2013
Contribution to book
Restricted
Anonymity: a comparison between the legal and computer science perspectives
Mascetti S., Monreale A., Ricci A., Gerino A.
Privacy preservation has emerged as a major challenge in ICT. One possible solution for enforcing privacy is to guarantee anonymity. Indeed, ac- cording to international regulations, no restriction is applied to the handling of anonymous data. Consequently, in the past years the notion of anonymity has been extensively studied by two different communities: Law researchers and professionals that propose definitions of privacy regulations, and Computer Scientists attempting to provide technical solutions for enforcing the legal re- quirements. In this contribution we address the problem with an interdisciplinary approach, in the aim to encourage the reciprocal understanding and collaboration between researchers in the two areas. To achieve this, we compare the different notions of anonymity provided in the European data protection Law with the formal models proposed in Computer Science. This analysis allows us to identify the main similarities and differences between the two points of view, hence high- lighting the need for a joint research effort.Source: European Data Protection: Coming of Age, edited by Serge Gutwirth, Ronald Leenes, Paul De Hert, Yves Poullet, pp. 85–115, 2013
DOI: 10.1007/978-94-007-5170-5_4
Metrics:
Mascetti S., Monreale A., Ricci A., Gerino A.
Privacy preservation has emerged as a major challenge in ICT. One possible solution for enforcing privacy is to guarantee anonymity. Indeed, ac- cording to international regulations, no restriction is applied to the handling of anonymous data. Consequently, in the past years the notion of anonymity has been extensively studied by two different communities: Law researchers and professionals that propose definitions of privacy regulations, and Computer Scientists attempting to provide technical solutions for enforcing the legal re- quirements. In this contribution we address the problem with an interdisciplinary approach, in the aim to encourage the reciprocal understanding and collaboration between researchers in the two areas. To achieve this, we compare the different notions of anonymity provided in the European data protection Law with the formal models proposed in Computer Science. This analysis allows us to identify the main similarities and differences between the two points of view, hence high- lighting the need for a joint research effort.Source: European Data Protection: Coming of Age, edited by Serge Gutwirth, Ronald Leenes, Paul De Hert, Yves Poullet, pp. 85–115, 2013
DOI: 10.1007/978-94-007-5170-5_4
Metrics:
See at:
doi.org 
| Archivio istituzionale della ricerca - Alma Mater Studiorum Università di Bologna | link.springer.com | CNR ExploRA
2014
Journal article
Open Access
Anonymity preserving sequential pattern mining
Monreale A., Pedreschi D., Pensa R. G., Pinelli F.
The increasing availability of personal data of a sequential nature, such as time-stamped transaction or location data, enables increasingly sophisticated sequential pattern mining techniques. However, privacy is at risk if it is possible to reconstruct the identity of individuals from sequential data. Therefore, it is important to develop privacy-preserving techniques that support publishing of really anonymous data, without altering the analysis results significantly. In this paper we propose to apply the Privacy-by-design paradigm for designing a technological framework to counter the threats of undesirable, unlawful effects of privacy violation on sequence data, without obstructing the knowledge discovery opportunities of data mining technologies. First, we introduce a k-anonymity framework for sequence data, by defining the sequence linking attack model and its associated countermeasure, a k-anonymity notion for sequence datasets, which provides a formal protection against the attack. Second, we instantiate this framework and provide a specific method for constructing the k-anonymous version of a sequence dataset, which preserves the results of sequential pattern mining, together with several basic statistics and other analytical properties of the original data, including the clustering structure. A comprehensive experimental study on realistic datasets of process-logs, web-logs and GPS tracks is carried out, which empirically shows how, in our proposed method, the protection of privacy meets analytical utility. © 2014 Springer Science+Business Media Dordrecht.Source: Artificial intelligence and law (Dordr., Print) 22 (2014): 141–173. doi:10.1007/s10506-014-9154-6
DOI: 10.1007/s10506-014-9154-6
Metrics:
Monreale A., Pedreschi D., Pensa R. G., Pinelli F.
The increasing availability of personal data of a sequential nature, such as time-stamped transaction or location data, enables increasingly sophisticated sequential pattern mining techniques. However, privacy is at risk if it is possible to reconstruct the identity of individuals from sequential data. Therefore, it is important to develop privacy-preserving techniques that support publishing of really anonymous data, without altering the analysis results significantly. In this paper we propose to apply the Privacy-by-design paradigm for designing a technological framework to counter the threats of undesirable, unlawful effects of privacy violation on sequence data, without obstructing the knowledge discovery opportunities of data mining technologies. First, we introduce a k-anonymity framework for sequence data, by defining the sequence linking attack model and its associated countermeasure, a k-anonymity notion for sequence datasets, which provides a formal protection against the attack. Second, we instantiate this framework and provide a specific method for constructing the k-anonymous version of a sequence dataset, which preserves the results of sequential pattern mining, together with several basic statistics and other analytical properties of the original data, including the clustering structure. A comprehensive experimental study on realistic datasets of process-logs, web-logs and GPS tracks is carried out, which empirically shows how, in our proposed method, the protection of privacy meets analytical utility. © 2014 Springer Science+Business Media Dordrecht.Source: Artificial intelligence and law (Dordr., Print) 22 (2014): 141–173. doi:10.1007/s10506-014-9154-6
DOI: 10.1007/s10506-014-9154-6
Metrics:
See at:
Archivio Istituzionale 
| Artificial Intelligence and Law | link.springer.com | CNR ExploRA
2017
Contribution to book
Open Access
Personal Analytics and Privacy. An Individual and Collective Perspective: First International Workshop, PAP 2017, Held in Conjunction with ECML PKDD 2017, Skopje, Macedonia, September 18, 2017, Revised Selected Papers
Guidotti R., Monreale A., Pedreschi D., Abiteboul S.
This book constitutes the thoroughly refereed post-conference proceedings of the First International Workshop on Personal Analytics and Privacy, PAP 2017, held in Skopje, Macedonia, in September 2017. The 14 papers presented together with 2 invited talks in this volume were carefully reviewed and selected for inclusion in this book and handle topics such as personal analytics, personal data mining and privacy in the context where real individual data are used for developing a data-driven service, for realizing a social study aimed at understanding nowadays society, and for publication purposes.DOI: 10.1007/978-3-319-71970-2
Project(s): SoBigData
Metrics:
Guidotti R., Monreale A., Pedreschi D., Abiteboul S.
