nach oben

Knowledge and Information Systems

Erschienen in:

01.07.2013 | Regular Paper

Efficient and flexible anonymization of transaction data

verfasst von: Grigorios Loukides, Aris Gkoulalas-Divanis, Jianhua Shao

Erschienen in: Knowledge and Information Systems | Ausgabe 1/2013

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Transaction data are increasingly used in applications, such as marketing research and biomedical studies. Publishing these data, however, may risk privacy breaches, as they often contain personal information about individuals. Approaches to anonymizing transaction data have been proposed recently, but they may produce excessively distorted and inadequately protected solutions. This is because these approaches do not consider privacy requirements that are common in real-world applications in a realistic and flexible manner, and attempt to safeguard the data only against either identity disclosure or sensitive information inference. In this paper, we propose a new approach that overcomes these limitations. We introduce a rule-based privacy model that allows data publishers to express fine-grained protection requirements for both identity and sensitive information disclosure. Based on this model, we also develop two anonymization algorithms. Our first algorithm works in a top-down fashion, employing an efficient strategy to recursively generalize data with low information loss. Our second algorithm uses sampling and a combination of top-down and bottom-up generalization heuristics, which greatly improves scalability while maintaining low information loss. Extensive experiments show that our algorithms significantly outperform the state-of-the-art in terms of retaining data utility, while achieving good protection and scalability.

Vorheriger Artikel A new approach to radial basis function-based polynomial neural networks: analysis and design

Nächster Artikel DRAL: a tool for discovering relevant e-activities for learners

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

We assume that these methods are applied to non-sensitive items. Otherwise, \(56\) itemsets would receive protection.

Specialization is the reverse operation of generalization [26].

This is the statistically best strategy an attacker can follow [9].

We assume that \(k^m\)-anonymity is applied to public items.

Recall from Sect. 4.1.2 that \(\varTheta \) does not contain rules that are always protected.

These itemsets represent individuals’ sensitive information, which is unknown to an attacker. A similar assumption was made in [87], for individuals’ sensitive values.

http://www.octopus.com.hk.

We employ two hierarchies, for simplicity. Using a single hierarchy containing all items of \(\mathcal I \) is possible, and it requires trivial changes in the process of generating PS-rules.

We do not consider empty \(T_\mathcal{P }\) and \(T_\mathcal{S }\subseteq T_\mathcal{N }\), where \(T_\mathcal{S }\) is the set of sensitive items in \(T\), as they are unlikely to lead to meaningful privacy attacks. Our approach can be trivially modified to deal with such transactions.

Health Insurance Portability and Accountability Act of 1996 United States Public Law

Abul O, Bonchi F, Giannotti F (2010) Hiding sequential and spatiotemporal patterns. TKDE 22(12):1709–1723

Abul O, Bonchi F, Nanni M (2008) Never walk alone: uncertainty for anonymity in moving objects databases. In: ICDE, pp 376–385

Aggarwal CC (2005) On k-anonymity and the curse of dimensionality. In: VLDB, pp 901–909

Aggarwal CC, Li Y, Yu PS (2011) On the hardness of graph anonymization. In: ICDM, pp 1002–1007

Aggarwal CC, Yu PS (2008) Privacy-preserving data mining: models and algorithms. Springer, BerlinCrossRef

Agrawal R, Johnson CM (2007) Securing electronic health records without impeding the flow of information. Int J Med Inform 76(5–6):471–479

Agrawal R, Srikant R (1994) Fast algorithms for mining association rules in large databases. In: VLDB, pp 487–499

Bacchus F, Grove AJ, Halpern JY, Koller D (1996) From statistical knowledge bases to degrees of belief. Artif Intell 87(1–2):75–143

10.

Barak B, Chaudhuri K, Dwork C, Kale S, McSherry F, Talwar K (2007) Privacy, accuracy, and consistency too: a holistic solution to contingency table release. In: PODS, pp 273–282

11.

Barbaro M, Zeller T (2006) A face is exposed for aol searcher no. 4417749. New York Times, Aug

12.

Basu S, Mooney RJ, Pasupuleti KV, Ghosh J (2001) Evaluating the novelty of text-mined rules using lexical knowledge. In: KDD, pp 233–238

13.

Blum A, Dwork C, McSherry F, Nissim K (2005) Practical privacy: the sulq framework. In: PODS, pp 128–138

14.

Bonchi F, Lakshmanan LVS (2011) Trajectory anonymity in publishing personal mobility data. SIGKDD Explor 13(1):30–42CrossRef

15.

