k-Nearest Neighbor Query Processing Algorithms for a Query Region in Road Networks

Recent development of wireless communication technologies and the popularity of smart phones are making location-based services (LBS) popular. However, requesting queries to LBS servers with users’ exact locations may threat the privacy of users. Therefore, there have been many researches on generating a cloaked query region for user privacy protection. Consequently, an effcient query processing algorithm for a query region is required. So, in this paper, we propose k-nearest neighbor query (k-NN) processing algorithms for a query region in road networks. To effciently retrieve k-NN points of interest (POIs), we make use of the Island index. We also propose a method that generates an adaptive Island index to improve the query processing performance and storage usage. Finally, we show by our performance analysis that our k-NN query processing algorithms outperform the existing k-Range Nearest Neighbor (kRNN) algorithm in terms of network expansion cost and query processing time.     

Enhancing WLAN location privacy using mobile behavior

Recently wireless network is massively used in the daily life, but user’s location privacy can be threatened. In a wireless local area network (WLAN), an adversary can track a user through his/her unchanged MAC address. Many correlation researches have been proposed to combat this issue, but they have not included mobile behavior of neighboring nodes as a key factor; therefore, their solutions may miss the opportune moment to update MAC address to improve the user’s location privacy. In other words, the existing schemes in the opportune moment to update MAC address may not be the best one. Furthermore, they will have many unnecessary MAC addresses to be updated; it then causes the network throughput being reduced. In this paper, we are going to enhance user’s location privacy with the relative positioning scheme. We analyze the mobile behavior of neighboring nodes to decide which mobile nodes are going to update their MAC addresses. The experiment results show that our scheme can decrease the time of changing MAC address, and also to enhance the user’s location privacy, although the network throughput is a little decrease.     

Countering overlapping rectangle privacy attack for moving kNN queries

An important class of LBSs is supported by the moving k nearest neighbor (MkNN) query, which continuously returns the k nearest data objects for a moving user. For example, a tourist may want to observe the five nearest restaurants continuously while exploring a city so that she can drop in to one of them anytime. Using this kind of services requires the user to disclose her location continuously and therefore may cause privacy leaks derived from the user's locations. A common approach to protecting a user's location privacy is the use of imprecise locations (e.g., regions) instead of exact positions when requesting LBSs. However, simply updating a user's imprecise location to a location-based service provider (LSP) cannot ensure a user's privacy for an MkNN query: continuous disclosure of regions enable LSPs to refine more precise location of the user. We formulate this type of attack to a user's location privacy that arises from overlapping consecutive regions, and provide the first solution to counter this attack. Specifically, we develop algorithms which can process an MkNN query while protecting the user's privacy from the above attack. Extensive experiments validate the effectiveness of our privacy protection technique and the efficiency of our algorithm.     

Social influence determination on big data streams in an online social network

Social networks have become a good place to promote products and also to campaign for causes. Maximizing the spread of information in an online social network at a least cost has attracted the attention of publicist’s. In general, influence user ranking methods are derived either by a network’s topological features or by user features but not both. Existing Influence Maximization Problem (IMP) operates as a modification of greedy algorithms that cannot scale streaming data. Which are time consuming and cannot handle large networks because it requires heavy Monte-Carlo simulation. This is also an NP hard problem in both linear threshold and independent cascade models. Our proposed work aims to address IMP through a Rank-based sampling approach in the Map-Reduce environment. This novel technique combines user and topological features of the network enabling it to handle real-time streaming data. Our experiment of influenced rank-based sampling approach to influence maximization is compared to the greedy approach with and without sampling that exhibits an accuracy of 82%. Performance analysis in terms of running time is reduced from O(n ³) to O(k n). Where ‘k’ is the size of the sample dataset and ‘n’ is the number of user’s.     

Anonymizing bag-valued sparse data by semantic similarity-based clustering

Web query logs provide a rich wealth of information, but also present serious privacy risks. We preserve privacy in publishing vocabularies extracted from a web query log by introducing vocabulary k-anonymity, which prevents the privacy attack of re-identification that reveals the real identities of vocabularies. A vocabulary is a bag of query-terms extracted from queries issued by a user at a specified granularity. Such bag-valued data are extremely sparse, which makes it hard to retain enough utility in enforcing k-anonymity. To the best of our knowledge, the prior works do not solve such a problem, among which some achieve a different privacy principle, for example, differential privacy, some deal with a different type of data, for example, set-valued data or relational data, and some consider a different publication scenario, for example, publishing frequent keywords. To retain enough data utility, a semantic similarity-based clustering approach is proposed, which measures the semantic similarity between a pair of terms by the minimum path distance over a semantic network of terms such as WordNet, computes the semantic similarity between two vocabularies by a weighted bipartite matching, and publishes the typical vocabulary for each cluster of semantically similar vocabularies. Extensive experiments on the AOL query log show that our approach can retain enough data utility in terms of loss metrics and in frequent pattern mining.     

