data anonymization generalization algorithms
play

Data Anonymization - Generalization Algorithms Li Xiong CS573 Data - PowerPoint PPT Presentation

Jan 23, 2024 •329 likes •790 views

Data Anonymization - Generalization Algorithms Li Xiong CS573 Data Privacy and Anonymity Generalization and Suppression Generalization Suppression Replace the value with a less Do not release a Z2 = {410**} value at all

  1. Data Anonymization - Generalization Algorithms Li Xiong CS573 Data Privacy and Anonymity

  2. Generalization and Suppression  • Generalization  Suppression  Replace the value with a less  Do not release a Z2 = {410**} value at all specific but semantically consistent value Z1 = {4107*. 4109*} Z0 = {41075, 41076, 41095, 41099} # Zip Age Nationality Condition 1 41076 < 40 * Heart Disease 2 48202 < 40 * Heart Disease S1 = {Person} 3 41076 < 40 * Cancer S0 = {Male, Female} 4 48202 < 40 * Cancer

  3. Complexity Search Space: • Number of generalizations =  (Max level of generalization for attribute i + 1) attrib i If we allow generalization to a different level for each value of an attribute: • Number of generalizations =  (Max level of generalization for attribute i + 1) #tuples attrib i 3

  4. Hardness result  Given some data set R and a QI Q , does R satisfy k-anonymity over Q ?  Easy to tell in polynomial time, NP!  Finding an optimal anonymization is not easy  NP-hard: reduction from k-dimensional perfect matching  A polynomial solution implies P = NP A. Meyerson and R. Williams. On the complexity of optimal k-anonymity. In PODS’04.

  5. Taxonomy of Generalization Algorithms  Top-down specialization vs. bottom-up generalization  Global (single dimensional) vs. local (multi- dimensional)  Complete (optimal) vs. greedy (approximate)  Hierarchy-based (user defined) vs. partition- based (automatic) K. LeFerve, D. J. DeWitt, and R. Ramakrishnan. Incognito: Efficient Full-Domain K-Anonymity. In SIGMOD 05

  6. Generalization algorithms  Early systems  µ-Argus, Hundpool, 1996 - Global, bottom-up, greedy  Datafly, Sweeney, 1997 - Global, bottom-up, greedy  k-anonymity algorithms  AllMin, Samarati, 2001 - Global, bottom-up, complete, impractical  MinGen, Sweeney, 2002 - Global, bottom-up, complete, impractical  Bottom-up generalization, Wang, 2004 – Global, bottom-up, greedy  TDS (Top-Down Specialization), Fung, 2005 - Global, top-down, greedy  K-OPTIMIZE, Bayardo, 2005 – Global, top-down, partition-based, complete  Incognito, LeFevre, 2005 – Global, bottom-up, hierarchy-based, complete  Mondrian, LeFevre, 2006 – Local, top-down, partition-based, greedy

  7. µ-Argus  Hundpool and Willenborg, 1996  Greedy approach  Global generalization with tuple suppression  Not guaranteeing k-anonymity

  8. µ -Argus µ -Argus algorithm

  9. µ-Argus

  10. Problems With µ-Argus 1. Only 2- and 3- combinations are examined, there may exist 4 combinations that are unique – may not always satisfy k-anonymity 2. Enforce generalization at the attribute level (global) – may over generalize

  11. The Datafly System  Sweeney, 1997  Greedy approach  Global generalization with tuple suppression

  12. Core Datafly Algorithm Datafly Algorithm

  13. Datafly MGT resulting from Datafly, k =2, QI={ Race , Birthdate , Gender , ZIP }

  14. Problems With Datafly 1. Generalizing all values associated with an attribute (global) 2. Suppressing all values within a tuple (global) 3. Selecting the attribute with the greatest number of distinct values as the one to generalize first – computationally efficient but may over generalize

