一种改进的基于奇异值分解的隐私保持分类挖掘方法

 隐私保护是数据挖掘研究的重要内容之一,目前已经提出了大量隐私保持的数据挖掘算法.基于奇异值分解的方法是其中重要的一种,它是一种基于数据扰动的方法.现有的基于奇异值分解的隐私保持数据挖掘方法对所有样本和属性都进行同样强度的扰动.但不同的样本和属性可能对隐私保护有不同的要求,而且对数据挖掘的重要性也可能不同,因此最好可以对他们进行不同程度的扰动.本文对基于奇异值分解的数据扰动方法进行改进,使之可以对不同的样本和属性进行不同程度的扰动.并在此基础上提出了一种改进的隐私保持分类挖掘方法.实验表明,与原有的基于奇异值分解的方法相比,在保证数据可用性的前提下,本文方法可以对隐私数据提供更好的保护.     

(ε, δ)-本地差分隐私模型下的均值估计机制

相对于ε-本地差分隐私(LDP)机制，(ε, δ)-本地差分隐私模型下的方案具有更小的误差边界和更高的数据效用。然而，当前的(ε, δ)-本地差分隐私均值估计机制仍存在估计误差大、数据效用低等问题。因此，针对均值估计问题，该文提出两种新的(ε, δ)-本地差分隐私均值估计机制:基于区间的均值估计机制(IM)和基于近邻的均值估计机制(NM)。IM的主要思想是:划分扰动后的数据到3个区间，真实数据以较大概率扰动到中间的区间，以较小概率扰动到两边的区间，收集者直接对扰动数据求均值得到无偏估计。NM的主要思想是:把真实数据以较大概率扰动到其邻域，以较小概率扰动到距离较远的值，收集者结合期望最大化算法得到高准确度的估计均值。最后，该文通过理论分析证明了IM和NM均可以满足隐私保护要求，并通过实验证实了IM和NM的数据效用优于现有机制。     

基于聚类匿名化的差分隐私保护数据发布方法

基于匿名化技术的理论基础,采用DBSCAN聚类算法对数据记录进行聚类,实现将个体记录匿名化隐藏于一组记录中。为提高隐私保护程度,对匿名化划分的数据添加拉普拉斯噪声,扰动个体数据真实值,以实现差分隐私保护模型的要求。通过聚类,分化查询函数敏感性,提高数据可用性。对算法隐私性进行证明,并实验说明发布数据的可用性。     

局部差分隐私约束的关联属性不变后随机响应扰动

本文研究敏感属性与部分准标识符属性存在相关时,如何有效减小重构攻击导致的隐私泄漏风险.首先,用互信息理论寻找原始数据集中对敏感属性具有强依赖关系的准标识符属性,为精确扰动数据属性提供理论依据;其次,针对关联属性和非关联属性,应用不变后随机响应方法分别对某个数据属性或者属性之间的组合进行扰动,使之满足局部ε-差分隐私要求,并理论分析后数据扰动对隐私泄露概率和数据效用的影响;最后,实验验证所提算法的有效性和处理增量数据的能力,理论分析了数据结果.由实验结果可知,算法可以更好地达到数据效用和隐私保护的平衡.     

基于差分隐私的权重社会网络隐私保护

针对权重社会网络发布隐私保护中的弱保护问题,提出一种基于差分隐私模型的随机扰动方法可实现边及边权重的强保护。设计了满足差分隐私的查询模型-WSQuery,WSQuery模型可捕获权重社会网络的结构,以有序三元组序列作为查询结果集;依据WSQuery模型设计了满足差分隐私的算法-WSPA,WSPA算法将查询结果集映射为一个实数向量,通过在向量中注入Laplace噪音实现隐私保护;针对WSPA算法误差较高的问题提出了改进算法-LWSPA,LWSPA算法对查询结果集中的三元组序列进行分割,对每个子序列构建满足差分隐私的算法,降低了误差,提高了数据效用。实验结果表明,提出的隐私保护方法在实现隐私信息的强保护同时使发布的权重社会网络仍具有可接受的数据效用。     

