When the Attacker Knows a Lot: The GAGA Graph Anonymizer

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11723)


When releasing graph data (e.g., social network) to public or third parties, data privacy becomes a major concern. It has been shown that state-of-the-art graph anonymization techniques suffer from a lack of strong defense against De-Anonymization (DA) attacks mostly because of the bias towards utility preservation. In this paper, we propose GAGA, an Efficient Genetic Algorithm for Graph Anonymization, that simultaneously delivers high anonymization and utility preservation. To address the vulnerability against DA attacks especially when the adversary can re-identify the victim not only based on some information about the neighbors of a victim but also some knowledge on the structure of the neighbors of the victim’s neighbors, GAGA puts the concept of k(d)-neighborhood-anonymity into action by developing the first general algorithm for any d distance neighborhood. GAGA also addresses the challenge of applying minimum number of changes to the original graph to preserve data utilities via an effective and efficient genetic algorithm. Results of our evaluation show that GAGA anonymizes the graphs in a way that it is more resistant to modern DA attacks than existing techniques – GAGA (with d = 3) improves the defense against DA techniques by reducing the DA rate by at least a factor of 2.7\(\times \) in comparison to the baseline. At the same time it preserves the data utilities to a very high degree – it is the best technique for preserving 11 out of 16 utilities. Finally, GAGA provides application-oriented level of control to users via different tunable parameters.


Graph anonymization Data privacy Network security 



This work is supported by NSF grant CCF-1617424 to the University of California Riverside.


