Hiding sensitive information in eHealth datasets

Highlights

• This paper investigates two GA-based models for hiding sensitive information.

• A minimal support threshold function is proposed to identify different support thresholds for varied lengths of patterns.

• A “pre-large” concept is administered within the designed GA-based model.

• Experiments show that the designed model outperforms the generic EC-based models.

Abstract

Privacy in the realm of data mining known as PPDM has become a hot topic in both academic research and industry due to the fact it can discover implicit rules as well as hide sensitive information for data sanitization. Many different algorithms and heuristics have been investigated to hide sensitive information using the act of transaction deletion based on evolutionary computation techniques, but to date, these algorithms only consider a uniform threshold value for sanitization progress. This technique is not applicable in real-world situations, especially for eHealth based medical datasets. For example, a patient can still be identified if he/she has more confidential information (i.e., symptoms) that cause privacy threats and security leakage in medical applications. In this work, we investigate a unique novel methodology to set varied threshold values that lead to varied lengths of sensitive patterns within a Genetic Algorithm (GA)-based framework. As the pattern length increases, a tighter threshold manifests to provide better protection of sensitive information that can avoid individual patients to be identified in eHealth datasets. Two GA-based models are developed for data sanitization using record deletion techniques. The experimental results are conducted and compared with the traditional Evolutionary Computation (EC)-based PPDM approaches and the results showed that the designed methods offer greater protection than previous methods in terms of side effects. Therefore, the designed models are effective to hide sensitive information in medical situations that can be used in real-world scenarios.

Introduction

With the rapid growth of information techniques used in the Internet of Things (IoT) [1], such as parallel computing [2], edge computing [3], and machine learning [4], it is necessary to use those techniques to retrieve useful information for decision-making. In the past decade, several data mining techniques [5], [6], [7], [8], [9] have been utilized and applied in different domains and applications that can be used to retrieve meaningful information with an intrinsic value from massive datasets. The fundamental algorithm to mine required patterns is called the Apriori [10] that uses the minimum support threshold to first discover the set of FIs (frequent itemsets) from the database using a “level-wise” technique. Next, a combinational approach is administered that applies effective association rules, known as ARs, that are solely based using the minimum confidence threshold. Taking into account that the “level-wise” approach applies the well-known “generate-and-test” mechanism which is known to require a huge computational cost, the efficient frequent pattern (FP)-tree structure [11] is developed to keep frequent 1-itemsets in the tree. Next, a recursive FP-growth mining algorithm is developed for mining the set of FIs. Several extensions in knowledge discovery in the database (KDD) were then implemented to handle different scenarios and domains for retrieving various knowledge for decision-making, i.e., sequential pattern mining [12] and high-utility itemset mining [13].

Although KDD techniques can be used to mine the relationship of attributes in a database, confidential/private information can also be revealed or referred from related information during the mining progress [14]. For example, purchase behaviors can refer to visited malls and even the gender of customers that should be considered confidential information in data analytics. One technique includes a perturbation or sanitization approach in which the confidential information regarding any patient’s record is perturbed using a random process. This process distorts sensitive data values by changing them by adding, subtracting, or perturbing the date through other means. Lindell and Pinkas investigated the ID3 algorithm [15] based on the decision tree for PPDM. Clifton et al. developed software that can be utilized for solving the PPDM problem [16]. Dwork et al. [17] designed several models that handle published noisy stats on top of the vertically partitioned datasets. Wu et al. [18] also created several algorithms that are used to reduce support as well as confidence, and by doing so hiding SI (sensitive information) through decreasing the support as well as the confidence values. Besides, Hong et al. [19] considered the TF-IDF model and developed the SIF-IDF algorithm which is used to evaluate a calculated score for every transaction used in data sanitization. Moreover, there are also a lot of challenges to reveal useful knowledge in the eHealth field due to strict privacy requirements [20], [21], [22], [23], [24]. Besides, for the sanitization process to hide SIs, the loss of rules can be common which leads to artificial rules that may appear as side effects of the entire sanitization process. Three well-known side effects in any PPDM process are (1) hiding failure, (2) missing cost, and (3) artificial cost, which can all be considered as the evaluation criteria for data sanitization. However, the three side effects mentioned can be considered as an $NP$-hard optimization problem [25], [26] since the appropriate data is selected for sanitization with minimal side effects. Evolutionary computation (EC) is an alternative method to find optimized solutions that have been applied to solve many $NP$-hard issues. Lin et al. [27] first considered to apply the GA for PPDM and developed a GA-based model for data sanitization. Lin et al. then considered the PSO model and presented three PSO-based approaches [28], [29], [30] to improve the effectiveness and efficiency of the GA-based approach for data sanitization. Many other novel PPDM algorithms and frameworks were also vigorously developed recently [31], [32]. Although those models are more effective than generic approaches for data sanitization, they still fail the problem by using a uniform threshold for sanitization, which is not applicable in many domains and applications. The problem is that a longer confidential pattern can still lead to disclosure with a uniform threshold value. For example, in medical datasets, a patient can be identified if he/she has many symptoms of a given disease that can cause a privacy threat and security issues to protect the patient’s information. If a single loose threshold is set, many private long patterns will be identified. On the other hand, if a single strict threshold is set, the sanitized database suffers serious side-effects inevitably. In this paper, we aim at providing a secured privacy preservation system that can be utilized in a medical dataset for data sanitization. The major contributions of our work are listed as follows:

• This paper investigates two GA-based models for hiding sensitive information based on varied threshold values of sensitive patterns, which is more applicable in real-world situations especially in eHealth based medicaldatasets.

• A minimal support threshold function is proposed to identify different support thresholds for varying lengths of the patterns, thus the sensitive patterns with long lengths cannot be easily identified that secure the privacy of the patients.

• A pre-large concept is administered within the designed GA-based model thus reducing the computational cost for evaluation.

• Experiments showed that the designed models outperform the generic EC-based model with a uniform threshold value for data sanitization in terms of three side effects.