Complete Bipartite Anonymity for Location Privacy

Users are vulnerable to privacy risks when providing their location information to location-based services (LBS). Existing work sacrifices the quality of LBS by degrading spatial and temporal accuracy ...     

A context-aware scheme for privacy-preserving location-based services

We address issues related to privacy protection in location-based services (LBSs). Most existing privacy-preserving LBS techniques either require a trusted third-party (anonymizer) or use cryptographic protocols that are computationally and communicationally expensive. Our design of privacy-preserving techniques is principled on not requiring a trusted third-party while being highly efficient in terms of time and space complexities. The problem has two interesting and challenging characteristics: First, the degree of privacy protection and LBS accuracy depends on the context, such as population and road density, around a user’s location. Second, an adversary may violate a user’s location privacy in two ways: (i) based on the user’s location information contained in the LBS query payload and (ii) by inferring a user’s geographical location based on the device’s IP address. To address these challenges, we introduce CAP, a context-aware privacy-preserving LBS system with integrated protection for both data privacy and communication anonymity. We have implemented CAP and integrated it with Google Maps, a popular LBS system. Theoretical analysis and experimental results validate CAP’s effectiveness on privacy protection, LBS accuracy, and communication QoS (Quality-of-Service).     

Protecting query privacy in location-based services

The popularity of location-based services (LBSs) leads to severe concerns on users’ privacy. With the fast growth of Internet applications such as online social networks, more user information becomes available to the attackers, which allows them to construct new contextual information. This gives rise to new challenges for user privacy protection and often requires improvements on the existing privacy-preserving methods. In this paper, we classify contextual information related to LBS query privacy and focus on two types of contexts—user profiles and query dependency: user profiles have not been deeply studied in LBS query privacy protection, while we are the first to show the impact of query dependency on users’ query privacy. More specifically, we present a general framework to enable the attackers to compute a distribution on users with respect to issuing an observed request. The framework can model attackers with different contextual information. We take user profiles and query dependency as examples to illustrate the implementation of the framework and their impact on users’ query privacy. Our framework subsequently allows us to show the insufficiency of existing query privacy metrics, e.g., k-anonymity, and propose several new metrics. In the end, we develop new generalisation algorithms to compute regions satisfying users’ privacy requirements expressed in these metrics. By experiments, our metrics and algorithms are shown to be effective and efficient for practical usage.     

k-Nearest neighbor query processing algorithm for cloaking regions towards user privacy protection in location-based services

Due to the advancement of wireless internet and mobile positioning technology, the application of location-based services (LBSs) has become popular for mobile users. Since users have to send their exact locations to obtain the service, it may lead to several privacy threats. To solve this problem, a cloaking method has been proposed to blur users’ exact locations into a cloaked spatial region with a required privacy threshold (k). With the cloaked region, an LBS server can carry out a k-nearest neighbor (k-NN) search algorithm. Some recent studies have proposed methods to search k-nearest POIs while protecting a user’s privacy. However, they have at least one major problem, such as inefficiency on query processing or low precision of retrieved result. To resolve these problems, in this paper, we propose a novel k-NN query processing algorithm for a cloaking region to satisfy both requirements of fast query processing time and high precision of the retrieved result. To achieve fast query processing time, we propose a new pruning technique based on a 2D-coodinate scheme. In addition, we make use of a Voronoi diagram for retrieving the nearest POIs efficiently. To satisfy the requirement of high precision of the retrieved result, we guarantee that our k-NN query processing algorithm always contains the exact set of k nearest neighbors. Our performance analysis shows that our algorithm achieves better performance in terms of query processing time and the number of candidate POIs compared with other algorithms.     

Towards practical private processing of database queries over public data

Privacy is a major concern when users query public online data services. The privacy of millions of people has been jeopardized in numerous user data leakage incidents in many popular online applications. To address the critical problem of personal data leakage through queries, we enable private querying on public data services so that the contents of user queries and any user data are hidden and therefore not revealed to the online service providers. We propose two protocols for private processing of database queries, namely BHE and HHE. The two protocols provide strong query privacy by using Paillier’s homomorphic encryption, and support common database queries such as range and join queries by relying on the bucketization of public data. In contrast to traditional Private Information Retrieval proposals, BHE and HHE only incur one round of client server communication for processing a single query. BHE is a basic private query processing protocol that provides complete query privacy but still incurs expensive computation and communication costs. Built upon BHE, HHE is a hybrid protocol that applies ciphertext computation and communication on a subset of the data, such that this subset not only covers the actual requested data but also resembles some frequent query patterns of common users, thus achieving practical query performance while ensuring adequate privacy levels. By using frequent query patterns and data specific privacy protection, HHE is not vulnerable to the traditional attacks on k-Anonymity that exploit data similarity and skewness. Moreover, HHE consistently protects user query privacy for a sequence of queries in a single query session.     

