Aris Gkoulalas-Divanis

An integer programming approach for frequent itemset hiding

The rapid growth of transactional data brought, soon enough, into attention the need of its further exploitation. In this paper, we investigate the problem of securing sensitive knowledge from being exposed in patterns extracted during association rule mining. Instead of hiding the produced rules directly, we decide to hide the sensitive frequent itemsets that may lead to the production of these rules. As a first step, we introduce the notion of distance between two databases and a measure for quantifying it. By trying to minimize the distance between the original database and its sanitized version (that can safely be released), we propose a novel, exact algorithm for association rule hiding and evaluate it on real world datasets demonstrating its effectiveness towards solving the problem.

Providing K-Anonymity in location based services

The offering of anonymity in relational databases has attracted a great deal of attention in the database community during the last decade [4]. Among the different solution approaches that have been proposed to tackle this problem, K-anonymity has received increased attention and has been extensively studied in various forms. New forms of data that come into existence, like location data capturing user movement, pave the way for the offering of cutting edge services such as the prevailing Location Based Services (LBSs). Given that these services assume an in-depth knowledge of the mobile users whereabouts it is certain that the assumed knowledge may breach the privacy of the users. Thus, concrete approaches are necessary to preserve the anonymity of the mobile users when requesting LBSs. In this work, we survey recent advancements for the offering of K-anonymity in LBSs. Most of the approaches that have been proposed heavily depend on a trusted server component -- that acts as an intermediate between the end user and the service provider - to preserve the anonymity of the former entity. Existing approaches are partitioned in three categories: (a) historical K-anonymity, (b) location K-anonymity, and (c) trajectory K-anonymity. In each of these categories we present some of the most prevalentmethodologies that have been proposed and highlight their operation.

Exact Knowledge Hiding through Database Extension

In this paper, we propose a novel, exact border-based approach that provides an optimal solution for the hiding of sensitive frequent itemsets by (i) minimally extending the original database by a synthetically generated database part - the database extension, (ii) formulating the creation of the database extension as a constraint satisfaction problem, (iii) mapping the constraint satisfaction problem to an equivalent binary integer programming problem, (iv) exploiting underutilized synthetic transactions to proportionally increase the support of non-sensitive itemsets, (v) minimally relaxing the constraint satisfaction problem to provide an approximate solution close to the optimal one when an ideal solution does not exist, and (vi) by using a partitioning in the universe of the items to increase the efficiency of the proposed hiding algorithm. Extending the original database for sensitive itemset hiding is proved to provide optimal solutions to an extended set of hiding problems compared to previous approaches and to provide solutions of higher quality. Moreover, the application of binary integer programming enables the simultaneous hiding of the sensitive itemsets and thus allows for the identification of globally optimal solutions.

Association Rule Hiding for Data Mining

Privacy and security risks arising from theapplication of different data mining techniques to large institutional data repositories have been solely investigated by a new research domain, the so-called privacy preserving data mining. Association rule hiding is a new technique in data mining, which studies the problem of hiding sensitive association rules from within the data. Association Rule Hiding for Data Mining addresses the problem of hiding sensitive association rules, and introduces a number of heuristic solutions. Exact solutions of increased time complexity that have been proposed recently are presented, as well as a number of computationally efficient (parallel) approaches that alleviate time complexity problems, along with a thorough discussion regarding closely related problems (inverse frequent item set mining, data reconstruction approaches, etc.). Unsolved problems, future directions and specific examples are provided throughout this book to help the reader study, assimilate and appreciate the important aspects of this challenging problem. Association Rule Hiding for Data Mining is designed for researchers, professors and advanced-level students in computer science studying privacy preserving data mining, association rule mining, and data mining. This book is also suitable for practitioners working in this industry.

A Survey of Association Rule Hiding Methods for Privacy

Data and knowledge hiding are two research directions that investigate how the privacy of raw data, or information, can be maintained either before or after the course of mining the data. By focusing on the knowledge hiding thread, we present a taxonomy and a survey of recent approaches that have been applied to the association rule hiding problem. Association rule hiding refers to the process of modifying the original database in such a way that certain sensitive association rules disappear without seriously affecting the data and the non-sensitive rules. We also provide a thorough comparison of the presented approaches, and we touch upon hiding approaches used for other data mining tasks. A detailed presentation of metrics used to evaluate the performance of those approaches is also given. Finally, we conclude our study by enumerating interesting future directions in this research body.

