社会网络隐私保护中K-同构算法研究

针对社会网络发布图数据面临的隐私泄露问题,提出了一种k-同构隐私保护算法.通过对原始图数据进行有效划分为k个子图,同时为降低匿名成本,增加与删除边数量近似相等,保证发布的图数据是k-同构的,有效阻止了攻击者基于背景知识的结构化攻击.通过真实数据集进行实验,结果表明算法具有高的有效性,能减少信息丢失,提高匿名质量.     

一种增强的匿名化隐私保护模型

针对目前禾自行其是数据发布中的隐私保护问题进行研究,分析了经典K-Anonymity模型和改进的L-Diversity模型存在的不足,充分结合两种模型的优点,提出一种增强的隐私保护模型并设计算法予以实现。新模型通过引入聚类方法,增强数据发布的有效性。同时在聚类过程中采用新的信息损失度量标准,增强数据发布的安全性和灵活性。实验结果表明,该模型可以减小隐私泄露的风险,同时具有较小的信息损失。     

一种增强的个性化匿名隐私保护模型

匿名模型是近年来隐私保护研究的热点技术之一,主要研究如何在数据发布中避免敏感数据的泄露,又能保证数据发布的高效用性.提出了一种个性化（α[s],l）-多样k-匿名模型,该方法将敏感属性泛化成泛化树,根据数据发布中隐私保护的具体要求,给各结点设置不同的α约束,发布符合个性化匿名模型的数据.该方法在保护隐私的同时进一步提高信息的个性化要求.实验结果表明,该方法提高了信息的有效性,具有很高的实用性.     

基于生成对抗网络的差分隐私数据发布方法

机器学习的飞速发展使其成为数据挖掘领域最有效的工具之一,但算法的训练过程往往需要大量的用户数据,给用户带来了极大的隐私泄漏风险.由于数据统计特征的复杂性及语义丰富性,传统隐私数据发布方法往往需要对原始数据进行过度清洗,导致数据可用性低而难以再适用于数据挖掘任务.为此,提出了一种基于生成对抗网络（Generative Adversarial Network,GAN）的差分隐私数据发布方法,通过在GAN模型训练的梯度上添加精心设计的噪声来实现差分隐私,确保GAN可无限量生成符合源数据统计特性且不泄露隐私的合成数据.针对现有同类方法合成数据质量低、模型收敛缓慢等问题,设计多种优化策略来灵活调整隐私预算分配并减小总体噪声规模,同时从理论上证明了合成数据严格满足差分隐私特性.在公开数据集上与现有方法进行实验对比,结果表明本方法能够更高效地生成质量更高的隐私保护数据,适用于多种数据分析任务.     

无可信第三方的数据匿名化收集协议

针对半诚信的数据收集者对包含敏感属性(SA)数据收集和使用过程中可能造成隐私泄露问题,该文在传统模型中增加实时的数据领导者,并基于改进模型提出一个隐私保护的数据收集协议,确保无可信第三方假设前提下,数据收集者最大化数据效用只能建立在K匿名处理过的数据基础上。数据拥有者分布协作的方式参与协议流程,实现了准标识(QI)匿名化后SA的传输,降低了数据收集者通过QI关联准确SA值的概率,减弱内部标识揭露造成隐私泄露风险;通过树形编码结构将SA的编码值分为随机锚点和补偿距离两份份额,由K匿名形成的等价类成员选举获取两个数据领导者,分别对两份份额进行聚集和转发,解除唯一性的网络标识和SA值的关联,有效防止外部标识揭露造成的隐私泄露;建立符合该协议特性的形式化规则并对协议进行安全分析,证明了协议满足隐私保护需求。     

基于属性相关性划分的多敏感属性隐私保护方法

近年来,基于l-多样性的多维敏感属性的隐私保护研究日趋增多,然而大部分多敏感属性隐私保护方法都是基于有损分解的思想,破坏了数据间的关系,降低了数据效用.为此,提出了一种面向多敏感属性的隐私模型,首先给出一种l-maximum原则用以满足多敏感属性l-多样性要求;其次,为了保护属性间的相关性,根据属性间的依赖度对属性进行划分;最后设计并实现了MSA l-maximum（Multiple Sensitive Attributes l-maximum）算法.实验结果表明,提出的模型在保护隐私不泄露的同时,减少了元组的隐匿率,并且保护了数据间的关系.     

局部差分隐私约束的关联属性不变后随机响应扰动

本文研究敏感属性与部分准标识符属性存在相关时,如何有效减小重构攻击导致的隐私泄漏风险.首先,用互信息理论寻找原始数据集中对敏感属性具有强依赖关系的准标识符属性,为精确扰动数据属性提供理论依据;其次,针对关联属性和非关联属性,应用不变后随机响应方法分别对某个数据属性或者属性之间的组合进行扰动,使之满足局部ε-差分隐私要求,并理论分析后数据扰动对隐私泄露概率和数据效用的影响;最后,实验验证所提算法的有效性和处理增量数据的能力,理论分析了数据结果.由实验结果可知,算法可以更好地达到数据效用和隐私保护的平衡.     

