Quantification of De-anonymization Risks in Social Networks

Wei-Han Lee, Changchang Liu, Shouling Ji, Prateek Mittal, Ruby Lee

Abstract

The risks of publishing privacy-sensitive data have received considerable attention recently. Several de-anonymization attacks have been proposed to re-identify individuals even if data anonymization techniques were applied. However, there is no theoretical quantification for relating the data utility that is preserved by the anonymization techniques and the data vulnerability against de-anonymization attacks. In this paper, we theoretically analyze the de-anonymization attacks and provide conditions on the utility of the anonymized data (denoted by anonymized utility) to achieve successful de-anonymization. To the best of our knowledge, this is the first work on quantifying the relationships between anonymized utility and de-anonymization capability. Unlike previous work, our quantification analysis requires no assumptions about the graph model, thus providing a general theoretical guide for developing practical de-anonymization/anonymization techniques. Furthermore, we evaluate state-of-the-art de-anonymization attacks on a real-world Facebook dataset to show the limitations of previous work. By comparing these experimental results and the theoretically achievable de-anonymization capability derived in our analysis, we further demonstrate the ineffectiveness of previous de-anonymization attacks and the potential of more powerful de-anonymization attacks in the future.

References

  1. Andersen, R., Borgs, C., Chayes, J., Feige, U., Flaxman, A., Kalai, A., Mirrokni, V., and Tennenholtz, M. (2008). Trust-based recommendation systems: an axiomatic approach. In WWW.
  2. Backstrom, L., Dwork, C., and Kleinberg, J. (2007). Wherefore art thou r3579x?: anonymized social networks, hidden patterns, and structural steganography. In WWW.
  3. Buccafurri, F., Lax, G., Nocera, A., and Ursino, D. (2015). Discovering missing me edges across social networks. Information Sciences.
  4. Dwork, C. (2006). Differential privacy. In Encyclopedia of Cryptography and Security. Springer.
  5. Erd o?s, P. and Rényi, A. (1976). On the evolution of random graphs. Selected Papers of Alfréd Rényi.
  6. Fabiana, C., Garetto, M., and Leonardi, E. (2015). Deanonymizing scale-free social networks by percolation graph matching. In INFOCOM.
  7. Hamming, R. W. (1950). Error detecting and error correcting codes. Bell System Technical Journal.
  8. Hay, M., Miklau, G., Jensen, D., Towsley, D., and Weis, P. (2008). Resisting structural re-identification in anonymized social networks. VLDB Endowment.
  9. Hay, M., Miklau, G., Jensen, D., Weis, P., and Srivastava, S. (2007). Anonymizing social networks. Computer Science Department Faculty Publication Series.
  10. Ji, S., Li, W., Gong, N. Z., Mittal, P., and Beyah, R. (2015a). On your social network de-anonymizablity: Quantification and large scale evaluation with seed knowledge. In NDSS.
  11. Ji, S., Li, W., Mittal, P., Hu, X., and Beyah, R. (2015b). Secgraph: A uniform and open-source evaluation system for graph data anonymization and de-anonymization. In USENIX Security Symposium.
  12. Ji, S., Li, W., Srivatsa, M., and Beyah, R. (2014). Structural data de-anonymization: Quantification, practice, and implications. In CCS.
  13. Korula, N. and Lattanzi, S. (2014). An efficient reconciliation algorithm for social networks. Proceedings of the VLDB Endowment.
  14. Liu, C., Chakraborty, S., and Mittal, P. (2016). Dependence makes you vulnerable: Differential privacy under dependent tuples. In NDSS.
  15. Liu, C. and Mittal, P. (2016). Linkmirage: Enabling privacy-preserving analytics on social relationships. In NDSS.
  16. Liu, K. and Terzi, E. (2008). Towards identity anonymization on graphs. In SIGMOD.
  17. Machanavajjhala, A., Kifer, D., Gehrke, J., and Venkitasubramaniam, M. (2007). l-diversity: Privacy beyond k-anonymity. ACM Transactions on Knowledge Discovery from Data.
  18. Mittal, P., Papamanthou, C., and Song, D. (2013a). Preserving link privacy in social network based systems. In NDSS.
  19. Mittal, P., Wright, M., and Borisov, N. (2013b). Pisces: Anonymous communication using social networks. NDSS.
  20. Narayanan, A. and Shmatikov, V. (2008). Robust deanonymization of large sparse datasets. IEEE S&P.
  21. Narayanan, A. and Shmatikov, V. (2009). De-anonymizing social networks. IEEE S&P.
  22. Newman, M. (2010). Networks: An Introduction. Oxford University Press.
  23. Newman, M. E. (2003). The structure and function of complex networks. SIAM review.
  24. Nilizadeh, S., Kapadia, A., and Ahn, Y.-Y. (2014). Community-enhanced de-anonymization of online social networks. In CCS.
  25. Pedarsani, P., Figueiredo, D. R., and Grossglauser, M. (2013). A bayesian method for matching two similar graphs without seeds. In Allerton.
  26. Pedarsani, P. and Grossglauser, M. (2011). On the privacy of anonymized networks. In SIGKDD.
  27. Pham, H., Shahabi, C., and Liu, Y. (2013). Ebm: an entropy-based model to infer social strength from spatiotemporal data. In SIGMOD.
  28. Sala, A., Zhao, X., Wilson, C., Zheng, H., and Zhao, B. Y. (2011). Sharing graphs using differentially private graph models. In IMC.
  29. Sharad, K. and Danezis, G. (2013). De-anonymizing d4d datasets. In Workshop on Hot Topics in Privacy Enhancing Technologies.
  30. Sharad, K. and Danezis, G. (2014). An automated social graph de-anonymization technique. In Proceedings of the 13th Workshop on Privacy in the Electronic Society. ACM.
  31. Srivatsa, M. and Hicks, M. (2012). Deanonymizing mobility traces: Using social network as a side-channel. In CCS.
  32. Viswanath, B., Mislove, A., Cha, M., and Gummadi, K. P. (2009). On the evolution of user interaction in facebook. In ACM workshop on Online social networks.
  33. Yu, H., Gibbons, P. B., Kaminsky, M., and Xiao, F. (2008). Sybillimit: A near-optimal social network defense against sybil attacks. In IEEE S&P.
Download


Paper Citation


in Harvard Style

Lee W., Liu C., Ji S., Mittal P. and Lee R. (2017). Quantification of De-anonymization Risks in Social Networks . In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-209-7, pages 126-135. DOI: 10.5220/0006192501260135


in Bibtex Style

@conference{icissp17,
author={Wei-Han Lee and Changchang Liu and Shouling Ji and Prateek Mittal and Ruby Lee},
title={Quantification of De-anonymization Risks in Social Networks},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2017},
pages={126-135},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006192501260135},
isbn={978-989-758-209-7},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Quantification of De-anonymization Risks in Social Networks
SN - 978-989-758-209-7
AU - Lee W.
AU - Liu C.
AU - Ji S.
AU - Mittal P.
AU - Lee R.
PY - 2017
SP - 126
EP - 135
DO - 10.5220/0006192501260135