On the $(k,\ell)$-multiset anonymity measure for social graphs

TL;DR

This paper introduces a new multiset-based formulation of $(k, ext{l})$-anonymity for social graphs, providing theoretical insights and a linear programming method to evaluate privacy resistance against active attacks.

Contribution

It proposes a multiset-based model for $(k, ext{l})$-anonymity, linking it to graph theory and developing a linear programming approach for practical privacy assessment.

Findings

Properties of graph families related to attacker sets

Relationship between multiset and original $(k, ext{l})$-anonymity

Linear programming method for privacy evaluation

Abstract

The publication of social graphs must be preceded by a rigorous analysis of privacy threats against social graph users. When the threat comes from inside the social network itself, the threat is called an active attack, and the de-facto privacy measure used to quantify the resistance to such an attack is the $(k,\ell)$-anonymity. The original formulation of $(k,\ell)$-anonymity represents the adversary's knowledge as a vector of distances to the set of attacker nodes. In this article, we argue that such adversary is too strong when it comes to counteracting active attacks. We, instead, propose a new formulation where the adversary's knowledge is the multiset of distances to the set of attacker nodes. The goal of this article is to study the $(k,\ell)$-multiset anonymity from a graph theoretical point of view, while establishing its relationship to $(k,\ell)$-anonymity in one hand, and considering the $k$-multiset antiresolving sets as its theoretical frame, in a second one. That is, we prove properties of some graph families in relation to whether they contain a set of attacker nodes that breaks the $(k,\ell)$-multiset anonymity. From a practical point of view, we develop a linear programming formulation of the $k$-multiset antiresolving sets that allows us to calculate the resistance of social graphs against active attacks. This is useful for analysts who wish to know the level of privacy offered by a graph.