Incognito

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

incognito
Class Incognito_T

java.lang.Object
  anonymizer.Anonymizer
      incognito.Incognito_T

public class Incognito_T
extends Anonymizer
extends Anonymizer

Implementation of the t-closeness privacy principle based on the Incognito anonymization algorithm. For details on t-closeness, please refer to the following paper:

 @inproceedings{tcloseness,
 author    = {Ninghui Li and Tiancheng Li and Suresh Venkatasubramanian},
 title     = {t-Closeness: Privacy Beyond k-Anonymity and l-Diversity},
 booktitle = {ICDE},
 year      = {2007},
 pages     = {106-115}
 }

Our implementation handles only one sensitive attribute, which could be numerical or categorical, but not hierarchical. Data type of the sensitive attribute is inferred from the configuration file (i.e., if a categorical to numeric domain mapping has been specified, then the sensitive attribute is considered categorical).

If needed, hiearchical attributes can be handled as follows: specify a generalization hierarchy for the sensitive attribute (similar to quasi-identifier attributes) and then update the t-closeness check in AnonRecordTable to handle hierarchical attributes.

For numerical attribute, our implementation is quite straightforward. We first query all possible values in the domain together with corresponding counts. Then, for each equivalence in the table, we check for t-closeness by comparing the two distributions. Specifically, this is achieved by incrementally traversing two linked lists of (value,count) pairs. We assume ordered distance among two successive values in the domain.

Field Summary
`private LatticeManager`	`man` Lattice manager that controls how the generalization lattice is traversed
`private int`	`sensDomainSize` Number of values in the domain of the sensitive attribute

Fields inherited from class anonymizer.Anonymizer
`anonTable, conf, eqTable, sqlwrapper, suppressionThreshold`

Constructor Summary
`Incognito_T(Configuration conf)` Class constructor

Method Summary
`void`	`anonymize()` Anonymizing the input.
`void`	`changeTClosenessRequirement(double newTvalue)` Overwrites the privacy parameter t
`protected AnonRecordTable`	`createAnonRecordsTable(java.lang.String tableName)` Create anonRecords table
`protected EquivalenceTable`	`createEquivalenceTable(java.lang.String tableName)` Create equivalence table
`private void`	`generalize(LatticeEntry root)` Generalizes the original table according to a lattice entry and sets the result for the generated table as anonymous or not.
`protected void`	`insertTupleToAnonTable(java.lang.String[] vals, long eid)` Insert a tuple to the anonRecords table
`protected long`	`insertTupleToEquivalenceTable(java.lang.String[] vals)` Insert a tuple to the equivalence table
`boolean`	`satisfiesPrivacyDef(AnonRecordTable table)` Checks whether the parameter table satisfies the privacy definition (in this case, t-closeness)
`private void`	`selectAnonymization(java.util.LinkedList<LatticeEntry> anons)` Simply select the anonymization that yields the maximum number of distinct equivalences

Methods inherited from class anonymizer.Anonymizer
`anonymizeDataset, anonymizeDataset, isReadyForSuppression, main, outputResults_Anatomy, outputResults_GenVals, outputResults_GenValsDist, outputResults, readData, suppressEquivalences`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

man

private LatticeManager man

Lattice manager that controls how the generalization lattice is traversed

sensDomainSize

private int sensDomainSize

Number of values in the domain of the sensitive attribute

Constructor Detail

Incognito_T

public Incognito_T(Configuration conf)
            throws java.lang.Exception

Class constructor

Parameters:: conf - Configuration instance
Throws:: java.lang.Exception

Method Detail

changeTClosenessRequirement

public void changeTClosenessRequirement(double newTvalue)

Overwrites the privacy parameter t

Parameters:: newTvalue - New value of t

createEquivalenceTable

protected EquivalenceTable createEquivalenceTable(java.lang.String tableName)

Create equivalence table

Specified by:: createEquivalenceTable in class Anonymizer

Parameters:: tableName - Name of the table
Returns:: A new equivalence table

createAnonRecordsTable

protected AnonRecordTable createAnonRecordsTable(java.lang.String tableName)

Create anonRecords table

Specified by:: createAnonRecordsTable in class Anonymizer

Parameters:: tableName - Name of the table
Returns:: A new anonymization records table

insertTupleToEquivalenceTable

protected long insertTupleToEquivalenceTable(java.lang.String[] vals)
                                      throws java.lang.Exception

Insert a tuple to the equivalence table

Specified by:: insertTupleToEquivalenceTable in class Anonymizer

Parameters:: vals - All values of the tuple to be inserted (as read from the source, i.e., before any generalization)
Returns:: Equivalence id of the equivalence to which the tuple belongs
Throws:: java.lang.Exception

insertTupleToAnonTable

protected void insertTupleToAnonTable(java.lang.String[] vals,
                                      long eid)
                               throws java.lang.Exception

Insert a tuple to the anonRecords table

Specified by:: insertTupleToAnonTable in class Anonymizer

Parameters:: vals - All values of the tuple to be inserted (as read from the source, i.e., before any generalization); eid - Equivalence id of the equivalence to which the tuple belongs
Throws:: java.lang.Exception

anonymize

public void anonymize()
               throws java.lang.Exception

Anonymizing the input. This function can be reused (with new t maybe), as long as eqTable and anonTable objects are fresh and the configuration has not changed.

Specified by:: anonymize in class Anonymizer

Throws:: java.lang.Exception

satisfiesPrivacyDef

public boolean satisfiesPrivacyDef(AnonRecordTable table)
                            throws java.lang.Exception

Checks whether the parameter table satisfies the privacy definition (in this case, t-closeness)

Parameters:: table - Table to be checked for anonymity
Returns:: true if the privacy definition is satisfied
Throws:: java.lang.Exception

generalize

private void generalize(LatticeEntry root)
                 throws java.lang.Exception

Generalizes the original table according to a lattice entry and sets the result for the generated table as anonymous or not. If not, the corresponding table will be dropped from the database. If too, this root will be added to the set of successful anonymizations.

Parameters:: root - An entry of the generalization lattice that specifies how many times each qi-attribute will be generalized
Throws:: java.lang.Exception

selectAnonymization

private void selectAnonymization(java.util.LinkedList<LatticeEntry> anons)
                          throws java.lang.Exception

Simply select the anonymization that yields the maximum number of distinct equivalences

Parameters:: anons - List of lattice entries that correspond to anonymized tables
Throws:: java.lang.Exception