  15. Generalization algorithms Early systems  µ-Argus, Hundpool, 1996 - Global, bottom-up, greedy  Datafly, Sweeney, 1997 - Global, bottom-up, greedy   k-anonymity algorithms AllMin, Samarati, 2001 - Global, bottom-up, complete, impractical  MinGen, Sweeney, 2002 - Global, bottom-up, complete, impractical  Bottom-up generalization, Wang, 2004 – Global, bottom-up, greedy  TDS (Top-Down Specialization), Fung, 2005 - Global, top-down, greedy  K-OPTIMIZE, Bayardo, 2005 – Global, top-down, partition-based, complete  Incognito, LeFevre, 2005 – Global, bottom-up, hierarchy-based, complete  Mondrian, LeFevre, 2006 – Local, top-down, partition-based, greedy 

  16. K-OPTIMIZE  Practical solution to guarantee optimality  Main techniques  Framing the problem into a set-enumeration search problem  Tree-search strategy with cost-based pruning and dynamic search rearrangement  Data management strategies 1/22/2009 16

  17. Anonymization Strategies  Local suppression  Delete individual attribute values  E.g. <Age=50, Gender=M, State=CA>  Global attribute generalization  Replace specific values with more general ones for an attribute  Numeric data: partitioning of the attribute domain into intervals. E.g. Age={[1-10],...,[91- 100]}  Categorical data: generalization hierarchy supplied by users. E.g. Gender = [M or F] 1/22/2009 17

  18. K-Anonymization with Suppression  K-anonymization with suppression  Global attribute a 1 a m generalization with local suppression of outlier v 1,1 … v 1,m tuples. … E {  Terminologies  Dataset: D v 1,n v n,m  Anonymization: {a 1 , …, a m }  Equivalent classes: E 1/22/2009 18

  19. Finding Optimal Anonymization  Optimal anonymization determined by a cost metric  Cost metrics  Discernibility metric: penalty for non- suppressed tuples and suppressed tuples  Classification metric 1/22/2009 19

  20. Modeling Anonymizations  Assume a total order over the set of all attribute domain  Set representation for anonymization  E.g. Age: <[10-29], [30-49]>, Gender: <[M or F]>, Marital Status: <[Married], [Widowed or Divorced], [Never Married]>  {1, 2, 4, 6, 7, 9} -> {2, 7, 9}  Power set representation for entire anonymization space  Power set of {2, 3, 5, 7, 8, 9} - order of 2 n !  {} – most general anonymization  {2,3,5,7,8,9} – most specific anonymization 1/22/2009 20

  21. Optimal Anonymization Problem  Goal  Find the best anonymization in the powerset with lowest cost  Algorithm  set enumeration search through tree expansion - size 2 n Set enumeration tree over  Top-down depth first search powerset of {1,2,3,4}  Heuristics  Cost-based pruning  Dynamic tree rearrangement 1/22/2009 21

  22. Node Pruning through Cost Bounding  Intuitive idea  prune a node H if none of its descendents can be optimal  Cost lower-bound of H subtree of H  Cost of suppressed tuples bounded by H A  Cost of non-suppressed tuples bounded by A 1/22/2009 22

  23. Useless Value Pruning  Intuitive idea  Prune useless values that have no hope of improving cost  Useless values  Only split equivalence classes into suppressed equivalence classes (size < k) 1/22/2009 23

  24. Tree Rearrangement  Intuitive idea  Dynamically reorder tree to increase pruning opportunities  Heuristics  sort the values based on the number of equivalence classes induced 1/22/2009 24

  25. Experiments  Adult census dataset  30k records and 9 attributes  Fine: powerset of size 2 160  Evaluations of performance and optimal cost  Comparison with greedy/stochastic method  2-phase greedy generalization/specialization  Repeated process 1/22/2009 25

  26. Results – Comparison  None of the other optimal algorithms can handle the census data  Greedy approaches, while executing quickly, produce highly sub- optimal anonymizations  Comparison with 2-phase method (greedy + stochastic) 1/22/2009 26

  27. Comments  Interesting things to think about  Domains without hierarchy or total order restrictions  Other cost metrics  Global generalization vs. local generalization 1/22/2009 27