Hiding sensitive knowledge without side effects

Sensitive knowledge hiding in large transactional databases is one of the major goals of privacy preserving data mining. However, it is only recently that researchers were able to identify exact solutions for the hiding of knowledge, depicted in the form of sensitive frequent itemsets and their related association rules. Exact solutions allow for the hiding of vulnerable knowledge without any critical compromises, such as the hiding of nonsensitive patterns or the accidental uncovering of infrequent itemsets, amongst the frequent ones, in the sanitized outcome. In this paper, we highlight the process of border revision, which plays a significant role towards the identification of exact hiding solutions, and we provide efficient algorithms for the computation of the revised borders. Furthermore, we review two algorithms that identify exact hiding solutions, and we extend the functionality of one of them to effectively identify exact solutions for a wider range of problems (than its original counterpart). Following that, we introduce a novel framework for decomposition and parallel solving of hiding problems, which are handled by each of these approaches. This framework improves to a substantial degree the size of the problems that both algorithms can handle and significantly decreases their runtime. Through experimentation, we demonstrate the effectiveness of these approaches toward providing high quality knowledge hiding solutions.

A privacy-aware trajectory tracking query engine

Advances in telecommunications and GPS sensors technology have made possible the collection of data like time series of locations, related to the movement of individuals. The analysis of this, so-called trajectory data, is beneficial both for the individuals (e.g., through location-based services) and for the community as a whole (e.g., decision support for urban planning or traffic control). However, because of the very nature of this data, strict safeguards must be enforced to ensure the privacy of the individuals, whose movement is recorded.n In this paper, we present a privacy-aware trajectory tracking query engine that offers strict guarantees about what can be observed by untrusted third parties. Through the query engine, subscribed users can gain restricted access to an in-house trajectory data warehouse, to perform certain analysis tasks. In addition to regular queries involving non-spatial non-temporal attributes, the engine supports a variety of spatiotemporal queries, including range queries, nearest neighbor queries and queries for aggregate statistics. The query results are augmented with fake trajectory data (dummies) to fulfil the requirements of K-anonymity. Through qualitative analysis, we prove the effectiveness of our approach towards blocking certain types of attacks, while minimally distorting the dataset.

A Free Terrain Model for Trajectory K---Anonymity

This paper introduces a privacy model for location based services that utilizes collected movement data to identify parts of the user trajectories, where user privacy is at an elevated risk. To protect the privacy of the user, the proposed methodology transforms the original requests into anonymous counterparts by offering trajectory K---anonymity. As a proof of concept, we build a working prototype that implements our solution approach and is used for experimentation and evaluation purposes. Our implementation relies on a spatial DBMS that carries out part of the necessary analysis. Through experiments we demonstrate the effectiveness of our approach to preserve the K---anonymity of the users for as long as the requested services are in progress.

A network aware privacy model for online requests in trajectory data

In this work, we propose a privacy model for online user requests on trajectory data in location based services by utilizing an underlying network of user movement. The privacy model has been implemented as a framework that (i) reconstructs the user movement from a series of independent location updates, (ii) identifies routes where user privacy is at risk, and (iii) transforms user requests into anonymous equivalents. The framework is implemented on top of a spatial database engine that offers a significant portion of the necessary functionality, while provides for its effective deployment.

Privacy in Spatiotemporal Data Mining

Spatio-temporal data due to its time and space dimensions is highly vulnerable nto misuse. In fact, one of the limitations for the deployment of Location nBased Services is privacy concerns. In order to avoid the privacy threats, one napproach would be to suppress the identities of individuals before the data is nreleased. Unfortunately this is not enough since spatio-temporal trajectories ncan easily be linked to individuals using publicly available information such nas home and work addresses. Therefore, new techniques for de-identifying, or nanonymizing spatio-temporal data is needed if the data is going to be handed nover to a third party. Spatio-temporal data anonymization was addressed in nChapter 1. In addition to that, we need to develop privacy preserving data nmining techniques. Time-stamped location observations of an object can not nbe regarded as normal tabular data since spatio-temporal observations of an nobject are not independent. Therefore employing the existing privacy preserving ndata mining techniques as they are would not be enough to solve nour problem. Trajectories, instead of plain spatio-temporal observations need nto be considered from the privacy perspective. Trajectories and trajectory ndatabases are explained in Chapter X. In this chapter, we will concentrate non the previously proposed methods on privacy preserving data mining and nprovide a road-map for the privacy preserving spatio-temporal data mining nmethods.