This book constitutes the thoroughly refereed post-conference proceedings of the First International Workshop on Personal Analytics and Privacy, PAP 2017, held in Skopje, Macedonia, in September 2017. The 14 papers presented together with 2 invited talks in this volume were carefully reviewed and selected for inclusion in this book and handle topics such as personal analytics, personal data mining and privacy in the context where real individual data are used for developing a data-driven service, for realizing a social study aimed at understanding nowadays society, and for publication purposes.DOI: 10.1007/978-3-319-71970-2
Project(s): SoBigData
Metrics:
See at:
ISTI Repository | doi.org | www.springer.com | CNR ExploRA
2010
Journal article
Restricted
Movement data anonymity through generalization
Monreale A., Andrienko G., Andrienko N., Giannotti F., Pedreschi D., Rinzivillo S., Wrobel S.
Wireless networks and mobile devices, such as mobile phones and GPS receivers, sense and track the movements of people and vehicles, producing society-wide mobility databases. This is a challenging scenario for data analysis and mining. On the one hand, exciting opportunities arise out of discovering new knowledge about human mobile behavior, and thus fuel intelligent info-mobility applications. On other hand, new privacy concerns arise when mobility data are published. The risk is particularly high for GPS trajectories, which represent movement of a very high precision and spatio-temporal resolution: the de-identification of such trajectories (i.e., forgetting the ID of their associated owners) is only a weak protection, as generally it is possible to re-identify a person by ob- serving her routine movements. In this paper we propose a method for achieving true anonymity in a dataset of published trajectories, by defining a transformation of the original GPS trajectories based on spatial generalization and k-anonymity. The proposed method offers a formal data protection safeguard, quantified as a theoretical upper bound to the probability of re-identification. We conduct a thorough study on a real-life GPS trajectory dataset, and provide strong empirical evidence that the proposed anonymity techniques achieve the conflicting goals of data utility and data privacy. In practice, the achieved anonymity protection is much stronger than the theoretical worst case, while the quality of the cluster analysis on the trajectory data is preserved.Source: Transactions on data privacy 3 (2010): 91–121.
Monreale A., Andrienko G., Andrienko N., Giannotti F., Pedreschi D., Rinzivillo S., Wrobel S.
Wireless networks and mobile devices, such as mobile phones and GPS receivers, sense and track the movements of people and vehicles, producing society-wide mobility databases. This is a challenging scenario for data analysis and mining. On the one hand, exciting opportunities arise out of discovering new knowledge about human mobile behavior, and thus fuel intelligent info-mobility applications. On other hand, new privacy concerns arise when mobility data are published. The risk is particularly high for GPS trajectories, which represent movement of a very high precision and spatio-temporal resolution: the de-identification of such trajectories (i.e., forgetting the ID of their associated owners) is only a weak protection, as generally it is possible to re-identify a person by ob- serving her routine movements. In this paper we propose a method for achieving true anonymity in a dataset of published trajectories, by defining a transformation of the original GPS trajectories based on spatial generalization and k-anonymity. The proposed method offers a formal data protection safeguard, quantified as a theoretical upper bound to the probability of re-identification. We conduct a thorough study on a real-life GPS trajectory dataset, and provide strong empirical evidence that the proposed anonymity techniques achieve the conflicting goals of data utility and data privacy. In practice, the achieved anonymity protection is much stronger than the theoretical worst case, while the quality of the cluster analysis on the trajectory data is preserved.Source: Transactions on data privacy 3 (2010): 91–121.
See at:
www.tdp.cat | CNR ExploRA
2008
Conference article
Open Access
Pattern-preserving k-anonymization of sequences and its application to mobility data mining
Pensa R. G., Monreale A., Pinelli F., Pedreschi D.
Sequential pattern mining is a major research field in knowledge discovery and data mining. Thanks to the increasing availability of transaction data, it is now possible to provide new and improved services based on users' and customers' behavior. However, this puts the citizen's privacy at risk. Thus, it is important to develop new privacy-preserving data mining techniques that do not alter the analysis results significantly. In this paper we propose a new approach for anonymizing sequential data by hiding infrequent, and thus potentially sensible, subsequences. Our approach guarantees that the disclosed data are k-anonymous and preserve the quality of extracted patterns. An application to a real-world moving object database is presented, which shows the effectiveness of our approach also in complex contexts.Source: The 1st International Workshop on Privacy in Location-Based Applications, pp. 44–60, Malaga, Spain, 9 ottobre 2008
Pensa R. G., Monreale A., Pinelli F., Pedreschi D.
Sequential pattern mining is a major research field in knowledge discovery and data mining. Thanks to the increasing availability of transaction data, it is now possible to provide new and improved services based on users' and customers' behavior. However, this puts the citizen's privacy at risk. Thus, it is important to develop new privacy-preserving data mining techniques that do not alter the analysis results significantly. In this paper we propose a new approach for anonymizing sequential data by hiding infrequent, and thus potentially sensible, subsequences. Our approach guarantees that the disclosed data are k-anonymous and preserve the quality of extracted patterns. An application to a real-world moving object database is presented, which shows the effectiveness of our approach also in complex contexts.Source: The 1st International Workshop on Privacy in Location-Based Applications, pp. 44–60, Malaga, Spain, 9 ottobre 2008
See at:
sunsite.informatik.rwth-aachen.de | CNR ExploRA
2008
Conference article
Restricted
Location prediction within the mobility data analysis environment Daedalus
Trasarti R., Monreale A., Pinelli F., Giannotti F.
