(A) Study on Service-based Secure Anonymization for Data Utility Enhancement and Privacy Preservation

Hwang, Chi Kwang 경희대학교 일반대학원 2015 국내석사

‘Personal information’ is information about a living individual. It is the identifiable information such as name, resident registration number, image, and so on. Personal information which is collected by institutions is able to be wrongfully used, because it contains confidential information of a information object. In order to prevent this, we will use the method to remove personal identification elements before distributing and sharing the data. However, even though we remove or change the identifier such as name and resident registration number, personal information is able to exposure in case of linking attacks. This thesis proposes a new anonymization technique to enhance data utility and to preserve privacy. To achieve this, attributes which are utilized in service anonymizes at a low level. And the anonymization technique of the proposal can provide two or more anonymized data tables from one original data table without concerns about linking attacks. Besides, we propose a method to maximize data utility by applying cooperative game theory.

Anonymization and De-anonymization Attacks in Online Social Networks

Zhang, Cheng ProQuest Dissertations & Theses The George Washing 2020 해외박사(DDOD)

소속기관이 구독 중이 아닌 경우 오후 4시부터 익일 오전 9시까지 원문보기가 가능합니다.

Online social networks have gained tremendous popularity recently. Millions of people use social network apps to share precious moments with friends and family. Users are often asked to provide personal information such as name, gender, address when using social networks. This information could be collected, analyzed, and re-published at large scale for both academic and business studies, and are usually processed by anonymization methods to protect user's privacy. However, these anonymized data could be misused by unauthorized third parties and even attackers to violate users' privacy. Several structure-based de-anonymization techniques have been proposed to re-identify the users in anonymized networks. In light of this, we first address the novel problems of re-identifying users in anonymized social networks with the help of public user attributes in this work. More specifically, we quantify the significance of attributes in a social network, based on which we propose an attribute-based similarity measure; then we design an algorithm by exploiting attribute-based similarity to de-anonymize social network data; finally we employ the dataset collected from a real-world online social network to evaluate our method. And experimental results show that public user attributes can significantly improve the de-anonymization accuracy.Extensive researches on anonymization techniques have been carried out to protect the data from privacy violations in social networks. Nevertheless, anonymization may affect the usability of the data as random noises are introduced, decreasing user experience. Therefore, a trade-off between privacy protection and data usability must be sought. In this work, we employ various graph and application utility metrics to investigate this trade-off. More specifically, we conduct an empirical study by implementing five state-of-the-art anonymization algorithms to analyze the graph and application utilities on a Facebook and a Twitter dataset. Our results indicate that most anonymization algorithms can partially or conditionally preserve the graph and application utilities and any single anonymization algorithm may not always perform well on different datasets.

Efficient anonymization method for dynamically published dataset

테무진 호서대학교 대학원 2020 국내석사

Although most conventional methods of preserving data privacy focus on static datasets, which remain unchanged after processing, real-world datasets may be dynamically modified often. Therefore, privacy-preservation methods must maintain data privacy after dataset modification. Re-anonymization of entire datasets is inefficient when large datasets are frequently modified. Although several previous studies have addressed data privacy for incremental data updates (i.e., record insertions), they have not adequately it for dynamic changes made to existing datasets (i.e., record updates and deletions). Therefore, we used anatomy technique instead of generalization and suppression to develop a more efficient l-diversity algorithm for preserving privacy of such datasets. We also used a Cuckoo filter, a new probabilistic data structure for approximate set-membership tests, to improve data-processing efficiency. Experimental results demonstrated that our proposed data-anonymization algorithm processed data more efficiently than other conventional algorithms, requiring much less running time than conventional re-anonymization of entire datasets. The Cuckoo-filtered algorithm was especially efficient, dramatically reducing operation execution times while maintaining privacy of dynamically evolving datasets.

