Finding the Most Appropriate Auxiliary Data for Social Graph Deanonymization

Given only a handful of local structural features about the nodes of an anonymized social graph, how can an adversary select an auxiliary (a.k.a. non-anonymized, known) graph to help him/her deanonymize (a.k.a. re-identify) the individuals in the graph? Examples of local structural features are node’s degree, node’s clustering coe cient, edge density of the node’s neighbors, etc. The objective of the adversary is to find an auxiliary graph that has the maximum nodeoverlap with the anonymized graph. We present conditions under which an adversary may estimate the node-overlap between the graphs; and thus be able to pick the most appropriate auxiliary graph. Specifically, we consider two scenarios. In the first scenario, the adversary has no information about the anonymized graph. We call this situation the no seeds case. In the second scenario, the adversary is able to gain some information about the anonymized graph. For example, the adversary is able to find out that a handful of individuals are present in the anonymized graph. We call this scenario the some seeds case. Our findings indicate that (1) in the no seeds case, an adversary can predict when the node-overlap between the anonymized and auxiliary graphs is low; (2) in the some seeds case, an adversary can identify pairs of anonymized and auxiliary graphs with high node-overlap; and (3) in the some seeds case, an adversary can e↵ectively learn to predict the node-overlap on di↵erent auxiliary graphs.