Privacy preservation and data utility are two important key factors for publishing the data of multiple sensitive attributes. Traditional anonymization methods often fail to protect against re-identification risks in complex datasets. The proposed system uses semantic L-diversity technique to partition the data into the different buckets. Slicing technique is used to partition the data into multiple sensitive tables along with the quasi table. This approach also uses a bucket id to keep the associations among the sensitive tables and quasi table. Additionally, the framework provides a mechanism to generate and securely re-identify summary tables derived from sensitive datasets, ensuring a balance between accessibility and confidentiality. The system proposes a framework that ensures data utility while minimizing privacy risks. The system aims to provide a solution for organizations to publish valuable data responsibly without compromising individual privacy.
Introduction
Privacy-Preserving Data Publishing (PPDP) focuses on sharing useful data while protecting individuals’ sensitive information. Organizations such as healthcare institutions, governments, and businesses often need to publish data for research, analysis, and decision-making, but releasing raw data can expose personal details and create risks such as identity theft, discrimination, and misuse of information. PPDP addresses these concerns by applying anonymization techniques that balance privacy protection and data utility. Common approaches include k-anonymity, which makes individuals indistinguishable from at least k-1 others, l-diversity, which ensures diversity among sensitive attributes, and differential privacy, which introduces statistical noise to prevent re-identification.
Traditional PPDP methods have several limitations. K-anonymity provides basic anonymity by grouping similar records but may fail to protect sensitive information against advanced attacks and often reduces data usefulness through excessive generalization. L-diversity improves privacy by ensuring multiple sensitive values exist within a group but does not consider the semantic similarity between those values, allowing attackers to infer sensitive information. Existing approaches also struggle with multiple sensitive attributes, background knowledge attacks, scalability issues, and maintaining a balance between privacy and analytical value.
To overcome these limitations, the proposed system introduces a combination of Semantic L-Diversity, Bucketization, Slicing, and Suppression. Semantic L-Diversity improves traditional l-diversity by considering the meaning and differences between sensitive values rather than only counting distinct values. This prevents attackers from making accurate guesses based on related sensitive information. Bucketization groups similar records and randomly rearranges sensitive values within each group, reducing the possibility of linking individuals with private information. Slicing separates quasi-identifiers and sensitive attributes into different columns, weakening direct relationships while preserving useful data patterns. Suppression removes or replaces excessive occurrences of sensitive values to further reduce privacy risks.
The proposed algorithm begins by processing the input dataset and identifying quasi-identifiers and multiple sensitive attributes. The dataset is then divided into buckets based on calculated sizes while ensuring that each bucket satisfies Semantic L-Diversity requirements. Sensitive attributes are analyzed and suppressed when their frequency exceeds predefined thresholds. The system generates correlated tables for quasi-identifiers and sensitive attributes using unique identifiers, allowing relationships to be maintained without revealing private information. Finally, records are randomly permuted within buckets to prevent direct association between individuals and sensitive attributes.
The methodology follows a structured anonymization process. First, the dataset is analyzed to identify important attributes and determine suitable privacy parameters. Next, Semantic L-Diversity is applied during bucket formation to ensure meaningful diversity of sensitive values. Threshold-based suppression is then performed to minimize disclosure risks. Correlated tables and summary tables are created to preserve data relationships, and permutation techniques are applied to prevent inference attacks.
Conclusion
Privacy preservation using bucketization, semantic L-diversity, and slicing helps protect sensitive data while keeping it useful. Since bucketization is based on disease category, applying semantic L-diversity ensures a good mix of diseases in each bucket, making it harder to identify individuals. However, when different thresholds are used, the level of suppression in disease categories changes significantly, while other sensitive attributes remain less affected. This shows that diseases need stricter privacy controls. At the same time, slicing keeps quasi-identifiers separate from sensitive data, improving privacy. Together, these methods ensure that data can be shared safely while still being useful for analysis.
References
[1] Xiao, Yuelei, and Haiqi Li. \"Privacy preserving data publishing for multiple sensitive attributes based on security level.\" Information 11.3 (2020): 166.
[2] Wang et al. \"A Privacy-Preserving Method for Publishing Data with Multiple Sensitive Attributes.\" 2022.
[3] Liu et al. \"Privacy Preserving Data Publishing for Heterogeneous Multiple Sensitive Attributes.\" 2023.
[4] Zhang et al. \"Privacy Preserving Data Publishing with Multiple Sensitive Attributes Using Overlapped Slicing for Microdata Anonymization.\" 2022.
[5] Li et al. \"Privacy Preserving Data Publishing with Multiple Sensitive Attributes Using a Differential Privacy-Based Mechanism.\" 2020.