Abstract
Data anonymization is a complex task, as it is dependent on the structure of the dataset, the privacy requirements that we might have and how the anonymized data is going to be processed. Taking just into account these three aspects, it would be possible to set up many anonymization configurations for a single dataset, as each variable that appears on the data could be anonymized using different techniques (generalization, randomization, deletion), and each of them could be configured with a different parameterization. In consequence, the are several alternatives for anonymizing a dataset, especially when it is composed by a high number of variables. For those cases, a manual anonymization process is unfeasible and an automatic approach that allows to determine the best anonymization configuration for the data is essential. Furthermore, it is necessary to determine accurately the risk of each anonymization configuration, in order to verify that the expected privacy requirements are fulfilled. In this paper we present two main contributions: 1) a dynamic risk-based anonymization process that allows to determine the best anonymization configuration for a particular dataset; 2) two new privacy metrics (CAK and R-CAK) that allow to measure the risk of re-identification of the anonymized data, taking into account the knowledge of an adversary that is trying to disclose sensitive attributes from the anonymized dataset.
This work is partially funded by the EU H2020 Programme under projects INFINITECH (grant agreement No. 856632), WITDOM (grant agreement No. 644371) and PERSIST (grant agreement No. 875406), and by the Ayudas Cervera para Centros Tecnológicos grant of the Spanish Centre for the Development of Industrial Technology (CDTI) under the project ÉGIDA (CER-20191012).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aggarwal, C.C.: On k-anonymity and the curse of dimensionality. VLDB 5, 901–909 (2005)
Article 29 Working Party. Opinion 05/2014 on Anonymisation Techniques (2014). http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf. Last Accessed 10 Feb 2020
Dwork, C.: Differential privacy. In: Encyclopedia of Cryptography and Security, 2nd edn., pp. 338–340. Springer (2011)
General Data Protection Regulation (GDPR) (2014). https://eur-lex.europa.eu/eli/reg/2016/679/oj. Last Accessed 10 Feb 2020
Lakkaraju, K., Slagell, A.: Evaluating the utility of anonymized network traces for intrusion detection. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, pp. 1–8 (2008)
Li, N., Li, T., Venkatasubramanian, S.: t-Closeness: privacy beyond k-anonymity and l-diversity. In: Proceedings of the 23rd International Conference on Data Engineering, pp. 106–115. IEEE (2007)
Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: L-diversity: privacy beyond k-anonymity. TKDD 1(1) (2007)
Mivule, K.: Utilizing noise addition for data privacy, an overview. CoRR abs/1309.3958 (2013)
de Montjoye, Y.A., Hidalgo, C.A., Verleysen, M., Blondel, V.D.: Unique in the crowd: the privacy bounds of human mobility. Sci. Rep. 3, 1376 (2013)
Narayanan, A., Shmatikov, V.: Robust de-anonymization of large sparse datasets. In: 2008 IEEE Symposium on Security and Privacy, pp. 111–125. IEEE (2008)
Narayanan, A., Shmatikov, V.: De-anonymizing social networks. In: 30th IEEE Symposium on Security and Privacy, USA, pp. 173–187. IEEE Computer Society (2009)
Song, Y., Lu, X., Nobari, S., Bressan, S., Karras, P.: On the privacy and utility of anonymized social networks. Int. J. Adapt. Resilient Auton. Syst. 4(2), 1–34 (2013)
Sweeney, L.: Achieving k-anonymity privacy protection using generalization and suppression. Int. J. Uncertainty Fuzziness Knowl. Based Syst. 10(5), 571–588 (2002)
Sweeney, L.: k-anonymity: a model for protecting privacy. Int. J. Uncertainty Fuzziness Knowl. Based Syst. 10(5), 557–570 (2002)
Wagner, I., Eckhoff, D.: Technical privacy metrics: a systematic survey. ACM Comput. Surv. 51(3), 1–38 (2018)
Wondracek, G., Holz, T., Kirda, E., Kruegel, C.: A practical attack to de-anonymize social network users. In: 31st IEEE Symposium on Security and Privacy, USA, pp. 223–238. IEEE Computer Society (2010)
Zhang, Q., Koudas, N., Srivastava, D., Yu, T.: Aggregate query answering on anonymized tables. In: Proceedings of the 23rd International Conference on Data Engineering, pp. 116–125. IEEE (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Adkinson Orellana, L., Dago Casas, P., Sestelo, M., Pintos Castro, B. (2021). A New Approach for Dynamic and Risk-Based Data Anonymization. In: Herrero, Á., Cambra, C., Urda, D., Sedano, J., Quintián, H., Corchado, E. (eds) 13th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2020). CISIS 2019. Advances in Intelligent Systems and Computing, vol 1267. Springer, Cham. https://doi.org/10.1007/978-3-030-57805-3_31
Download citation
DOI: https://doi.org/10.1007/978-3-030-57805-3_31
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57804-6
Online ISBN: 978-3-030-57805-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)