research-article

Structural Data De-Anonymization: Theory and Practice

Authors:

Mudhakar Srivatsa,

Raheem BeyahAuthors Info & Claims

IEEE/ACM Transactions on Networking (TON), Volume 24, Issue 6

Pages 3523 - 3536

https://doi.org/10.1109/TNET.2016.2536479

Published: 01 December 2016 Publication History

Abstract

In this paper, we study the quantification, practice, and implications of structural data de-anonymization, including social data, mobility traces, and so on. First, we answer several open questions in structural data de-anonymization by quantifying perfect and \(1-\epsilon \) -perfect structural data de-anonymization, where \(\epsilon \) is the error tolerated by a de-anonymization scheme. To the best of our knowledge, this is the first work on quantifying structural data de-anonymization under a general data model, which closes the gap between the structural data de-anonymization practice and theory. Second, we conduct the first large-scale study on the de-anonymizability of 26 real world structural data sets, including social networks, collaborations networks, communication networks, autonomous systems, peer-to-peer networks, and so on. We also quantitatively show the perfect and \(1-\epsilon \) -perfect de-anonymization conditions of the 26 data sets. Third, following our quantification, we present a practical attack [a novel single-phase cold start optimization-based de-anonymization ODA algorithm]. An experimental analysis of ODA shows that \(\sim 77.7\) %–83.3% of the users in Gowalla 196 591 users and 950 327 edges and 86.9%–95.5% of the users in Google+ 4 692 671 users and 90 751 480 edges are de-anonymizable in different scenarios, which implies that the structure-based de-anonymization is powerful in practice. Finally, we discuss the implications of our de-anonymization quantification and our ODA attack and provide some general suggestions for future secure data publishing.

References

[1]

S. Ji, W. Li, M. Srivatsa, and R. Beyah, "Structural data de-anonymization: Quantification, practice, and implications," in Proc. ACM CCS, 2014, pp. 1040-1053.

[2]

L. Backstrom, C. Dwork, and J. Kleinberg, "Wherefore art thou r3579x? Anonymized social networks, hidden patterns, and structural steganography," in Proc. 16th Int. Conf. WWW, 2007, pp. 181-190.

[3]

A. Narayanan and V. Shmatikov, "De-anonymizing social networks," in Proc. 30th IEEE Symp. SP, May 2009, pp. 173-187.

[4]

M. Srivatsa and M. Hicks, "Deanonymizing mobility traces: Using social network as a side-channel," in Proc. ACM Conf. CCS, 2012, pp. 628-637.

[5]

S. Ji, W. Li, M. Srivatsa, J. S. He, and R. Beyah, "Structure based data de-anonymization of social networks and mobility traces," in Proc. 17th Int. Conf. ISC, 2014, pp. 237-254.

[6]

S. Ji, W. Li, P. Mittal, X. Hu, and R. Beyah, "SecGraph: A uniform and open-source evaluation system for graph data anonymization and de-anonymization," in Proc. 24th USENIX Secur. Symp., 2015, pp. 303-318.

[7]

G. Wondracek, T. Holz, E. Kirda, and C. Kruegel, "A practical attack to de-anonymize social network users," in Proc. IEEE Symp. SP, May 2010, pp. 223-238.

[8]

P. Pedarsani and M. Grossglauser, "On the privacy of anonymized networks," in Proc. 17th ACM SIGKDD Int. Conf. KDD, 2011, pp. 1235-1243.

[9]

M. Hay, G. Miklau, D. Jensen, D. Towsley, and P. Weis, "Resisting structural re-identification in anonymized social networks," Proc. VLDB Endowment, vol. 1, no. 1, pp. 102-114, 2008.

[10]

K. Liu and E. Terzi, "Towards identity anonymization on graphs," in Proc. SIGMOD, 2008, pp. 93-106.

[11]

N. Li, W. Qardaji, and D. Su, "On sampling, anonymization, and differential privacy or, k-anonymization meets differential privacy," in Proc. 7th ASIACCS, 2012, pp. 32-43.

[12]

C. Dwork, "Differential privacy," in Proc. 33rd ICALP, 2006, pp. 1-12.

[13]

A. Korolova, R. Motwani, S. U. Nabar, and Y. Xu, "Link privacy in social networks," in Proc. 17th ACM CIKM, 2008, pp. 289-298.

[14]

E. Zheleva and L. Getoor, "To join or not to join: The illusion of privacy in social networks with mixed public and private user profiles," in Proc. WWW, 2009, pp. 531-540.

