Individual Attribute and Cascade Influence Capability-Based Privacy Protection Method in Social Networks

Users can obtain intelligent services by sharing information in social networks. Big data technologies can discover underlying benefits from this information. However, stringent security concern is raised at the same time. -e public data can be utilized by adversaries, which will bring dire consequences. In this paper, the influence maximization problem is investigated in a privacy protection environment, which aims to find a subset of secure users that can make the spread of influence maximization and privacy disclosure minimization. At first, in order to estimate the risk level for each user, a Bayesian-based individual privacy risk evaluation model is proposed to rank the individual risk levels. Secondly, as the aim is to measure the influence capability for each user, a cascade influence capability evaluation model is designed to rank the friend influence capability levels. Finally, based on these two factors, a privacy protection method is designed for solving the influence maximization with attack constraint problem. In addition, the comparison experiments show that our method can achieve the goal of influence maximization and privacy disclosure minimization efficiently.


Introduction
Big data sharing through social media has meaningfully grown in the current era of social network [1,2]. e social media has assumed great importance through WeChat, Facebook, social network sites, and Twitter. e issue of how information spreads through the social network has drawn more and more attention [3,4]. e publicly available data can be utilized for market analysis, social research, and personalized service formulation [5]. Based on these analyses, more effective marketing strategies such as "viral marketing" can be found [6,7]. e shared data may include a lot of individual information such as user's occupation, family members, and religious affiliation. [8,9]. ese data are gathered and shared by many organizations, companies, institutions, and public websites. Unquestionably they bring valuable benefits for intelligent services [10]. However, they also pose a series of serious privacy risks [11][12][13]. erefore, appropriate privacy protection should be undertaken for secure information spread [14][15][16].
Influence maximization problem in privacy protection environment is to find a subset of secure and reliable users that can make the spread of influence maximization and privacy disclosure minimization. It is a critical problem of finding the main factors of privacy risk and estimating the risk level of these factors [17]. ere are many kinds of attributes for the shared big data, which can be classified into three categories: quasi-attributes, direct attributes, and sensitive attributes [18]. Quasi attributes are those that can be shared and do not belong to just one user, such as gender. Direct attributes have character of uniqueness such as e-mail and WeChat ID. Sensitive attributes contain individual private information such as personal health status. Sometimes other sensitive attributes are externally visible [19]. It is necessary to design an estimation to measure the risk level for each user. e user with a low individual privacy risk level is assumed to be safe. Because the attackers will pay no attention to the lower ones, the user with the lower risk level will be safe. While the user with high privacy risk level will be of great interest to attackers, all attributes of this user are leaked. Furthermore, with the rapid development of communication technology, the world is getting smaller [4]. e influence of friends can pose privacy risks. It has been found that a great deal of privacy leakage comes from friends' indirect disclosure [7]. In a word, information attributes and friends' influence are two important factors for privacy risks evaluation.
is paper focuses on the design of the influence maximization method in privacy protection environment. Individual privacy risk and friends' influence are two important factors for privacy risks evaluation. It is necessary to design an estimation to measure the risk level of the user and friends' influence capability. Based on this, a privacy protection method can be designed for the social network. For these purposes, at first, an attribute risk level grading method is designed based on Bayesian Network. Secondly, the cascade influence model is employed for designing the friend influence capability model.
irdly, a privacy protection method is designed for solving the influence maximization with attack constraint problem. Specifically, the contributions of this paper are summarized as follows: (1) Bayesian-based individual privacy risk evaluation model (IPREM) is proposed to evaluate the individual privacy risk levels. Since the actual multidimensional attribute data may not be completed, it is difficult to deal with the complex nonlinear relationship between the individual privacy risk and the multidimensional attribute evaluation index by using the regression analysis method. However, Bayesian Network has the function of reverse reasoning. Under the premise of some serious privacy risk, the trained Bayesian Network can be used to carry out reverse operation and analyze the objective factors causing risk. e rest of the article is organized as follows: the related work is given in Section 2; the preliminaries are given in Section 3; the privacy protection method is designed in Section 4; the simulation analysis is discussed in Section 5; and finally, the conclusion is given in Section 6.

