2012 AnonymizingSetValuedDatabyNonre

Subject Headings:

Notes

Today there is a strong interest in publishing set-valued data in a privacy-preserving manner. Such data associate individuals to sets of values (e.g., preferences, shopping items, symptoms, query logs). In addition, an individual can be associated with a sensitive label (e.g., marital status, religious or political conviction). Anonymizing such data implies ensuring that an adversary should not be able to (1) identify an individual's record, and (2) infer a sensitive label, if such exists. Existing research on this problem either perturbs the data, publishes them in disjoint groups disassociated from their sensitive labels, or generalizes their values by assuming the availability of a generalization hierarchy. In this paper, we propose a novel alternative. Our publication method also puts data in a generalized form, but does not require that published records form disjoint groups and does not assume a hierarchy either; instead, it employs generalized bitmaps and recasts data values in a nonreciprocal manner; formally, the bipartite graph from original to anonymized records does not have to be composed of disjoint complete subgraphs. We configure our schemes to provide popular privacy guarantees while resisting attacks proposed in recent research, and demonstrate experimentally that we gain a clear utility advantage over the previous state of the art.

;

	Author	volume	Date Value	title	type	journal	titleUrl	doi	note	year
2012 AnonymizingSetValuedDatabyNonre	Jaideep Vaidya Panagiotis Karras Chedy Raïssi Mingqiang Xue Kian-Lee Tan			Anonymizing Set-valued Data by Nonreciprocal Recoding				10.1145/2339530.2339696		2012