Active Re-identification Attacks on Periodically Released Dynamic Social Graphs

TL;DR

This paper introduces a novel active re-identification attack on periodically published dynamic social graphs, significantly improving success rates and efficiency over static attacks, and explores factors affecting attack effectiveness to inform better anonymization methods.

Contribution

It presents the first active attack tailored for periodically published dynamic social graphs, leveraging tempo-structural patterns to enhance re-identification success and efficiency.

Findings

Attack increases re-identification success probability by over two times.

Efficiency improves by almost 10 times compared to static attacks.

Attack remains effective over multiple publication cycles.

Abstract

Active re-identification attacks pose a serious threat to privacy-preserving social graph publication. Active attackers create fake accounts to build structural patterns in social graphs which can be used to re-identify legitimate users on published anonymised graphs, even without additional background knowledge. So far, this type of attacks has only been studied in the scenario where the inherently dynamic social graph is published once. In this paper, we present the first active re-identification attack in the more realistic scenario where a dynamic social graph is periodically published. The new attack leverages tempo-structural patterns for strengthening the adversary. Through a comprehensive set of experiments on real-life and synthetic dynamic social graphs, we show that our new attack substantially outperforms the most effective static active attack in the literature by increasing the success probability of re-identification by more than two times and efficiency by almost 10 times. Moreover, unlike the static attack, our new attack is able to remain at the same level of effectiveness and efficiency as the publication process advances. We conduct a study on the factors that may thwart our new attack, which can help design graph anonymising methods with a better balance between privacy and utility.