FDI: Quantifying Feature-based Data Inferability

Motivated by many existing security and privacy applications, e.g., network traffic attribution, linkage attacks, private web search, and feature-based data de-anonymization, in this paper, we study the Feature-based Data Inferability (FDI) quantification problem. First, we conduct the FDI quantification under both naive and general data models from both a feature distance perspective and a feature distribution perspective. Our quantification explicitly shows the conditions to have a desired fraction of the target users to be Top-K inferable (K is an integer parameter). Then, based on our quantification, we evaluate the user inferability in two cases: network traffic attribution in network forensics and feature-based data de-anonymization. Finally, based on the quantification and evaluation, we discuss the implications of this research for existing feature-based inference systems.

[1]  Qi Li,et al.  Cryptographic key generation from voice , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[2]  Kang Li,et al.  ClickMiner: Towards Forensic Reconstruction of User-Browser Interactions from Network Traces , 2014, CCS.

[3]  Rajdeep Niyogi,et al.  Network forensic frameworks: Survey and research challenges , 2010, Digit. Investig..

[4]  Ariel Stolerman,et al.  Doppelgänger Finder: Taking Stylometry to the Underground , 2014, 2014 IEEE Symposium on Security and Privacy.

[5]  Fei Wang,et al.  Kaleido: Network Traffic Attribution using Multifaceted Footprinting , 2014, SDM.

[6]  Claudia Picardi,et al.  User authentication through keystroke dynamics , 2002, TSEC.

[7]  Ravi Kumar,et al.  "I know what you did last summer": query logs and user privacy , 2007, CIKM '07.

[8]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[9]  Srdjan Capkun,et al.  Quantifying Web-Search Privacy , 2014, CCS.

[10]  Edward W. Felten,et al.  Bubble Trouble: Off-Line De-Anonymization of Bubble Forms , 2011, USENIX Security Symposium.

[11]  Haining Wang,et al.  An efficient user verification system via mouse movements , 2011, CCS '11.

[12]  Nitesh Saxena,et al.  On the Privacy of Web Search Based on Query Obfuscation: A Case Study of TrackMeNot , 2010, Privacy Enhancing Technologies.

[13]  Arvind Narayanan,et al.  De-anonymizing Programmers via Code Stylometry , 2015, USENIX Security Symposium.

[14]  Emmanuel S. Pilli,et al.  Network Forensic Frameworks , 2016 .