Privacy-preserving data streaming, collection, and analysis

김수형 Korea University 2017 국내박사

Data privacy facilitates the release and utilization of personal data without concerns of privacy breaches. To preserve privacy, personal data should be anonymized appropriately with consideration for the types of privacy problems. In this thesis, we address three main topics for different types of privacy problems: privacy-preserving data streaming, collection, and analysis. First, we focus on privacy-preserving data streaming. We propose a delay-free anonymization framework to preserve privacy of data streams in real time. The framework immediately releases record streams with the guarantee of privacy preservation. We further devise a method called late validation for increasing the data utility of the anonymization results. Second, we deal with the personal data collection issue between a data collector and distributed data holders. We present a general-purpose protocol for privacy-preserving data collection. Our two-phase protocol conveys personal data to a data collector while anonymizing the data without trusted third-parties. We also devise a heuristic for efficiently managing the dynamic data holders. Finally, we evaluate privacy-preserving data cubes for the analysis of microdata. We organize different types of privacy-preserving data cubes from different anonymization methods, and perform comparative analyses by measuring data size, cell overlap, and information loss of the data cubes.

환자 익명화 시스템에 대한 외래 간호직원의 수용도에 관한 연구

김재훈 서울대학교 대학원 2020 국내석사

본 연구의 목적은 외래 간호직원의 환자 익명화 시스템에 대한 수용도와 태도, 주관적 규범, 인지된 유용성, 인지된 용이성의 정도를 파악하고 그 상관관계와 영향요인을 확인하는 것이다. 이를 통해 환자 익명화 시스템 활성화를 위한 전략과 후속연구의 기초자료를 제공하고자 하였다. 본 연구는 자가보고식 설문조사를 통한 서술적 상관관계 연구이다. 자료수집은 서울 소재 1개 대학병원 외래에서 2020년 3월 12일부터 2020년 3월 24일까지 편의 표출로 외래 간호직원을 대상으로 시행하였다. 각 변수들의 측정에는 계획된 행동이론(TPB)과 기술수용모델(TAM)의 도구를 사용하였다. 총 95부의 설문자료를 자료분석에 활용하였으며, 기술 통계, Mann-Whitney U test, Kruskal Wallis test, 크래머의 V계수, 피어슨의 상관계수, 회귀분석으로 분석하였다. 연구의 결과는 다음과 같다. 첫째, 대상자의 환자 익명화 시스템에 대한 수용도는 평균 3.73 ± .74(총점범위 1-5)이었다. 둘째, 수용도는 대상자의 인구사회학적 특성 중 직종(U=812.5, p<.05)과 유의한 차이가 있었다. 셋째, 수용도는 태도(r=.783, p<.001), 인지된 유용성(r=.754, p<.001), 인지된 용이성(r=.726, p<.001)과 모두 0.7이상의 높은 양의 상관관계가 있었다. 넷째, 대상자의 환자 익명화 시스템에 대한 태도, 주관적 규범, 인지된 유용성, 인지된 용이성을 독립변수로 설정하여 회귀분석한 결과, 인지된 유용성(표준화 베타=.361, B=.338), 인지된 용이성(표준화 베타=.341, B=.325), 태도(표준화 베타=.314, B=.319) 순으로 수용도의 영향요인이 선정되었다. 본 연구 결과, 외래 간호직원의 환자 익명화 시스템 수용도 향상을 위한 중재의 필요성이 대두된다. The purpose of this study was to assess the degree of acceptance, attitude, subjective norms, perceived usefulness, and perceived ease of outpatient nursing staff's patient anonymization system and to confirm the correlation and influence factors of them. Furthermore, it aimed to provide the basic research data to serve as a basis of interventions and follow-up studies to improving acceptability of the patient anonymization system. This was a descriptive-correlational study that used a self-reported questionnaire. Data on nursing staffs in outpatients in general hospitals in Seoul, Korea, were collected between March 12, 2020, and March 24, 2020. The Theory of Planned Behavior(TPB) and the Technology Acceptance Model(TAM) were used for to measure each variable. A total of 95 surveys were used for data analysis. The collected data were analyzed using descriptive statistics, Mann-Whitney U test, Kruskal Wallis test, Cramer’s V, Pearson’s correlation, and regression analysis. The results of the study were as follows: First, the mean score for outpatient nursing staffs’ acceptance for the Patient Anonymization System was 3.73 ± .74(on a scale ranging from 1-5). Second, outpatient nursing staffs’ acceptance for the Patient Anonymization System had a statistically significant difference by the type of occupation(U=812.5, p<.05). Third, outpatient nursing staffs’ acceptance for the Patient Anonymization System had statistically significant positive correlation with attitude(r=.783, p<.001), perceived usefulness(r=.754, p<.001), perceived ease(r=.726, p<.001). Fourth, analysis of the factors affecting outpatient nursing staffs’ acceptance for the Patient Anonymization System indicated that perceived usefulness(Standardized Coefficients Beta =.361, B=.338), perceived ease(Standardized Coefficients Beta=.341, B=.325), and attitude(Standardized Coefficients Beta=.314, B=.319) were the factors that affected the acceptance. The results of this study indicate that intervention is needed to improve the acceptance among outpatient nursing staffs.

