Issue No. 03 - March (2012 vol. 24)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TKDE.2011.26
Michaela Götz , Cornell University, Ithaca
Ashwin Machanavajjhala , Yahoo! Research, Silicon Valley
Guozhang Wang , Cornell University, Ithaca
Xiaokui Xiao , Nanyang Technological University, Singapore
Johannes Gehrke , Cornell University, Ithaca
Search engine companies collect the “database of intentions,” the histories of their users' search queries. These search logs are a gold mine for researchers. Search engine companies, however, are wary of publishing search logs in order not to disclose sensitive information. In this paper, we analyze algorithms for publishing frequent keywords, queries, and clicks of a search log. We first show how methods that achieve variants of k-anonymity are vulnerable to active attacks. We then demonstrate that the stronger guarantee ensured by ε-differential privacy unfortunately does not provide any utility for this problem. We then propose an algorithm ZEALOUS and show how to set its parameters to achieve (ε,δ )-probabilistic privacy. We also contrast our analysis of ZEALOUS with an analysis by Korolova et al.  that achieves (ε′,δ′)-indistinguishability. Our paper concludes with a large experimental study using real applications where we compare ZEALOUS and previous work that achieves k-anonymity in search log publishing. Our results show that ZEALOUS yields comparable utility to k-anonymity while at the same time achieving much stronger privacy guarantees.
Security, integrity, and protection, general, database management, information technology and systems, web search, general, information storage and retrieval, information technology and systems.
X. Xiao, J. Gehrke, A. Machanavajjhala, G. Wang and M. Götz, "Publishing Search Logs—A Comparative Study of Privacy Guarantees," in IEEE Transactions on Knowledge & Data Engineering, vol. 24, no. , pp. 520-532, 2011.