Brickell J, Shmatikov V (2008) The cost of privacy: destruction of data-mining utility in anonymized data publishing. In: KDD, pp 70–78

16.

Cao J, Karras P, Raïssi C, Tan K (2010) \(rho\)-Uncertainty: inference-proof transaction anonymization. PVLDB 3(1):1033–1044

17.

Centers for Medicare and Medicaid Services (2011) International classification of diseases, 9th revision, clinical modification (icd-9-cm). http://www.cdc.gov/nchs/icd/icd9cm.htm. Accessed 20 March 2011

18.

Chen K, Liu L (2011) Geometric data perturbation for privacy preserving outsourced data mining. Knowl Inf Syst 29(3):657–695CrossRef

19.

Chen R, Mohammed N, Fung BCM, Desai BC, Xiong L (2011) Publishing set-valued data via differential privacy. PVLDB 4(11):1087–1098

20.

Cormode G (2011) Personal privacy vs population privacy: learning to attack anonymization. In: KDD, pp 1253–1261

21.

Cormode G, Li N, Li T, Srivastava D (2010) Minimizing minimality and maximizing utility: analyzing method-based attacks on anonymized data. PVLDB 3(1):1045–1056

22.

Dwork C (2006) Differential privacy. In: ICALP, pp 1–12

23.

Dwork C (2008) Differential privacy: a survey of results. In: TAMC, pp 1–19

24.

Friedman A, Schuster A (2010) Data mining with differential privacy. In: KDD, pp 493–502

25.

Fung BCM, Wang K, Chen R, Yu PS (2010) Privacy-preserving data publishing: a survey on recent developments. ACM Comput Surv 42(4):1–53

26.

Fung BCM, Wang K, Chen R, Yu PS (2005) Top-down specialization for information and privacy preservation. In: ICDE, pp 205–216

27.

Ghinita G, Kalnis P, Tao Y (2011) Anonymous publication of sensitive transactional data. IEEE TKDE 23(2):161–174

28.

Ghinita G, Karras P, Kalnis P, Mamoulis N (2007) Fast data anonymization with low information loss. In: VLDB, pp 758–769

29.

Ghinita G, Tao Y, Kalnis P (2008) On the anonymization of sparse high-dimensional data. In: ICDE, pp 715–724

30.

Gkoulalas-Divanis A, Loukides G (2011) Revisiting sequential pattern hiding to enhance utility. In: KDD, pp 1316–1324

31.

Gkoulalas-Divanis A, Verykios VS (2009) Hiding sensitive knowledge without side effects. Knowl Inf Syst 20(3):263–299CrossRef

32.

Gkoulalas-Divanis A, Verykios VS, Mokbel MF (2009) Identifying unsafe routes for network-based trajectory privacy. In: SDM, pp 942–953

33.

Hagerup T, Rüb C (1990) A guided tour of chernoff bounds. Inf Process Lett 33(6):305–308MATHCrossRef

34.

Hay M, Li C, Miklau G, Jensen D (2009) Accurate estimation of the degree distribution of private networks. In: ICDM, pp 169–178

35.

He Y, Naughton JF (2009) Anonymization of set-valued data via top-down, local generalization. PVLDB 2(1):934–945

36.

Iyengar VS (2002) Transforming data to satisfy privacy constraints. In: KDD, pp 279–288

37.

Karr AF, Kohnen CN, Oganian A, Reiter JP, Sanil AP (2006) A framework for evaluating the utility of data altered to protect confidentiality. Am Stat 60(3):224–232MathSciNetCrossRef

38.

Khoshgozaran A, Shahabi C, Shirani-Mehr H (2011) Location privacy: going beyond k-anonymity, cloaking and anonymizers. Knowl Inf Syst 26(3):435–465CrossRef

39.

Kifer D, Machanavajjhala A (2011) No free lunch in data privacy. In: SIGMOD, pp 193–204

40.

Korolova A, Kenthapadi K, Mishra N, Ntoulas A (2009) Releasing search queries and clicks privately. In: WWW, pp 171–180

41.

LeFevre K, DeWitt DJ, Ramakrishnan R (2008) Workload-aware anonymization techniques for large-scale datasets. TODS 33(3):1–47

42.

LeFevre K, DeWitt DJ, Ramakrishnan R (2006) Mondrian multidimensional k-anonymity. In: ICDE, p 25

43.

Li J, Liu J, Baig MM, Wong RC (2011) Information based data anonymization for classification utility. DKE 70(12):1030–1045CrossRef

44.