  1. 1.
    Aggarwal, C.C., Yu, P.S.: Privacy-Preserving Data Mining: Models and Algorithms, 1st edn. Springer, Boston (2008). Scholar
  2. 2.
    Atzori, M.: Weak k-anonymity: a low-distortion model for protecting privacy. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 60–71. Springer, Heidelberg (2006). Scholar
  3. 3.
    Bayardo, R.J., Agrawal, R.: Data privacy through optimal k-anonymization. In: 21st International Conference on Data Engineering (ICDE 2005), pp. 217–228, April 2005.
  4. 4.
    Casas-Roma, J., Herrera-Joancomartí, J., Torra, V.: Comparing random-based and k-anonymity-based algorithms for graph anonymization. In: Torra, V., Narukawa, Y., López, B., Villaret, M. (eds.) MDAI 2012. LNCS (LNAI), vol. 7647, pp. 197–209. Springer, Heidelberg (2012). Scholar
  5. 5.
    Chakrabarti, D., Zhan, Y., Faloutsos, C.: R-MAT: a recursive model for graph mining, pp. 442–446.
  6. 6.
    Chester, S., Kapron, B., Ramesh, G., Srivastava, G., Thomo, A., Venkatesh, S.: Why Waldo befriended the dummy? K-anonymization of social networks with pseudo-nodes. Soc. Netw. Anal. Min. 3(3), 381–399 (2013). Scholar
  7. 7.
    Cordella, L.P., Foggia, P., Sansone, C., Vento, M.: A (sub)graph isomorphism algorithm for matching large graphs. IEEE Trans. Pattern Anal. Mach. Intell. 26(10), 1367–1372 (2004). Scholar
  8. 8.
    Hay, M., Miklau, G., Jensen, D., Weis, P., Srivastava, S.: Anonymizing social networks. Technical report, Science (2007)Google Scholar
  9. 9.
    Henderson, K., et al.: Rolx: structural role extraction & mining in large graphs. In: SIGKDD, pp. 1231–1239. ACM, New York (2012).
  10. 10.
    Ji, S., Li, W., Gong, N.Z., Mittal, P., Beyah, R.A.: On your social network de-anonymizablity: quantification and large scale evaluation with seed knowledge. In: NDSS (2015)Google Scholar
  11. 11.
    Ji, S., Li, W., Mittal, P., Hu, X., Beyah, R.: SecGraph: a uniform and open-source evaluation system for graph data anonymization and de-anonymization. In: Proceedings of the 24th USENIX Conference on Security Symposium, SEC 2015, pp. 303–318. USENIX Association, Berkeley (2015)Google Scholar
  12. 12.
    Ji, S., Li, W., Srivatsa, M., He, J.S., Beyah, R.: Structure based data de-anonymization of social networks and mobility traces. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds.) ISC 2014. LNCS, vol. 8783, pp. 237–254. Springer, Cham (2014). Scholar
  13. 13.
    Jia, J., Wang, B., Gong, N.Z.: Random walk based fake account detection in online social networks. In: 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 273–284, June 2017.
  14. 14.
    Korula, N., Lattanzi, S.: An efficient reconciliation algorithm for social networks. Proc. VLDB Endow. 7(5), 377–388 (2014). Scholar
  15. 15.
    Leskovec, J., Krevl, A.: SNAP datasets: stanford large network dataset collection, June 2014.
  16. 16.
    Li, N., Zhang, N., Das, S.K.: Relationship privacy preservation in publishing online social networks. In: 2011 IEEE Third International Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third International Conference on Social Computing, pp. 443–450, October 2011.
  17. 17.
    Liu, K., Terzi, E.: Towards identity anonymization on graphs. In: Proceedings of the 2008 ACM SIGMOD International Conference on Management of Data, SIGMOD 2008, pp. 93–106. ACM, New York (2008).
  18. 18.
    Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: L-diversity: privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data 1(1) (2007). Scholar
  19. 19.
    Marti, S., Ganesan, P., Garcia-Molina, H.: SPROUT: P2P routing with social networks. In: Lindner, W., Mesiti, M., Türker, C., Tzitzikas, Y., Vakali, A.I. (eds.) EDBT 2004. LNCS, vol. 3268, pp. 425–435. Springer, Heidelberg (2004). Scholar
  20. 20.
    Meyerson, A., Williams, R.: On the complexity of optimal k-anonymity. In: Proceedings of the Twenty-Third ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, PODS 2004, pp. 223–228. ACM, New York (2004).
  21. 21.
    Mittal, P., Papamanthou, C., Song, D.: Preserving link privacy in social network based systems. In: NDSS (2013)Google Scholar
  22. 22.
    Narayanan, A., Shmatikov, V.: De-anonymizing social networks. In: 2009 30th IEEE Symposium on Security and Privacy, pp. 173–187, May 2009.
  23. 23.
    Sala, A., Zhao, X., Wilson, C., Zheng, H., Zhao, B.Y.: Sharing graphs using differentially private graph models. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, IMC 2011, pp. 81–98. ACM, New York (2011).
  24. 24.
    Srivatsa, M., Hicks, M.: Deanonymizing mobility traces: using social network as a side-channel. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 628–637. ACM, New York (2012).
  25. 25.
    Thompson, B., Yao, D.: The union-split algorithm and cluster-based anonymization of social networks. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS 2009, pp. 218–227. ACM, New York (2009).
  26. 26.
    Yang, J., Leskovec, J.: Overlapping community detection at scale: a nonnegative matrix factorization approach. In: Proceedings of the Sixth ACM International Conference on Web Search and Data Mining, WSDM 2013, pp. 587–596. ACM, New York (2013).
  27. 27.
    Yartseva, L., Grossglauser, M.: On the performance of percolation graph matching. In: Proceedings of the First ACM Conference on Online Social Networks, COSN 2013, pp. 119–130. ACM, New York (2013).
  28. 28.
    Ying, X., Wu, X.: Randomizing social networks: a spectrum preserving approach, pp. 739–750.
  29. 29.
    Zhou, B., Pei, J.: Preserving privacy in social networks against neighborhood attacks. In: Proceedings of the 2008 IEEE 24th International Conference on Data Engineering, ICDE 2008, pp. 506–515. IEEE Computer Society, Washington, DC (2008).

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.University of CaliforniaRiversideUSA

Personalised recommendations