Fast Data Anonymization with Low Information Loss 1 National University of Singapore 2 Hong Kong University

Slides:

Advertisements

Similar presentations

Authors: Jianneng Cao, Panagiotis Karras, Panos Kalnis, Kian-Lee Tan

Advertisements

Anonymity for Continuous Data Publishing

A Privacy Preserving Index for Range Queries

Simulatability “The enemy knows the system”, Claude Shannon CompSci Instructor: Ashwin Machanavajjhala 1Lecture 6 : Fall 12.

Wang, Lakshmanan Probabilistic Privacy Analysis of Published Views, IDAR'07 Probabilistic Privacy Analysis of Published Views Hui (Wendy) Wang Laks V.S.

Fast Algorithms For Hierarchical Range Histogram Constructions

Anonymizing Location-based data Jarmanjit Singh Jar_sing(at)encs.concordia.ca Harpreet Sandhu h_san(at)encs.concordia.ca Qing Shi q_shi(at)encs.concordia.ca.

M-Invariance: Towards Privacy Preserving Re-publication of Dynamic Datasets by Tyrone Cadenhead.

Template-Based Privacy Preservation in Classification Problems IEEE ICDM 2005 Benjamin C. M. Fung Simon Fraser University BC, Canada Ke.

Towards Estimating the Number of Distinct Value Combinations for a Set of Attributes Xiaohui Yu 1, Calisto Zuzarte 2, Ken Sevcik 1 1 University of Toronto.

Privacy-Preserving Data Publishing Donghui Zhang Northeastern University Acknowledgement: some slides come from Yufei Tao and Dimitris Sacharidis.

Data Anonymization - Generalization Algorithms Li Xiong CS573 Data Privacy and Anonymity.

Anonymizing Healthcare Data: A Case Study on the Blood Transfusion Service Benjamin C.M. Fung Concordia University Montreal, QC, Canada

Personalized Privacy Preservation Xiaokui Xiao, Yufei Tao City University of Hong Kong.

1 Privacy in Microdata Release Prof. Ravi Sandhu Executive Director and Endowed Chair March 22, © Ravi Sandhu.

PRIVACY AND SECURITY ISSUES IN DATA MINING P.h.D. Candidate: Anna Monreale Supervisors Prof. Dino Pedreschi Dott.ssa Fosca Giannotti University of Pisa.

Anatomy: Simple and Effective Privacy Preservation Xiaokui Xiao, Yufei Tao Chinese University of Hong Kong.

Privacy Preserving Data Publication Yufei Tao Department of Computer Science and Engineering Chinese University of Hong Kong.

Subscription Subsumption Evaluation for Content-Based Publish/Subscribe Systems Hojjat Jafarpour, Bijit Hore, Sharad Mehrotra, and Nalini Venkatasubramanian.

1 On the Anonymization of Sparse High-Dimensional Data 1 National University of Singapore 2 Chinese University of Hong.

Anatomy: Simple and Effective Privacy Preservation Israel Chernyak DB Seminar (winter 2009)

PRIVÉ : Anonymous Location-Based Queries in Distributed Mobile Systems 1 National University of Singapore 2 University.

Tracking Moving Objects in Anonymized Trajectories Nikolay Vyahhi 1, Spiridon Bakiras 2, Panos Kalnis 3, and Gabriel Ghinita 3 1 St. Petersburg State University.

Ad-hoc Distributed Spatial Joins on Mobile Devices Panos Kalnis, Xiaochen Li National University of Singapore Nikos Mamoulis The University of Hong Kong.

MobiHide: A Mobile Peer-to-Peer System for Anonymous Location-Based Queries Gabriel Ghinita, Panos Kalnis, Spiros Skiadopoulos National University of Singapore.

PRIVACY CRITERIA. Roadmap Privacy in Data mining Mobile privacy (k-e) – anonymity (c-k) – safety Privacy skyline.

Anonymization of Set-Valued Data via Top-Down, Local Generalization Yeye He Jeffrey F. Naughton University of Wisconsin-Madison 1.

Privacy-preserving Anonymization of Set Value Data Manolis Terrovitis, Nikos Mamoulis University of Hong Kong Panos Kalnis National University of Singapore.

Privacy-preserving Anonymization of Set Value Data Manolis Terrovitis Institute for the Management of Information Systems (IMIS), RC Athena Nikos Mamoulis.

Database Laboratory Regular Seminar TaeHoon Kim.

Task 1: Privacy Preserving Genomic Data Sharing Presented by Noman Mohammed School of Computer Science McGill University 24 March 2014.

R 18 G 65 B 145 R 0 G 201 B 255 R 104 G 113 B 122 R 216 G 217 B 218 R 168 G 187 B 192 Core and background colors: 1© Nokia Solutions and Networks 2014.

