Bottom-up sequential anonymization in the presence of adversary knowledge

Abstract

In many real world situations, data are updated and released over time. In sequential data publishing, the number of attributes and records may vary and the attribute values may be modified in different releases. This might lead to a compromise in privacy when different releases of the same data are combined. Preventing information disclosure becomes more difficult when the adversary has background knowledge on correlations among sensitive attribute values over time. In this paper, we propose an anonymization framework to protect against background knowledge attack in a sequential data publishing setting. Our proposed anonymization framework recreates the adversary’s inference ability to estimate her posterior beliefs. Our method extends a privacy model to consider the adversary’s posterior beliefs. We propose a bottom-up sequential algorithm which uses local generalization to decrease information loss compared to other sequential anonymization algorithms that use global generalization. We verify the theoretical study by experimentation on two datasets. Experimental results show that our proposed algorithm outperforms the state of the art sequential approaches like CELL(FMJ) and TDS4ASR in terms of information loss, the adversary’s information gain, and average adversary confidence.