k-anonymity: Risks and the Reality

2015 IEEE Trustcom/BigDataSE/ISPA Pub Date : 2015-08-20 DOI:10.1109/Trustcom.2015.473

A. Basu, Toru Nakamura, Seira Hidano, S. Kiyomoto

{"title":"k-anonymity: Risks and the Reality","authors":"A. Basu, Toru Nakamura, Seira Hidano, S. Kiyomoto","doi":"10.1109/Trustcom.2015.473","DOIUrl":null,"url":null,"abstract":"Many a time, datasets containing private and sensitive information are useful for third-party data mining. To prevent identification of personal information, data owners release such data using privacy-preserving data publishing techniques. One well-known technique - k-anonymity - proposes that the records be grouped based on quasi-identifiers such that quasi-identifiers in a group have exactly the same values as any other in the same group. This process reduces the worst-case probability of re-identification of the records based on the quasi identifiers to 1/k. The problem of optimal k-anonymisation is NP-hard. Depending on the k-anonymisation method used and the number of quasi identifiers known to the attacker, the probability of re-identification could be lower than the worst-case guarantee. We quantify risk as the probability of re-identification and propose a mechanism to compute the empirical risk with respect to the cost of acquiring the knowledge about quasi-identifiers, using an real-world dataset released with some k-anonymity guarantee. In addition, we show that k-anonymity can be harmful because the knowledge of additional attributes other than quasi-identifiers can raise the probability of re-identification.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE Trustcom/BigDataSE/ISPA","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/Trustcom.2015.473","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 16

Abstract

Many a time, datasets containing private and sensitive information are useful for third-party data mining. To prevent identification of personal information, data owners release such data using privacy-preserving data publishing techniques. One well-known technique - k-anonymity - proposes that the records be grouped based on quasi-identifiers such that quasi-identifiers in a group have exactly the same values as any other in the same group. This process reduces the worst-case probability of re-identification of the records based on the quasi identifiers to 1/k. The problem of optimal k-anonymisation is NP-hard. Depending on the k-anonymisation method used and the number of quasi identifiers known to the attacker, the probability of re-identification could be lower than the worst-case guarantee. We quantify risk as the probability of re-identification and propose a mechanism to compute the empirical risk with respect to the cost of acquiring the knowledge about quasi-identifiers, using an real-world dataset released with some k-anonymity guarantee. In addition, we show that k-anonymity can be harmful because the knowledge of additional attributes other than quasi-identifiers can raise the probability of re-identification.

查看原文本刊更多论文

匿名:风险与现实

很多时候，包含私有和敏感信息的数据集对第三方数据挖掘很有用。为了防止个人信息被识别，数据所有者使用保护隐私的数据发布技术发布这些数据。一种著名的技术——k-匿名——建议基于准标识符对记录进行分组，这样组中的准标识符与组中的任何其他标识符具有完全相同的值。这个过程将基于准标识符重新识别记录的最坏情况概率降低到1/k。最优k-匿名问题是np困难问题。根据所使用的k-匿名方法和攻击者已知的准标识符的数量，重新识别的概率可能低于最坏情况的保证。我们将风险量化为重新识别的概率，并提出了一种机制来计算关于获得准标识符知识的成本的经验风险，使用具有k-匿名保证的真实数据集。此外，我们表明k-匿名可能是有害的，因为除了准标识符之外的其他属性的知识可以提高重新标识的概率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 IEEE Trustcom/BigDataSE/ISPA

自引率

0.00%

发文量