**1. Introduction**

In recent years, social networks have become an indisputable part of people's lives. The emergence of such networks has altered how we interact with the world. A given individual's day-to-day activities like media consumption, job hunting and social interaction have changed, along with how businesses and other beneficial entities interact with them through marketing, advertising, and information diffusion. This has led to an unstoppable race of collecting information and interaction from social networks by researchers, governments, and business entities for various purposes. From a research point of view, social networks and their interaction mechanisms provide valuable insight in many fields of study, such as sociology, psychology, advertising, and recommendation systems. It is only natural that the information contained in these networks and the value they hold have been and will be targeted by bad actors for malicious activities. The importance of these networks and the value of information that can be retrieved from them have led social network researchers to take a closer look at methods to combat such bad actors as well as formulate network measures that can provide an insight to the privacy of these networks. In this survey, we will look at one such measure known as ð Þ *k*, ℓ anonymity [1] and will discuss some theoretical and empirical results regarding this measure.

or *link disclosure* becomes an important task. One popular method to prevent such disclosures is *anonymization*. In an anonymization process, we publish the network without identifying the corresponding nodes or potentially identifiable attributes. Even after anonymizing the network, we will still be releasing many informative attributes encoded by the network structure; for example, attributes such as node degree, connectivity, or other similar graph properties can still help the adversaries

*A Review of Several Privacy Violation Measures for Large Networks under Active Attacks*

Adversaries usually rely on background knowledge to compromise the privacy of

1.*Passive attacks* in which the adversary will *not* modify the network by injecting new nodes, but instead will use the structural knowledge to detect the location of a *known* node. In this type of attacks, the adversary can benefit from the fact that most nodes in real social networks often belong to a small uniquely identifiable subgraph [10]. An adversary can then build a coalition with members of such subgraphs and attempt to re-identify the subgraphs in the anonymized published network, thus compromising the privacy of neighboring nodes.

2.*Active attacks* in which the adversary will choose an arbitrary set of target users, create new nodes and insert them into a social network in a way that they are connected to the target set and they form a distinguishable subgraph. After the anonymized version of the social network is published, the adversary can then use the subgraph as a *fingerprint* to re-identify the targeted users and

The authors in [10] also showed that it *is* possible to compromise the privacy of

log *n* � � p attacker

any social network of *n* nodes with high probability using *only O* ffiffiffiffiffiffiffiffiffiffiffi

nodes. In a *passive attack*, adversary's structural knowledge will give her/him a global view of the network depending on the global structure of the network. It could pose a high privacy risk if an adversary were to combine this global view with the local structural knowledge obtained using an active attack. As an example, consider the network in **Figure 1**. If we only have global structural knowledge, it is not possible to differentiate the nodes *v*<sup>3</sup> and *v*<sup>4</sup> (*e.g.* , same node degrees, *etc*.). However, controlling just one extra node in the graph, such as the node *v*1, provides local structural knowledge such as distances between nodes, and using the knowledge of the distance of *v*<sup>1</sup> from *v*<sup>3</sup> and *v*<sup>4</sup> (*dv*1,*v*<sup>3</sup> ¼ 1 and *dv*1,*v*<sup>4</sup> ¼ 2) one can easily

There are several well-studied strategies for coping with active attacks on a social network [9, 11, 12] via addressing the anonymization process of the social network. However, in this chapter we will focus on a measure that evaluates how resistant a social network is against this type of privacy attack. Introduced by Trujillo-Rasua et al. [1], ð Þ *k*, ℓ -anonymity is a novel and, to the best of our knowledge, the *only* privacy measure examining the structural resistance of a given graph against active attacks. The ð Þ *k*, ℓ -anonymity is a measure based on metric representation of nodes, where *k* is a privacy threshold and *l* is the maximum number of

published anonymized social networks. For understanding the failure of current privacy preservation methods such as anonymization, we need to have a proper model for the adversary background knowledge. Although it's challenging to have a comprehensive model of all possible types of adversary background knowledge, it is very useful to model the background knowledge via structural properties of networks such as node degrees, embedded subgraphs, node neighbors, etc. [9]. Backstrom et al. [10] were the first to introduce a category of attacks on anonymized social graphs. The models introduced in [10] are background-based attacks and are *widely* used in privacy analysis of social networks. The two main types of attacks are as follows.

in compromising the user privacies of a published network.

*DOI: http://dx.doi.org/10.5772/intechopen.90909*

compromise their privacy.

differentiate node *v*<sup>3</sup> from node *v*4.

**127**
