while ensuring data utility is a critical problem in a privacy-preserving data publishing task, from which data holders can boost platform engagements or enlarge data values. Most prior research concerned only with either privacy-insensitive or exact private data and resorts to a single obscuring method to achieve a privacy-utility tradeoff, which is inadequate for real-life hybrid data especially when facing machine learning-based inference attacks. This work takes a pilot study on privacy-preserving data publishing when both widely adopted generalization and obfuscation operations are employed for privacy-heterogeneous data protection. Specifically, we first propose novel measures for privacy and utility values quantification and formulate the hybrid privacy-preserving data obscuring problem to account for the joint effect of generalization and obfuscation. We then design a novel protection mechanism called HyObscure, which decomposes the original problem into three sub-problems to cross-iteratively optimize the hybrid operations for maximum privacy protection under a certain data utility guarantee. The convergence of the iterative process and the privacy leakage bound of HyObscure are also provided in theory. Extensive experiments demonstrate that HyObscure significantly outperforms a variety of state-of-the-art baseline methods when facing various inference attacks in different scenarios.

computer science, information systems, artificial intelligence,engineering, electrical & electronic

Sen Zhang,Weiwei Ni,Nan Fu

DOI: https://doi.org/10.1016/j.cose.2021.102285

2021-07-01

Abstract:<p>The goal of privacy-preserving graph publishing is to protect individual privacy in released graph data while preserving data utility. Degree distribution, serving as fundamental operations for many graph analysis tasks, is a crucial data utility. Yet, existing methods using differential privacy (DP) cannot well preserve degree distribution, since they distill a graph into a set of structural statistics (e.g. <span class="math"><math>dK</math></span>-series, etc.) that only captures local degree correlations, and require massive noise added to mask the change of a single edge. Recently Generative Adversarial Network for graphs (NetGAN) plays a key role in machine learning, due to its ability to capture the local and global degree distribution of the graph via biased random walks. Further, it allows us to move the burden of privacy-preserving to the learning procedure of its discriminator, rather than the extracted structure features. Inspired by this, we propose Priv-GAN, a private publishing model based on NetGAN. Instead of distilling and then publishing graphs, we publish the Priv-GAN model that is trained using the original data in a DP manner. With Priv-GAN, data holders are able to produce synthetic graph data with degree distribution preservation. Compared to alternative solutions, ours highlights that (i) a private Langevin with gradient estimate is designed as an optimizer for discriminator, which provides a theoretical gradient upper bound and achieves DP by adding noise to the gradients; and (ii) importantly, the error bound of the noisy Langevin method is theoretically analyzed, which demonstrates that with appropriate parameter settings, Priv-GAN is able to maintain high utility guarantees. Experimental results confirm our theoretical findings and the efficacy of Priv-GAN.</p>

computer science, information systems