음성 변환 기술을 활용한 Zero-shot 화자 익명화 연구

장형필 고려대학교 대학원 2022 국내석사

AI 기술의 발전으로 음성 기반의 인터페이스는 다양한 스마트 기기를제어할수 있는 편리한 방법을 제공한다. 이러한 인터페이스가 안정적으로 작동하려면다양한 잡음 및 화자 특성을 가진 대규모 음성 데이터를 수집하여 관련음성처리 모델을 학습시켜야 한다. 스마트 기기의 실제 사용자로부터 음성 명령을수집하면 각 기기를 해당 사용자의 음성 특성에 익숙하게 함으로써 기기의성능을 향상시킬 수 있다. 그러나 음성 명령을 직접 수집하면 음성 데이터에민감한 화자 정보가 포함되므로 사용자의 개인 정보가 위협받을 수 있다. 이를위한 화자 익명화 알고리즘은 사용자의 음성의 언어적 내용을 보존하면서민감한 정보를 억제하기 위해 적용될 수 있다. 이전의 화자 익명화 알고리즘은학습 데이터 세트에 포함된 화자의 목소리만 익명화 시킬 수 있었다. 화자익명화 알고리즘은 일반적으로 새로운 화자(학습 데이터 세트에 없는 사람)에게적용되기 때문에 이러한 화자(일반적으로 “보이지 않는 화자”라고 함)를 익명화시키는 방법을 개발해야 한다. 본 논문에서는 Zeto-shot learning을 이용하여보이지 않는 화자의 목소리에서 개별적인 특징을 효과적으로 억제하면서도화자의 언어적 내용을 유지할 수 있는 새로운 방법을 제안한다.

Adaptive Differential Privacy Mechanism for Structured Sensitive Data Attributes

Utaliyeva Assem 부산대학교 2022 국내석사

Recently, Differential Privacy emerged as the state-of-art approach for Privacy Preservation in various domains surpassing the conventional anonymization techniques. The intuition behind Differential Privacy is rigorous Mathematical proof of the user indistinguishability in the dataset by adding randomness. However, current implementations of Differential Privacy are highly tailored for the specific task, making it harder to apply in a variety of situations and also decreasing the learning utility of the data. The latest researches on Differential Privacy mainly focus on protecting the Machine Learning model rather than the data itself. This study addresses the problem of generating Differentially Private structured data focusing on the privacy of sensitive attributes. We propose a model-agnostic method of reaching Differential Privacy that guarantees the high performance of the ML model trained on private data and protects against Attribute Inference Attacks. We introduce a novel Adaptive Sensitivity measure that calibrates the amount of random noise not only depending on the record sensitivity, but also in conjunction with the Feature Importance of each corresponding attribute. The proposed approach preserves the same level of information uncertainty of relevant data attributes. We experimentally show the effectiveness of the proposed approach by evaluating the performance, utility, and privacy guarantees.

