Subscribe

Issue No.03 - March (2010 vol.22)

pp: 334-347

Slava Kisilevich , University of Konstanz, Konstanz

Lior Rokach , Ben-Gurion University, Be'er-Sheva

Yuval Elovici , Ben-Gurion University, Be'er-Sheva

Bracha Shapira , Ben-Gurion University, Be'er-Sheva

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TKDE.2009.91

ABSTRACT

Many applications that employ data mining techniques involve mining data that include private and sensitive information about the subjects. One way to enable effective data mining while preserving privacy is to anonymize the data set that includes private information about subjects before being released for data mining. One way to anonymize data set is to manipulate its content so that the records adhere to k-anonymity. Two common manipulation techniques used to achieve k-anonymity of a data set are generalization and suppression. Generalization refers to replacing a value with a less specific but semantically consistent value, while suppression refers to not releasing a value at all. Generalization is more commonly applied in this domain since suppression may dramatically reduce the quality of the data mining results if not properly used. However, generalization presents a major drawback as it requires a manually generated domain hierarchy taxonomy for every quasi-identifier in the data set on which k-anonymity has to be performed. In this paper, we propose a new method for achieving k-anonymity named K-anonymity of Classification Trees Using Suppression (kACTUS). In kACTUS, efficient multidimensional suppression is performed, i.e., values are suppressed only on certain records depending on other attribute values, without the need for manually produced domain hierarchy trees. Thus, in kACTUS, we identify attributes that have less influence on the classification of the data records and suppress them if needed in order to comply with k-anonymity. The kACTUS method was evaluated on 10 separate data sets to evaluate its accuracy as compared to other k-anonymity generalization- and suppression-based methods. Encouraging results suggest that kACTUS' predictive performance is better than that of existing k-anonymity algorithms. Specifically, on average, the accuracies of TDS, TDR, and kADET are lower than kACTUS in 3.5, 3.3, and 1.9 percent, respectively, despite their usage of manually defined domain trees. The accuracy gap is increased to 5.3, 4.3, and 3.1 percent, respectively, when no domain trees are used.

INDEX TERMS

Privacy-preserving data mining, k-anonymity, deindentified data, decision trees.

CITATION

Slava Kisilevich, Lior Rokach, Yuval Elovici, Bracha Shapira, "Efficient Multidimensional Suppression for K-Anonymity",

*IEEE Transactions on Knowledge & Data Engineering*, vol.22, no. 3, pp. 334-347, March 2010, doi:10.1109/TKDE.2009.91REFERENCES

