抵制敏感属性相似性攻击的(p,k,d)-匿名模型

针对当前p-Sensitive k-匿名模型未考虑敏感属性语义相似性,不能抵制相似性攻击的问题,提出一种可抵制相似性攻击的(p,k,d)-匿名模型。根据语义层次树对敏感属性值进行语义分析,计算敏感属性值之间的语义相异值,使每个等价类在满足k匿名的基础上至少存在p个满足d-相异的敏感属性值来阻止相似性攻击。同时考虑到数据的可用性,模型采用基于距离的度量方法划分等价类以减少信息损失。实验结果表明,提出的(p,k,d)-匿名模型相对于p-Sensitive k-匿名模型不仅可以降低敏感属性泄露的概率,更能有效地保护个体隐私,还可以提高数据可用性。     

一种基于变长聚类的个性化匿名保护方法

针对链接攻击导致的隐私泄露问题,以及为了尽可能减少匿名保护时产生的信息损失,提高发布数据集的可用性,提出一种面向个体的基于变长聚类的个性化匿名保护方法。该方法充分考虑记录权重值对聚类簇中心结果的影响,以提高数据的可用性,并对敏感属性值进行分级处理,将敏感属性值分成三个等级类,响应不同个体的保护需求。理论分析和实验结果表明,该方法能满足敏感属性个性化保护需求,同时可有效地降低信息损失,效率较高,生成的匿名数据集具有较好的可用性。     

差异化多敏感属性Lq-Diversity模型和算法

针对多维敏感属性数据发布面临的一般泄露、交叉泄露、相似性泄露、多维独立泄露的威胁,本文提出了敏感属性敏感等级和敏感属性值敏感等级的概念,基于单维l-diversity模型,对各维敏感属性进行单独分组,提出了差异化多维敏感属性模型,验证了该模型在面向多敏感属性数据发布的安全性,并根据此模型提出了相应的DMSA算法,通过实验验证,该算法正确可行,且隐匿率和附加信息损失度的值都很低,数据可用性高,具有良好的隐私保护效果.     

面向多敏感属性的隐私保护方法

针对现有的多敏感属性数据发布方法中存在的隐私泄露问题,在分析多维桶分组方法的基础上,基于分解的思想,提出一种新的数据发布模型(l1,l2,…,ld)-uniqueness,同时给出相应的匿名算法。该算法考虑了等价组中敏感属性值的分布问题,对各个敏感属性单独处理,打破了敏感属性间一一对应的关系,可以抵御背景知识攻击和相似性攻击。理论分析和实验证明,该算法可以有效防止隐私泄露,增强数据发布的安全性。     

（p，a）-sensitive k-匿名隐私保护模型

提出了一种(p,a)-sensitive k-匿名模型,将敏感属性根据敏感度进行分组,然后给各分组设置不同的约束,并给出了(p,a)-sensitive K-匿名算法.实验结果表明该方法可以明显地减少隐私泄露,增强了数据发布的安全性.     

语义相似和多维加权的联合敏感属性隐私保护

针对现有k-匿名方法直接用于多敏感属性数据发布中存在大量隐私泄露的问题,提出一种基于语义相似和多维加权的联合敏感属性隐私保护算法。该算法通过语义相似性反聚类思想和灵活设置多敏感属性值的权值,实现了联合敏感属性值和语义多样性分组的隐私保护,并根据应用需要为数据提供不同的隐私保护力度。实验结果表明,该方法能有效保护数据隐私,增强了数据发布的安全性和实用性。     

(p，a) sensitive k 匿名隐私保护模型

提出了一种(p,a)sensitive k匿名模型,将敏感属性根据敏感度进行分组,然后给各分组设置不同的约束,并给出了(p,a)sensitive K匿名算法。实验结果表明该方法可以明显地减少隐私泄露,增强了数据发布的安全性。     

面向个体和敏感属性值的匿名数据发布

针对目前数据发布方法不能有效处理不同个体隐私保护需求的问题,依据个体隐私自治的原则,从面向个体和敏感属性值角度,提出一个敏感数据发布的个性化匿名发布模型和基于泛化技术的启发式算法.通过Adult数据实验,验证了算法的可行性.与Basic Incognito和Mondrian相比,信息损失少,算法性能良好.     

