| In the environment of big data, data security and privacy issues have been receiving much concern. A large amount of data records all aspects of the users' detailed information,these data not only contains the users' sensitive information, and by using the technology of data analysis and mining, we can infer user preferences, personal habits and other current states, or even predict user behaviors. The disclosure of these information will cause incalculable damage to the individual. And due to the particularity of medical information, its disclosure will inevitably bring impact that is more serious to individuals and society.This thesis analyzes the shortcomings of existing privacy protection models in the protection of disease severity and classifies the disease according to its severity, the more severe the disease, the more sensitive it is, and this thesis also gives a method to classify a given disease according its severity. According to the existing privacy protection model is easy to cause the sensitive degree of homogeneity attack problems, a (k, l1,l2)-anonymous model is proposed in this thesis, which protects the sensitive level as well as the sensitive value. This model adds protection of sensitive level while without destroying the existing privacy protection models' ability in protecting sensitive values, which reduces the probability for attackers to obtain sensitive level through the homogeneity attack. In this thesis, we extends the global coding algorithm Incognito and the top-down local recording algorithm TDLRA, making they can be used to implement the (k,l1,l2)-anonymous model, and the feasibility of the model is proved by experiments.In view of the influence of the disclosure of sensitive level with high sensitive degree on individual, this thesis proposes a (k,11,l2,?)- anonymous model, which is discriminatory for different sensitive levels, this model does not destroy the ability of the previous model in protecting sensitive values and sensitive levels, it achieves the purpose of privacy protection by limiting the frequency of each sensitive level in the equivalence group. The higher the sensitive degree is, the lower the sensitive level's frequency is in the equivalence group, reducing the disclosure probability of the sensitive level with high sensitive degree. While the disclosure of sensitive level with low sensitive degree does not cause great impact, the frequency in equivalence group is a relatively large value.Then we extends two algorithms to implement the (k, l1,,l2,?) - anonymous model, and the feasibility of the model is proved by experiments.Finally, aiming at the application of privacy protection model in medical information system, this thesis gives two ways to use the privacy protection models metioned previously. In one situation, a trusted third party is involved in, but there is not a trusted third party in another situation. And this thesis gives the medical information privacy protection architectures in two situations. |
PDF Full Text Request