  28. Generalization algorithms Early systems  µ-Argus, Hundpool, 1996 - Global, bottom-up, greedy  Datafly, Sweeney, 1997 - Global, bottom-up, greedy   k-anonymity algorithms AllMin, Samarati, 2001 - Global, bottom-up, complete, impractical  MinGen, Sweeney, 2002 - Global, bottom-up, complete, impractical  Bottom-up generalization, Wang, 2004 – Global, bottom-up, greedy  TDS (Top-Down Specialization), Fung, 2005 - Global, top-down, greedy  K-OPTIMIZE, Bayardo, 2005 – Global, top-down, partition-based, complete  Incognito, LeFevre, 2005 – Global, bottom-up, hierarchy-based, complete  Mondrian, LeFevre, 2006 – Local, top-down, partition-based, greedy 

  29. Mondrian  Top-down partitioning  Greedy  Local (multidimensional) – tuple/cell level

  30. Global Recoding  Mapping domains of quasi-identifiers to generalized or altered values using a single function  Notation  D x is the domain of attribute X i in table T  Single Dimensional  φ i : D xi  D’ for each attribute X i of the quasi- id  φ i applied to values of X i in tuple of T

  31. Local Recoding  Multi-Dimensional  Recode domain of value vectors from a set of quasi-identifier attributes  φ : D x1 x … x D xn  D’  φ applied to vector of quasi-identifier attributes in each tuple in T

  32. Partitioning  Single Dimensional  For each X i , define non-overlapping single dimensional intervals that covers D xi  Use φ i to map x ε D x to a summary stat  Strict Multi-Dimensional  Define non-overlapping multi-dimensional intervals that covers D x1 … D xd  Use φ to map (x x1 …x xd ) ε D x1 … D xd to a summary stat for its region

Recommend

Data Anonymization - Generalization Algorithms Li Xiong, Slawek Goryczka CS573 Data Privacy and

Data Anonymization - Generalization Algorithms Li Xiong, Slawek Goryczka CS573 Data Privacy and

Data Anonymization - Generalization Algorithms Li Xiong, Slawek Goryczka CS573 Data Privacy and Anonymity Generalization and Suppression Generalization Suppression Replace the value with a less Do not release a Z2 = {410**}

1.27k views • 52 slides
Anonymization Algorithms - Other techniques, metrics, and extended scenarios Li Xiong CS573

Anonymization Algorithms - Other techniques, metrics, and extended scenarios Li Xiong CS573

Anonymization Algorithms - Other techniques, metrics, and extended scenarios Li Xiong CS573 Data Privacy and Anonymity So far k-anonymity (protect identity disclosure) Anonymization algorithms Generalization and suppression

549 views • 34 slides
Anonymization Algorithms - Microaggregation and Clustering Li Xiong CS573 Data Privacy and

Anonymization Algorithms - Microaggregation and Clustering Li Xiong CS573 Data Privacy and

Anonymization Algorithms - Microaggregation and Clustering Li Xiong CS573 Data Privacy and Anonymity Anonymization using Microaggregation or Clustering Practical Data-Oriented Microaggregation for Statistical Disclosure Control,

902 views • 55 slides
CS573 Data Privacy and Security Anonymization methods Anonymization methods Li Xiong Today

CS573 Data Privacy and Security Anonymization methods Anonymization methods Li Xiong Today

CS573 Data Privacy and Security Anonymization methods Anonymization methods Li Xiong Today Recap/Taxonomy of Anonymization Microdata anonymization Microaggregation based anonymization Taxonomy of Anonymization Problem

620 views • 59 slides
Data Privacy Anonymization Li Xiong CS573 Data Privacy and Security Outline Inference

Data Privacy Anonymization Li Xiong CS573 Data Privacy and Security Outline Inference

Data Privacy Anonymization Li Xiong CS573 Data Privacy and Security Outline Inference control Anonymization problem Anonymization notions and approaches (and how they fail to work!) k-anonymity l-diversity t-closeness

741 views • 51 slides
Data Masking and Anonymization for PostgreSQL 1 The Anonymization Challenge 8 Strategies

Data Masking and Anonymization for PostgreSQL 1 The Anonymization Challenge 8 Strategies

Data Masking and Anonymization for PostgreSQL 1 The Anonymization Challenge 8 Strategies PostgreSQL Anonymizer The Future 2 3 My Story 4 LETS DO THIS ! jailer pgantomizer ARX pgsync anomyze-it anonymizer mat2 Talend open