个性化(p,α,k)-匿名隐私保护算法

目前大多数个性化隐私保护算法,对敏感属性的保护方法可以分为两种:一种是对不同的敏感属性设置不同的阈值;另一种是泛化敏感属性,用泛化后的精度低的值取代原来的敏感属性值。两种方法匿名后的数据存在敏感信息泄露的风险或信息损失较大,以及数据可用性的问题。为此,提出个性化(p,α,k)匿名隐私保护算法,根据敏感属性的敏感等级,对等价类中各等级的敏感值采用不同的匿名方法,从而实现对敏感属性的个性化隐私保护。实验表明,该算法较其他个性化隐私保护算法有近似的时间代价,更低的信息损失。     

一种基于有损连接的个性化隐私保护方法

匿名模型是近年来隐私保护研究的热点技术之一,主要研究如何在数据发布中既能避免敏感数据泄露,又能保证数据发布的高效用性。提出了一种(α[s],k)-匿名有损分解模型,该模型通过将敏感属性泛化成泛化树,根据数据发布中隐私保护的具体要求,给各结点设置不同的个性化α约束;基于数据库有损分解思想,将数据分解成敏感信息表和非敏感信息表,利用有损连接生成的冗余信息实现隐私保护。实验结果表明,该模型很好的个性化保护了数据隐私。     

Privacy preserving data mining: A noise addition framework using a novel clustering technique

During the whole process of data mining (from data collection to knowledge discovery) various sensitive data get exposed to several parties including data collectors, cleaners, preprocessors, miners and decision makers. The exposure of sensitive data can potentially lead to breach of individual privacy. Therefore, many privacy preserving techniques have been proposed recently. In this paper we present a framework that uses a few novel noise addition techniques for protecting individual privacy while maintaining a high data quality. We add noise to all attributes, both numerical and categorical. We present a novel technique for clustering categorical values and use it for noise addition purpose. A security analysis is also presented for measuring the security level of a data set.     

面向多敏感属性医疗数据发布的隐私保护技术

针对目前多敏感属性医疗数据发布问题,在分析多维桶分组技术的基础上,继承了有损连接对隐私数据进行保护的思想,提出了一种基于相同敏感属性集的L-覆盖性聚类分组方法。首先计算每条记录的相同敏感属性集,然后按照聚类的思想将满足L-覆盖性的记录进行分组。同时给出了L-覆盖性聚类分组的实现算法(LCCU)。实际数据集上的大量实验结果表明,该方法可以有效防止隐私泄露,同时增强数据的可用性。     

Influence of dike breaches on flood frequency estimation

Many river floodplains and their assets are protected by dikes. In case of extreme flood events, dikes may breach and floodwater may spill over into the dike hinterland. Depending on the specific situation, e.g. time and location of breach, and the capacity of the hinterland to contain the floodwater, dike breaches may lead to significant reductions of flood peaks downstream of breach locations. However, the influence of dike breaches on flood frequency distributions along rivers has not been systematically analysed. In order to quantify this influence, a dynamic–probabilistic model is developed. This model combines simplified flood process modules in a Monte Carlo framework. The simplifications allow for the simulation of a large number of different scenarios, taking into account the main physical processes. By using a Monte Carlo approach, frequency distributions can be derived from the simulations. In this way, process understanding and the characteristics of the river–dike–floodplain system are included in the derivation of flood frequency statements. The dynamic–probabilistic model is applied to the Lower Rhine in Germany and compared to the usually used flood frequency analysis. For extreme floods, the model simulates significant retention effects due to dike breaches, which lead to significant modifications of the flood frequency curve downstream of breach locations. The resulting probabilistic statements are much more realistic than those of the flood frequency approach, since the dynamic–probabilistic model incorporates an important flood process, i.e. dike breaching, that only occurs when a certain threshold is reached. Beyond this point, the behaviour of the flood frequency curve is dominated by this process.     