动态社会网络隐私保护方法研究*

针对动态社会网络数据多重发布中用户的隐私信息泄露问题,结合攻击者基于背景知识的结构化攻击,提出了一种动态社会网络隐私保护方法。该方法首先在每次发布时采用k-同构算法把原始图有效划分为k个同构子图,并最小化匿名成本;然后对节点ID泛化,阻止节点增加或删除时攻击者结合多重发布间的关联识别用户的隐私信息。通过数据集实验证实,提出的方法有较高的匿名质量和较低的信息损失,能有效保护动态社会网络中用户的隐私。     

社交网络用户隐私泄露量化评估方法

社交网络用户隐私泄露的量化评估有利于帮助用户了解个人隐私泄露状况,提高公众隐私保护和防范意识,同时也能为个性化隐私保护方法的设计提供依据.针对目前隐私量化评估方法主要用于评估隐私保护方法的保护效果,无法有效评估社交网络用户的隐私泄露风险的问题,提出了一种社交网络用户隐私泄露量化评估方法.基于用户隐私偏好矩阵,利用皮尔逊相似度计算用户主观属性敏感性,然后取均值得到客观属性敏感性;采用属性识别方法推测用户隐私属性,并利用信息熵计算属性公开性;通过转移概率和用户重要性估计用户数据的可见范围,计算数据可见性;综合属性敏感性、属性公开性和数据可见性计算隐私评分,对隐私泄露风险进行细粒度的个性化评估,同时考虑时间因素,支持用户隐私泄露状况的动态评估,为社交网络用户了解隐私泄露状况、针对性地进行个性化隐私保护提供支持.在新浪微博数据上的实验结果表明,所提方法能够有效地对用户的隐私泄露状况进行量化评估.     

Differentially private multidimensional data publishing

Various organizations collect data about individuals for various reasons, such as service improvement. In order to mine the collected data for useful information, data publishing has become a common practice among those organizations and data analysts, research institutes, or simply the general public. The quality of published data significantly affects the accuracy of the data analysis and thus affects decision making at the corporate level. In this study, we explore the research area of privacy-preserving data publishing, i.e., publishing high-quality data without compromising the privacy of the individuals whose data are being published. Syntactic privacy models, such as k-anonymity, impose syntactic privacy requirements and make certain assumptions about an adversary’s background knowledge. To address this shortcoming, we adopt differential privacy, a rigorous privacy model that is independent of any adversary’s knowledge and insensitive to the underlying data. The published data should preserve individuals’ privacy, yet remain useful for analysis. To maintain data utility, we propose DiffMulti, a workload-aware and differentially private algorithm that employs multidimensional generalization. We devise an efficient implementation to the proposed algorithm and use a real-life data set for experimental analysis. We evaluate the performance of our method in terms of data utility, efficiency, and scalability. When compared to closely related existing methods, DiffMulti significantly improved data utility, in some cases, by orders of magnitude.     

Equally contributory privacy-preserving k-means clustering over vertically partitioned data

In recent years, there have been numerous attempts to extend the k-means clustering protocol for single database to a distributed multiple database setting and meanwhile keep privacy of each data site. Current solutions for (whether two or more) multiparty k-means clustering, built on one or more secure two-party computation algorithms, are not equally contributory, in other words, each party does not equally contribute to k-means clustering. This may lead a perfidious attack where a party who learns the outcome prior to other parties tells a lie of the outcome to other parties. In this paper, we present an equally contributory multiparty k-means clustering protocol for vertically partitioned data, in which each party equally contributes to k-means clustering. Our protocol is built on ElGamal's encryption scheme, Jakobsson and Juels's plaintext equivalence test protocol, and mix networks, and protects privacy in terms that each iteration of k-means clustering can be performed without revealing the intermediate values.     

