Multi-criteria Optimization Using l-diversity and t-closeness for k-anonymization

Abstract

k-anonymity is a commonly used anonymization principle. It provides an anonymous table by grouping the individuals of the table in sets of at least k elements. This principle guarantees a good privacy while limiting the data alteration. Within the k-anonymization process, only quasi-identifier attributes are considered. Sensitive attributes are not. As a consequence, in k-anonymous tables, sensitive values might be disclosed. Thus, the concepts of l-diversity and t-closeness have been defined. Considering anonymization principles that take into account the distribution of the sensitive attributes values in the anonymous table, this paper tackles the link between k-anonymity, l-diversity and t-closeness. It then proposes to generate k-anonymous tables which simultaneously optimize data alteration, l-diversity and t-closeness. To do so, this paper describes seven optimization strategies, usable in an anonymization algorithm, that are combinations of minimization of data alteration, maximization of l-diversity and minimization of t-closeness. At the end, this study provides comparative experimental results of these strategies on the Adult Data Set, a commonly used data set within the anonymization research field that we extended with randomly generated data following several distributions.