Extending Cell Suppression to Protect Tabular Data against Several Attackers

Quantified Score

Visualization

Abstract

This paper presents three mathematical models for the problem of finding a cell suppression pattern minimizing the loss of information while guaranteeing protection level requirements for different sensitive cells and different intruders. This problem covers a very general setting in Statistical Disclosure Control, and it contains as particular cases several important problems like, e.g., the so-called "common respondent problem" mentioned in Jewett [9]. Hence, the three models also applies to the common respondent problem, among others. The first model corresponds to bi-level Mathematical Programming. The second model belongs to Integer Linear Programming (ILP) and could be used on small-size tables where some nominal values are known to assume discrete values. The third model is also an ILP model valid when the nominal values of the table are continuous numbers, and with the good advantage of containing an small number of variables (one 0-1 variable for each cell in the table). On the other hand, this model has a bigger number of linear inequalities (related with the number of sensitive cells and the number of attackers). Nevertheless, this paper addresses this disadvantage which is overcame by a dynamic generation of the important inequalities when necessary. The overall algorithm follows a modern Operational Research technique known as branch-and-cut approach, and allows to find optimal solutions to medium-size tables. On large-size tables the approach can be used to find near-optimal solutions. The paper illustrates the procedure on an introductory instance.The paper ends pointing another alternative methodology (closely related to the one in Jewett [9]) to produce patterns by shrinking all the different intruders into a single one, and compares it with the classical single-attacker methodology and with the above multi-attacker methodology.