3 research outputs found
Robust active attacks on social graphs
In order to prevent the disclosure of privacy-sensitive data, such as names
and relations between users, social network graphs have to be anonymised before
publication. Naive anonymisation of social network graphs often consists in
deleting all identifying information of the users, while maintaining the
original graph structure. Various types of attacks on naively anonymised graphs
have been developed. Active attacks form a special type of such privacy
attacks, in which the adversary enrols a number of fake users, often called
sybils, to the social network, allowing the adversary to create unique
structural patterns later used to re-identify the sybil nodes and other users
after anonymisation. Several studies have shown that adding a small amount of
noise to the published graph already suffices to mitigate such active attacks.
Consequently, active attacks have been dubbed a negligible threat to
privacy-preserving social graph publication. In this paper, we argue that these
studies unveil shortcomings of specific attacks, rather than inherent problems
of active attacks as a general strategy. In order to support this claim, we
develop the notion of a robust active attack, which is an active attack that is
resilient to small perturbations of the social network graph. We formulate the
design of robust active attacks as an optimisation problem and we give
definitions of robustness for different stages of the active attack strategy.
Moreover, we introduce various heuristics to achieve these notions of
robustness and experimentally show that the new robust attacks are considerably
more resilient than the original ones, while remaining at the same level of
feasibility
Distance-based vertex identification in graphs: The outer multiset dimension
Given a graph and a subset of vertices , the multiset representation of a vertex with
respect to is the multiset . A subset of vertices such that for every
is said to be a multiset resolving set, and the
cardinality of the smallest such set is the outer multiset dimension. We study
the general behaviour of the outer multiset dimension, and determine its exact
value for several graph families. We also show that computing the outer
multiset dimension of arbitrary graphs is NP-hard, and provide methods for
efficiently handling particular cases
Preventing active re-identification attacks on social graphs via sybil subgraph obfuscation
Active re-identification attacks constitute a serious threat to privacy-preserving social graph publication, because of the ability of active adversaries to leverage fake accounts, a.k.a. sybil nodes, to enforce structural patterns that can be used to re-identify their victims on anonymised graphs. Several formal privacy properties have been enunciated with the purpose of characterising the resistance of a graph against active attacks. However, anonymisation methods devised on the basis of these properties have so far been able to address only restricted special cases, where the adversaries are assumed to leverage a very small number of sybil nodes. In this paper, we present a new probabilistic interpretation of active re-identification attacks on social graphs. Unlike the aforementioned privacy properties, which model the protection from active adversaries as the task of making victim nodes indistinguishable in terms of their fingerprints with respect to all potential attackers, our new formulation introduces a more complete view, where the attack is countered by jointly preventing the attacker from retrieving the set of sybil nodes, and from using these sybil nodes for re-identifying the victims. Under the new formulation, we show that k-symmetry, a privacy property introduced in the context of passive attacks, provides a sufficient condition for the protection against active re-identification attacks leveraging an arbitrary number of sybil nodes. Moreover, we show that the algorithm K-Match, originally devised for efficiently enforcing the related notion of k-automorphism, also guarantees k-symmetry. Empirical results on real-life and synthetic graphs demonstrate that our formulation allows, for the first time, to publish anonymised social graphs (with formal privacy guarantees) that effectively resist the strongest active re-identification attack reported in the literature, even when it leverages a large number of sybil nodes