基于差分隐私模型的位置轨迹发布技术研究

位置轨迹大数据的安全分享、发布需求离不开位置轨迹隐私保护技术支持。在差分隐私出现之前,K-匿名及其衍生模型为位置轨迹隐私保护提供了一种量化评估的手段,但其安全性严重依赖于攻击者所掌握的背景知识,当有新的攻击出现时模型无法提供完善的隐私保护。差分隐私技术的出现有效地弥补了上述问题,越来越多地应用于轨迹数据隐私发布领域中。该文对基于差分隐私理论的轨迹隐私保护技术进行了研究与分析,重点介绍了差分隐私模型下位置直方图、轨迹直方图等空间统计数据发布方法,差分隐私模型下轨迹数据集发布方法,以及连续轨迹实时发布隐私保护模型。与此同时,在对现有方法对比分析的基础上,提出了未来的重点发展方向。     

基于向量相似的权重社会网络隐私保护

针对权重社会网络发布,提出采用基于向量相似的随机扰动方法实现多个发布场景下网络结构和边权重的隐私保护.该方法以边空间理论为基础,采用基于节点聚类的分割方法构建权重社会网络的向量集模型;以加权欧氏距离作为向量相似的度量标准,根据选定阈值构建发布候选集;从候选集随机选取向量实现权重社会网络的发布;可抵御多种节点识别攻击,迫使攻击者在一个向量发生概率相同的庞大结果集中进行重识别,增加了识别的不确定性.实验结果表明,该方法在确保社会个体隐私安全同时可保护社会网络分析所需的某些结构特征,提高发布数据效用.     

基于敏感属性熵的微聚集算法

在聚类过程中,不合适的距离度量会导致匿名过程中不必要的信息损失,因此对于不同类型的属性定义一个适当的距离度量一直是个难以解决的问题.本文提出语义属性的概念,并提出编码层次树来表示语义属性,有效地降低了匿名过程中的信息损失.在p-敏感k-匿名模型中,敏感属性值在聚类结果中分布不均匀会导致敏感信息泄露,因此本文提出一种基于敏感属性熵的微聚集算法,并提出匿名保护指数来描述隐私保护程度,在聚类过程中通过保证匿名保护指数最大,来提高敏感属性在聚类结果中分布的均匀程度,以应对背景知识攻击,降低隐私泄漏的风险.最后,通过实验验证了算法的合理性和有效性.     

基于多属性信息的数据中心间数据传输调度方法

给出一种基于多属性信息综合评价的数据中心间数据传输调度方法。首先利用层次分析法,对多个属性之间的从属关系进行分析,然后根据属性值的分布差异由信息熵计算属性的相对权重,给出对于不同备选中转数据中心的综合评价。通过建立时间扩展图模型将基于多属性信息的数据中心间数据传输调度问题形式化为最小代价流问题。通过设置不同的参数,对一般存储转发方法、基于单属性信息的方法以及基于多属性的方法在不同属性上的性能优化差异做了实验对比。结果表明,相比于其他方法,该方法能够综合考虑多种属性信息,为数据中心间的数据传输选择综合评价最优的路径。     

Metric and classification model for privacy data based on Shannon information entropy and BP neural network

Aiming at the requirements of privacy metric and classification for the difficulty of private data identification in current network environment, a privacy data metric and classification model based on Shannon information entropy and BP neural network was proposed. The model establishes two layers of privacy metrics from three dimensions. Based on the dataset itself, Shannon information entropy was used to weight the secondary privacy elements, and the privacy of each record in the dataset under the first-level privacy metrics was calculated. The trained BP neural network was used to output the classification result of privacy data without pre-determining the metric weight. Experiments show that the model can measure and classify private data with low false rate and small misjudged deviation.     

面向多路径传输中数据隐私性分析的安全模型

In order to investigate the enhancement of data privacy by distributing data packets via multiple paths, this paper formulates a security model and analyzes the privacy problem in multipath scenarios leveraging information theoretic concept. Based on proposed model, a privacy function related to the path number is discussed. We heuristically recommend the optimal path number and analyze the tradeoff among the performance, resource consumption and privacy. For reducing the information leakage, the data schedule algorithms are also proposed. The analytical model can provide guidelines for the multipath protocol design.     