空间数据集隐私匹配的研究

空间数据集的隐私匹配对于不同相关方,从需要共享附近带具有地理标记的数据方面来说,是一个十分关键的应用。为了保护每一方的数据,只有相关联的点可以公开,并且还需要保护不匹配项目信息的隐私。在现存的解决方案中存在以下几个问题:在分配数据时不能对抗具有背景信息的攻击者。可以通过返回的大量误报信息暴露其隐私。需要依赖复杂且昂贵的SMC协议。在此文章中,提出一种通过几何变换来完成在空间数据集上的隐私匹配。此方法可以有效地对背景信息的攻击提供强大的隐私保护。     

基于异构K-means聚类的数字图书馆隐私保护技术

研究了基于异构k-means聚类的隐私保护算法。在隐私保护现有的聚类方法基础上,为了解决异构隐私k-means聚类算法可用性较差的问题,提出了IDP k-means算法,并证明其满足异构隐私保护。仿真实验表明,在相同的隐私保护级别下,IDP k-means聚类方法与异构隐私k-means聚类方法相比,聚类可用性得到了提高。     

基于差分隐私的轨迹隐私保护方法

针对现有的轨迹隐私保护模型大多难以抵御复杂背景知识攻击的问题,本文提出了一种基于差分隐私的轨迹隐私保护方法.首先结合地理不可区分机制对原始轨迹数据添加半径受限的拉普拉斯噪音;其次构造数据映射模型将原始数据和噪音数据映射到新的发布位置,使攻击者无法获取真实轨迹数据;接着应用最优数据映射函数发布最优的轨迹位置以提高发布数据的可用性;最后利用差分隐私抵御非敏感信息推理攻击,进一步保护用户隐私.实验结果表明,本文算法既能有效保护轨迹数据中用户的隐私,也能保证数据的可用性.     

一种基于分布式随机化的数据隐私保护模型

目前,数据挖掘与知识发现技术日渐成熟,个人对自身隐私的保护意识也逐渐增强。用于数据挖掘的发布数据中往往包含隐私数据,需要在数据发布之前进行数据脱敏处理。在知识发现与信息保护之间,隐私保护数据挖掘技术变得日益重要。隐私保护数据挖掘技术在挖掘出隐藏的、先前未知的、潜在有用的知识时,可以避免敏感数据和信息泄露。文中总结了已有的隐私保护数据发布技术,将分布式随机化与现有算法相结合,降低了信息损失率,增加了数据可用性。     

基于数据扰动的隐私保持的分类挖掘方法

在目前已有的基于数据扰动的隐私保持的分类挖掘方法中,分类算法必须经过改造方可应用于扰动后数据。而且扰动方法不同,使用的分类算法不同,对分类算法进行改造的方法也就不同。这使得该类方法难以在实际中推广应用。本文针对这一问题,提出了一种新的基于数据扰动的隐私保持的分类挖掘方法。通过生成并公开一组与原始数据独立同分布的新数据的方法来实现数据扰动。由于新数据与原始数据独立,因此从新数据得不到关于原始数据的详细信息。由于新数据与原始数据同分布,因此普通的分类挖掘算法可以直接应用于新数据。从而解决了现有方法使用不方便的问题。     

Study on utility optimization for randomized response mechanism

For the study of privacy-utility trade-off in local differential privacy,the utility optimization models of binary generalized random response mechanism for the case of differential privacy and approximate differential privacy were established.By graphic method,optimality proof,software solution and extreme point method,the exact expression of the optimal utility with privacy budget and the distribution of input data was obtained,and the corresponding optimal randomized response mechanism was given.The results show that both the optimal utility and optimal mechanism are related to privacy budget and input data distribution.Moreover,the discussion for multivariate randomized response mechanism shows that the method of extreme points of local differential privacy is feasible to the solution.     

