Download k-Anonymous Patterns

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
Document related concepts
no text concepts found
Transcript 
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
k -Anonymous Patterns
M. Atzori1,2
F. Bonchi2
F. Giannotti2
D. Pedreschi1
1 Department
of Computer Science
University of Pisa
2 Information
Science and Technology Institute
CNR, Pisa
Speaker: Maurizio Atzori
9th European Conference on Principles and Practice of
Knowledge Discovery in Databases (PKDD), 2005
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Outline
1
Motivation
Data Mining and Privacy of Individuals
An Example of the Problem Addressed
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Outline
1
Motivation
Data Mining and Privacy of Individuals
An Example of the Problem Addressed
2
k-Anonymous Patterns
Definitions and Properties
First Results on Inference Channels
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Outline
1
Motivation
Data Mining and Privacy of Individuals
An Example of the Problem Addressed
2
k-Anonymous Patterns
Definitions and Properties
First Results on Inference Channels
3
Condensed Representation
Definitions and Properties
Benefits of the Condensed Representation
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Data Mining and Privacy of Individuals
An Example of the Problem Addressed
A Taxonomy of Privacy Preserving Data Mining
1
Intesional Knowledge Hiding
2
Extensional Knowledge Hiding
Bertino’s approach, based on DB Sanitization
Agrawal’s approach, based on DB Randomization
Sweeney’s approach, based on DB Anonymization
3
Distributed Extensional Knowledge Hiding
Clifton’s approach based on Secure Multiparty Computation
4
Secure Intesional Knowledge Sharing
Clifton’s Public/Private/Unknown Attribute Framework
Zaïane’s Association Rule Sanitization (but also IKH)
k -Anonymous Patterns – Our approach
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Data Mining and Privacy of Individuals
An Example of the Problem Addressed
The Purpose
We want to publish datamining results (like Secure
Intesional Knowledge Sharing)
We DON’T want to release information related to few
people, that can help to trace single individuals
We don’t want to specify any other information
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Data Mining and Privacy of Individuals
An Example of the Problem Addressed
A Motivating Example in the Medical Domain
Example
Suppose Dr. Gregory House conduces both usual hospital
activities and research
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Data Mining and Privacy of Individuals
An Example of the Problem Addressed
A Motivating Example in the Medical Domain
Example
Suppose Dr. Gregory House conduces both usual hospital
activities and research
He has a big database with all sensitive information about
his patients
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Data Mining and Privacy of Individuals
An Example of the Problem Addressed
A Motivating Example in the Medical Domain
Example
Suppose Dr. Gregory House conduces both usual hospital
activities and research
He has a big database with all sensitive information about
his patients
Playing with Data Mining, he discovered interesting trends
about patologies in his patient data
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Data Mining and Privacy of Individuals
An Example of the Problem Addressed
A Motivating Example in the Medical Domain
Example
Suppose Dr. Gregory House conduces both usual hospital
activities and research
He has a big database with all sensitive information about
his patients
Playing with Data Mining, he discovered interesting trends
about patologies in his patient data
Question
Can Dr. House publish his discoveries to third persons without
offending the privacy of his patients?
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Data Mining and Privacy of Individuals
An Example of the Problem Addressed
A Motivating Example in the Medical Domain
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Data Mining and Privacy of Individuals
An Example of the Problem Addressed
A Motivating Example in the Medical Domain
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Data Mining and Privacy of Individuals
An Example of the Problem Addressed
An Association Rule Can Be Used to Break Anonymity
Example
a1 ∧ a2 ∧ a3 ⇒ a4
[sup = 80, conf = 98.7%]
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Data Mining and Privacy of Individuals
An Example of the Problem Addressed
An Association Rule Can Be Used to Break Anonymity
Example
a1 ∧ a2 ∧ a3 ⇒ a4
sup({a1 , a2 , a3 }) =
[sup = 80, conf = 98.7%]
80
sup({a1 , a2 , a3 , a4 })
≈
= 81.05
conf
0.987
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Data Mining and Privacy of Individuals
An Example of the Problem Addressed
An Association Rule Can Be Used to Break Anonymity
Example
a1 ∧ a2 ∧ a3 ⇒ a4
[sup = 80, conf = 98.7%]
80
sup({a1 , a2 , a3 , a4 })
≈
= 81.05
conf
0.987
In other words, we know that there is just one individual for
which the pattern a1 ∧ a2 ∧ a3 ∧ ¬a4 holds.
sup({a1 , a2 , a3 }) =
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Data Mining and Privacy of Individuals
An Example of the Problem Addressed
Now we know that...
Fact
Even if we mine with a high support value, we can infer
patterns holding in the original database which are not
intentionally released
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Data Mining and Privacy of Individuals
An Example of the Problem Addressed
Now we know that...
Fact
Even if we mine with a high support value, we can infer
patterns holding in the original database which are not
intentionally released
They can regards very few individuals
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Data Mining and Privacy of Individuals
An Example of the Problem Addressed
Now we know that...
Fact
Even if we mine with a high support value, we can infer
patterns holding in the original database which are not
intentionally released
They can regards very few individuals
The support value of such patterns can be inferred without
accessing the database
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Definitions and Properties
First Results on Inference Channels
What do you mean with “k -Anonymous Pattern”?
Definition (Anonymous Pattern)
Given a database D and an anonymity threshold k, a pattern p
is said to be k-anonymous if supD (p) ≥ k or supD (p) = 0.