In this paper we propose a method to predict the next lo- cation of a moving object based on two recent results in GeoPKDD project: DAEDALUS, a mobility data analysis environment and Trajectory Pattern, a sequential pattern mining algorithm with temporal annotation integrated in DAEDALUS. The first one is a DMQL environment for mov- ing objects, where both data and patterns can be repre- sented. The second one extracts movement patterns as se- quences of movements between locations with typical travel times. This paper proposes a prediction method which uses the lo- cal models extracted by Trajectory Pattern to build a global model called Prediction Tree. The future location of a mov- ing object is predicted visiting the tree and calculating the best matching function. The integration within DAEDALUS system supports an in- teractive construction of the predictor on the top of a set of spatio-temporal patterns. Others proposals in literature base the definition of predic- tion methods for future location of a moving object on pre- viously extracted frequent patterns. They use the recent history of movements of the object itself and often use time only to order the events. Our work uses the movements of all moving objects in a certain area to learn a classifier built on the mined trajectory patterns, which are intrinsi- cally equipped with temporal information.Source: 5th Annual International Conference on Mobile and Ubiquitous Systems, Dublin, Ireland, 21-25 July 2008
Trasarti R., Monreale A., Pinelli F., Giannotti F.
In this paper we propose a method to predict the next lo- cation of a moving object based on two recent results in GeoPKDD project: DAEDALUS, a mobility data analysis environment and Trajectory Pattern, a sequential pattern mining algorithm with temporal annotation integrated in DAEDALUS. The first one is a DMQL environment for mov- ing objects, where both data and patterns can be repre- sented. The second one extracts movement patterns as se- quences of movements between locations with typical travel times. This paper proposes a prediction method which uses the lo- cal models extracted by Trajectory Pattern to build a global model called Prediction Tree. The future location of a mov- ing object is predicted visiting the tree and calculating the best matching function. The integration within DAEDALUS system supports an in- teractive construction of the predictor on the top of a set of spatio-temporal patterns. Others proposals in literature base the definition of predic- tion methods for future location of a moving object on pre- viously extracted frequent patterns. They use the recent history of movements of the object itself and often use time only to order the events. Our work uses the movements of all moving objects in a certain area to learn a classifier built on the mined trajectory patterns, which are intrinsi- cally equipped with temporal information.Source: 5th Annual International Conference on Mobile and Ubiquitous Systems, Dublin, Ireland, 21-25 July 2008
See at:
dl.acm.org | CNR ExploRA
2010
Contribution to book
Restricted
Anonymity technologies for privacy-preserving data publishing and mining
Monreale A., Pedreschi D., Pensa R. G.
Data mining is gaining momentum in society, due to the ever increasing availability of large amounts of data, easily gathered by a variety of collection technologies and stored via computer systems. Data mining is the key step in the process of Knowledge Discovery in Databases, the so-called KDD pro- cess. The knowledge discovered in data by means of sophisticated data mining techniques is leading to a new generation of personalized intelligent services. The dark side of this story is that the very same collection technologies gather personal, often sensitive, data, so that the opportunities of discovering knowl- edge increase hand in hand with the risks of privacy violation.Source: Privacy-Aware Knowledge Discovery: Novel Applications and New Techniques, edited by Francesco Bonchi, Elena Ferrari, pp. 3–33. Boca Raton: CRC Press, 2010
Monreale A., Pedreschi D., Pensa R. G.
Data mining is gaining momentum in society, due to the ever increasing availability of large amounts of data, easily gathered by a variety of collection technologies and stored via computer systems. Data mining is the key step in the process of Knowledge Discovery in Databases, the so-called KDD pro- cess. The knowledge discovered in data by means of sophisticated data mining techniques is leading to a new generation of personalized intelligent services. The dark side of this story is that the very same collection technologies gather personal, often sensitive, data, so that the opportunities of discovering knowl- edge increase hand in hand with the risks of privacy violation.Source: Privacy-Aware Knowledge Discovery: Novel Applications and New Techniques, edited by Francesco Bonchi, Elena Ferrari, pp. 3–33. Boca Raton: CRC Press, 2010
See at:
www.crcpress.com | CNR ExploRA
2009
Conference article
Restricted
WhereNext: a location predictor on trajectory pattern mining
Monreale A., Pinelli F., Trasarti R., Giannotti F.
The pervasiveness of mobile devices and location based set-vices is leading to an increasing volume of mobility data. This side effect provides the opportunity for innovative methods that analyse the behaviors of movements. In this paper we propose WhereNext, which is a method aimed at predicting with a certain level of accuracy the next location of a moving object. The prediction uses previously extracted movement patterns named Trajectory Patterns, which are a concise representation of behaviors of moving objects as sequences of regions frequently visited with a typical travel time. A decision tree. named T-pattern Tree, is built and evaluated with a formal training and test process. The tree is learned from the Trajectory Patterns that hold a certain area and it may be used as a predictor of the next location of a new trajectory finding the best matching path in the tree. Three different best matching methods to classify a new moving object are proposed and their impact on the quality of prediction is studied extensively. Using Trajectory Patterns as predictive rules has the following implications: (I) the learning depends on the movement of all available objects in a certain area instead of on the individual history of an object; (II) the prediction tree intrinsically contains the spatio-temporal properties that have emerged from the data and this allows us to define matching methods that striclty depend on the properties of such Movements. In addition, we propose a set of other measures, that evaluate a, priori the predictive power of a set of Trajectory Patterns. This measures were tuned on a real life case study. Finally, all exhaustive set of experiments and results on the real dataset are presented.Source: 15th ACM SIGKDD International Conference on Knowledge Discovery in Data Mining, pp. 637–646, Paris, France, JUN 28-JUL 01, 2009
DOI: 10.1145/1557019.1557091
Metrics:
Monreale A., Pinelli F., Trasarti R., Giannotti F.
