In recent years, the wide availability of personal data has made the problem of privacy preserving data mining an important one. A number of methods have recently been proposed for privacy preserving data mining of multidimensional data records. One of the methods for privacy preserving data mining is that of anonymization, in which a record is released only if it is indistinguishable from k other entities in the data. We note that methods such as k-anonymity are highly dependent upon spatial locality in order to effectively implement the technique in a statistically robust way. In high dimensional space the data becomes sparse, and the concept of spatial locality is no longer easy to define from an application point of view. In this paper, we view the k-anonymization problem from the perspective of inference attacks over all possible combinations of attributes. We show that when the data contains a large number of attributes which may be considered quasi-identifiers, it becomes difficult to anonymize the data without an unacceptably high amount of information loss. This is because an exponential number of combinations of dimensions can be used to make precise inference attacks, even when individual attributes are partially specified within a range. We provide an analysis of the effect of dimensionality on k-anonymity methods. We conclude that when a data set contains a large number of attributes which are open to inference attacks, we are faced with a choice of either completely suppressing most of the data or losing the desired level of anonymity. Thus, this paper shows that the curse of high dimensionality also applies to the problem of privacy preserving data mining.
[1]
Ramakrishnan Srikant,et al.
Fast Algorithms for Mining Association Rules in Large Databases
,
1994,
VLDB.
[2]
Pierangela Samarati,et al.
Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression
,
1998
.
[3]
Yehuda Lindell,et al.
Privacy Preserving Data Mining
,
2002,
Journal of Cryptology.
[4]
Alexandre V. Evfimievski,et al.
Privacy preserving mining of association rules
,
2002,
Inf. Syst..
[5]
Adam Meyerson,et al.
On the complexity of optimal K-anonymity
,
2004,
PODS.
[6]
Charu C. Aggarwal,et al.
On the Surprising Behavior of Distance Metrics in High Dimensional Spaces
,
2001,
ICDT.
[7]
Chris Clifton,et al.
SECURITY AND PRIVACY IMPLICATIONS OF DATA MINING
,
1996
.
[8]
Roberto J. Bayardo,et al.
Data privacy through optimal k-anonymization
,
2005,
21st International Conference on Data Engineering (ICDE'05).
[9]
Gu Si-yang,et al.
Privacy preserving association rule mining in vertically partitioned data
,
2006
.
[10]
Philip S. Yu,et al.
A Condensation Approach to Privacy Preserving Data Mining
,
2004,
EDBT.
[11]
Lorrie Faith Cranor,et al.
Internet privacy
,
1999,
CACM.
[12]
Charu C. Aggarwal,et al.
Mining massively incomplete data sets by conceptual reconstruction
,
2001,
KDD '01.
[13]
Jonathan Goldstein,et al.
When Is ''Nearest Neighbor'' Meaningful?
,
1999,
ICDT.
[14]
Charu C. Aggarwal,et al.
On the design and quantification of privacy preserving data mining algorithms
,
2001,
PODS.