Traffic characteristic based privacy leakage assessment scheme for Android device

Aiming at the privacy leakage,which was caused by collecting user information by third-party host in Android operating system App,a privacy leakage evaluation scheme HostRisk was proposed.HostRisk was based on TF-IDF model and hierarchical clustering method,which was applied in mobile device.The TF-IDF model calculated the business relevance between Apps and hosts via the behavior characteristics of the hosts in these Apps.For the business related hosts that fail to express the business relevance characteristics,those hosts were adjusted and optimized via the average connected hierarchical agglomerative clustering method.Finally,the harmful degree of privacy leakage was evaluated based on the ranking of all hosts in the App.The experimental results verify the effectiveness and efficiency of the scheme.     

Developments and Applications of Data Deidentification Technology under Big Data

In this age characterized by rapid growth in the volume of data, data deidentification technologies have become crucial in facilitating the analysis of sensitive information. For instance, healthcare information must be processed through deidentification procedures before being passed to data analysis agencies in order to prevent any exposure of personal details that would violate privacy. As such, privacy protection issues associated with the release of data and data mining have become a popular field of study in the domain of big data. As a strict and verifiable definition of privacy, differential privacy has attracted noteworthy attention and widespread research in recent years. In this study, we analyze the advantages of differential privacy protection mechanisms in comparison to traditional deidentification data protection methods. Furthermore, we examine and analyze the basic theories of differential privacy and relevant studies regarding data release and data mining.     

Privacy measurement method using a graph structure on online social networks

Recently, with an increase in Internet usage, users of online social networks (OSNs) have increased. Consequently, privacy leakage has become more serious. However, few studies have investigated the difference between privacy and actual behaviors. In particular, users' desire to change their privacy status is not supported by their privacy literacy. Presenting an accurate measurement of users' privacy status can cultivate the privacy literacy of users. However, the highly interactive nature of interpersonal communication on OSNs has promoted privacy to be viewed as a communal issue. As a large number of redundant users on social networks are unrelated to the user's privacy, existing algorithms are no longer applicable. To solve this problem, we propose a structural similarity measurement method suitable for the characteristics of social networks. The proposed method excludes redundant users and combines the attribute information to measure the privacy status of users. Using this approach, users can intuitively recognize their privacy status on OSNs. Experiments using real data show that our method can effectively and accurately help users improve their privacy disclosures.     

一种改进的基于奇异值分解的隐私保持分类挖掘方法

 隐私保护是数据挖掘研究的重要内容之一,目前已经提出了大量隐私保持的数据挖掘算法.基于奇异值分解的方法是其中重要的一种,它是一种基于数据扰动的方法.现有的基于奇异值分解的隐私保持数据挖掘方法对所有样本和属性都进行同样强度的扰动.但不同的样本和属性可能对隐私保护有不同的要求,而且对数据挖掘的重要性也可能不同,因此最好可以对他们进行不同程度的扰动.本文对基于奇异值分解的数据扰动方法进行改进,使之可以对不同的样本和属性进行不同程度的扰动.并在此基础上提出了一种改进的隐私保持分类挖掘方法.实验表明,与原有的基于奇异值分解的方法相比,在保证数据可用性的前提下,本文方法可以对隐私数据提供更好的保护.     

Privacy risk adaptive access control model via evolutionary game

Aiming at the problem that in the private sensitive date centralized and opening information systems,a fine-grained and self-adaptive access control model for privacy preserving is desperately needed,thus the balance between privacy preserving and data access utility should be achieved,a rational multi-player risk-adaptive based access control model for privacy preserving was proposed.Firstly,the privacy risk values of access request and requester were formulized by the private information quantity of the requested dataset,and by using Shannon information.Secondly,a risk-adaptive based access control evolutionary game model was constructed by using evolutionary game under the supposing of bounded rational players.Furthermore,dynamic strategies of participants were analyzed by using replicator dynamics equation,and the method of choosing evolutionary stable strategy was proposed.Simulation and comparison results show that,the proposed model is effective to dynamically and adaptively preserve privacy and more risk adaptive,and dynamic evolutionary access strategies of the bounded rational participants are more suitable for practical scenarios.     

Evaluation and protection of multi-level location privacy based on an information theoretic approach

A privacy metric based on mutual information was proposed to measure the privacy leakage occurred when location data owner trust data users at different levels and need to publish the distorted location data to each user according to her trust level,based on which an location privacy protection mechanism (LPPM)was generated to protect user’s location privacy.In addition,based on mutual information,a metric was proposed to measure the privacy leakage caused by attackers obtaining different levels of distorted location data and then performing inference attack on the original location data more accurately.Another privacy metric was also proposed to quantify the information leakage occurred in the scenario based on mutual information.In particular,the proposed privacy mechanism was designed by modifying Blahut-Arimoto algorithm in rate-distortion theory.Experimental results show the superiority of the proposed LPPM over an existing LPPM in terms of location privacyutility tradeoff in both scenarios,which is more conspicuous when there are highly popular locations.