Yu Chuan Tsai

On anonymizing transactions with sensitive items

K-anonymity (Samarati and Sweeny 1998; Samarati, IEEE Trans Knowl Data Eng, 13(6):1010–1027, 2001; Sweeny, Int J Uncertain, Fuzziness Knowl-Based Syst, 10(5):557–570, 2002) and its variants, l-diversity (Machanavajjhala et al., ACM TKDD, 2007) and tcloseness (Li et al. 2007) among others are anonymization techniques for relational data and transaction data, which are used to protect privacy against re-identification attacks. A relational dataset D is k-anonymous if every record in D has at least k-1 other records with identical quasi-identifier attribute values. The combination of released data with external data will never allow the recipient to associate each released record with less than k individuals (Samarati, IEEE Trans Knowl Data Eng, 13(6):1010–1027, 2001). However, the current concept of k-anonymity on transaction data treats all items as quasi-identifiers. The anonymized data set has k identical transactions in groups and suffers from lower data utility (He and Naughton 2009; He et al. 2011; Liu and Wang 2010; Terrovitis et al., VLDB J, 20(1):83–106, 2011; Terrovitis et al. 2008). To improve the utility of anonymized transaction data, this work proposes a novel anonymity concept on transaction data that contain both quasi-identifier items (QID) and sensitive items (SI). A transaction that contains sensitive items must have at least k-1 other identical transactions (Ghinita et al. IEEE TKDE, 33(2):161–174, 2011; Xu et al. 2008). For a transaction that does not contain a sensitive item, no anonymization is required. A transaction dataset that satisfies this property is said to be sensitive k-anonymous. Three algorithms, Sensitive Transaction Neighbors (STN) Gray Sort Clustering (GSC) and Nearest Neighbors for K-anonymization (K-NN), are developed. These algorithms use adding/deleting QID items and only adding SI to achieve sensitive k-anonymity on transaction data. Additionally, a simple “privacy value” is proposed to evaluate the degree of privacy for different types of k-anonymity on transaction data. Extensive numerical simulations were carried out to demonstrate the characteristics of the proposed algorithms and also compared to other types of k-anonymity approaches. The results show that each technique possesses its own advantage under different criteria such as running time, operation, and information loss. The results obtained here can be used as a guideline of the selection of anonymization technique on different data sets and for different applications.

Multi-table association rules hiding

Many approaches for preserving association rule privacy, such as association rule mining outsourcing, association rule hiding, and anonymity, have been proposed. In particular, association rule hiding on single transaction table has been well studied. However, hiding multi-relational association rule in data warehouses is not yet investigated. This work presents a novel algorithm to hide predictive association rules on multiple tables. Given a target predictive item, a technique is proposed to hide multi-relational association rules containing the target item without joining the multiple tables. Examples and analyses are given to demonstrate the efficiency of the approach.

Hiding Sensitive Association Rules on Stars

Current technology for association rules hiding mostly applies to data stored in a single transaction table. This work presents a novel algorithm for hiding sensitive association rules in data warehouses. A data warehouse is typically made up of multiple dimension tables and a fact table as in a star schema. Based on the strategies of reducing the confidence of sensitive association rule and without constructing the whole joined table, the proposed algorithm can effectively hide multi-relational association rules. Examples and analyses are given to demonstrate the efficacy of the approach.

Anonymizing Set-Valued Social Data

The increasing popularity of social networks has generated tremendous amount of data to be exploited for commercial, research and many other valuable applications. However, the release of these data has raised an issue that personal privacy may be breached. Current practices of simply removing all identifiable personal information (such as names and social security numbers) before releasing the data is insufficient. More effective anonymization techniques are required. In this work, we propose a k-anonymization-based technique on set-valued network node data. The proposed algorithm is based on the principle of minimizing the number of addition and deletion operations to achieve k-anonymity. Numerical experiments on real dataset show that it requires less number of operations than current suppression-based approach.

Edge types vs privacy in K-anonymization of shortest paths

Information breaches in social networks and other published data have caused many concerns of privacy issues in recent years. Since information in networks can be modeled as graphs, various techniques have been proposed to preserve privacy of sensitive data on directed/un-directed, weighted/un-weighted graphs. To preserve privacy on graphs, most works for publishing anonymized social networks have attempted to prevent unique patterns to be re-identified, such as, nodes, links, and sub-graphs. In this work, we study the problem of anonymizing sensitive shortest paths in graphs. We examine the concept of k-shortest path privacy, in which at least k indistinguishable shortest paths exist between specified sensitive source and destination vertices. Due to the overlaps of shortest paths, we propose three algorithms to modify three categories of edges to achieve the k-shortest path privacy. Numerical experiments showing the characteristics of the proposed algorithms are given. The results demonstrate that the proposed algorithms are all feasible to achieve k-shortest path privacy, with different degrees of execution times and information losses, and can be served as design reference for shortest path anonymization.

k- -anonymization of multiple shortest paths

The preservation of privacy on information networks has been studied extensively in recent years. Although early work concentrated on preserving sensitive node information and link information to prevent re-identification attacks, recent development has instigated a focus on preserving sensitive edge weight information such as shortest paths. Two types of privacy on edge weights have been proposed. One type of privacy attempts to add random noise edge weights to the graph while still maintaining the same shortest path. The other type of privacy, k-shortest path privacy, minimally perturbs edge weights so that there are at least k shortest paths. However, there might be insufficient paths that can be modified to the same path length. In this work, we present a new concept, called

Extending [K1, K2] Anonymization of Shortest Paths for Social Networks

k^{-}

Bipartite Editing Prediction in Wikipedia

k--shortest path privacy, to allow anonymizing different numbers of shortest paths for different sources and destination vertex pairs. For a given privacy level k and a pair of source and destination vertices with