Li N, Li T, Venkatasubramanian S (2007) t-closeness: Privacy beyond k-anonymity and l-diversity. In: ICDE, pp 106–115

45.

Li T, Li N (2006) Optimal k-anonymity with flexible generalization schemes through bottom-up searching. In: ICDMW, pp 518–523

46.

Liu B, Hsu W, Chen S (1997) Using general impressions to analyze discovered classification rules. In: KDD, pp 31–36

47.

Liu B, Hsu W, Wang K, Chen S (1999) Visually aided exploration of interesting association rules. In: PAKDD, pp 380–389

48.

Liu J, Wang K (2010) Anonymizing transaction data by integrating suppression and generalization. In: PAKDD, pp 171–180

49.

Loukides G, Denny JC, Malin B (2010) The disclosure of diagnosis codes can breach research participants’ privacy. J Am Med Inform Assoc 17(3):322–327

50.

Loukides G, Gkoulalas-Divanis A, Malin B (2010) Anonymization of electronic medical records for validating genome-wide association studies. Proc Natl Acad Sci 17(107):7898–7903CrossRef

51.

Loukides G, Gkoulalas-Divanis A, Malin B (2011) COAT: Constraint-based anonymization of transactions. Knowl Inf Syst 28(2):251–282CrossRef

52.

Loukides G, Gkoulalas-Divanis A, Shao J (2010) Anonymizing transaction data to eliminate sensitive inferences. In: DEXA, pp 400–415

53.

Machanavajjhala A, Gehrke J, Götz M (2009) Data publishing against realistic adversaries. PVLDB 2(1):790–801

54.

Machanavajjhala A, Gehrke J, Kifer D, Venkitasubramaniam M (2006) l-diversity: privacy beyond k-anonymity. In: ICDE, p 24

55.

Machanavajjhala A, Kifer D, Abowd JM, Gehrke J, Vilhuber L (2008) Privacy: theory meets practice on the map. In: ICDE, pp 277–286

56.

Medforth N, Wang K (2011) Privacy risk in graph stream publishing for social network data. In: ICDM, pp 437–446

57.

Meyerson A, Williams R (2004) On the complexity of optimal k-anonymity. In: PODS, pp 223–228

58.

Mohammed N, Chen R, Fung BCM, Yu PS (2011) Differentially private data release for data mining. In: KDD, pp 493–501

59.

Mohammed N, Fung BCM, Debbabi M (2009) Walking in the crowd: anonymizing trajectory data for pattern analysis. In: CIKM, pp 1441–1444

60.

Mohammed N, Fung BCM, Hung PCK, Lee C (2009) Anonymizing healthcare data: a case study on the blood transfusion service. In: KDD, pp 1285–1294

61.

Mohammed N, Fung BCM, Hung PCK, Lee C (2010) Centralized and distributed anonymization for high-dimensional healthcare data. TKDD 4(4):18CrossRef

62.

Narayanan A, Shmatikov V (2008) Robust de-anonymization of large sparse datasets. In: IEEE S&P, pp 111–125

63.

Nergiz ME, Atzori M, Clifton C (2007) Hiding the presence of individuals from shared databases. In: SIGMOD’07, pp 665–676

64.

Nergiz ME, Clifton C, Nergiz AE (2009) Multirelational k-anonymity. TKDE 21(8):1104–1117

65.

Texas Dept. of State Health Services (2008) User manual of texas hospital inpatient discharge public use data file. http://www.dshs.state.tx.us/THCIC/

66.

Oliveira SRM, Zaïane OR (2003) Protecting sensitive knowledge by data sanitization. In: ICDM, pp 613–616

67.

Qiu L, Li Y, Wu X (2008) Protecting business intelligence and customer privacy while outsourcing data mining tasks. Knowl Inf Syst 17(1):99–120CrossRef

68.

Samarati P (2001) Protecting respondents identities in microdata release. TKDE 13(9):1010–1027

69.

Srikant R, Vu Q, Agrawal R (1997) Mining association rules with item constraints. In: KDD, pp 67–73

70.

Sweeney L (2002) k-Anonymity: a model for protecting privacy. IJUFKS 10(5):557–570MathSciNetMATH

71.

Tai C, Yu P, Yang D, Chen M (2011) Privacy-preserving social network publication against friendship attacks. In: KDD, pp 1262–1270

72.

Teng Z, Du W (2009) A hybrid multi-group approach for privacy-preserving data mining. Knowl Inf Syst 19(2):133–157CrossRef

73.

