How to quantify graph De-anonymization risks

Wei Han Lee, Changchang Liu, Shouling Ji, Prateek Mittal, Ruby B. Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

An increasing amount of data are becoming publicly available over the Internet. These data are released after applying some anonymization techniques. Recently, researchers have paid significant attention to analyzing the risks of publishing privacy-sensitive data. Even if data anonymization techniques were applied to protect privacy-sensitive data, several de-anonymization attacks have been proposed to break their privacy. However, no theoretical quantification for relating the data vulnerability against de-anonymization attacks and the data utility that is preserved by the anonymization techniques exists. In this paper, we first address several fundamental open problems in the structure-based de-anonymization research by establishing a formal model for privacy breaches on anonymized data and quantifying the conditions for successful de-anonymization under a general graph model. To the best of our knowledge, this is the first work on quantifying the relationship between anonymized utility and de-anonymization capability. Our quantification works under very general assumptions about the distribution from which the data are drawn, thus providing a theoretical guide for practical de-anonymization/anonymization techniques. Furthermore, we use multiple real-world datasets including a Facebook dataset, a Collaboration dataset, and two Twitter datasets to show the limitations of the state-of-the-art de-anonymization attacks. From these experimental results, we demonstrate the ineffectiveness of previous de-anonymization attacks and the potential of more powerful de-anonymization attacks in the future, by comparing the theoretical de-anonymization capability proposed by us with the practical experimental results of the state-of-the-art de-anonymization methods.

Original languageEnglish (US)
Title of host publicationInformation Systems Security and Privacy - 3rd International Conference, ICISSP 2017, Revised Selected Papers
EditorsPaolo Mori, Olivier Camp, Steven Furnell
PublisherSpringer Verlag
Pages84-104
Number of pages21
ISBN (Print)9783319933535
DOIs
StatePublished - Jan 1 2018
Event3rd International Conference on Information Systems Security and Privacy, ICISSP 2017 - Porto, Portugal
Duration: Feb 19 2017Feb 21 2017

Publication series

NameCommunications in Computer and Information Science
Volume867
ISSN (Print)1865-0929

Other

Other3rd International Conference on Information Systems Security and Privacy, ICISSP 2017
CountryPortugal
CityPorto
Period2/19/172/21/17

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Mathematics(all)

Keywords

  • Anonymization utility
  • De-anonymization capability
  • Structure-based de-anonymization attacks
  • Theoretical bounds

Fingerprint Dive into the research topics of 'How to quantify graph De-anonymization risks'. Together they form a unique fingerprint.

  • Cite this

    Lee, W. H., Liu, C., Ji, S., Mittal, P., & Lee, R. B. (2018). How to quantify graph De-anonymization risks. In P. Mori, O. Camp, & S. Furnell (Eds.), Information Systems Security and Privacy - 3rd International Conference, ICISSP 2017, Revised Selected Papers (pp. 84-104). (Communications in Computer and Information Science; Vol. 867). Springer Verlag. https://doi.org/10.1007/978-3-319-93354-2_5