Preserving edits when perturbing microdata for statistical disclosure control
暂无分享,去创建一个
To protect individuals in microdata from the risk of re-identification, a general perturbative method called PRAM (the Post-Randomization Method) is sometimes used for masking records. This method adds “noise” to categorical variables by changing values of categories for a small number of records according to a prescribed probability matrix and a stochastic process based on the outcome of a random multinomial draw. Changing values of categorical variables, however, will cause fully edited and clean records in microdata to start failing edit constraints resulting in data of low utility. In addition, an inconsistent record pinpoints to a potential attacker that the record was perturbed and attempts can be made to unmask the data. Therefore, the perturbation process must take into account micro edit constraints which will ensure that perturbed microdata satisfy all edits. Macro edit constraints which take the form of information loss measures also need to be defined in order to ensure that the overall utility of the data will not be badly compromised given an acceptable level of disclosure risk. This paper will discuss methods for perturbing microdata using PRAM while minimizing micro and macro edit failures. (Updated 10th August 2005)
[1] Alan F. Karr,et al. Distortion Measures for Categorical Data Swapping , 2003 .
[2] D. Holt,et al. A Systematic Approach to Automatic Edit and Imputation , 1976 .
[3] A. G. de Waal,et al. Processing of Erroneous and Unsafe Data , 2003 .
[4] A.D.L. Van den Hout,et al. Analyzing Misclassified Data: Randomized Response and Post Randomization , 1999 .
[5] T. De Waal. A Fast and Simple Algorithm for Automatic Editing of Mixed Data , 2003 .