1.12k views • 77 slides
CS573 Data Privacy and Security Anonymization methods Anonymization methods Li Xiong Today

CS573 Data Privacy and Security Anonymization methods Anonymization methods Li Xiong Today

CS573 Data Privacy and Security Anonymization methods Anonymization methods Li Xiong Today Clustering based anonymization (cont) Permutation based anonymization Other privacy principles Microaggregation/Clustering Two steps:

879 views • 52 slides
CS573 Data Privacy and Security Anonymization methods Anonymization methods Li Xiong Today

CS573 Data Privacy and Security Anonymization methods Anonymization methods Li Xiong Today

CS573 Data Privacy and Security Anonymization methods Anonymization methods Li Xiong Today Permutation based anonymization methods (cont.) Other privacy principles for microdata publishing publishing Statistical databases

986 views • 51 slides
CS573 Data Privacy and Security Data Anonymization (cont.) Li Xiong Department of Mathematics

CS573 Data Privacy and Security Data Anonymization (cont.) Li Xiong Department of Mathematics

CS573 Data Privacy and Security Data Anonymization (cont.) Li Xiong Department of Mathematics and Computer Science Emory University Today Cont. Anonymization notions and approaches l-diversity t-closeness Takeaways Attacks on

192 views • 15 slides
Introduction to Anonymization (I) Claire McKay Bowen Postdoctoral Researcher, Los Alamos

Introduction to Anonymization (I) Claire McKay Bowen Postdoctoral Researcher, Los Alamos

DataCamp Data Privacy and Anonymization in R DATA PRIVACY AND ANONYMIZATION IN R Introduction to Anonymization (I) Claire McKay Bowen Postdoctoral Researcher, Los Alamos National Laboratory DataCamp Data Privacy and Anonymization in R

609 views • 26 slides
Big Data and the application of anonymization techniques Annual Privacy Forum 2015 7-8 October,

Big Data and the application of anonymization techniques Annual Privacy Forum 2015 7-8 October,

Big Data and the application of anonymization techniques Annual Privacy Forum 2015 7-8 October, Luxembourg Giuseppe DAcquisto Garante per la protezione dei dati personali 1 The concept of anonymization My data 1 D.O.F Any person Empty

334 views • 12 slides
Quantifying the Risk of Re-identification in Data Anonymization Competition Takao Murakami

Quantifying the Risk of Re-identification in Data Anonymization Competition Takao Murakami

1 Quantifying the Risk of Re-identification in Data Anonymization Competition Takao Murakami (AIST*, Japan) *AIST: National Institute of Advanced Industrial Science &amp; Technology 2 Outline Data Anonymization Mechanism Plays an

543 views • 27 slides
An Automated Social Graph De-anonymization Technique Kumar Sharad 1 George Danezis 2 1 2

An Automated Social Graph De-anonymization Technique Kumar Sharad 1 George Danezis 2 1 2

An Automated Social Graph De-anonymization Technique Kumar Sharad 1 George Danezis 2 1 2 November 3, 2014 Workshop on Privacy in the Electronic Society, Scottsdale, Arizona, USA This Talk 1 The Art of Data Anonymization 2 The D4D Challenge 3

527 views • 51 slides
Data Anonymization Graham Cormode Graham Cormode graham@research.att.com 1 Why Anonymize?

Data Anonymization Graham Cormode Graham Cormode graham@research.att.com 1 Why Anonymize?

Data Anonymization Graham Cormode Graham Cormode graham@research.att.com 1 Why Anonymize? For Data Sharing Give real(istic) data to others to study without compromising privacy of individuals in the data Allows third-parties to try

728 views • 28 slides
Issues of Data Mining Kyle Borah OutLine Background Data Anonymization Encryption

Issues of Data Mining Kyle Borah OutLine Background Data Anonymization Encryption

Social &amp; Privacy Issues of Data Mining Kyle Borah OutLine Background Data Anonymization Encryption with demo OutLine Background Data Anonymization Encryption with demo Background Companies have your data