Detect your fingerprint in your photographs : Photography-based multi-feature Sybil detection

Kim, Yerim 고려대학교 대학원 2023 국내석사

다크넷 시장은 토르(Tor)를 통해 접속할 수 있는 온라인 시장으로, 공급업체가 불법적인 제품이나 범죄 서비스를 판매한다. 특히, 다크넷 시장에서 활발하게 매매되는 제품 중 하나는 해킹툴로 해커들은 이를 이용하여 기업의 지식재산권을 침해하거나 유출하고 있다. 다크넷 시장의 급격한 성장으로 인해 다크넷 시장 생태계에 대한 조사와 익명의 공급업체들에 대한 식별의 중요성이 대두되고 있다. 하지만, 공급업체들이 동일 시장 내에서 혹은 다른 시장에 걸쳐 다중 계정을 만들기 때문에, 다중 계정을 감지하는 것은 다크넷 시장의 정확한 생태계를 이해하고 공급업체 간의 실제 관계를 식별하는 중요한 열쇠가 된다. 본 연구에서는 사진 데이터에서 세분화된 수준(예: 이미지 유사성, 상위 카테고리, 하위 카테고리, 텍스트 데이터)까지 공급업체의 특징을 추출하고 여러 개의 다중 계정을 동시에 탐지하는 새로운 방법을 제시한다. 각 피처는 이미지 해싱 알고리즘, DNN 분류기, 이미지 해상도 복원 및 텍스트 인식 도구 등 여러 다양한 소스를 통해서 추출되고 가중 피쳐 임베딩 모델(Weighted feature embedding model)을 사용하여 병합된다. 다음으로 각 공급업체의 유사도 점수를 계산하여 정확한 다중 계정 뿐만 아니라 잠재적으로 다중 계정일 가능성이 있는 공급업체까지 식별한다. 본 연구에서는 2014년부터 2015년까지 4개의 대규모 다크넷 시장(예: SilkRoad2, Agora, Evolution, Alphabay)의 실제 데이터셋을 사용하여 모델의 효율성을 평가한다. 본 논문에서 제안한 모델의 다중 계정 탐지 정확도는 98%로 기존 사진 기반 시스템보다 성능이 우수하였으며 최대 700% 더 많은 공급업체를 포함하여 분석할 수 있기에 높은 커버리지를 보여주었다. 또한, 한 번에 특정 대상 공급업체의 단일 다중 계정만 탐지할 수 있었던 기존 연구와 달리 공급업체가 보유한 모든 계정의 90%에 대해 다수의 다중 계정을 탐지할 수 있다는 것을 보여주었다. 본 연구는 사진 데이터에서 공급업체의 세분화된 특징을 추출할 수 있기 때문에 다크넷 시장의 언어나 상품 카테고리에 관계없이 다양한 다크넷 시장에서 다중 계정 탐지가 가능하다. A darknet market is an online marketplace typically implemented over Tor, where vendors sell illegal products or criminal services. Due to dramatic growth in the popularity of such markets, there is a recognized need for automatic investigation of the market’s ecosystem and identification of anonymous vendors. However, as they often create multiple accounts (or Sybil accounts) within or across different marketplaces, detecting Sybil accounts becomes the key to understanding the ecosystem of darknet markets and identifying the actual relationship between the vendors. This study presents a novel Sybil detection method that extracts multiple features of vendors from photographs in a fine-grained level (e.g., image similarity, main category, subcategory, and text data), and reveals the multiple Sybil accounts of them simultaneously. Each feature is extracted from multiple rich sources using an image hash algorithm, Deep Neural Network (DNN) classifier, image restoration, and text recognition tool; and merged using a weighted feature embedding model. The matching score of each vendor is then calculated to identify not only the exact Sybil accounts, but multiple potential accounts suspected of being associated to a single operator. We evaluate the efficacy of our method using real-world datasets from four large darknet markets (i.e., SilkRoad2, Agora, Evolution, Alphabay) from 2014 to 2015. Because of the anonymity of darknet market, we construct the ground-truth of Sybil accounts by randomly splitting the dataset of vendors into two even parts. We used the first set to train the model, and linked the second set to the original vendor in the first set to evaluate performance. Our experimental results demonstrated that the proposed method outperforms the existing photography-based system with an accuracy of 98%, identifying up to 700% more candidate Sybil accounts than prior work. Additionally, our method detects multiple Sybil accounts for 90% of evaluated test cases, presenting a very different picture of darknet