The pervasiveness of mobile devices and location based set-vices is leading to an increasing volume of mobility data. This side effect provides the opportunity for innovative methods that analyse the behaviors of movements. In this paper we propose WhereNext, which is a method aimed at predicting with a certain level of accuracy the next location of a moving object. The prediction uses previously extracted movement patterns named Trajectory Patterns, which are a concise representation of behaviors of moving objects as sequences of regions frequently visited with a typical travel time. A decision tree. named T-pattern Tree, is built and evaluated with a formal training and test process. The tree is learned from the Trajectory Patterns that hold a certain area and it may be used as a predictor of the next location of a new trajectory finding the best matching path in the tree. Three different best matching methods to classify a new moving object are proposed and their impact on the quality of prediction is studied extensively. Using Trajectory Patterns as predictive rules has the following implications: (I) the learning depends on the movement of all available objects in a certain area instead of on the individual history of an object; (II) the prediction tree intrinsically contains the spatio-temporal properties that have emerged from the data and this allows us to define matching methods that striclty depend on the properties of such Movements. In addition, we propose a set of other measures, that evaluate a, priori the predictive power of a set of Trajectory Patterns. This measures were tuned on a real life case study. Finally, all exhaustive set of experiments and results on the real dataset are presented.Source: 15th ACM SIGKDD International Conference on Knowledge Discovery in Data Mining, pp. 637–646, Paris, France, JUN 28-JUL 01, 2009
DOI: 10.1145/1557019.1557091
Metrics:
See at:
dl.acm.org | doi.org | CNR ExploRA
2010
Conference article
Unknown
Location prediction through trajectory pattern mining
Monreale A., Pinelli F., Trasarti R., Giannotti F.
The pervasiveness of mobile devices and location based services produces as side effects an increasing volume of mobility data which in turn create the opportunity for a novel generation of analysis methods of movements behaviors. In this paper, we propose a method WhereNext aimed at predicting with a certain accuracy the next location of a moving object. The prediction uses previously extracted movement patterns named Trajectory Pattern which are a concise representation of behaviors of moving objects as sequences of regions frequently visited with typical travel time. A decision tree, named T-pattern Tree, is built and evaluated with a formal training and test process. Using Trajectory Patterns as predictive rules has the following implications: (I) the learning depends by the movement of all available objects in a certain area instead by the individual history of an object; (II) the prediction tree intrinsically contains the spatio-temporal properties emerged from the data and this allows to define matching methods strongly depending on such movement properties. Finally an exhaustive set of experiments and results on the real dataset are presented.Source: 18th Italian Symposium on Advanced Database Systems, Rimini, Italy, 20-23 June 2010
Monreale A., Pinelli F., Trasarti R., Giannotti F.
The pervasiveness of mobile devices and location based services produces as side effects an increasing volume of mobility data which in turn create the opportunity for a novel generation of analysis methods of movements behaviors. In this paper, we propose a method WhereNext aimed at predicting with a certain accuracy the next location of a moving object. The prediction uses previously extracted movement patterns named Trajectory Pattern which are a concise representation of behaviors of moving objects as sequences of regions frequently visited with typical travel time. A decision tree, named T-pattern Tree, is built and evaluated with a formal training and test process. Using Trajectory Patterns as predictive rules has the following implications: (I) the learning depends by the movement of all available objects in a certain area instead by the individual history of an object; (II) the prediction tree intrinsically contains the spatio-temporal properties emerged from the data and this allows to define matching methods strongly depending on such movement properties. Finally an exhaustive set of experiments and results on the real dataset are presented.Source: 18th Italian Symposium on Advanced Database Systems, Rimini, Italy, 20-23 June 2010
See at: CNR ExploRA
2010
Conference article
Open Access
Preserving privacy in semantic-rich trajectories of human mobility
Monreale A., Trasarti R., Renso C., Pedreschi D., Bogorny V.
The increasing abundance of data about the trajectories of personal movement is opening up new opportunities for an- alyzing and mining human mobility, but new risks emerge since it opens new ways of intruding into personal privacy. Representing the personal movements as sequences of places visited by a person during her/his movements - semantic trajectory - poses even greater privacy threats w.r.t. raw geometric location data. In this paper we propose a pri- vacy model defining the attack model of semantic trajectory linking, together with a privacy notion, called c-safety. This method provides an upper bound to the probability of in- ferring that a given person, observed in a sequence of non- sensitive places, has also stopped in any sensitive location. Coherently with the privacy model, we propose an algorithm for transforming any dataset of semantic trajectories into a c-safe one. We report a study on a real-life GPS trajec- tory dataset to show how our algorithm preserves interesting quality/utility measures of the original trajectories, such as sequential pattern mining results.Source: 3rd ACM SIGSPATIAL International Workshop on Security and Privacy in GIS and LBS, pp. 47, San Jose, CA, USA, 3-5 November 2010
DOI: 10.1145/1868470.1868481
Metrics:
Monreale A., Trasarti R., Renso C., Pedreschi D., Bogorny V.
The increasing abundance of data about the trajectories of personal movement is opening up new opportunities for an- alyzing and mining human mobility, but new risks emerge since it opens new ways of intruding into personal privacy. Representing the personal movements as sequences of places visited by a person during her/his movements - semantic trajectory - poses even greater privacy threats w.r.t. raw geometric location data. In this paper we propose a pri- vacy model defining the attack model of semantic trajectory linking, together with a privacy notion, called c-safety. This method provides an upper bound to the probability of in- ferring that a given person, observed in a sequence of non- sensitive places, has also stopped in any sensitive location. Coherently with the privacy model, we propose an algorithm for transforming any dataset of semantic trajectories into a c-safe one. We report a study on a real-life GPS trajec- tory dataset to show how our algorithm preserves interesting quality/utility measures of the original trajectories, such as sequential pattern mining results.Source: 3rd ACM SIGSPATIAL International Workshop on Security and Privacy in GIS and LBS, pp. 47, San Jose, CA, USA, 3-5 November 2010
DOI: 10.1145/1868470.1868481
Metrics:
See at:
www.inf.ufsc.br | dl.acm.org | doi.org | CNR ExploRA
2009
Report
Open Access
Privacy preserving outsourcing of association rule mining
Giannotti F., Lakshmanan L. V., Monreale A., Pedreschi D., Wang H.