Terrovitis M, Mamoulis N (2008) Privacy preservation in the publication of trajectories. In: MDM, pp 65–72

74.

Terrovitis M, Mamoulis N, Kalnis P (2008) Privacy-preserving anonymization of set-valued data. PVLDB 1(1):115–125

75.

Terrovitis M, Mamoulis N, Kalnis P (2011) Local and global recoding methods for anonymizing set-valued data. VLDB J 20(1):83–106CrossRef

76.

Velardi P, Cucchiarelli A, Petit M (2007) A taxonomy learning method and its application to characterize a scientific web community. TKDE 19(2):180–191

77.

Verykios V, Elmagarmid AK, Bertino E, Saygin Y, Dasseni E (2004) Association rule hiding. TKDE 16(4):434–447

78.

Wang K, Fung BCM, Yu PS (2007) Handicapping attacker’s confidence: an alternative to k-anonymization. Knowl Inf Syst 11(3):345–368CrossRef

79.

Wang K, Fung BCM, Yu PS (2005) Template-based privacy preservation in classification problems. In: ICDM, pp 466–473

80.

Wang K, Xu Y, Fu A, Wong RCW (2009) FF-anonymity: when quasi-identifiers are missing. In: ICDE, pp 1136–1139

81.

Wong RCW, Fu A, Wang K, Pei J (2007) Minimality attack in privacy preserving data publishing. In: VLDB, pp 543–554

82.

Wong RCW, Fu A, Wang K, Pei J (2009) Anonymization-based attacks in privacy-preserving data publishing. TODS 34(2):1–46

83.

Wong RCW, Li J, Fu A, Wang K (2006) Alpha-k-anonymity: an enhanced k-anonymity model for privacy-preserving data publishing. In: KDD, pp 754–759

84.

Xiao X, Tao Y (2006) Anatomy: simple and effective privacy preservation. In: VLDB, pp 139–150

85.

Xiao X, Tao Y (2006) Personalized privacy preservation. In: SIGMOD, pp 229–240

86.

Xiao X, Tao Y (2007) M-invariance: towards privacy preserving re-publication of dynamic datasets. In: SIGMOD, pp 689–700

87.

Xiao X, Tao Y, Koudas N (2010) Transparent anonymization: Thwarting adversaries who know the algorithm. TODS 35(2):1–48

88.

Xiao X, Wang G, Gehrke J (2010) Differential privacy via wavelet transforms. In: ICDE, pp 225–236

89.

Xu J, Wang W, Pei J, Wang X, Shi B, Fu AW-C (2006) Utility-based anonymization using local recoding. In: KDD, pp 785–790

90.

Xu Y, Fung BCM, Wang K, Fu AW, Pei J (2008) Publishing sensitive transactions for itemset utility. In: ICDM, pp 1109–1114

91.

Xu Y, Wang K, Fu AW-C, Yu PS (2008) Anonymizing transaction databases for publication. In: KDD, pp 767–775

92.

Yakut I, Polat H (2012) Privacy-preserving hybrid collaborative filtering on cross distributed data. Knowl Inf Syst 30(2):405–433CrossRef

93.

Ying X, Wu X (2011) On link privacy in randomizing social networks. Knowl Inf Syst 28(3):645–663CrossRef

94.

Zhang L, Jajodia S, Brodsky A (2007) Information disclosure under realistic assumptions: privacy versus optimality. In: CCS, pp 573–583

95.

Zhou B, Pei J (2011) The k-anonymity and l-diversity approaches for privacy preservation in social networks against neighborhood attacks. Knowl Inf Syst 28(1):47–77MathSciNetCrossRef

Titel: Efficient and flexible anonymization of transaction data
verfasst von: Grigorios Loukides
Aris Gkoulalas-Divanis
Jianhua Shao
Publikationsdatum: 01.07.2013
Verlag: Springer-Verlag
Erschienen in: Knowledge and Information Systems / Ausgabe 1/2013
Print ISSN: 0219-1377
Elektronische ISSN: 0219-3116
DOI: https://doi.org/10.1007/s10115-012-0544-3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 1/2013

Out-of-core detection of periodicity from sequence databases

A new approach for maximizing bichromatic reverse nearest neighbor search

Exploring heterogeneous information networks and random walk with restart for academic search

Towards graphical models for text processing

Common understanding in a multi-agent system using ontology-guided learning

DRAL: a tool for discovering relevant e-activities for learners

Premium Partner