[15]

J. Pang, B. Greenstein, R. Gummadi, S. Seshan, and D. Wetherall, "802.11 user fingerprinting," in Proc. MobiCom, 2007, pp. 99-110.

[16]

L. Backstrom, E. Sun, and C. Marlow, "Find me if you can: Improving geographical prediction with social and spatial proximity," in Proc. WWW, 2010, pp. 61-70.

[17]

S. Han et al., "Expressive privacy control with pseudonyms," in Proc. SIGCOMM, 2013, pp. 291-302.

[18]

P. Mittal, M. Wright, and N. Borisov, "Pisces: Anonymous communication using social networks," in Proc. NDSS Symp., 2013, pp. 1-18.

[19]

J. Kannan, G. Altekar, P. Maniatis, and B.-G. Chun, "Making programs forget: Enforcing lifetime for sensitive data," in Proc. 13th USENIX Conf. HotOS, 2013, p. 23.

[20]

M. Egele, G. Stringhini, C. Kruegel, and G. Vigna, "COMPA: Detecting compromised accounts on social networks," in Proc. NDSS Symp., 2013, pp. 1-17.

[21]

K. Singh, S. Bhola, and W. Lee, "xBook: Redesigning privacy control in social networking platforms," in Proc. 18th Conf. USENIX Secur. Symp., 2009, pp. 249-266.

[22]

P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall, "These aren't the droids you're looking for: Retrofitting android to protect data from imperious applications," in Proc. 18th ACM Conf. CCS, 2011, pp. 639-652.

[23]

M. Egele, C. Kruegel, E. Kirda, and G. Vigna, "PiOS: Detecting privacy leaks in iOS applications," in Proc. NDSS Symp., 2011, pp. 1-15.

[24]

H. Yu, P. B. Gibbons, M. Kaminsky, and F. Xiao, "SybilLimit: A near-optimal social network defense against sybil attacks," in Proc. IEEE Symp. SP, May 2008, pp. 3-17.

[25]

H. Yu, C. Shi, M. Kaminsky, P. B. Gibbons, and F. Xiao, "DSybil: Optimal sybil-resistance for recommendation systems," in Proc. 30th IEEE Symp. SP, May 2009, pp. 283-298.

[26]

L. Alvisi, A. Clement, A. Epasto, S. Lattanzi, and A. Panconesi, "SoK: The evolution of sybil defense via social networks," in Proc. IEEE Symp. SP, May 2013, pp. 382-396.

[27]

R. Shokri, G. Theodorakopoulos, J.-Y. Le Boudec, and J.-P. Hubaux, "Quantifying location privacy," in Proc. IEEE Symp. SP, May 2011, pp. 247-262.

[28]

R. Shokri, G. Theodorakopoulos, C. Troncoso, J.-P. Hubaux, and J.-Y. Le Boudec, "Protecting location privacy: Optimal strategy against localization attacks," in Proc. ACM Conf. CCS, 2012, pp. 617-627.

[29]

M. E. J. Newman, Networks: An Introduction. London, U.K.: Oxford Univ. Press, 2010.

[30]

M. E. J. Newman, "The structure and function of complex networks," SIAM Rev., vol. 45, no. 2, pp. 167-256, 2003.

[31]

B. Bollobás, Random Graphs, 2nd ed. Cambridge, U.K.: Cambridge Univ. Press, 2001.

[32]

J. Riordan, An Introduction to Combinatorial Analysis. New York, NY, USA: Wiley, 1958.

[33]

N. Z. Gong et al., "Evolution of social-attribute networks: Measurements, modeling, and implications using Google+," in Proc. ACM Conf. IMC, 2012, pp. 131-144.

[34]

J. Leskovec and A. Krevl. (Jun. 2014). SNAP Datasets: Stanford Large Network Dataset Collection. [Online]. Available: http://snap.stanford.edu/data.

[35]

H. Pham, C. Shahabi, and Y. Liu, "EBM: An entropy-based model to infer social strength from spatiotemporal data," in Proc. SIGMOD, 2013, pp. 265-276.

[36]

C. Shah, R. Capra, and P. Hansen, "Collaborative information seeking," Computer, vol. 47, no. 3, pp. 22-25, 2014.

[37]

Z. Xu, J. Ramanathan, and R. Ramnath, "Identifying knowledge brokers and their role in enterprise research through social media," Computer, vol. 47, no. 3, pp. 26-31, Mar. 2014.