Preserving Privacy in Published Data

Strategic Modeling of Information Sharing among Data Privacy Attackers Quang Duong, Kristen LeFevre, and Michael Wellman University of Michigan Presented.

Gabriel Ghinita1 Panos Kalnis1 Ali Khoshgozaran2 Cyrus Shahabi2

Publishing Microdata with a Robust Privacy Guarantee

APPLYING EPSILON-DIFFERENTIAL PRIVATE QUERY LOG RELEASING SCHEME TO DOCUMENT RETRIEVAL Sicong Zhang, Hui Yang, Lisa Singh Georgetown University August.

CS573 Data Privacy and Security Statistical Databases

Differentially Private Data Release for Data Mining Noman Mohammed*, Rui Chen*, Benjamin C. M. Fung*, Philip S. Yu + *Concordia University, Montreal, Canada.

Background Knowledge Attack for Generalization based Privacy- Preserving Data Mining.

CS573 Data Privacy and Security Anonymization methods Li Xiong.

Accuracy-Constrained Privacy-Preserving Access Control Mechanism for Relational Data.

K-Anonymity & Algorithms

Data Anonymization (1). Outline  Problem  concepts  algorithms on domain generalization hierarchy  Algorithms on numerical data.

Data Anonymization – Introduction and k-anonymity Li Xiong CS573 Data Privacy and Security.

Security Control Methods for Statistical Database Li Xiong CS573 Data Privacy and Security.

Hybrid l-Diversity* Mehmet Ercan NergizMuhammed Zahit GökUfuk Özkanlı

Preservation of Proximity Privacy in Publishing Numerical Sensitive Data J. Li, Y. Tao, and X. Xiao SIGMOD 08 Presented by Hongwei Tian.

The Impact of Duality on Data Synopsis Problems Panagiotis Karras KDD, San Jose, August 13 th, 2007 work with Dimitris Sacharidis and Nikos Mamoulis.

On the Approximability of Geometric and Geographic Generalization and the Min- Max Bin Covering Problem Michael T. Goodrich Dept. of Computer Science joint.

Privacy vs. Utility Xintao Wu University of North Carolina at Charlotte Nov 10, 2008.

Wei-Shinn Ku Slide 1 Auburn University Computer Science and Software Engineering Query Integrity Assurance of Location-based Services Accessing Outsourced.

A Hybrid Technique for Private Location-Based Queries with Database Protection Gabriel Ghinita 1 Panos Kalnis 2 Murat Kantarcioglu 3 Elisa Bertino 1 1.

Privacy-preserving data publishing

The Impact of Duality on Data Representation Problems Panagiotis Karras HKU, June 14 th, 2007.

1/3/ A Framework for Privacy- Preserving Cluster Analysis IEEE ISI 2008 Benjamin C. M. Fung Concordia University Canada Lingyu.

Thesis Sumathie Sundaresan Advisor: Dr. Huiping Guo.

Trajectory Simplification: On Minimizing the Direction-based Error

Data Anonymization - Generalization Algorithms Li Xiong, Slawek Goryczka CS573 Data Privacy and Anonymity.

Secure Data Outsourcing

Yang, et al. Differentially Private Data Publication and Analysis. Tutorial at SIGMOD’12 Part 4: Data Dependent Query Processing Methods Yin “David” Yang.

Privacy-Preserving Publication of User Locations in the Proximity of Sensitive Sites Bharath Krishnamachari Gabriel Ghinita Panos Kalnis National University.

Personalized Privacy Preservation: beyond k-anonymity and ℓ-diversity SIGMOD 2006 Presented By Hongwei Tian.

Output Perturbation with Query Relaxation By: XIAO Xiaokui and TAO Yufei Presenter: CUI Yingjie.

Privacy Issues in Graph Data Publishing Summer intern: Qing Zhang (from NC State University) Mentors: Graham Cormode and Divesh Srivastava.

Fast Data Anonymization with Low Information Loss

Xiaokui Xiao and Yufei Tao Chinese University of Hong Kong

ADAPTIVE DATA ANONYMIZATION AGAINST INFORMATION FUSION BASED PRIVACY ATTACKS ON ENTERPRISE DATA Srivatsava Ranjit Ganta, Shruthi Prabhakara, Raj Acharya.

