Behind the Mask: Understanding the Structural Forces That Make Social Graphs Vulnerable to Deanonymization

Abstract

The tradeoff between anonymity and utility in the context of the anonymization of graph data sets is well acknowledged; for better privacy, some of the graph structural properties must be lost. What is not well understood, however, is what forces shape this tradeoff. Specifically, for the data practitioner who wants to publish an anonymized graph data set, it is unclear what graph structural properties can be preserved and what are the anonymity costs associated with preserving them. This article proposes a framework that examines the interplay between graph properties and the vulnerability to deanonymization attacks. We demonstrate its applicability via extensive experiments on thousands of graphs with controlled properties generated from real data sets. In addition, we show empirically that there are structural properties that affect graph vulnerability to reidentification attacks independent of degree distribution.