面向一对多记录的数据隐私保护方法研究  被引量：2

作　　者：杨海芳[1] 张玲玲[1] 王明征[2] 胡祥培 YANG Haifang;ZHANG Lingling;WANG Mingzheng;HU Xiangpei(Economic and Management School,Dalian University of Technology,Dalian 116024,China;School of Management,Zhejiang University,Hangzhou 310058,China)

机构地区：[1]大连理工大学经济管理学院,辽宁大连116024 [2]浙江大学管理学院,浙江杭州310058

出　　处：《管理工程学报》2023年第5期142-155,共14页Journal of Industrial Engineering and Engineering Management

基　　金：国家自然科学基金重点资助项目(71931009);国家自然科学基金重点国际合作项目(72010107002);国家自然科学基金资助项目(71671023)。

摘　　要：数据共享在大数据时代各领域中有重要的实际应用,但数据共享容易造成个人隐私的泄露问题。传统隐私保护方法主要基于简单关系数据展开研究,而对实际中较为普遍的多记录数据即个人与记录是一对多关系的数据的研究较少。在多记录数据中,具有关系型数据特征的准标识属性和具有事务型数据特征的敏感属性均可能构成攻击者的背景知识,增加了个人隐私泄露的风险。当攻击者具有强背景知识时,攻击者可以通过对个人的敏感属性取值集合(简称项集)的相关性质来挖掘个人隐私信息,基于此本文提出一种新的多记录数据隐私泄露风险。为了保护隐私,本文首先提出一个基于敏感值的闭集性和强多元性相结合的隐私模型(简称CEIR l-多元性模型),接着设计了能够实现该隐私模型的DACEL算法来执行对多记录数据的匿名处理。在两个敏感值密度不同的数据集上与其它基准方法进行对比,结果表明本文方法在隐私保护水平、匿名信息损失和计算效率等方面都有稳定的突出表现。In the era of big data,personal data has become one of the important resources in every field of scientific research,business analysis,medical services,social computing and so on.The sharing and application of personal data can produce great economic or social value.However,the improper use of personal data is easy to disclose personal privacy information.How to solve the contradiction between data application and personal privacy has become one of the current research hotspots.When personal data is shared and used,it is necessary to delete the explicit identifier attributes like name of the individuals in advance,but the attacker can still reveal the identity privacy or some sensitive information of individuals,through one or more non-sensitive values of the quasiidentifier attributes(QI),such as gender,age,and region,or some values of the sensitive attributes(SA),such as salary and disease,in this data set.Most current data privacy studies often assume that the data set has simply one-to-one relationship between individuals and records,which is called single-record data.In order to protect personal privacy in single-record data,scholars have come up with a variety of typical privacy anonymous models,such as k-anonymity,l-diversity,(α,k)-anonymity,t-closeness andβ-likelihood,etc.But in practice,there are a large number of data sets in which one individual may correspond to multiple records,short for multi-record data.If these above privacy models are directly applied on the multi-record data,it may cause some new privacy risks.To protect the privacy of Individuals in multi-record data,several scholars have proposed Identity-reversed(IR)privacy models like IR k-anonymity,IR l-diversity and IR(α,β)-anonymity,as well as enhanced privacy models such as EIR(α,β)-diversity and EIR l-diversity,when considering that the background knowledge related to only QI information is known to the attacker;and a few numbers of scholars have developed(k,km)-anonymity and(k,l)-diversity models,supposing that the attacker may k

关 键 词：多记录数据 隐私保护 l-多元性 非闭项集 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]