Anonymizing popularity in online social networks with full utility

With the rapid growth of social network applications, more and more people are participating in social networks. Privacy protection in online social networks becomes an important issue. The illegal disclosure or improper use of users’ private information will lead to unaccepted or unexpected consequences in people’s lives. In this paper, we concern on authentic popularity disclosure in online social networks. To protect users’ privacy, the social networks need to be anonymized. However, existing anonymization algorithms on social networks may lead to nontrivial utility loss. The reason is that the anonymization process has changed the social network’s structure. The social network’s utility, such as retrieving data files, reading data files, and sharing data files among different users, has decreased. Therefore, it is a challenge to develop an effective anonymization algorithm to protect the privacy of user’s authentic popularity in online social networks without decreasing their utility. In this paper, we first design a hierarchical authorization and capability delegation (HACD) model. Based on this model, we propose a novel utility-based popularity anonymization (UPA) scheme, which integrates proxy re-encryption with keyword search techniques, to tackle this issue. We demonstrate that the proposed scheme can not only protect the users’ authentic popularity privacy, but also keep the full utility of the social network. Extensive experiments on large real-world online social networks confirm the efficacy and efficiency of our scheme.     

卷积神经网络中具有隐私保护属性的预测分类算法

在用户将其数据上传到公共平台并利用卷积神经网络进行相关操作以得到运算结果的过程中如何保证用户敏感数据的私密性就成为了一个亟待解决的问题.对此采用密码学中的同态加密算法对用户输入数据进行加密处理,在已训练过的卷积神经网络模型中对加密的数据进行预测分类,并得到最终的分类结果,输出的结果是加密形式的,为进一步保护数据的机密性...     

支持本体推理的P3P隐私策略冲突检测研究

隐私偏好平台(platform for privacy preferences,P3P)主要被用于在用户访问网站时保护用户的隐私。同时,如何使用语义Web技术实现P3P隐私框架已经成为一个主要的关注点。分析了如何使用本体描述语言(Web ontoloty language,OWL)对P3P隐私策略及用户隐私偏好进行知识表示,并提供了若干使用OWL公理描述的约束,这些约束将为推理提供支持。分析了如何使用推理对服务隐私策略同用户隐私偏好之间的冲突进行检测。通过实验证明了该方法的正确性。     

一种防边权和语义攻击的位置隐私保护方法

边权攻击和位置语义攻击根据移动用户活动的周边环境推断用户的位置,泄露用户的位置隐私。针对该问题,提出一种防边权攻击的位置语义安全隐私保护方法。该方法将道路的敏感度和关联度结合,构建道路隐私度,描述道路在语义位置的敏感性,及道路与匿名集中其他道路上用户数量分布的均衡性;基于中心服务器结构,根据用户的位置隐私要求,采用宽度优先搜索方式,筛选道路隐私度最小的道路加入匿名集,以生成具备语义安全和防边权推断攻击的匿名集。仿真测试结果表明,该方法筛选的匿名集的匿名成功率达到87%,抗边权攻击和语义攻击的能力要高于对比算法。     

基于HISPAC医疗数据隐私保护模型

当今时代是计算机的时代，更是人工智能和大数据蓬勃发展的时代，与其相关行业的出现引发了各行各业的变革。作为国内主要的服务行业，医疗产业也在悄然改变，同时医疗隐私的保护技术也在持续研究和发展中。随着数据量的激增，各类患者身份信息、病例信息以及医疗诊断信息泄露的情况层出不穷。本文针对医疗隐私保护问题，构建一套医疗隐私保护模型，该模型包括2个部分:1)借助循环神经网络RNN和模糊推理理论构建一个自适应神经网络隐私风险评估模型,给用户行为活动设置一个信用标签，并借此来计算隐私泄露风险值;2)围绕模型得到的用户信用风险值建立一套个性化的隐私数据访问权限控制机制，即医院信息系统隐私控制模型。经过实验验证，该机制具有良好的隐私保护效果，可以有效解决医疗数据隐私泄露的问题。     

Privacy-preserving data mining: A feature set partitioning approach

In privacy-preserving data mining (PPDM), a widely used method for achieving data mining goals while preserving privacy is based on k-anonymity. This method, which protects subject-specific sensitive data by anonymizing it before it is released for data mining, demands that every tuple in the released table should be indistinguishable from no fewer than k subjects. The most common approach for achieving compliance with k-anonymity is to replace certain values with less specific but semantically consistent values. In this paper we propose a different approach for achieving k-anonymity by partitioning the original dataset into several projections such that each one of them adheres to k-anonymity. Moreover, any attempt to rejoin the projections, results in a table that still complies with k-anonymity. A classifier is trained on each projection and subsequently, an unlabelled instance is classified by combining the classifications of all classifiers.Guided by classification accuracy and k-anonymity constraints, the proposed data mining privacy by decomposition (DMPD) algorithm uses a genetic algorithm to search for optimal feature set partitioning. Ten separate datasets were evaluated with DMPD in order to compare its classification performance with other k-anonymity-based methods. The results suggest that DMPD performs better than existing k-anonymity-based algorithms and there is no necessity for applying domain dependent knowledge. Using multiobjective optimization methods, we also examine the tradeoff between the two conflicting objectives in PPDM: privacy and predictive performance.