Towards an Anti-inference (K, ℓ)-Anonymity Model with Value Association Rules

  • Zude Li
  • Guoqiang Zhan
  • Xiaojun Ye
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4080)


As a privacy-preserving microdata publication model, K-Anonymity has some application limits, such as (1) it cannot satisfy the individual-defined k mechanism requirement, and (2) it is attached with a certain extent potential privacy disclosure risk on published microdata, i.e. existing high-probability inference violations under some prior knowledge on k-anonymized microdata that can surely result in personal private information disclosure. We propose the (k, ℓ)-anonymity model with data generalization approach to support more flexible and anti-inference k-anonymization on a tabular microdata, where k indicates the anonymization level of an identifying attribute cluster and ℓ refers to the diversity level of a sensitive attribute cluster on a record. Within the model, k and ℓ are designed on each record and they can be defined subjectively by the corresponding individual. Beside, the model can prevent two kinds of inference attacks for microdata publication, (1) inferring identifying attributes values when their value domains are known; (2) inferring sensitive attributes values with respect to some value associations in the microdata. Further, we propose an algorithm to describe the k-anonymization process in the model. Finally, we take a scenario to illustrate its feasibility, flexibility, and generality.


Privacy Protection Sensitive Attribute Cluster Mapping Privacy Label Inference Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aggarwal, G., Feder, T., et al.: Anonymizing tables for privacy protection (2004), Available:
  2. 2.
    Aggarwal, G., Feder, T., et al.: Approximation algorithms for k-anonymity. Journal of Privacy Technology (November 2005)Google Scholar
  3. 3.
    Dalenius, T., Reiss, S.: Data swapping: A technique for disclosure control. Journal of Statistical Planning and Inference 6 (1982)Google Scholar
  4. 4.
    Duncan, G.T., Feinberg, S.E.: Obtaining information while preserving privacy: A markov perturbation method for tabular data. Joint Statistical Meetings (1997)Google Scholar
  5. 5.
    Fung, B.C.M., Wang, K., Yu, P.S.: Top-down specialization for information and privacy protection. In: Proc. of ICDE 2006 (2006)Google Scholar
  6. 6.
    Jajodia, S., Sandhu, R.S.: Toward a multilevel secure relational data model. In: Proc. of SIGMOD 1991, pp. 50–59 (1991)Google Scholar
  7. 7.
    Bayardo, R.J., Agrawal, R.: Data privacy through optimal k-anonymization. In: Proc. of ICDE 2005 (2005)Google Scholar
  8. 8.
    LeFevre, K., DeWitt, D.J., Ramakrishnan, R.: Multidimensional k-anonymity. Technical Report, Available:
  9. 9.
    Lefevre, K., DeWitt, D.J., Ramakrishnan, R.: Incognito: Efficient full-domain k-anonymity. In: Proc. of SIGMOD 2005 (2005)Google Scholar
  10. 10.
    Li, Z., Zhan, G., Ye, X.: Towards a More Reasonable Generalization Cost Metric for K-Anonymization. In: Bell, D.A., Hong, J. (eds.) BNCOD 2006. LNCS, vol. 4042, pp. 258–261. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Lyengar, V.S.: Transforming data to satisfying privacy constraints. In: Proc. of SIGKDD 2002 (2002)Google Scholar
  12. 12.
    Machanavajjhala, A., Gehrke, J., Kifer, D.: ℓ-diversity: Privacy beyond k-anonymity. In: Proc. of ICDE 2006 (2006)Google Scholar
  13. 13.
    Meyerson, A., Williams, R.: On the complexity of optimal k-anonymity. In: Proc. of PODS 2004, France (2004)Google Scholar
  14. 14.
    Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: SIDMOD 2004 (June 2004)Google Scholar
  15. 15.
    Samarati, P., Sweeney, L.: Protecting privacy when disclosing information: K-anonymity and its enforcement through generalization and suppression. Technical Report, SRI Computer Science Lab. (1998)Google Scholar
  16. 16.
    Sandhu, R., Chen, F.: The multilevel relational (mlr) data model. ACM Transactions on Information and System Security 1(1), 93–132 (1998)CrossRefGoogle Scholar
  17. 17.
    Sweeney, L.: Guaranteeing anonymity when sharing medical data, the datafly system. Journal of the American Medical Informatics Association (1997)Google Scholar
  18. 18.
    Sweeney, L.: Achieving k-anonymity privacy protection using generalization and suppression. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems 10(5), 571–588 (2002)MATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Sweeney, L.: K-anonymity: A model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems 10(5), 557–570 (2002)MATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    won Byun, J., Bertino, E.: Vison paper: Micro-views, or how to protect privacy while enhancing data usability. SIGMOD Record (March 2005)Google Scholar
  21. 21.
    won Byun, J., Bertino, E., Li, N.: Purpose-based access control of complex data for privacy protection. In: Proc. of SACMAT 2005, Stockholm, Sweden (June 2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Zude Li
    • 1
  • Guoqiang Zhan
    • 1
  • Xiaojun Ye
    • 1
  1. 1.Institute of Information System and Engineering, School of SoftwareTsinghua UniversityBeijingChina

Personalised recommendations