Database Reference
In-Depth Information
S
⊂
D
with
t
∈
S
exists, and the distortion between
D
and
D
is minimized. To
achieve (
k, δ
)-anonymous data sets, we can apply a method based on trajectory
clustering and spatial translation that is a form of perturbation. In particular, it
consists of three main steps:
1. Preprocessing step: The goal of this phase is to find a partition of the original
database in equivalence classes with respect to the time span. In other words,
each equivalence class contains trajectories with the same starting time and
ending time. This step is necessary because the algorithm has to compute the
Euclidean distance between trajectories and when it is computed on the input
raw data could lead to the generation of very small equivalence classes.
2. Clustering step: In this phase the trajectories, obtained by the preprocessing
step, are clustered by using a greedy approach. This step iteratively selects a
pivot trajectory as cluster center and assigns its nearest
k
−
1 trajectories to
the cluster. The clusters must have a radius not larger than a given threshold
to guarantee a certain compactness of the groups of trajectories. So, if this
criterion of compactness is not satisfied then the process is repeated selecting
a different pivot trajectory. Clearly, when a remaining trajectory cannot be
added to any cluster without violating the compactness constraint, then it is
trashed because it is considered as an outlier.
3. Space transformation step: The aim of this step is to transform each cluster
into a (
k, δ
)-anonymity set. This is achieved perturbing each trajectory by the
spatial translation that allows putting all the trajectories within a common
uncertainty cylinder.
9.3.2 Other PETs for Offline Mobility Data Analysis
Although PETs for mobility data publishing represent an important part of the
literature on privacy in mobility data analysis, there are other interesting tech-
niques that consider different scenarios and different settings and apply different
privacy models, such as techniques suitable for analyzing and mining data in
distributed environments and techniques that allow hiding models considered
sensitive in a database to be published.
Distributed Privacy-Preserving Mobility Data Mining
The methods belonging to this group aim at analyzing data sets that are parti-
tioned and distributed among several parties that do not want to (or cannot) share
the data or certain corporate information that is represented in the data, but are
interested in developing global models of common interest. Therefore, the main
assumption in this scenario is that multiple data holders want to collaboratively
perform data mining on the union of their data without revealing their sensitive
information. The question addressed in these cases is how to compute the results