Cited By

Hancock JMahesh SCobbe JSingh JMazumder A(2024)The tensions of data sharing for human rights: A modern slavery case studyProceedings of the 2024 ACM Conference on Fairness, Accountability, and Transparency10.1145/3630106.3658949(974-987)Online publication date: 3-Jun-2024
https://dl.acm.org/doi/10.1145/3630106.3658949
Zhan CJoksimović SLadjal DRakotoarivelo TMarshall RPardo A(2024)Preserving Both Privacy and Utility in Learning AnalyticsIEEE Transactions on Learning Technologies10.1109/TLT.2024.339376617(1655-1667)Online publication date: 25-Apr-2024
https://dl.acm.org/doi/10.1109/TLT.2024.3393766
Miao YWang XLin H(2023)A Graph Generation Network with Privacy Preserving CapabilitiesAlgorithms and Architectures for Parallel Processing10.1007/978-981-97-0862-8_5(67-79)Online publication date: 20-Oct-2023
https://dl.acm.org/doi/10.1007/978-981-97-0862-8_5
Show More Cited By

Recommendations

Structural Data De-anonymization: Quantification, Practice, and Implications
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

In this paper, we study the quantification, practice, and implications of structural data (e.g., social data, mobility traces) De-Anonymization (DA). First, we address several open problems in structural data DA by quantifying perfect and (1-ε)-perfect ...
Private data outsourcing using anonymization
Spectral Anonymization of Data

The goal of data anonymization is to allow the release of scientifically useful data in a form that protects the privacy of its subjects. This requires more than simply removing personal identifiers from the data because an attacker can still use ...

Comments

Information & Contributors

Information

Published In

cover image IEEE/ACM Transactions on Networking

IEEE/ACM Transactions on Networking Volume 24, Issue 6

December 2016

635 pages

ISSN:1063-6692

Issue’s Table of Contents

Copyright © 2016.

Publisher

IEEE Press

Publication History

Published: 01 December 2016

Published in TON Volume 24, Issue 6

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
165
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)0

Reflects downloads up to 06 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hancock JMahesh SCobbe JSingh JMazumder A(2024)The tensions of data sharing for human rights: A modern slavery case studyProceedings of the 2024 ACM Conference on Fairness, Accountability, and Transparency10.1145/3630106.3658949(974-987)Online publication date: 3-Jun-2024
https://dl.acm.org/doi/10.1145/3630106.3658949
Zhan CJoksimović SLadjal DRakotoarivelo TMarshall RPardo A(2024)Preserving Both Privacy and Utility in Learning AnalyticsIEEE Transactions on Learning Technologies10.1109/TLT.2024.339376617(1655-1667)Online publication date: 25-Apr-2024
https://dl.acm.org/doi/10.1109/TLT.2024.3393766
Miao YWang XLin H(2023)A Graph Generation Network with Privacy Preserving CapabilitiesAlgorithms and Architectures for Parallel Processing10.1007/978-981-97-0862-8_5(67-79)Online publication date: 20-Oct-2023
https://dl.acm.org/doi/10.1007/978-981-97-0862-8_5
Beigi GLiu H(2020)A Survey on Privacy in Social MediaACM/IMS Transactions on Data Science10.1145/33430381:1(1-38)Online publication date: 12-Mar-2020
https://dl.acm.org/doi/10.1145/3343038
Gao JWang JHe JYan F(2019)Against Signed Graph Deanonymization Attacks on Social NetworksInternational Journal of Parallel Programming10.1007/s10766-017-0546-647:4(725-739)Online publication date: 1-Aug-2019
https://dl.acm.org/doi/10.1007/s10766-017-0546-6
Gao JPing QWang J(2018)Resisting re-identification mining on social graph dataWorld Wide Web10.1007/s11280-017-0524-321:6(1759-1771)Online publication date: 1-Nov-2018
https://dl.acm.org/doi/10.1007/s11280-017-0524-3
Gao JSong BChen ZKe WDing WHu XKando NSakai TJoho HLi Hde Vries AWhite R(2017)Counter Deanonymization QueryProceedings of the 40th International ACM SIGIR Conference on Research and Development in Information Retrieval10.1145/3077136.3080649(809-812)Online publication date: 7-Aug-2017
https://dl.acm.org/doi/10.1145/3077136.3080649
Ji SMittal PBeyah R(2017)Graph Data Anonymization, De-Anonymization Attacks, and De-Anonymizability Quantification: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2016.263362019:2(1305-1326)Online publication date: 2-Jun-2017
https://dl.acm.org/doi/10.1109/COMST.2016.2633620

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents