MAGE: A semantics retaining K-anonymization method for mixed data
Jianmin Han
a,
⇑
, Juan Yu
b
, Yuchang Mo
a
, Jianfeng Lu
a
, Huawen Liu
a
a
Department of Computer Science and Technology, Zhejiang Normal University, Jinhua 321004, China
b
Department of Computer Science and Technology, Fudan University, Shanghai 200433, China
article info
Article history:
Received 15 July 2011
Received in revised form 5 October 2013
Accepted 6 October 2013
Available online 17 October 2013
Keywords:
K-anonymity
Generalization
Microaggregation
Privacy preservation
abstract
K-anonymity is a fine approach to protecting privacy in the release of microdata for data mining.
Microaggregation and generalization are two typical methods to implement k-anonymity. But both of
them have some defects on anonymizing mixed microdata. To address the problem, we propose a novel
anonymization method, named MAGE, which can retain more semantics than generalization and
microaggregation in dealing with mixed microdata. The idea of MAGE is to combine the mean vector
of numerical data with the generalization values of categorical data as a clustering centroid and to use
it as incarnation of the tuples in the corresponding cluster. We also propose an efficient TSCKA algorithm
to anonymize mixed data. Experimental results show that MAGE can anonymize mixed microdata
effectively and the TSCKA algorithm can achieve better trade-off between data quality and algorithm
efficiency comparing with two well-known anonymization algorithms, Incognito and KACA.
Ó 2013 Elsevier B.V. All rights reserved.
1. Introduction
Microdata, i.e., data containing individual-specific information,
play an increasingly important role in data analysis and scientific
research. Therefore many organizations are increasingly collecting
and publishing microdata. However, publishing microdata may
threaten individuals’ privacy, because it is still possible to link
the released data with other public or easy-to-access database to
re-identify individuals’ identities, although attributes which can
obviously identify individuals’ identities have been removed be-
fore publication. Sweeney [1] pointed out that there were about
87% of Americans can be uniquely identified through the combina-
tion of their gender, birthday and postcode. If an inpatient dataset
containing these three attributes are released by medical organiza-
tions, adversaries can re-identify the disease of a specific inpatient
by linking with other external table, though the identity attributes
have been removed before publication.
To address the problem, Samarati [2] proposed the k-anonymity
model. It requires that each tuple has at least k indistinguishable
tuples with respect to quasi-identifier in the released data. The
quasi-identifier is a combination of some attributes which also ex-
ist in other available public microdata, and can be used to re-iden-
tify individuals’ identities by linking the public microdata with the
released data. The k-anonymity model can protect individuals’
identities from being re-identified with high probability by adver-
saries. Due to the practicability of k-anonymity, it has been studied
extensively in recent years [3–16].
Generalization and microaggregation are two typical
techniques to achieve k-anonymity. Generalization was proposed
by Samarati [2]. The idea of generalization is to replace real value
of quasi-identifier with less specific but semantically consistent
value. Microaggregation is a statistical disclosure control (SDC)
method. The idea of microaggregation is to construct small clusters
from the data (each cluster should have at least k elements), and
then to replace each original data with the centroid of its corre-
sponding cluster. Generalization is good at dealing with categorical
data, as it generally generalizes the original data into more seman-
tics-retaining data. Microaggregation is suitable to k-anonymize
numerical data, because it adopts mean vector to replace numeri-
cal values, which can preserve more numerical semantic informa-
tion than generalization. However, when it comes to mixed data
consisting of numerical data and categorical data, neither general-
ization nor microaggregation can effectively k-anonymize them.
1.1. Limitations of generalization on k-anonymizing mixed data
For numerical data, generalization is not an appropriate
k-anonymizing method [4].Asitk-anonymizes numerical data in
the same way as categorical data, i.e., it replaces a numerical value
x with a continuous range [a,b] contained x, labeled by a L
[a,b]
,
generalization would lose much semantic information of numeri-
cal data. For example, analysts cannot infer from L
[a,b]
whether
the original numerical values are mostly in the lower half of [a,b]
or in its upper half. In addition, generalization is time-consuming
and loses considerable information for dealing with microdata
with large size quasi-identifier microdata. Aggarwal [3] claimed
that generalization may suffer from the curse of dimensionality.
0950-7051/$ - see front matter Ó 2013 Elsevier B.V. All rights reserved.
http://dx.doi.org/10.1016/j.knosys.2013.10.009
⇑
Corresponding author. Tel.: +86 579 82283528.
E-mail address: hanjm@zjnu.cn (J. Han).
Knowledge-Based Systems 55 (2014) 75–86
Contents lists available at ScienceDirect
Knowledge-Based Systems
journal homepage: www.elsevier.com/locate/knosys
剩余11页未读,继续阅读
资源评论
