| With the rapid development of mobile Internet,the Internet has become the essential communication of people's daily life and the enterprises' normal operation,the vast majority of data are transmitted through the internet.These data relate to various aspects,such as education,finance,medicine,power,communication,etc.Therefore,the research of network data is important and necessary.The research of network flow data is very meaningful.On the one hand,it can understand the load of each node in the network structure,and promote the establishment and optimization of the network.On the other hand,we can develop new network protocols according to the analysis of network behavior,so as to ensure more secure network transmission.Researchers can independently collect the required network flow data,but in order to conduct a more comprehensive study,it often need to use the data released by the agency.However,the network data flow information often contains a lot of individual sensitive information which may have the risk of privacy disclosure.In order to release data on the premise of protecting user privacy,data publishers usually change or hide the subject identifier,but this basic processing is not the best way to protect individual privacy,the attacker can infer the individual identity or sensitive information by using background knowledge or other data.To this end,academia has proposed a series of methods to resist these attacks,in which anonymous technology and data exchange technology are common privacy preserving methods.Early works mainly focused on the encrypt of IP address itself which is not enough to defense those attacks,we summarize the advantages and disadvantages of some classical methods,combined with the recent expansion method,puts forward several method to defense more kinds of attacks.The main contributions of this paper are as follows:first,we propose the anonymous method to resist the "edge attack" based on the weighted bipartite graph of network flow data;second,we propose a data swapping method to resist the hybrid attacks based on the weighted bipartite graph of network flow data.The following will introduce our main work in details.The first work is to use k-anonymous method based on the graph structure extracted from the network data to defense the edge attack.In this paper,we use the weighted bipartite graph structure to model the network flow data.In this structure,The vertexes of the graph designates IP addresses,the edges of the graph are all communications that occur between vertexes,and the weight represents the number of packets travelling across the edge.For the common edge attacks on graph structure,we use k-anonymous method to protect host identity and other sensitive information from being compromised.Taking into account the data utility,we minimize the modification of the graph and reduce the original data changes in the entire process of anonymity to reduce information loss.The experimental results verify the effectiveness of our method.The second work combine data swapping and k-anonymous based on the first work to defense more kinds of attacks which includes "edge attack","fingerprint attack" and"insert attack".In this model,the attacker has a stronger attack capability,could get more background knowledge about the host.This method provide a higher level of privacy preserving.In some standards,the information loss is lower,which achieves a balance of privacy preserving level and data utility. |
PDF Full Text Request