Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Semantic attack on disassociated transaction data

AlShuhail, Asma and Shao, Jianhua ORCID: https://orcid.org/0000-0001-8461-1471 2023. Semantic attack on disassociated transaction data. Springer Nature 4 , 344. 10.1007/s42979-023-01781-6

[thumbnail of s42979-023-01781-6.pdf] PDF - Published Version
Available under License Creative Commons Attribution.

Download (2MB)

Abstract

Accessing and sharing information, including personal data, has become easier and faster than ever because of the Internet. Therefore, businesses have started to take advantage of the availability of data by gathering, analysing, and utilising individuals’ data for various purposes, such as developing data-driven products and services that can help improve customer satisfaction and retention, and lead to better healthcare and well-being provisions. However, analysing these data freely may violate individuals’ privacy. This has prompted the development of protection methods that can deter potential privacy threats by anonymising data. Disassociation is one anonymisation approach used to protect transaction data. It works by dividing data into chunks to conceal sensitive links between the items in a transaction, but it does not account for semantic relationships that may exist among the items, which adversaries can exploit to reveal protected links. We show that our proposed de-anonymisation approach could break the privacy protection offered by the disassociation method by exploiting such semantic relationships. Our findings indicate that the disassociation method may not provide adequate protection for transactions: up to 60% of the disassociated items can be reassociated, thereby breaking the privacy of nearly 70% of the protected items. In this paper [an extension to our work reported in AlShuhail and Shao (Semantic attack on disassociated transactions. In: Proceedings of the 8th International Conference on information systems security and privacy-ICISSP, INSTICC. SciTePress, pp. 60–72, 2022)], we develop additional techniques to reconstruct transactions, with additional experiments to illustrate the impact of our attacking method.

Item Type: Article
Date Type: Published Online
Status: Published
Schools: Computer Science & Informatics
Publisher: Springer
Date of First Compliant Deposit: 24 April 2023
Date of Acceptance: 9 March 2023
Last Modified: 17 Apr 2024 15:04
URI: https://orca.cardiff.ac.uk/id/eprint/158189

Actions (repository staff only)

Edit Item Edit Item

Downloads

Downloads per month over past year

View more statistics