Evaluation and protection of multi-level location privacy based on an information theoretic approach

A privacy metric based on mutual information was proposed to measure the privacy leakage occurred when location data owner trust data users at different levels and need to publish the distorted location data to each user according to her trust level,based on which an location privacy protection mechanism (LPPM)was generated to protect user’s location privacy.In addition,based on mutual information,a metric was proposed to measure the privacy leakage caused by attackers obtaining different levels of distorted location data and then performing inference attack on the original location data more accurately.Another privacy metric was also proposed to quantify the information leakage occurred in the scenario based on mutual information.In particular,the proposed privacy mechanism was designed by modifying Blahut-Arimoto algorithm in rate-distortion theory.Experimental results show the superiority of the proposed LPPM over an existing LPPM in terms of location privacyutility tradeoff in both scenarios,which is more conspicuous when there are highly popular locations.     

电信运营商用户隐私保护探索实践

在电信行业,如何进一步加强用户隐私保护,如何采用信息化技术与管理手段,高效实施数据安全,取得隐私保护与成本的均衡,在业务与公共安全场景采取分级分类的隐私保护策略和手段确保数据安全,是运营商重点攻关的内容。从隐私保护的评估规划、发现与标识、访问治理、隐私存储的性能与成本均衡4方面进行探讨,提出相关创新思路。     

隐私计算研究范畴及发展趋势

随着移动互联网、云计算和大数据技术的广泛应用,电商、搜索、社交网络等服务在提供便利的同时,大数据分析使用户隐私泄露的威胁日益凸显,不同系统隐私保护策略和能力的差异性使隐私的延伸管理更加困难,同一信息的隐私保护需求随时间变化需要多种隐私保护方案的组合协同。目前已有的各类隐私保护方案大多针对单一场景,隐私缺乏定量化的定义,隐私保护的效果、隐私泄露的利益损失以及隐私保护方案融合的复杂性三者之间的关系刻画缺乏系统的计算模型。因此,在分析隐私保护研究现状的基础上,提出隐私计算的概念,对隐私计算的内涵加以界定,从隐私信息的全生命周期讨论隐私计算研究范畴,并从隐私计算模型、隐私保护场景适应的密码理论、隐私控制与抗大数据分析的隐私保护、基于信息隐藏的隐私保护以及支持高并发的隐私保护服务架构等方面展望隐私计算的发展趋势。     

Privacy Preservation in Cloud Computing Using Randomized Encoding

In this era of Internet, the exchange of data between the users and service providers has grown tremendously. Organizations in health, banking, social network, criminal and government sectors have been collecting and processing the individuals’ information for their gainful purpose. However, collecting and sharing of the individuals’ information which could be sensitive and confidential, for data mining may cause a breach in data privacy. In many applications, selective data collection of confidential and sensitive information of the users’ needs to be modified for preserving it from unauthorized access and disclosure. Many data mining techniques that include statistical, k-anonymity, cryptographic, perturbation and randomization methods, etc. have been evolved for protecting and preserving data privacy. These techniques have their own limitations, it may be the case that the privacy protection is adequate or computations complexities are high and expensive. To address the limitations of the above-mentioned techniques, a methodology comprising of encoding and randomization, is proposed to preserve privacy. This technique called as Randomized Encoding (RE) technique, in which encoding is performed with addition of random noise from a known distribution to the original data for perturbing the data before its release to the public domain. The core component of this technique is a novel primitive of using Randomized Encoding (RE) which is quite similar to the spirit of other cryptographic algorithms. The reconstruction of an approximation to the original data distribution is done from the perturbed data and used for data mining purposes. There is always a trade-off between information loss and privacy preservation. To achieve balance between privacy and data utility, the dataset attributes are first classified into sensitive and quasi-identifiers. The pre-classified confidential and sensitive data attributes are perturbed using Base 64 encoding with addition of a randomly generated noise for preserving privacy. In this variable dynamic proposed approach, the result analysis of the experiment conducted suggests that the proposed technique performs computationally efficient and preserves privacy while adequately maintaining data utility in comparison with other privacy preserving techniques such as anonymization approach.

