Graph Data Anonymization, De-Anonymization Attacks, and De-Anonymizability Quantification: A Survey

Ji, Shouling; Mittal, Prateek; Beyah, Raheem

doi:10.1109/comst.2016.2633620

Cited by 98 publications

(81 citation statements)

References 117 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Structural graph de-anonymization algorithms and corresponding anonymization algorithms have been an active research area since the mid-2000s [2], when it was discovered that simply removing identifiers from nodes is not sufficient to prevent node re-identification. Since then, many anonymization and de-anonymization algorithms have been proposed [7].…”

Section: Graph Anonymization and De-anonymizationmentioning

confidence: 99%

“…De-anonymizability quantification focuses on quantifying structural properties of graph pairs, such as the edge difference, to study the maximum number of nodes that could be de-anonymized, given only structural graph information for a graph and a partially overlapping auxiliary graph [6], [21]. However, de-anonymizability quantification does not consider the interplay between anonymization and de-anonymization algorithms and has limited applicability in concrete practical scenarios due to its focus on theoretical limits for abstract graph models [7].…”

Section: Privacy Metrics For Graph Privacymentioning

confidence: 99%

See 1 more Smart Citation

Using Metrics Suites to Improve the Measurement of Privacy in Graphs

Zhao

Wagner

2022

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Social graphs are widely used in research (e.g., epidemiology) and business (e.g., recommender systems). However, sharing these graphs poses privacy risks because they contain sensitive information about individuals. Graph anonymization techniques aim to protect individual users in a graph, while graph de-anonymization aims to re-identify users. The effectiveness of anonymization and de-anonymization algorithms is usually evaluated with privacy metrics. However, it is unclear how strong existing privacy metrics are when they are used in graph privacy. In this paper, we study 26 privacy metrics for graph anonymization and de-anonymization and evaluate their strength in terms of three criteria: monotonicity indicates whether the metric indicates lower privacy for stronger adversaries; for within-scenario comparisons, evenness indicates whether metric values are spread evenly; and for between-scenario comparisons, shared value range indicates whether metrics use a consistent value range across scenarios. Our extensive experiments indicate that no single metric fulfills all three criteria perfectly. We therefore use methods from multi-criteria decision analysis to aggregate multiple metrics in a metrics suite, and we show that these metrics suites improve monotonicity compared to the best individual metric. This important result enables more monotonic, and thus more accurate, evaluations of new graph anonymization and de-anonymization algorithms.

show abstract

Section: Graph Anonymization and De-anonymizationmentioning

confidence: 99%

Section: Privacy Metrics For Graph Privacymentioning

confidence: 99%

Using Metrics Suites to Improve the Measurement of Privacy in Graphs

Zhao

Wagner

2022

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

show abstract

“…In the last step, we find the most similar candidate to user u. We shall define a metric which measures the similarity between each user u and ith candidate c i ∈ C. Previous works [18,19,24,25,28] have solely leveraged the structural properties to find the similarity between a target user v and users in an anonymized dataset. However, given the properly anonymized network, the attacker is not be able to accurately find the similarity between users by just incorporating structural properties.…”

Section: Step 3: Matching-up Candidates To Targetmentioning

confidence: 99%

“…Fu et al proposed to use structural and descriptive information to deanonymize users without seed nodes [11]. A thorough survey on graph data anonymization and de-anonymization is presented in [19]. Note that de-anonymization methods are similar to those of user identity linkage across social network when only network information is available [31].…”

Section: Related Workmentioning

confidence: 99%

Securing Social Media User Data

Beigi

Shu

Zhang

et al. 2018

Proceedings of the 29th on Hypertext and Social Media

View full text Add to dashboard Cite

Social media users generate tremendous amounts of data. To better serve users, it is required to share the user-related data among researchers, advertisers and application developers. Publishing such data would raise more concerns on user privacy. To encourage data sharing and mitigate user privacy concerns, a number of anonymization and de-anonymization algorithms have been developed to help protect privacy of social media users. In this work, we propose a new adversarial attack specialized for social media data. We further provide a principled way to assess effectiveness of anonymizing different aspects of social media data. Our work sheds light on new privacy risks in social media data due to innate heterogeneity of user-generated data which require striking balance between sharing user data and protecting user privacy.

show abstract

“…Many anonymization methods have been proposed to mitigate the privacy invasion of individuals from the public release of graph data [21]. Naive anonymization schemes employ methods to scrub identities of nodes without modifying the graph structure.…”

Section: Introductionmentioning

confidence: 99%

Diversity, Homophily and the Risk of Node Re-identification in Labeled Social Graphs

Horawalavithana

Gandy

Flores

et al. 2018

Studies in Computational Intelligence

View full text Add to dashboard Cite

Real network datasets provide significant benefits for understanding phenomena such as information diffusion or network evolution. Yet the privacy risks raised from sharing real graph datasets, even when stripped of user identity information, are significant. When nodes have associated attributes, the privacy risks increase.In this paper we quantitatively study the impact of binary node attributes on node privacy by employing machine-learning-based re-identification attacks and exploring the interplay between graph topology and attribute placement. Our experiments show that the population's diversity on the binary attribute consistently degrades anonymity. KEYWORDSNode re-identification, machine learning attack, labeled networks.

show abstract

Graph Data Anonymization, De-Anonymization Attacks, and De-Anonymizability Quantification: A Survey

Cited by 98 publications

References 117 publications

Using Metrics Suites to Improve the Measurement of Privacy in Graphs

Using Metrics Suites to Improve the Measurement of Privacy in Graphs

Securing Social Media User Data

Diversity, Homophily and the Risk of Node Re-identification in Labeled Social Graphs

Contact Info

Product

Resources

About