privacy criteria
DESCRIPTION
PRIVACY CRITERIA. Roadmap. Privacy in Data mining Mobile privacy ( k-e ) – anonymity ( c-k ) – safety Privacy skyline. Privacy in data mining. Random Perturbation (quantitative data) Given value x , return value x + r , r is a random value from a distribution - PowerPoint PPT PresentationTRANSCRIPT
PRIVACY CRITERIA
Roadmap
Privacy in Data mining
Mobile privacy
(k-e) – anonymity
(c-k) – safety
Privacy skyline
Privacy in data mining
Random Perturbation (quantitative data) Given value x, return value x + r, r is a random value from a
distribution Construct decision-tree classifier on perturbed data s.t.
accuracy is comparable to classifiers of original data
Randomized Response (categorical data) Basic idea: disguise data by probabilistically changing the
value of sensitive attribute to another value Distribution of original data can be reconstructed using the
disguised data
Roadmap
Privacy in Data mining
Mobile privacy
(k-e) – anonymity
(c-k) – safety
Privacy skyline
Mobile privacy Spatial cloaking: Cloaked region
Contains location q and at least k-1 other user locations
Circular region of location q Contains location q and number of dummy
locations generated by client Transformation based matching
Transform region through Hilbert curves by using Hilbert keys
Casper: user registers with (k, Amin) profile k: user is k-anonymous Amin : minimum acceptable resolution of the
cloaked spatial region
Roadmap
Privacy in Data mining
Mobile privacy
(k-e) – anonymity
(c-k) – safety
Privacy skyline
(k-e) - anonymity
Privacy protection for numerical sensitive attributes
GOAL: group sensitive attribute values s.t. No less than k distinct values Range of group larger than threshold e
Permutation-based technique to support aggregate queries Constructing help table
Aggregate Query Answering on Anonymized Tables @ ICDE2007
(k-e) - anonymityOriginal Table
Table after Permutation
(k-e) - anonymityTable after Permutation
Help Table
Roadmap
Privacy in Data mining
Mobile privacy
(k-e) – anonymity
(c-k) – safety
Privacy skyline
(c-k) – safety
Goal: quantify background knowledge k of attacker maximum disclosure w.r.t. k is less than threshold
c
Express background knowledge through a language
Worst –Case Background Knowledge for Privacy –Preserving Data Publishing @ ICDE2007
(c-k) – safety
Create buckets , where randomly permute sensitive attribute values within each bucket
Original Table Bucketized Table
(c-k) – safety Bound background knowledge i.e., attacker knows k
basic implications
Atom: tp[S] = s, s S, p Person e.g. tJack[Disease] = flu
Basic implication: For some m, n and Ai, Bi atoms
e.g. tJack[Disease] = flu tCharlie[Disease] = flu
is the language consisting of conjunctions of k basic implications
(c-k) – safety
Find bucketization B of original table s.t. B is (c-k) – safe
The maximum disclosure of B w.r.t is less than threshold c
Roadmap
Privacy in Data mining
Mobile privacy
(k-e) – anonymity
(c-k) – safety
Privacy skyline
Privacy skyline
Original data transformed in Generalized or Bucketized data
Quantify external knowledge through skyline for each sensitive value
External knowledge for each individual Having single sensitive value Having multiple sensitive values
Privacy Skyline: Privacy with Multidimensional Adversarial Knowledge @ VLDB 2007
Privacy skyline Three types of knowledge (l, k, m) e.g.(2, 3, 1)
l: Knowledge about target individual t flueTom[S] and cancerTom[S] (obtained from Tom.s
friend)
k: Knowledge about individuals (u1, ..uk) other than t flue Bob[S] and flue Cary[S] and cancer Frank[S]
(obtained from another hospital) m: Knowledge about the relationship between t
and other individuals (v1, …vm) AIDS Ann[S] AIDS Tom[S] (because Ann is
Tom’s wife)
Privacy skyline Example: knowledge threshold (1, 5, 2) and
confidence c=50% for sensitive value AIDS Adversary knows l≤1 sensitive values that t does
not have Adversary knows sensitive values of k≤5 others Adversary knows m≤2 members in t’s same-value
family
Adversary cannot predict individual t to have AIDS with confidence 50% when the above hold
Privacy skyline
If transformed data D* is safe for (1, 5, 2) it is safe for any (l, k, m) with l≤1, k≤5, m≤2
i.e., the shaded region
Privacy skyline
Skyline for set of incomparable points {(1, 1, 5), (1, 3, 4), (1, 5, 2)}
Privacy skyline
Given a skyline {(l1, k1, m1, c1), …,(lr, kr, mr, cr)}
release candidate D* is safe for sensitive value iff , for i =1 to r
max {Pr( t[S] | Lt, (li, ki, mi), D*)} < ci
maximum probability of a sensitive value to be for individual t w.r.t external knowledge and release candidate is below confidence threshold ci
Original Table Generalize Table
Bucketized Table