Definition (Inference Channel)
An Inference Channel is any set of itemsets from which it is
possible to infer that a pattern p is not k-anonymous.
We are interested in inference channels that are made of
frequent itemsets.
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Definitions and Properties
First Results on Inference Channels
Example
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Definitions and Properties
First Results on Inference Channels
Example
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Definitions and Properties
First Results on Inference Channels
Reducing the Number of Patterns to Check
Theorem
∀p ∈ Pat(I) : 0 < supD (p) < k . ∃ I ⊆ J ∈ 2I : CIJ .
Translation: we can prune the search space by looking for
Inference Channels regarding only conjunctive patterns.
This property makes possible to have
a (Naïve) Inference Channel Detector Algorithm
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Definitions and Properties
Benefits of the Condensed Representation
What do you mean with “Condensed Representation”?
Definition (Partial Order on Inference Channels)
CIJ CHL when I ⊆ H and (J \ I) ⊆ (L \ H)
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Definitions and Properties
Benefits of the Condensed Representation
What do you mean with “Condensed Representation”?
Definition (Partial Order on Inference Channels)
CIJ CHL when I ⊆ H and (J \ I) ⊆ (L \ H)
Example
abcd
Caac Cab
Intuitively, a ∧ ¬c is less specific than a ∧ b ∧ ¬c ∧ ¬d , since the
transactions s.t. a ∧ ¬c are a superset of the transactions s.t.
a ∧ b ∧ ¬c ∧ ¬d
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Definitions and Properties
Benefits of the Condensed Representation
What do you mean with “Condensed Representation”?
Definition (Partial Order on Inference Channels)
CIJ CHL when I ⊆ H and (J \ I) ⊆ (L \ H)
Example
abcd
Caac Cab
Intuitively, a ∧ ¬c is less specific than a ∧ b ∧ ¬c ∧ ¬d , since the
transactions s.t. a ∧ ¬c are a superset of the transactions s.t.
a ∧ b ∧ ¬c ∧ ¬d
Definition (Maximal Inference Channel)
CIJ is maximal w.r.t. D and σ, if ∀CHL CIJ then sup(CHL ) = fHL = 0
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Definitions and Properties
Benefits of the Condensed Representation
Theoretical Results on Condensed Representation
Theorem (Form of Maximal Inference Channel)
An Inference Channel CIJ is maximal iff
1
I is closed and
2
J is maximal
Theorem (Lossless Representation)
Every Inference Channel can be computed from the set of
Maximal Inference Channels
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Definitions and Properties
Benefits of the Condensed Representation
Condensed Representation of Inference Channels
Smaller search space
1
Memory saving (the number of non-maximal channels can
be huge)
2
Faster running times
3
Less distortion if we try to sanitize the set of frequent
itemset (but this point is not discussed in the paper)
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Definitions and Properties
Benefits of the Condensed Representation
Number of Maximal Inference Channels
Condensed Representation of Inference Channels
MUSHROOM, k = 10
ACCIDENTS, k = 10
MUSHROOM, k = 50
ACCIDENTS, k = 50
600
400
200
0
0
1000
2000
Number of Inference Channels
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
3000
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Definitions and Properties
Benefits of the Condensed Representation
Improvements Over the Time Performance
60000
k = 10
MUSHROOM,
50000
Naive
Optimized
Time (ms)
40000
30000
20000
10000
0
20
25
30
35
40
Support (%)
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
45
50
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Definitions and Properties
Benefits of the Condensed Representation
Number of Inference Channels
Number of Maximal Inference Channels
800
MUSHROOM
k = 10
k = 25
k = 50
k = 100
600
400
200
0
20
30
40
50
60
Support (%)
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
70
80
Motivation
k -Anonymous Patterns
Condensed Representation
Summary
Summary
We defined k-anonymous patterns and provide a general
characterization of inference channels holding among
patterns that may threat anonymity of source data
We developed an effective and efficient algorithm to detect
such potential threats, which yields a methodology to
check whether the mining results may be disclosed without
any risk of violating anonymity
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Appendix
For Further Reading
For Further Reading
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi.
Blocking Anonymity Threats Raised by Frequent Itemset
Mining.
Fifth IEEE International Conference on Data Mining
(ICDM), Houston, Texas, USA, 2005.
L. Sweeney.
k-Anonymity: A Model for Protecting Privacy.
International Journal on Uncertainty Fuzziness and
Knowledge-based Systems, 10(5), 2002.
M. Atzori, F. Bonchi, F. Giannotti, D. Pedreschi
k -Anonymous Patterns
Related documents
Deans Day 2001 PMG
Deans Day 2001 PMG
Bornetia binderiana
Bornetia binderiana
601323 Data Mining
601323 Data Mining
Privacy in Data Mining
Privacy in Data Mining
MKT 341 – Marketing Research
MKT 341 – Marketing Research
Special session on the social network mining and analysis
Special session on the social network mining and analysis
Principles of Data Mining. (2001) David Hand, Heikki Mannila, and
Principles of Data Mining. (2001) David Hand, Heikki Mannila, and
General Concepts
General Concepts
Privacy-Preserving Outsourced Association Rule Mining on
Privacy-Preserving Outsourced Association Rule Mining on
EDUCATIONAL DATA MINING
EDUCATIONAL DATA MINING
Data Mining and the Web
Data Mining and the Web