     

面向多敏感值的个性化随机响应机制设计与分析

在实际数据收集中,不同敏感值的敏感度有很大差异,隐私保护需求也不相同.然而,现有的基于随机响应的本地化隐私保护模型针对所有敏感值都执行同样程度的隐私保护,从而可能造成某些低敏感度的敏感值过度保护,而某些高敏感度的敏感值却保护不足.基于此,本文在常规随机响应（Conventional Randomized Response,CRR）模型的基础上,考虑个性化的隐私需求,引入敏感值权重,并将其引入到随机响应的决策中,提出一种面向多敏感值的个性化随机响应（Personalized Randomized Response,PRR）机制,该机制能够确保不同的敏感值群体均能达到各自期望的隐私保护程度,实现个性化的隐私保护.理论分析和仿真实验表明,在机制的主观隐私泄露程度一定时,相比于CRR模型,本文所提的PRR机制统计估计误差更小,即获得的统计数据的质量更高,同时又保证了个性化的隐私保护.     

面向多路径传输中数据隐私性分析的安全模型

In order to investigate the enhancement of data privacy by distributing data packets via multiple paths, this paper formulates a security model and analyzes the privacy problem in multipath scenarios leveraging information theoretic concept. Based on proposed model, a privacy function related to the path number is discussed. We heuristically recommend the optimal path number and analyze the tradeoff among the performance, resource consumption and privacy. For reducing the information leakage, the data schedule algorithms are also proposed. The analytical model can provide guidelines for the multipath protocol design.     

ESOT: a new privacy model for preserving location privacy in Internet of Things

The Internet of Things (IoT) means connecting everything with every other thing through the Internet. In IoT, millions of devices communicate to exchange data and information with each other. During communication, security and privacy issues arise which need to be addressed. To protect information about users’ location, an efficient technique should be devised. Several techniques have already been proposed for preserving location privacy in IoT. However, the existing research lags in preserving location privacy in IoT and has highlighted several issues such as being specific or being restricted to a certain location. In this paper, we propose a new location privacy technique called the enhanced semantic obfuscation technique (ESOT) to preserve the location information of a user. Experimental results show that ESOT achieves improved location privacy and service utility when compared with a well-known existing approach, the semantic obfuscation technique.     

Breakthrough in privacy concerns and lawful access conflicts

The widespread use and misuse of communication systems, especially in the era of speedy transmission of audio/visual information facilitated by the World Wide Web, creates a need for the regulation of information flow. This is in order to ensure a high level of consistency in information security and integrity. On the other hand, ensuring that users have access to security techniques that meet their needs, so that they can trust in the security of information and communications systems while maintaining the confidentiality and integrity of data on such systems, is a must. For example, in many countries, law enforcement can lawfully access stored data or intercept communications under certain conditions. The important law enforcement tools necessary to carry out these exercises could be hampered by the use of uncontrolled cryptography, which may prevent lawful access to either plaintext or cryptographic keys of encrypted data. The privacy and integrity of data on communications systems are of vital importance. This paper addresses the issue at stake in communication security and the user's right to information on legal and social ramifications. This work describes how vital security techniques may be to information technology especially in the Internet era and how there could be a balance to individual privacy [Computers System and Network Security: Principles and Practice, 1999] and public safety in communication. This is one of the most essential issues at stake in communication security. It evaluates the threat caused by intrusion/violations of privacy rights by law enforcement agents and presents a better strategy of how crime can be traced and how criminals might be arrested by law enforcement agents without violating users' privacy rights. We propose an idea called SPLC – solution to privacy and lawful access conflict. SPLC realizes/instills online users' confidence and makes the Internet a fraud-free environment for e-commerce and other online activity.