Re-identification Attack based on Few-Hints Dataset Enrichment for Ubiquitous Applications

2022 IEEE 8th World Forum on Internet of Things (WF-IoT) Pub Date : 2022-10-26 DOI:10.1109/WF-IoT54382.2022.10152275

Andrea Artioli, L. Bedogni, M. Leoncini

{"title":"Re-identification Attack based on Few-Hints Dataset Enrichment for Ubiquitous Applications","authors":"Andrea Artioli, L. Bedogni, M. Leoncini","doi":"10.1109/WF-IoT54382.2022.10152275","DOIUrl":null,"url":null,"abstract":"Ubiquitous and pervasive applications record a large amount of data about users, to provide context-aware and tailored services. Although this enables more personalized applications, it also poses several questions concerning the possible misuse of such data by a malicious entity, which may discover private and sensitive information about the users themselves. In this paper we propose an attack on ubiquitous applications pseudo-anonymized datasets which can be leaked or accessed by the attacker. We enrich the data with true information which the attacker can obtain from a multitude of sources, which will eventually spark a chain reaction on the records of the dataset, possibly re-identifying users. Our results indicate that through this attack, and with few hints added to the dataset, the possibility of re-identification are considerable, achieving more than 70% re-identified users on a public available dataset. We compare our proposal with the state of the art, showing the improved performance figures obtained thanks to the graph-modeling of the dataset records and the novel hint structure.","PeriodicalId":176605,"journal":{"name":"2022 IEEE 8th World Forum on Internet of Things (WF-IoT)","volume":"66 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 8th World Forum on Internet of Things (WF-IoT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WF-IoT54382.2022.10152275","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Ubiquitous and pervasive applications record a large amount of data about users, to provide context-aware and tailored services. Although this enables more personalized applications, it also poses several questions concerning the possible misuse of such data by a malicious entity, which may discover private and sensitive information about the users themselves. In this paper we propose an attack on ubiquitous applications pseudo-anonymized datasets which can be leaked or accessed by the attacker. We enrich the data with true information which the attacker can obtain from a multitude of sources, which will eventually spark a chain reaction on the records of the dataset, possibly re-identifying users. Our results indicate that through this attack, and with few hints added to the dataset, the possibility of re-identification are considerable, achieving more than 70% re-identified users on a public available dataset. We compare our proposal with the state of the art, showing the improved performance figures obtained thanks to the graph-modeling of the dataset records and the novel hint structure.

查看原文本刊更多论文

泛在应用中基于少提示数据集充实的重识别攻击

无处不在的应用程序记录大量关于用户的数据，以提供上下文感知和量身定制的服务。虽然这可以实现更个性化的应用程序，但它也提出了一些问题，即恶意实体可能滥用这些数据，从而发现有关用户自身的私人和敏感信息。本文提出了一种攻击无处不在的应用程序的伪匿名数据集的方法，该方法可以被攻击者泄露或访问。我们用攻击者可以从众多来源获得的真实信息来丰富数据，这将最终在数据集的记录上引发连锁反应，可能重新识别用户。我们的结果表明，通过这种攻击，并且在数据集中添加很少的提示，重新识别的可能性是相当大的，在公共可用数据集中实现超过70%的重新识别用户。我们将我们的建议与最先进的技术进行了比较，显示了由于数据集记录的图形建模和新的提示结构而获得的改进的性能数据。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 IEEE 8th World Forum on Internet of Things (WF-IoT)

自引率

0.00%

发文量