468 views • 12 slides
Data Anonymization that Towards Optimal . . . Leads to the Most Accurate First Result: . . . We

Data Anonymization that Towards Optimal . . . Leads to the Most Accurate First Result: . . . We

Need to Preserve Privacy How to Preserve . . . In Statistical Data . . . Estimating Accuracy . . . Data Anonymization that Towards Optimal . . . Leads to the Most Accurate First Result: . . . We Need to Dismiss . . . Estimates of

700 views • 22 slides
On the Generalization Ability of Online Learning Algorithms for Pairwise Loss Functions

On the Generalization Ability of Online Learning Algorithms for Pairwise Loss Functions

On the Generalization Ability of Online Learning Algorithms for Pairwise Loss Functions Purushottam Kar , Bharath Sriperumbudur , Prateek Jain and Harish Karnick Indian Institute of Technology Kanpur Center for Mathematical

885 views • 46 slides
Towards Data Anonymization in Data Mining via Meta-Heuristic Approaches Fatemeh Amiri, Gerald

Towards Data Anonymization in Data Mining via Meta-Heuristic Approaches Fatemeh Amiri, Gerald

Towards Data Anonymization in Data Mining via Meta-Heuristic Approaches Fatemeh Amiri, Gerald Quirchmayr, Peter Kieseberg, Edgar Weippl, and Alessio Bertone University of Vienna, Faculty of Computer Science, Vienna, Austria SBA Research GmbH,

205 views • 17 slides
Data Anonymization Introduction Li Xiong CS573 Data Privacy and Security Outline

Data Anonymization Introduction Li Xiong CS573 Data Privacy and Security Outline

Data Anonymization Introduction Li Xiong CS573 Data Privacy and Security Outline Problem definition Principles Disclosure Control Methods Inference Control Access control: protecting information and information systems from

703 views • 52 slides
Learning Additive Noise Channels: Generalization Bounds and Algorithms Nir Weinberger

Learning Additive Noise Channels: Generalization Bounds and Algorithms Nir Weinberger

Learning Additive Noise Channels: Generalization Bounds and Algorithms Nir Weinberger Massachusetts Institute of Technology, MA, USA IEEE International Symposium on Information Theory June 2020 1/22 In an nutshell An additive noise channel

1.14k views • 91 slides
Time Distortion Anonymization for the Publication of Mobility Data with High Utility Vincent

Time Distortion Anonymization for the Publication of Mobility Data with High Utility Vincent

Time Distortion Anonymization for the Publication of Mobility Data with High Utility Vincent Primault, Sonia Ben Mokhtar, Cdric Lauradoux and Lionel Brunie Mobility data usefulness Real-time traffic, traffic prediction Companies

619 views • 26 slides
Safely Sharing Data Between CSIRTs: The SCRUB* Security Anonymization Tool Infrastructure William

Safely Sharing Data Between CSIRTs: The SCRUB* Security Anonymization Tool Infrastructure William

Safely Sharing Data Between CSIRTs: The SCRUB* Security Anonymization Tool Infrastructure William Yurcik* &lt;byurcik@gmail.com&gt; Clay Woolam, Greg Hellings, Latifur Khan, Bhavani Thuraisingham University of Texas at Dallas 20 th Annual FIRST

172 views • 15 slides
You cannot hide for long: De-anonymization of real-world dynamic behaviour George Danezis

You cannot hide for long: De-anonymization of real-world dynamic behaviour George Danezis

You cannot hide for long: De-anonymization of real-world dynamic behaviour George Danezis (University College London) Carmela Troncoso (Gradiant) Privacy beyond confjdentiality Common belief: if I encrypt my data, then the data is

461 views • 16 slides
Learning From Data Lecture 7 Approximation Versus Generalization The VC Dimension Approximation

Learning From Data Lecture 7 Approximation Versus Generalization The VC Dimension Approximation

Learning From Data Lecture 7 Approximation Versus Generalization The VC Dimension Approximation Versus Generalization Bias and Variance The Learning Curve M. Magdon-Ismail CSCI 4100/6100 recap: The Vapnik-Chervonenkis Bound (VC Bound) P [ |

353 views • 22 slides

More recommend