| Data holder often need to publish data for research or other purposes,and the published data usually contains individuals'privacy information.Under normal condition,the published data is used appropriately.However,in other condition,the data could also be acquired by an adversary.To prevent that the adversary extracts the privacy information of the individuals,the data holder needs to anonymize the data before publishing.Linking attack is a common attack mode by which adversary extracts privacy information.With the expansion of information scale and the developing of big data technology,the data acquisition and analysis capability of the adversary are increasing.In normal situation,for a single anonymous table published from the data holder,the adversary can hardly extract the privacy information of someone.However,when the adversary links multiple groups of data together,he might be able to infer the privacy information.The groups of data could be anonymous tables,background information of an individual,and other databases which are acquired through a variety of channels.The above attack is the linking attack,which is an important problem in privacy protection.Since Sweeney first proposed the k-anonymity algorithm to protect the security of published data,many researchers have proposed improved algorithms based on the framework of k-anonymity.However,the existing algorithms have not reached the optimal performance in anonymity.An effective anonymity algorithms should be able to solve a basic contradiction-the trade-off between accuracy and security.For the data table having different anonymous degree,when the accuracy degree increases,the security degree decreases,and vice versa.This paper uses this contradiction as a starting point and proposes a new anonymity algorithm named(d,q)-division,which includes the following contributions:(1)This paper first develops a new quantitative criterion for the basic contradiction based on classical probability theory.Specifically,the criterion is used to measure the possibility that the individual might experience privacy disclosure and the degree of global security and global accuracy.(2)Through the quantitative criterion,we derive an optimal division theory to obtain a certain global accuracy by the minimun global security loss,which enables us to reach the optimal trade-off between accuracy and security.(3)Based on the optimal division theory,we set the(d,q)parameter standard.By controlling the value of d and q,we can control the balance between accuracy and security according to our demand.(4)We introduce the concept of multidimensional space and the space division,and propose the overlapping interval division method.This method helps ensuring the optimal trade-off between accuracy and security,and it adapts the multidimensional space division to the optimal division theory. |
PDF Full Text Request