Graph Data Anonymization, De-Anonymization Attacks, and De-Anonymizability Quantification: A Survey

Nowadays, many computer and communication systems generate graph data. Graph data span many different domains, ranging from online social network data from networks like Facebook to epidemiological data used to study the spread of infectious diseases. Graph data are shared regularly for many purposes including academic research and for business collaborations. Since graph data may be sensitive, data owners often use various anonymization techniques that often compromise the resulting utility of the anonymized data. To make matters worse, there are several state-of-the-art graph data de-anonymization attacks that have proven successful in recent years. In this paper, we survey the graph data anonymization, de-anonymization, and de-anonymizability quantification techniques in the past decade. Specifically, we systematically classify, summarize, and analyze state-of-the-art graph data anonymization, de-anonymization, and de-anonymizability quantification techniques. For existing graph data anonymization techniques, we classify them into six categories and analyze their utility performance with respect to 15 fundamental graph utility metrics and seven high-level application utility metrics. For existing de-anonymization attacks, we classify them into two categories and examine their performance with respect to scalability, practicability, robustness, etc. We also analyze the resistance of existing graph anonymization techniques against existing graph de-anonymizaiton attacks. For existing de-anonymizability quantifications, we classify them according to whether they consider seed information or not, and analyze them in terms of their soundness. Our analysis demonstrates that: 1) most anonymization schemes can partially or conditionally preserve most graph utility while losing some application utility and 2) state-of-the-art anonymization schemes are vulnerable to several or all of the emerging structure-based de-anonymization attacks. The actual vulnerability of each anonymization algorithm depends on how much and which data utility it preserves. Based on our summarization and analysis, we discuss the research evolution, future directions, and challenges in the research area of graph data anonymization, de-anonymization, and de-anonymizability quantification.