Spurred by developments such as cloud computing, there has been considerable recent interest in the paradigmof datamining-as-service. A company (data owner) lacking in expertise or computational resources can outsource its mining needs to a third party service provider (server). However, both the items in the outsourced database and the patterns of items that can be mined from the database, are considered as the corporate privacy of the data owner. To protect the corporate privacy, the data owner transforms its data and ships it to the server. The server sends extracted patterns to the owner in response to the latters mining queries. The owner recovers the true patterns from the extracted patterns received. In this paper, we study the problem of outsourcing the association rule mining task within a corporate privacy-preserving framework. We propose an attack model based on background knowledge and devise two schemes, namely Frugal and RobFrugal , for privacy-preserving outsourced mining, based on the concept of k-anonymity. The protection against the privacy violation attack comes from ensuring that each transformed item (itemset) is indistinguishable, w.r.t. the attacker's background knowledge, from at least k-1 other transformed items (itemsets). We show that the owner can recover the true patterns as well as their support by maintaining a compact synopsis. Finally, we empirically demonstrate using comprehensive experiments on a real transaction database, that our techniques and ideas are effective, scalable, and protect privacy.Source: ISTI Technical reports, 2009
Giannotti F., Lakshmanan L. V., Monreale A., Pedreschi D., Wang H.
Spurred by developments such as cloud computing, there has been considerable recent interest in the paradigmof datamining-as-service. A company (data owner) lacking in expertise or computational resources can outsource its mining needs to a third party service provider (server). However, both the items in the outsourced database and the patterns of items that can be mined from the database, are considered as the corporate privacy of the data owner. To protect the corporate privacy, the data owner transforms its data and ships it to the server. The server sends extracted patterns to the owner in response to the latters mining queries. The owner recovers the true patterns from the extracted patterns received. In this paper, we study the problem of outsourcing the association rule mining task within a corporate privacy-preserving framework. We propose an attack model based on background knowledge and devise two schemes, namely Frugal and RobFrugal , for privacy-preserving outsourced mining, based on the concept of k-anonymity. The protection against the privacy violation attack comes from ensuring that each transformed item (itemset) is indistinguishable, w.r.t. the attacker's background knowledge, from at least k-1 other transformed items (itemsets). We show that the owner can recover the true patterns as well as their support by maintaining a compact synopsis. Finally, we empirically demonstrate using comprehensive experiments on a real transaction database, that our techniques and ideas are effective, scalable, and protect privacy.Source: ISTI Technical reports, 2009
See at:
ISTI Repository | CNR ExploRA
2010
Report
Unknown
Towards anonymous semantic trajectories
Monreale A., Trasarti R., Renso C., Bogorny V., Pedreschi D.
In recent years, spatio-temporal and moving objects databases have gained consi-derable interest, due to the diffusion of mobile devices and of new applications, where the discovery of consumable, concise, and applicable knowledge is the key step. Recent advances in spatio-temporal data analysis focused on the semantic aspects of the movement data, thus leading to the definition of semantic trajectory concept. However, the analysis of this kind of data can compromise the privacy of users because the location data allows inferences which may help an attacker to discovery personal and sensitive information, like habits and preferences of individuals. In this paper we briefly present an approach for the generalization of semantic tra-jectories that can be adopted for obtaining datasets satisfying the k-anonymity property; specifically, this method exploits ontologies to realize a framework for publishing semantic trajectories while preserving privacy of the tracked users. We show that this generalization method is able to preserve the semantic tagging obtained by the analysis of the resulting dataset.Source: ISTI Technical reports, 2010
Monreale A., Trasarti R., Renso C., Bogorny V., Pedreschi D.
In recent years, spatio-temporal and moving objects databases have gained consi-derable interest, due to the diffusion of mobile devices and of new applications, where the discovery of consumable, concise, and applicable knowledge is the key step. Recent advances in spatio-temporal data analysis focused on the semantic aspects of the movement data, thus leading to the definition of semantic trajectory concept. However, the analysis of this kind of data can compromise the privacy of users because the location data allows inferences which may help an attacker to discovery personal and sensitive information, like habits and preferences of individuals. In this paper we briefly present an approach for the generalization of semantic tra-jectories that can be adopted for obtaining datasets satisfying the k-anonymity property; specifically, this method exploits ontologies to realize a framework for publishing semantic trajectories while preserving privacy of the tracked users. We show that this generalization method is able to preserve the semantic tagging obtained by the analysis of the resulting dataset.Source: ISTI Technical reports, 2010
See at: CNR ExploRA
2011
Journal article
Open Access
The pursuit of hubbiness: analysis of hubs in large multidimensional networks
Berlingerio M., Coscia M., Giannotti F., Monreale A., Pedreschi D.
Hubs are highly connected nodes within a network. In complex network analysis, hubs have been widely studied, and are at the basis of many tasks, such as web search and epidemic outbreak detection. In reality, networks are often multidimensional, i.e., there can exist multiple connections between any pair of nodes. In this setting, the concept of hub depends on the multiple dimensions of the network, whose interplay becomes crucial for the connectedness of a node. In this paper, we characterize multidimensional hubs. We consider the multidimensional generalization of the degree and introduce a new class of measures, that we call Dimension Relevance, aimed at analyzing the importance of different dimensions for the hubbiness of a node. We assess the meaningfulness of our measures by comparing them on real networks and null models, then we study the interplay among dimensions and their effect on node connectivity. Our findings show that: (i) multidimensional hubs do exist and their characterization yields interesting insights and (ii) it is possible to detect the most influential dimensions that cause the different hub behaviors. We demonstrate the usefulness of multidimensional analysis in three real world domains: detection of ambiguous query terms in a word-word query log network, outlier detection in a social network, and temporal analysis of behaviors in a co-authorship network.Source: Journal of computational science (Print) 2 (2011): 223–237. doi:10.1016/j.jocs.2011.05.009
DOI: 10.1016/j.jocs.2011.05.009
Metrics:
Berlingerio M., Coscia M., Giannotti F., Monreale A., Pedreschi D.
