Robust De-anonymization of Large Sparse Datasets

We present a new class of statistical de- anonymization attacks against high-dimensional micro-data, such as individual preferences, recommendations, transaction records and so on. Our techniques are robust to perturbation in the data and tolerate some mistakes in the adversary's background knowledge. We apply our de-anonymization methodology to the Netflix Prize dataset, which contains anonymous movie ratings of 500,000 subscribers of Netflix, the world's largest online movie rental service. We demonstrate that an adversary who knows only a little bit about an individual subscriber can easily identify this subscriber's record in the dataset. Using the Internet Movie Database as the source of background knowledge, we successfully identified the Netflix records of known users, uncovering their apparent political preferences and other potentially sensitive information.

[1]  J. Jensen Sur les fonctions convexes et les inégalités entre les valeurs moyennes , 1906 .

[2]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, CSUR.

[3]  L Sweeney,et al.  Weaving Technology and Policy Together to Maintain Confidentiality , 1997, Journal of Law, Medicine & Ethics.

[4]  Yehuda Lindell,et al.  Privacy Preserving Data Mining , 2002, Journal of Cryptology.

[5]  Cherié L. Weible,et al.  The Internet Movie Database , 2001 .

[6]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[7]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[8]  Latanya Sweeney,et al.  Achieving k-Anonymity Privacy Protection Using Generalization and Suppression , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[9]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[10]  Erik Brynjolfsson,et al.  Consumer Surplus in the Digital Economy: Estimating the Value of Increased Product Variety at Online Booksellers , 2003, Manag. Sci..

[11]  Bradley Malin,et al.  How (not) to protect genomic data privacy in a distributed network: using trail re-identification to evaluate and design anonymity protection systems , 2004, J. Biomed. Informatics.

[12]  T. Khan,et al.  Study of subthreshold electron mobility behavior in SOI-MESFETs , 2004, Conference Digest [Includes 'Late News Papers' volume] Device Research Conference, 2004. 62nd DRC..

[13]  Charu C. Aggarwal,et al.  On k-Anonymity and the Curse of Dimensionality , 2005, VLDB.

[14]  Hoeteck Wee,et al.  Toward Privacy in Public Databases , 2005, TCC.

[15]  Cynthia Dwork,et al.  Practical privacy: the SuLQ framework , 2005, PODS.

[16]  John Riedl,et al.  You are what you say: privacy risks of public mentions , 2006, SIGIR '06.

[17]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[18]  Chris Anderson,et al.  The Long Tail: Why the Future of Business is Selling Less of More , 2006 .

[19]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[20]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[21]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[22]  Ashwin Machanavajjhala,et al.  Worst-Case Background Knowledge for Privacy-Preserving Data Publishing , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[23]  Jure Leskovec,et al.  The dynamics of viral marketing , 2005, EC '06.

[24]  Sushil Jajodia,et al.  Secure Data Management in Decentralized Systems , 2014, Secure Data Management in Decentralized Systems.

[25]  A. Blum,et al.  A learning theory approach to non-interactive database privacy , 2008, STOC.