- [1] M. Kantarcioglu, J. Jin, and C. Clifton, “When Do Data Mining Results Violate Privacy?”
Proc. 2004 Int'l Conf. Knowledge Discovery and Data Mining, pp. 599-604, 2004.- [3] M.S. Wolf and C.L. Bennett, “Local Perspective of the Impact of the HIPAA Privacy Rule on Research,”
Cancer-Philadelphia Then Hoboken, vol. 106, no. 2, pp. 474-479, 2006.- [4] P. Samarati and L. Sweeney, “Generalizing Data to Provide Anonymity When Disclosing Information,”
Proc. 17th ACM SIGACT-SIGMOD-SIGART Symp. Principles of Database Systems, vol. 17, p. 188, 1998.- [5] L. Sweeney, “k-Anonymity: A Model for Protecting Privacy,”
Int'l J. Uncertainty, Fuzziness, and Knowledge-Based Systems, vol. 10, no. 5, pp. 557-570, 2002.- [6] L. Sweeney, “Achieving k-Anonymity Privacy Protection Using Generalization and Suppression,”
Int'l J. Uncertainty, Fuzziness, and Knowledge-Based Systems, vol. 10, no. 5, pp. 571-588, 2002.- [7] B.C.M. Fung, K. Wang, and P.S. Yu, “Top-Down Specialization for Information and Privacy Preservation,”
Proc. 21st IEEE Int'l Conf. Data Eng. (ICDE '05), pp. 205-216, Apr. 2005.- [8] K. Wang, P.S. Yu, and S. Chakraborty, “Bottom-Up Generalization: A Data Mining Solution to Privacy Protection,”
Proc. Fourth IEEE Int'l Conf. Data Mining, pp. 205-216, 2004.- [9] L. Tiancheng and I. Ninghui, “Optimal K-Anonymity with Flexible Generalization Schemes through Bottom-Up Searching,”
Proc. Sixth IEEE Int'l Conf. Data Mining Workshops, pp. 518-523, 2006.- [10] S.V. Iyengar, “Transforming Data to Satisfy Privacy Constraints,”
Proc. Eighth ACM SIGKDD, pp. 279-288, 2002.- [12] K. LeFevre, D.J. DeWitt, and R. Ramakrishnan, “Incognito: Efficient Full Domain k-Anonymity,”
Proc. 2005 ACM SIGMOD, pp. 49-60, 2005.- [13] A. Friedman, R. Wolff, and A. Schuster, “Providing k-Anonymity in Data Mining,”
Int'l J. Very Large Data Bases, vol. 17, no. 4, pp.789-804, 2008.- [17] B. Gilburd, A. Schuster, and R. Wolff, “k-TTP: A New Privacy Model for Large-Scale Distributed Environments,”
Proc. 10th ACM SIGKDD, pp. 563-568, 2004.- [18] Z. Yang, S. Zhong, and R.N. Wright, “Privacy-Preserving Classification of Customer Data without Loss of Accuracy,”
Proc. Fifth Int'l Conf. Data Mining, 2005.- [19] J. Roberto, Jr. Bayardo, and A. Rakesh, “Data Privacy through Optimal k-Anonymization,”
Proc. Int'l Conf. Data Eng., vol. 21, pp. 217-228, 2005.- [20] A. Blum, C. Dwork, F. McSherry, and K. Nissim, “Practical Privacy: The SuLQ Framework,”
Proc. 24th ACM SIGMOD-SIGACT-SIGART Symp. Principles of Database Systems, pp. 128-138, June 2005.- [21] S. Chawla, C. Dwork, F. McSherry, A. Smith, and H. Wee, “Toward Privacy in Public Databases,”
Proc. Theory of Cryptography Conf., pp. 363-385, 2005.- [22] K. Wang, B.C.M. Fung, and P.S. Yu, “Template-Based Privacy Preservation in Classification Problems,”
Proc. Fifth IEEE Int'l Conf. Data Mining, pp. 466-473, 2005.- [23] E. Bertino, B.C. Ooi, Y. Yang, and R.H. Deng, “Privacy and Ownership Preserving of Outsourced Medical Data,”
Proc. Int'l Conf. Data Eng., vol. 21, pp. 521-532, 2005.- [24] G. Aggarwal, A. Feder, K. Kenthapadi, R. Motwani, R. Panigrahy, D. Thomas, and A. Zhu, “Approximation Algorithms for k-Anonymity,”
J. Privacy Technology, 2005.- [27] K. LeFevre, D.J. DeWitt, and R. Ramakrishnan, “Mondrian Multidimensional k-Anonymity,”
Proc. 22nd Int'l Conf. Data Eng., p. 25, Apr. 2006.- [28] K. LeFevre, D.J. DeWitt, and R. Ramakrishnan, “Workload-Aware Anonymization,”
Proc. 12th ACM SIGKDD, pp. 277-286, 2006.- [29] L. Sweeney, “Datafly: A System for Providing Anonymity in Medical Data,”
Proc. IFIP TC11 WG11.3 11th Int'l Conf. Database Security XI: Status and Prospects, pp. 356-381, 1997.- [30] P. Sharkey, H. Tian, W. Zhang, and S. Xu, “Privacy-Preserving Data Mining through Knowledge Model Sharing,”
Privacy, Security and Trust in KDD, pp. 97-115, Springer, 2008.- [32] Y. Du, T. Xia, Y. Tao, D. Zhang, and F. Zhu, “On Multidimensional k-Anonymity with Local Recoding Generalization,”
Proc. Int'l Conf. Data Eng. (ICDE), pp. 1422-1424, 2007.- [33] L. Rokach, L. Naamani, and A. Shmilovici, “Pessimistic Cost-Sensitive Active Learning of Decision Trees,”
Data Mining and Knowledge Discovery, vol. 17, no. 2, pp. 283-316, 2008.- [34] J.R. Quinlan,
C4.5: Programs for Machine Learning. Morgan Kaufmann, 1993.- [36] A. Asuncion and D.J. Newman, “UCI Machine Learning Repository,” School of Information and Computer Science, Univ. of California, http://dx.doi.org/10.1016/j.jbi.2005.02.008http:/ /mlearn.ics.uci.eduMLRepository.html , 2007.
- [37] E. Frank and I.H. Witten, “Generating Accurate Rule Sets without Global Optimization,”
Proc. 15th Int'l Conf. Machine Learning, pp. 144-151, 1998.- [38] I.H. Witten and E. Frank,
Data Mining: Practical Machine Learning Tools. Morgan Kaufmann, 2005.- [39] J. Demsar, “Statistical Comparisons of Classifiers over Multiple Data Sets,”
J. Machine Learning Research, vol. 7, pp. 1-30, 2006.- [40] L. Rokach, “Genetic Algorithm-Based Feature Set Partitioning for Classification Problems,”
Pattern Recognition, vol. 41, no. 5, pp. 1693-1717, 2008. |