Hubs are highly connected nodes within a network. In complex network analysis, hubs have been widely studied, and are at the basis of many tasks, such as web search and epidemic outbreak detection. In reality, networks are often multidimensional, i.e., there can exist multiple connections between any pair of nodes. In this setting, the concept of hub depends on the multiple dimensions of the network, whose interplay becomes crucial for the connectedness of a node. In this paper, we characterize multidimensional hubs. We consider the multidimensional generalization of the degree and introduce a new class of measures, that we call Dimension Relevance, aimed at analyzing the importance of different dimensions for the hubbiness of a node. We assess the meaningfulness of our measures by comparing them on real networks and null models, then we study the interplay among dimensions and their effect on node connectivity. Our findings show that: (i) multidimensional hubs do exist and their characterization yields interesting insights and (ii) it is possible to detect the most influential dimensions that cause the different hub behaviors. We demonstrate the usefulness of multidimensional analysis in three real world domains: detection of ambiguous query terms in a word-word query log network, outlier detection in a social network, and temporal analysis of behaviors in a co-authorship network.Source: Journal of computational science (Print) 2 (2011): 223–237. doi:10.1016/j.jocs.2011.05.009
DOI: 10.1016/j.jocs.2011.05.009
Metrics:
See at:
Journal of Computational Science | Journal of Computational Science | CNR ExploRA
2013
Conference article
Unknown
On multidimensional network measures
Magnani M., Monreale A., Rossetti G., Giannotti F.
Networks, i.e., sets of interconnected entities, are ubiquitous, spanning disciplines as diverse as sociology, biology and computer sci- ence. The recent availability of large amounts of network data has thus provided a unique opportunity to develop models and analysis tools ap- plicable to a wide range of scenarios. However, real-world phenomena are often more complex than existing graph data models. One relevant ex- ample concerns the numerous types of social relationships (or edges) that can be present between individuals in a social network. In this short pa- per we present a uni ed model and a set of measures recently developed to represent and analyze network data with multiple types of edges.Source: SEDB 2013 - 21st Italian Symposium on Advanced Database Systems, pp. 215–222, Roccella Jonica, Reggio Calabria, Italy, 30 June - 3 July 2013
Magnani M., Monreale A., Rossetti G., Giannotti F.
Networks, i.e., sets of interconnected entities, are ubiquitous, spanning disciplines as diverse as sociology, biology and computer sci- ence. The recent availability of large amounts of network data has thus provided a unique opportunity to develop models and analysis tools ap- plicable to a wide range of scenarios. However, real-world phenomena are often more complex than existing graph data models. One relevant ex- ample concerns the numerous types of social relationships (or edges) that can be present between individuals in a social network. In this short pa- per we present a uni ed model and a set of measures recently developed to represent and analyze network data with multiple types of edges.Source: SEDB 2013 - 21st Italian Symposium on Advanced Database Systems, pp. 215–222, Roccella Jonica, Reggio Calabria, Italy, 30 June - 3 July 2013
See at: CNR ExploRA
2014
Journal article
Restricted
Discrimination- and privacy-aware patterns
Hajian S., Domingo-Ferrer J., Monreale A., Pedreschi D., Giannotti F.
Data mining is gaining societal momentum due to the ever increasing availability of large amounts of human data, easily collected by a variety of sensing technologies. We are therefore faced with unprecedented opportunities and risks: a deeper understanding of human behavior and how our society works is darkened by a greater chance of privacy intrusion and unfair discrimination based on the extracted patterns and profiles. Consider the case when a set of patterns extracted from the personal data of a population of individual persons is released for a subsequent use into a decision making process, such as, e.g., granting or denying credit. First, the set of patterns may reveal sensitive information about individual persons in the training population and, second, decision rules based on such patterns may lead to unfair discrimination, depending on what is represented in the training cases. Although methods independently addressing privacy or discrimination in data mining have been proposed in the literature, in this context we argue that privacy and discrimination risks should be tackled together, and we present a methodology for doing so while publishing frequent pattern mining results. We describe a set of pattern sanitization methods, one for each discrimination measure used in the legal literature, to achieve a fair publishing of frequent patterns in combination with two possible privacy transformations: one based on k-anonymity and one based on differential privacy. Our proposed pattern sanitization methods based on k-anonymity yield both privacy- and discrimination-protected patterns, while introducing reasonable (controlled) pattern distortion. Moreover, they obtain a better trade-off between protection and data quality than the sanitization methods based on differential privacy. Finally, the effectiveness of our proposals is assessed by extensive experiments.Source: Data mining and knowledge discovery (2014). doi:10.1007/s10618-014-0393-7
DOI: 10.1007/s10618-014-0393-7
Metrics:
Hajian S., Domingo-Ferrer J., Monreale A., Pedreschi D., Giannotti F.
Data mining is gaining societal momentum due to the ever increasing availability of large amounts of human data, easily collected by a variety of sensing technologies. We are therefore faced with unprecedented opportunities and risks: a deeper understanding of human behavior and how our society works is darkened by a greater chance of privacy intrusion and unfair discrimination based on the extracted patterns and profiles. Consider the case when a set of patterns extracted from the personal data of a population of individual persons is released for a subsequent use into a decision making process, such as, e.g., granting or denying credit. First, the set of patterns may reveal sensitive information about individual persons in the training population and, second, decision rules based on such patterns may lead to unfair discrimination, depending on what is represented in the training cases. Although methods independently addressing privacy or discrimination in data mining have been proposed in the literature, in this context we argue that privacy and discrimination risks should be tackled together, and we present a methodology for doing so while publishing frequent pattern mining results. We describe a set of pattern sanitization methods, one for each discrimination measure used in the legal literature, to achieve a fair publishing of frequent patterns in combination with two possible privacy transformations: one based on k-anonymity and one based on differential privacy. Our proposed pattern sanitization methods based on k-anonymity yield both privacy- and discrimination-protected patterns, while introducing reasonable (controlled) pattern distortion. Moreover, they obtain a better trade-off between protection and data quality than the sanitization methods based on differential privacy. Finally, the effectiveness of our proposals is assessed by extensive experiments.Source: Data mining and knowledge discovery (2014). doi:10.1007/s10618-014-0393-7
DOI: 10.1007/s10618-014-0393-7
Metrics:
See at:
Data Mining and Knowledge Discovery | link.springer.com | CNR ExploRA
2014
Conference article
Restricted
CF-inspired privacy-preserving prediction of next location in the cloud
Basu A., Corena J. C., Monreale A. Pedreschi D., Giannotti F., Kiyomoto S., Vaidya J., Miyake Y.
