An Information Theoretic Framework for Active De-anonymization in Social Networks Based on Group Memberships
This addresses privacy vulnerabilities in social networks for attackers, but it is incremental as it builds on existing de-anonymization methods.
The paper tackles the problem of de-anonymizing social network users by actively querying group memberships, proposing new attack algorithms that achieve an upper bound on query cost and showing prior heuristic approaches are sub-optimal.
In this paper, a new mathematical formulation for the problem of de-anonymizing social network users by actively querying their membership in social network groups is introduced. In this formulation, the attacker has access to a noisy observation of the group membership of each user in the social network. When an unidentified victim visits a malicious website, the attacker uses browser history sniffing to make queries regarding the victim's social media activity. Particularly, it can make polar queries regarding the victim's group memberships and the victim's identity. The attacker receives noisy responses to her queries. The goal is to de-anonymize the victim with the minimum number of queries. Starting with a rigorous mathematical model for this active de-anonymization problem, an upper bound on the attacker's expected query cost is derived, and new attack algorithms are proposed which achieve this bound. These algorithms vary in computational cost and performance. The results suggest that prior heuristic approaches to this problem provide sub-optimal solutions.