Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou University of California, Berkeley Dawn Song University of California, Berkeley Presented By: Kruti Mehta and Lijo T Raju 1 2/26/2015
Outline: 2 Introduction Related Work Structured Perturbation Utility Privacy Applications Conclusion and Future Work 2/26/2015
Introduction: 3 The Most Important Question – WHY ? The Paper focuses on Edge/Link Privacy and not Vertex Privacy Structured Graph Perturbation – introducing noise in the Graph Contributions: Random Walks Defining a general Metric for characterizing Utility Defining Metrics for characterizing Link Privacy Real World applicability 2/26/2015
Related Work: 4 Link privacy between labeled vertices Anonymizing the vertices Differential privacy and social networks Link privacy preserving applications 2/26/2015
Structured Perturbation 5 2/26/2015 Protecting link privacy by introducing noise Preserve degree distribution - Structured Graph Perturbation Introducing Randomization - Facebook Friendship graph and Facebook interaction graph
Utility: 2/26/ Develop a formal metric to characterize Utility of Perturbed Graphs Analyze utility of the perturbation algorithm of used. The vertex utility of a perturbed graph G’ for a vertex v, with respect to the original graph G and an application parameter l, is defined as the statistical distance between the probability distributions induced by l hop random walks starting from v in graphs G and G’, i.e., VU(v; G;G’; l) = distance(Plv(G); Plv(G’)) ;where Plv denotes the v-th row of the matrix Pl A lower value of VU(v; G;G0; l) corresponds to higher utility (we want distance between probability distributions over original graph and perturbed graph to be low) Worst case scenario would be the maximum value of Vertex Utility over all vertices of G’.
Privacy: 2/26/ Computing Link Privacy using Bayes Theorem, in which the adversary has prior knowledge. Privacy of a link L (or a subgraph) is the probability of existence of the link (or a subgraph) in the original graph G under the assumption that the adversary has access to the perturbed graph G’ and prior information H. To compute link probability, the adversary has to consider all possible graphs, which have the link L, and are consistent with background information H. worst case: an attacker knows the entire original graph except the link in question. As per the analysis, even in the worst case scenario, the perturbation mechanism offers good privacy protection. Cont’d….
Privacy: 2/26/ Relationship between privacy and utility: Utility measures the change in graph structure between original and perturbed graphs. If this change is small (high utility), then an adversary can infer information about the original graph given the perturbed graph. Computing Link Privacy, in which the adversary has no prior knowledge Here we define a new metric called the Structural Impact of Link l in Graph. Structural impact (SI) of a link L in graph G with respect to a perturbation mechanism M, as the statistical distance between probability distributions of the output M(G) of the set of possible perturbed graphs If the SI privacy of a link is low, then the perturbed graph G’ leaks less information about the link.
Applications: 2/26/ Secure routing Sprout - routing system that enhances the security of conventional DHT routing by leveraging trusted social links. Sybil detection SybilLimit - protocol for Sybil detection, has both false positives and false negatives as honest users. SybilInfer - interplays between mixing time of graphs and the number of attack edges in the Sybil defense application.
Conclusions: 2/26/ Proposes Perturbation Graph that anonymizes links while preserving the properties of Original graph. Formally defines Utility of a Perturbed Graph Analyzes the privacy of perturbation mechanism from different perspectives a Bayesian view point that takes into consideration specific adversarial prior a risk based view point that is independent of the adversary's prior. Relationship between utility and privacy of perturbed graphs. Demonstrates the applicability of our techniques on applications
Future Work: 2/26/ Investigating the applicability of techniques proposed on directed graphs Modeling closed form expressions for computing link privacy using the Bayesian framework Investigating tighter bounds on for computing link privacy in the risk-based frame-work, and Modeling temporal dynamics of social networks in quantifying link privacy.
Thank You 2/26/