Mobility data gathered from location sensors such as Global Positioning System (GPS) enabled phones and vehicles is valuable for spatio-temporal data mining for various location-based services (LBS). Such data is often considered sensitive and there exist many a mechanism for privacy preserving analyses of the data. Through various anonymisation mechanisms, it can be ensured with a high probability that a particular individual cannot be identified when mobility data is outsourced to third parties for analysis. However, challenges remain with the privacy of the queries on outsourced analysis results, especially when the queries are sent directly to third parties by end-users. Drawing inspiration from our earlier work in privacy preserving collaborative filtering (CF) and next location prediction, in this exploratory work, we propose a novel representation of trajectory data in the CF domain and experiment with a privacy preserving Slope One CF predictor. We present evaluations for the accuracy and the computational performance of our proposal using anonymised data gathered from real traffic data in the Italian cities of Pisa and Milan. One use-case is a third-party location-prediction-as-a-service deployed on a public cloud, which can respond to privacy-preserving queries while enabling data owners to build a rich predictor on the cloud.Source: IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom 2014), pp. 731, Singapore, 15-18/12/2014
DOI: 10.1109/cloudcom.2014.114
Metrics:
Basu A., Corena J. C., Monreale A. Pedreschi D., Giannotti F., Kiyomoto S., Vaidya J., Miyake Y.
Mobility data gathered from location sensors such as Global Positioning System (GPS) enabled phones and vehicles is valuable for spatio-temporal data mining for various location-based services (LBS). Such data is often considered sensitive and there exist many a mechanism for privacy preserving analyses of the data. Through various anonymisation mechanisms, it can be ensured with a high probability that a particular individual cannot be identified when mobility data is outsourced to third parties for analysis. However, challenges remain with the privacy of the queries on outsourced analysis results, especially when the queries are sent directly to third parties by end-users. Drawing inspiration from our earlier work in privacy preserving collaborative filtering (CF) and next location prediction, in this exploratory work, we propose a novel representation of trajectory data in the CF domain and experiment with a privacy preserving Slope One CF predictor. We present evaluations for the accuracy and the computational performance of our proposal using anonymised data gathered from real traffic data in the Italian cities of Pisa and Milan. One use-case is a third-party location-prediction-as-a-service deployed on a public cloud, which can respond to privacy-preserving queries while enabling data owners to build a rich predictor on the cloud.Source: IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom 2014), pp. 731, Singapore, 15-18/12/2014
DOI: 10.1109/cloudcom.2014.114
Metrics:
See at:
doi.org | ieeexplore.ieee.org | CNR ExploRA
2014
Conference article
Open Access
A privacy risk model for trajectory data
Basu A., Monreale A., Corena J. C., Giannotti F., Pedreschi D., Kiyomoto S., Miyake Y., Yanagihara T., Trasarti R.
Time sequence data relating to users, such as medical histories and mobility data, are good candidates for data mining, but often contain highly sensitive information. Different methods in privacypreserving data publishing are utilised to release such private data so that individual records in the released data cannot be re-linked to specific users with a high degree of certainty. These methods provide theoretical worst-case privacy risks as measures of the privacy protection that they offer. However, often with many real-world data the worstcase scenario is too pessimistic and does not provide a realistic view of the privacy risks: the real probability of re-identification is often much lower than the theoretical worst-case risk. In this paper we propose a novel empirical risk model for privacy which, in relation to the cost of privacy attacks, demonstrates better the practical risks associated with a privacy preserving data release. We show detailed evaluation of the proposed risk model by using k-anonymised real-world mobility data.Source: Trust Management VIII. 8th IFIP WG 11.11 International Conference (IFIPTM 2014), pp. 125–140, Singapore, 07-10/07/2014
DOI: 10.1007/978-3-662-43813-8_9
Metrics:
Basu A., Monreale A., Corena J. C., Giannotti F., Pedreschi D., Kiyomoto S., Miyake Y., Yanagihara T., Trasarti R.
Time sequence data relating to users, such as medical histories and mobility data, are good candidates for data mining, but often contain highly sensitive information. Different methods in privacypreserving data publishing are utilised to release such private data so that individual records in the released data cannot be re-linked to specific users with a high degree of certainty. These methods provide theoretical worst-case privacy risks as measures of the privacy protection that they offer. However, often with many real-world data the worstcase scenario is too pessimistic and does not provide a realistic view of the privacy risks: the real probability of re-identification is often much lower than the theoretical worst-case risk. In this paper we propose a novel empirical risk model for privacy which, in relation to the cost of privacy attacks, demonstrates better the practical risks associated with a privacy preserving data release. We show detailed evaluation of the proposed risk model by using k-anonymised real-world mobility data.Source: Trust Management VIII. 8th IFIP WG 11.11 International Conference (IFIPTM 2014), pp. 125–140, Singapore, 07-10/07/2014
DOI: 10.1007/978-3-662-43813-8_9
Metrics:
See at:
link.springer.com | doi.org | Hyper Article en Ligne | link.springer.com | www.scopus.com | CNR ExploRA
2014
Conference article
Restricted
Fair pattern discovery
Hajian S., Monreale A., Pedreschi D., Domingo-Ferrer J., Giannotti F.
Data mining is gaining societal momentum due to the ever increasing availability of large amounts of human data, easily collected by a variety of sensing technologies. We are assisting to unprecedented opportunities of understanding human and society behavior that unfortunately is darkened by several risks for human rights: one of this is the unfair discrimination based on the extracted patterns and profiles. Consider the case when a set of patterns extracted from the personal data of a population of individual persons is released for subsequent use in a decision making process, such as, e.g., granting or denying credit. Decision rules based on such patterns may lead to unfair discrimination, depending on what is represented in the training cases. In this context, we address the discrimination risks resulting from publishing frequent patterns. We present a set of pattern sanitization methods, one for each discrimination measure used in the legal literature, for fair (discrimination-protected) publishing of frequent pattern mining results. Our proposed pattern sanitization methods yield discrimination-protected patterns, while introducing reasonable (controlled) pattern distortion. Finally, the effectiveness of our proposals is assessed by extensive experiments. Copyright 2014 ACM.Source: 29th Annual ACM Symposium on Applied Computing (SAC'14), pp. 113–120, Gyeongju, Republic of Korea, 24-28/03/2014
DOI: 10.1145/2554850.2555043
Metrics:
Hajian S., Monreale A., Pedreschi D., Domingo-Ferrer J., Giannotti F.