数据发布中基于模糊集的隐私保护研究

隐私保护数据发布是近年来研究的热点技术之一,主要研究如何在数据发布中避免敏感数据的泄露,又能保证数据发布的高效用性。基于模糊集的隐私保护模型,文中方法首先计算训练样本数据的先验概率,然后通过将单个敏感属性和两个相关联属性基于贝叶斯分类泛化实现隐私保护。通过实验验证基于模糊集的隐私保护模型(Fuzzy k-匿名)比经典隐私保护k-匿名模型具有更高的效率,隐私保护度高,数据可用性强。     

基于杂度增益与层次聚类的数据匿名方法

数据匿名是发布数据时对隐私信息进行保护的重要手段之一.对数据匿名的基本概念和应用模型进行了介绍,探讨了数据匿名结果应该满足的要求.为了抵制背景知识攻击,提出了一种基于杂度增益与层次聚类的数据匿名方法,该方法以杂度来度量敏感属性随机性,并以概化过程中信息损失最小、杂度增益最大的条件约束来控制聚类的合并过程,可以使数据匿名处理后的数据集在满足k-匿名模型和l-多样模型的同时,使数据概化的信息损失最小且敏感属性的取值均匀化.在实验部分,提出了一种对数据匿名结果进行评估的方法,该方法将匿名结果和原始数据进行对比,并从平均信息损失和平均杂度2个方面来评估数据匿名的质量.实验结果验证了以上方法的有效性.     

多维敏感属性隐私保护数据发布方法

在匿名数据发布中,当敏感属性为多维时,攻击者有可能能够获取一维或几维敏感属性信息,并且结合准标识符信息对其他敏感属性进行推理攻击。针对此问题提出（Dou-l）-匿名模型,更好地保护了敏感信息。基于多维桶和分解思想,提出（Dou-l）-匿名算法,使得即便攻击者掌握了部分敏感数据,仍然能较好地保护其他敏感属性数据的隐私安全性。实际数据实验证明,算法可以较好地均衡发布数据的安全性和可用性。     

Privacy-aware data cleaning-as-a-service

Data cleaning is a pervasive problem for organizations as they try to reap value from their data. Recent advances in networking and cloud computing technology have fueled a new computing paradigm called Database-as-a-Service, where data management tasks are outsourced to large service providers. In this paper, we consider a Data Cleaning-as-a-Service model that allows a client to interact with a data cleaning provider who hosts curated, and sensitive data. We present PACAS: a Privacy-Aware data Cleaning-As-a-Service model that facilitates interaction between the parties with client query requests for data, and a service provider using a data pricing scheme that computes prices according to data sensitivity. We propose new extensions to the model to define generalized data repairs that obfuscate sensitive data to allow data sharing between the client and service provider. We present a new semantic distance measure to quantify the utility of such repairs, and we re-define the notion of consistency in the presence of generalized values. The PACAS model uses (X, Y, L)-anonymity that extends existing data publishing techniques to consider the semantics in the data while protecting sensitive values. Our evaluation over real data show that PACAS safeguards semantically related sensitive values, and provides lower repair errors compared to existing privacy-aware cleaning techniques.     

A probabilistic framework for comparison of dam breach parameters and outflow hydrograph generated by different empirical prediction methods

This study presents a probabilistic framework to simulate dam breach and evaluates the impact of using four empirical dam breach prediction methods on breach parameters (i.e., geometry and timing) and outflow hydrograph attributes (i.e., time to peak, hydrograph duration and peak). The methods that are assessed here include MacDonald and Langridge-Monopolis (1984), Von Thun and Gillette (1990), Froehlich (1995), 2008). Mean values and percentiles of breach parameters and outflow hydrograph attributes are compared for hypothetical overtopping failure of Burnett Dam in the state of North Carolina, USA. Furthermore, utilizing the probabilistic framework, the least and most uncertain methods alongside those giving the most critical value are identified for these parameters. The multivariate analysis also indicates that lone use of breach parameters is not necessarily sufficient to characterize outflow hydrograph attributes. However, timing characteristic of the breach is generally a more important driver than its geometric features.