Related Work
ere are many researches that focus on influence maximization issue, such as degree base heuristic algorithm [20] and greedy algorithm [4]. However, most of them do not consider the privacy threat problem. Privacy threats toward social network have been extensively documented. To deal with these concerns, many privacy preserving techniques have been proposed in literature. e aspect of data protection, the behaviors of data collecting or publishing, and the privacy characterization and measurement method are three main methods.
As an aspect of data protection method, Li et al. considered data security by putting all data into a cloud [21]. A mobile-cloud framework is presented by eradicating the data over-collection. However, this kind of approach mainly involves restricting data sharing, which is not suitable for the social network. Some approaches are designed based on cryptography, such as a match-then-decrypt technique proposed by Zhang et al. [22]. e data can be decrypted only when the attribute private key can match the hidden access policy. Some approaches are designed by setting the access control permission, such as Li et al. proposed a lightweight approach to protecting privacy, which applies the information flow control in routers [23]. However, these approaches are controlled by the servers without considering the user's personalization, which are not suitable for the social network.
Some studies consider data security from data collection or publish behavior [19,24]. For example, based on the theory of planned behavior and the privacy calculus model for social network, Li et al. proposed an integrated model to explain privacy disclosure behaviors [25]. In order to reduce disclosure risk and enhance data utility, Marmar et al. proposed an improved suppression method by targeting the highest risk records and keeping other records intact [18].
ree new theories extended parallel process model, selfcontrol theory, and routine activity theory which are employed by Chen et al. to explore online privacy concerns [26]. Based on the anonymity technology, Javier et al. present a generalization of aggregation method, where the individual data are replaced by cluster mean for data publishing [19]. However, without considering the difference of the individual attributes, they use the same strategy for different data sets. In fact, different people can use different strategies. erefore, it is very desirable to have a lightweight and scalable mechanism to protect privacy. e above researches focus on data protect, which lack a proper privacy characterization and measurement. A quantification model with multi-variable privacy characterization is presented by Ref. [14], which can analyze the sensitivity of individual privacy characterization. Investigate how to optimize the tradeoff between latent-data privacy and customized data utility. He et al. proposed a data-sanitization strategy that does not greatly reduce the benefits brought about by social network data, while sensitive latent information can still be protected [8]. Based on defining user vulnerability, Gundecha et al. present a privacy setting model by keeping users away from the high threatening users [7]. In order to quantify the location privacy leak, Li et al. designed a model by matching the users shared locations with their real mobility traces [6]. Several linkprediction and attribute prediction algorithms are proposed in social attribute networks [27]. In order to predict sensitive information, a data-sanitization strategy is proposed by harnessing link and attribute information simultaneously [28]. In order to resist inference attack, Cai et al. proposed a collective inference model with a mixture of nonsensitive attributes and social relationships [9]. However, these researches only consider the individual vulnerability, without considering the friendship influence. In fact, both individual vulnerability and friendship influence will affect the privacy risk. erefore, it is very desirable to design some models to estimate the risk level of each attribute and the friend's influence capability. Based on these analyses, we focus on the design of the individual privacy risk evaluation model and friend influence capability evaluation model. Furthermore, based on these two models, we need to design a privacy protection method for solving the influence maximization with attack constraint problem.

Preliminaries
is section describes some necessary background of the privacy protection, such as the social network, the attribute set, the cascade model, and the Bayesian model.
Definition 1 (social network) (see [8]). Social network can be described as a graph G(V, E, A), with node set V, edge set E, and attribute sets A. An edge (v i , v j ) ∈ E exists if and only if nodes v i and v j can communicate with each other. |V| � n and |E| � m represent the total number of nodes and edges, respectively. For the uniformity, all users are referred to as nodes in this article.
Definition 2 (attribute set) (see [8]). e attribute set of node v i can be represented by an attribute vector A ∈ A. |A| represents the total number of attributes. Each attribute x i ∈ A(1 ≤ i ≤ |A|) takes value from the i-th dimension attribute.
Definition 3 (risk of individual index) (see [7]). Individual index is defined to estimate the risk of privacy, the risk may be incurred by allowing individual attributes to be visible. e risk of individual index R u for node u can be defined as a function of individual attribute, which is shown as follows: where w i is the sensitivity weight of an i-th attribute x i , which will be defined in the IPREM model. a i � 1 if i-th attribute is visible, otherwise the attribute is not visible. R u ∈ [0, 1], where R u � 1 indicates that all attributes of node u can be visible. On the other hand, R u � 0 indicates that the attribute of node u is nonvisible.
Definition 4 (cascade model) (see [4]). e cascade model is an influence spreading model with probability. e activated node v i will attempt to activate its inactive neighbor v j under the probability p ij . Furthermore, the active node has only one chance to activate each of its inactive neighbors. Such attempts are mutually independent for different neighbors, namely, the activation of v i to v j will not be affected by the influences from other neighbors of v j .
Two kinds of cascade models, the Independent Cascade Model (ICM) with random p ij and the Weight Cascade Model (WCM) with the weighted probability, will be utilized in this article.
e ICM is an influence spreading model with probability. e activated node v i will attempt to activate its inactive neighbor v j under the random probability p ij .
Definition 6 (weight cascade model (WCM)) (see [4]). e WCM is an influence spreading model with probability. e activated node v i will attempt to activate its inactive neighbor v j under the weighted probability p ij .
Definition 7 (cascade index). Cascade index is defined to estimate the status of the cascade influence capability. It is defined as a function of transmission capability for cascade influenceas follows: where p(G ′ ) is the probability of transmission subgraph and a i � 1 if i-th level needs to be calculated, otherwise the level is not considered. Definition 8 (Bayesian model) (see [29]). If M 1 , . . . , M K are the models considered, and Δ is the quantity of interest, then its posterior distribution under given data D is shown as e posterior probability for model M K can be given by Some important symbols and their definitions are presented in Table 1.

