An Information Theoretic Framework for Active De-anonymization in Social Networks Based on Group Memberships

TL;DR

This paper introduces a mathematical framework for active de-anonymization in social networks using group membership queries, providing bounds and algorithms that outperform prior heuristic methods.

Contribution

It formulates the de-anonymization problem mathematically, derives bounds on query costs, and proposes optimal algorithms that improve upon previous heuristics.

Findings

Derived an upper bound on the expected query cost for de-anonymization.

Proposed new algorithms that achieve the theoretical bounds.

Showed prior heuristics are sub-optimal.

Abstract

In this paper, a new mathematical formulation for the problem of de-anonymizing social network users by actively querying their membership in social network groups is introduced. In this formulation, the attacker has access to a noisy observation of the group membership of each user in the social network. When an unidentified victim visits a malicious website, the attacker uses browser history sniffing to make queries regarding the victim's social media activity. Particularly, it can make polar queries regarding the victim's group memberships and the victim's identity. The attacker receives noisy responses to her queries. The goal is to de-anonymize the victim with the minimum number of queries. Starting with a rigorous mathematical model for this active de-anonymization problem, an upper bound on the attacker's expected query cost is derived, and new attack algorithms are proposed which achieve this bound. These algorithms vary in computational cost and performance. The results suggest that prior heuristic approaches to this problem provide sub-optimal solutions.