Randomized generalization for aggregate suppression over hidden web databases

Abstract

Many web databases are hidden behind restrictive form-like interfaces which allow users to execute search queries over the underlying hidden database. While it is important to support such search queries, many hidden database owners also want to maintain a certain level of privacy for aggregate information over their databases, for reasons including business secrets and homeland security. Existing work on aggregate suppression thwarts the uniform random sampling of a hidden database, but cannot address recently proposed attacks which accurately estimate SUM and COUNT queries without the need to first draw a uniform random sample. In this paper, we consider the problem of suppressing SUM and COUNT queries over a hidden database. In particular, we develop randomized generalization, a novel technique which provides rigid aggregate-suppression guarantee while maintaining the utility of individual search queries. We present theoretical analysis and extensive experiments to illustrate the effectiveness of our approach.