Data mining is gaining societal momentum due to the ever increasing availability of large amounts of human data, easily collected by a variety of sensing technologies. We are assisting to unprecedented opportunities of understanding human and society behavior that unfortunately is darkened by several risks for human rights: one of this is the unfair discrimination based on the extracted patterns and profiles. Consider the case when a set of patterns extracted from the personal data of a population of individual persons is released for subsequent use in a decision making process, such as, e.g., granting or denying credit. Decision rules based on such patterns may lead to unfair discrimination, depending on what is represented in the training cases. In this context, we address the discrimination risks resulting from publishing frequent patterns. We present a set of pattern sanitization methods, one for each discrimination measure used in the legal literature, for fair (discrimination-protected) publishing of frequent pattern mining results. Our proposed pattern sanitization methods yield discrimination-protected patterns, while introducing reasonable (controlled) pattern distortion. Finally, the effectiveness of our proposals is assessed by extensive experiments. Copyright 2014 ACM.Source: 29th Annual ACM Symposium on Applied Computing (SAC'14), pp. 113–120, Gyeongju, Republic of Korea, 24-28/03/2014
DOI: 10.1145/2554850.2555043
Metrics:
See at:
dl.acm.org | doi.org | CNR ExploRA
2015
Contribution to book
Restricted
Clustering formulation using constraint optimization
Grossi V., Monreale A., Nanni M., Pedreschi D., Turini F.
The problem of clustering a set of data is a textbook machine learning problem, but at the same time, at heart, a typical optimization problem. Given an objective function, such as minimizing the intra-cluster distances or maximizing the inter-cluster distances, the task is to find an assignment of data points to clusters that achieves this objective. In this paper, we present a constraint programming model for a centroid based clustering and one for a density based clustering. In particular, as a key contribution, we show how the expressivity introduced by the formulation of the problem by constraint programming makes the standard problem easy to be extended with other constraints that permit to generate interesting variants of the problem. We show this important aspect in two different ways: first, we show how the formulation of the density-based clustering by constraint programming makes it very similar to the label propagation problem and then, we propose a variant of the standard label propagation approach.Source: Software Engineering and Formal Methods, edited by Domenico Bianculli, Radu Calinescu, Bernhard Rumpe, pp. 93–107, 2015
DOI: 10.1007/978-3-662-49224-6_9
Project(s): ICON
Metrics:
Grossi V., Monreale A., Nanni M., Pedreschi D., Turini F.
The problem of clustering a set of data is a textbook machine learning problem, but at the same time, at heart, a typical optimization problem. Given an objective function, such as minimizing the intra-cluster distances or maximizing the inter-cluster distances, the task is to find an assignment of data points to clusters that achieves this objective. In this paper, we present a constraint programming model for a centroid based clustering and one for a density based clustering. In particular, as a key contribution, we show how the expressivity introduced by the formulation of the problem by constraint programming makes the standard problem easy to be extended with other constraints that permit to generate interesting variants of the problem. We show this important aspect in two different ways: first, we show how the formulation of the density-based clustering by constraint programming makes it very similar to the label propagation problem and then, we propose a variant of the standard label propagation approach.Source: Software Engineering and Formal Methods, edited by Domenico Bianculli, Radu Calinescu, Bernhard Rumpe, pp. 93–107, 2015
DOI: 10.1007/978-3-662-49224-6_9
Project(s): ICON
Metrics:
See at:
doi.org | link.springer.com | CNR ExploRA
2017
Journal article
Open Access
MyWay: location prediction via mobility profiling
Trasarti R., Guidotti R., Monreale A., Giannotti F.
Forecasting the future positions of mobile users is a valuable task allowing us to operate efficiently a myriad of different applications which need this type of information. We propose MyWay, a prediction system which exploits the individual systematic behaviors modeled by mobility profiles to predict human movements. MyWay provides three strategies: the individual strategy uses only the user individual mobility profile, the collective strategy takes advantage of all users individual systematic behaviors, and the hybrid strategy that is a combination of the previous two. A key point is that MyWay only requires the sharing of individual mobility profiles, a concise representation of the user's movements, instead of raw trajectory data revealing the detailed movement of the users. We evaluate the prediction performances of our proposal by a deep experimentation on large real-world data. The results highlight that the synergy between the individual and collective knowledge is the key for a better prediction and allow the system to outperform the state-of-art methods.Source: Information systems (Oxf.) 64 (2017): 350–367. doi:10.1016/j.is.2015.11.002
DOI: 10.1016/j.is.2015.11.002
Project(s): SoBigData
Metrics:
Trasarti R., Guidotti R., Monreale A., Giannotti F.
Forecasting the future positions of mobile users is a valuable task allowing us to operate efficiently a myriad of different applications which need this type of information. We propose MyWay, a prediction system which exploits the individual systematic behaviors modeled by mobility profiles to predict human movements. MyWay provides three strategies: the individual strategy uses only the user individual mobility profile, the collective strategy takes advantage of all users individual systematic behaviors, and the hybrid strategy that is a combination of the previous two. A key point is that MyWay only requires the sharing of individual mobility profiles, a concise representation of the user's movements, instead of raw trajectory data revealing the detailed movement of the users. We evaluate the prediction performances of our proposal by a deep experimentation on large real-world data. The results highlight that the synergy between the individual and collective knowledge is the key for a better prediction and allow the system to outperform the state-of-art methods.Source: Information systems (Oxf.) 64 (2017): 350–367. doi:10.1016/j.is.2015.11.002
DOI: 10.1016/j.is.2015.11.002
Project(s): SoBigData
Metrics:
See at:
Information Systems | ISTI Repository | Information Systems | www.sciencedirect.com | CNR ExploRA