Composition attack against social network data

Abstract The importance of social networks is growing with the fast development of social network technologies and the steady growth in their user communities. Given that the collection of data from social networks is essential for academic research and commercial applications, the prevention of leakage of sensitive information has become very crucial. The majority of anonymization techniques are focused on the threats associated with publishing one social network dataset. As most Internet users participate in more than one social network, a user's records are likely to appear in two published social network datasets. The level of anonymity of each dataset may present only a small security risk; however, there is no guarantee that a combination of the two datasets has the same level of anonymity. An attack on the privacy of an individual using two published datasets containing his/her records is called a composition attack. The composition attack was recently investigated as a threat to two relational datasets; however, it has not yet been considered as a potential danger to two datasets containing social network data. The novel contribution of this paper is that the composition attack is applied to anonymized social network data. A new algorithm for the composition attack is proposed and its usability is demonstrated with experiments using pairs of synthetic scale-free networks substituting real social networks.

[1]  David J. DeWitt,et al.  Mondrian Multidimensional K-Anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[2]  Xiaofeng Ding,et al.  A hybrid approach to prevent composition attacks for independent data releases , 2016, Inf. Sci..

[3]  Sumit Sarkar,et al.  Multihoming Behavior of Users in Social Networking Websites: A Theoretical Model , 2011, Inf. Technol. People.

[4]  Ken C. K. Lee,et al.  High utility K-anonymization for social network publishing , 2013, Knowledge and Information Systems.

[5]  Sándor Imre,et al.  Using Identity Separation Against De-anonymization of Social Networks , 2015, Trans. Data Priv..

[6]  Donald F. Towsley,et al.  Resisting structural re-identification in anonymized social networks , 2008, The VLDB Journal.

[7]  Craig Ross,et al.  Personality and motivations associated with Facebook use , 2009, Comput. Hum. Behav..

[8]  Ke Wang,et al.  Small domain randomization , 2010, Proc. VLDB Endow..

[9]  Vincent Yun Shen,et al.  User Identification across Social Networks using the Web Profile and Friend Network , 2010, Int. J. Web Appl..

[10]  Prateek Mittal,et al.  Seed-Based De-Anonymizability Quantification of Social Networks , 2016, IEEE Transactions on Information Forensics and Security.

[11]  Tamir Tassa,et al.  Anonymization of Centralized and Distributed Social Networks by Sequential Clustering , 2013, IEEE Transactions on Knowledge and Data Engineering.

[12]  K. Liu,et al.  Towards identity anonymization on graphs , 2008, SIGMOD Conference.

[13]  Jie Wu,et al.  A Two-Stage Deanonymization Attack against Anonymized Social Networks , 2014, IEEE Transactions on Computers.

[14]  Jon M. Kleinberg,et al.  Wherefore art thou R3579X? , 2011, Commun. ACM.

[15]  Philip S. Yu,et al.  Protecting Sensitive Labels in Social Network Data Anonymization , 2013, IEEE Transactions on Knowledge and Data Engineering.

[16]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[17]  Yair Amichai-Hamburger,et al.  Social network use and personality , 2010, Comput. Hum. Behav..

[18]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[19]  Jian Pei,et al.  A brief survey on anonymization techniques for privacy preserving publishing of social network data , 2008, SKDD.

[20]  Chen Wen,et al.  Advertising Effectiveness on Social Network Sites: An Investigation of Tie Strength, Endorser Expertise and Product Type on Consumer Purchase Intention , 2009, ICIS.

[21]  Albert,et al.  Emergence of scaling in random networks , 1999, Science.

[22]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[23]  Jemal H. Abawajy,et al.  Utility-aware social network graph anonymization , 2015, J. Netw. Comput. Appl..

[24]  B. K. Tripathy,et al.  Alpha-anonymization techniques for privacy preservation in social networks , 2016, Social Network Analysis and Mining.

[25]  Bruce M. Kapron,et al.  Social Network Anonymization via Edge Addition , 2011, 2011 International Conference on Advances in Social Networks Analysis and Mining.

[26]  Rosanna E. Guadagno,et al.  Make new friends or keep the old: Gender and personality differences in social networking use , 2012, Comput. Hum. Behav..

[27]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[28]  G. Chartrand,et al.  Introduction to the theory of graphs , 1971 .

[29]  Adam D. Smith,et al.  Composition attacks and auxiliary information in data privacy , 2008, KDD.

[30]  Krishna P. Gummadi,et al.  Measurement and analysis of online social networks , 2007, IMC '07.

[31]  Raymond Heatherly,et al.  A probabilistic approach to mitigate composition attacks on privacy in non-coordinated environments , 2014, Knowl. Based Syst..