Privacy Preserving Data Publishing

Presented by : SaiVenkatanikhil Nimmagadda

Presentation transcript:

Fast Data Anonymization with Low Information Loss 1 National University of Singapore 2 Hong Kong University Gabriel Ghinita 1 Panagiotis Karras 2 Panos Kalnis 1 Nikos Mamoulis 2

Privacy-Preserving Data Publishing  Large amounts of public data Research or statistical purposes e.g. distribution of disease for age, city  Data may contain sensitive information Ensure data privacy

Privacy Violation Example AgeZipCodeDisease Ulcer Pneumonia Flu Gastritis Dyspepsia Dyspepsia NameAgeZipCodeDisease Andy Ulcer Bill Pneumonia Ken Flu Nash Gastritis Mike Dyspepsia Sam Dyspepsia (a) Microdata (b) Voting Registration List (public)

k-anonymity [Sam01] AgeZipCodeDisease Ulcer Pneumonia Flu Gastritis Dyspepsia Dyspepsia [Sam01] P. Samarati, "Protecting Respondent's Privacy in Microdata Release," in IEEE TKDE, vol. 13, n. 6, November/December 2001, pp NameAgeZipCodeDisease Andy Ulcer or Pneumonia Bill Ken Flu or Gastritis Nash Mike Dyspepsia Sam (a) 2-anonymous microdata(b) Voting Registration List (public)  QID generalization or suppression Privacy Violation!

ℓ-diversity [MGKV06]  At least ℓ sensitive attribute (SA) values “well-represented” in each group e.g. freq. of an SA value in a group < 1/ℓ [MGKV06] A. Machanavajjhala et al. ℓ -diversity: Privacy Beyond k-anonymity, Proceedings of the 22nd International Conference on Data Engineering (ICDE), 2006

Problem Statement  Find k-anonymous/ℓ-diverse transformation  Minimize information loss  Incur reduced anonymization overhead

Contributions  1D QID Linear, optimal k-anonymous partitioning Polynomial, optimal ℓ-diverse partitioning Linear heuristic for ℓ-diverse partitioning  Generalization to multi-dimensional QID Multi-to-1D mapping  Hilbert Space-Filling Curve  i-Distance Apply 1D algorithms

Multi-dimensional QID  Dimensionality Mapping

State-of-the-art: Mondrian [FWR06]  Generalization-based data-space partitioning similar to k-d-trees  split recursively as long as privacy condition holds k = 2 [FWR06] K. LeFevre et al. Mondrian Multidimensional k-anonymity, Proceedings of the 22nd International Conference on Data Engineering (ICDE), 2006 Age Weight

Motivating Example Age Weight Mondrian k-anonymity, k = 4

Motivating Example Age Weight Our Method k-anonymity, k = 4

Motivating Example Age Weight ℓ -diversity, ℓ = 3 Mondrian Performs NO SPLIT!

Motivating Example Age Weight ℓ -diversity, ℓ = 3Our Method

State-of-the-art: Anatomy [XT06]  Permutation-based method discloses exact QID values vulnerable to presence attacks Disease Ulcer(1) Pneumonia(1) Flu(1) Dyspepsia(1) Gastritis(1) Dyspepsia(1) [XT06] X. Xiao and Y. Tao. Anatomy: simple and effective privacy preservation, Proceedings of the 32nd international conference on Very Large Data Bases (VLDB), 2006 AgeZipCode AgeZipCodeDisease Ulcer Pneumonia Flu Gastritis Dyspepsia Dyspepsia “Anatomized” table |G|! permutations

Limitation of Anatomy 20QID: SA: D2D3D1Alzheimer

Information Loss (Numerical Data) Age Weight G

Information Loss (Categorical Data) IL = IL({Italy, Spain}) = 3/5

Optimal 1D k-anonymity  Properties of optimal solution Groups do not overlap in QID space Group size bounded by 2k-1  DP Formulation O(kN) j: end record of previous group i: end record candidates for current group

Optimal 1D ℓ-diversity  Properties of optimal solution Group size bounded by 2ℓ-1 But groups MAY overlap in QID space  SA Domain Representation

Group Order Property violation of group order Order of groups in each domain is THE SAME Optimal grouping

Border Order Property “begin” and “end” records in each group follow the same order violation of border order Optimal grouping

Cover Property record r that can be added to two groups should belong to the “closest” group to r violation of cover order Optimal grouping

1D ℓ-diversity Heuristic  Optimal algorithm is polynomial But may be costly in practice  Linear heuristic algorithm Considers single “frontier of search” Frontier consists of first non-assigned record in each domain

1D ℓ-diversity Heuristic G1G1 G2G2 G4G4 G3G3  use “frontier” of search  check “eligibility condition” (for termination) ℓ=3ℓ=3

Experimental Setting  Census dataset Data about 500,000 individuals  General purpose information loss metric Based on group extent in QID space  OLAP query accuracy KL-divergence pdf distance

k-anonymity

ℓ-diversity: General Info. Loss

OLAP Queries  Distance between actual and approximate OLAP cubes SELECT QT1, QT2,..., QTi, COUNT(*) FROM Data WHERE SA = val GROUP BY QT1, QT2,..., QTi

OLAP Query Accuracy

Conclusions  Framework for k-anonymity and ℓ-diversity Transform the multi-D QID problem to 1-D Apply linear optimal/heuristic 1D algorithms  Results Clearly superior utility to Mondrian, with comparable execution time Similar (or better) utility as Anatomy for aggregate queries, where Anatomy excels