동적인 환경에서 개인정보를 보호하는 데이터 재배포 기법

최원길 성균관대학교 일반대학원 2010 국내석사

최근 정보기술의 발전에 의하여 정보를 수집하는 조직이나 기관에 의해 배포된 데이터를 사용자가 직접 분석하여 활용하고자 하는 추세이다. 조직이나 기관 등의 데이터 소유자는 배포되는 자료에 포함된 개인 및 기업의 민감한 정보가 노출되지 않도록 보호해야 하는 측면과 통계 분석이나 연구 등에 사용될 데이터들의 질과 보급률을 높이는 측면을 모두 고려해야 한다. 최근의 연구에서 k-anonymity 와 ldiversity모델이 배포된 데이터들에서 개인 프라이버시 보호하는 방법으로써 제안되었다. 하지만 두 모델은 단 한번 배포하는 상황인 정적인 환경을 가정하고 있기 때문에 실제 환경의 동적인 데이터에 적용할 수 없다. 이에 동적인 데이터에 적용 가능한 m-invariance 모델이 제안되었다. 그러나 m-invariance 의 일반화방법은 데이터의 유용성을 저하시키는 단점이 있다. 본 논문에서는 일반화를 사용하지 않아 데이터의 이용가치를 높이면서 동적인 데이터베이스 환경에 적합한 기법을 제안한다. As growing interest in data publishing and analysis, privacy preserving data publication has more important today. When a table containing the sensitive information is published, privacy of each individual should be protected. On the other hand, a data holder also considers minimizing information loss for analysis as long as the privacy is preserved. A few years ago, k-anonymity and l-diversity models have been suggested in order to protect privacy. However, these solutions are limited to static data release. Recently, the m-invariance model has been proposed to apply publication of dynamic environments. However, m-invariance generalization technique causes high information loss. In this paper, we propose a simple and safe anonymization technique without generalization while assuring high data utility in dynamic environments

Data de-identification framework

오준형 Graduate School of Cybersecurity, Korea University 2021 국내박사

As the technology level is advanced, the amount of information used is increasing. Each company learns big data and provides customized services to consumers. Accordingly, collecting and analyzing data subject data has become one of the core competencies of companies. However, when collecting and using data subject information, the authority of the data subject may be violated. Data by itself is often identifiable, and even if it cannot be personal information that infringes on an individual's authority, the moment they are connected, it becomes important, sensitive, or personal information that you never thought of. Therefore, recent trends in privacy regulation such as GDPR are changing toward more and more guaranteeing the rights of data subjects. In order to use data effectively without infringing on the rights of the data subject, the concept of de-identification was created. Researchers and companies can lower the identification of personal information through appropriate de-identification / pseudonymization and use the data for research and statistical purposes. De-identification / pseudonymization techniques have been studied a lot, but it is difficult for companies and researchers to know how and how specifically to identify data / pseudonymization. This is because the organization of knowledge is not properly organized. And it is difficult to clearly understand how and to what extent each organization should take de-identification measures, and how it will affect them. Currently, each organization does not systematically analyze and conduct the situation, but is taking minimal action while looking at the guidelines distributed by each country. We solved this problem from the perspective of risk management. Several steps are required from securing the dataset and starting from pre-processing until the dataset is released. We can analyze the dataset, analyze the risk, evaluate the risk, and treat the risk appropriately. When analyzing a dataset, it includes classifying identifiers and selecting sensitive attributes from various viewpoints such as cultural, historical, and context. When analyzing risk, it can be analyzed based on scenarios, and various re-identification cases that have existed can be organized and analyzed by reference. In addition, risk can be analyzed by quantifying the vulnerability of each threat. We can analyze the risk and assess the risk through a cost benefit study or adequacy evaluation. The outcomes of each step can then be used to take appropriate action on the dataset to eliminate or reduce the risk. Then, you can release the dataset according to your purpose. These series of processes were reconstructed according to the current situation by analyzing various standards such as ISO/IEC 20889, NIST IR 8053, NIST SP 800-188, and ITU-T X.1148. Then, we propose an integrated framework based on situational awareness model and risk management model.