IPREM and CICEM Based Privacy Protection Method (ICPM)
In order to maximize the influence and minimize the privacy risk, the seed set with k-size needs to be selected. e node with high cascade influence capability but low individual privacy risk evaluation can satisfy this necessary criterion. e nodes with high cascade influence capability can improve the network influence. However, if it also has high private risk level, it will be of great interest to attackers. en, it can pose a threat to his friends, and the threats are increased with the number of vulnerable nodes that are Security and Communication Networks influenced. So, the user with a low individual privacy risk level will paid less attention by the attackers, at the same time, the user with high cascade influence capability can improve the network influence. In other words, it is necessary to find the nodes with high cascade influence capacity and stay away from the vulnerable ones.
is kind of problem can be defined as the Influence Maximization with Attack Constraint problem (IMAC).
IMAC (X, Y, k): X is a selected seed set with high vulnerable weight σ, where σ i � αC i − βI i and α, β represent the weight factors. e seed set size needs to satisfy |X| ≤ k. Y is the set whose member is vulnerable to be attacked. e aim of the IMAC is to maximize the influence under the constraint environment of minimizing the privacy risk. So σ is positively correlated with the cascade influence capability C i while negatively correlated with the individual privacy risk I i . I i and C i can be calculated by (9) and (10), respectively.
For a graph G with n nodes and m edges: e probability of the subgraph G generated can be calculated as (5).
where p e can be defined by the concrete cascade influence model. According to (5), the probability of the example subgraph as shown in Figure 1 is p(G ′ ) � 0.015625. Assume graph has l probability graphs (G 1 ′ , G 2 ′ , . . . , G l ′ ), then the number of nodes that can be influenced by the nodes set S can be calculated by the arbitrary G ′ . e node conditional expected influence privacy is shown as (6). Y), i) represents the nodes set influenced by seed set X after i steps through cascade influence model, when the attacked set Y exists. T is the total number of the steps in the cascade influence model. Users in the social network can decide whether or not to reveal their individual attributes based on the risk levels. So, estimating the privacy risk is the basic precondition for the privacy protection. In this section, the evaluation models for quantifying privacy disclosure risks are discussed. Two factors are estimated, individual privacy risk and cascade influence capability. e Bayesian-based Individual Privacy Risk Evaluation model (IPREM) is designed for the hierarchy of individual attribute at first. Individual attributes include personal information such as name, age, gender, family members, e-mail, QQ ID, WeChat ID, occupation, and even religious affiliations. Furthermore, one node's vulnerability depends not only on the visibility of individual attributes but also on the exposure of the profile through his friends. en, the Cascade Influence Capability Evaluation model (CICEM) is designed, which aims to rank the friend influence risk levels based on the cascade influence model. At last, an IPREM and CICEM based Privacy Protection Method (ICPM) is designed for solving the IMAC problem.

IPREM: Hierarchy of Individual Privacy Risk.
e individual privacy risk is one of the most important factors for privacy protection. For example, if one of your friends who has most of your information has a high individual privacy risk, there is high probability that your information will be leaked indirectly. So how to evaluate each user's individual privacy risk level is the first important issue. e probability of individual privacy risk can be predicted based on the

Symbols
Definitions Graph G for describing the network v i User or node in the network Bayesian Network, under the condition that some risk is known. Since the actual multidimensional attribute data may not be completed, it is difficult to deal with the complex nonlinear relationship between the individual privacy risk and the multidimensional attribute evaluation index by using the regression analysis method. However, Bayesian Network has the function of reverse reasoning. Under the premise of some serious privacy risk, the trained Bayesian Network can be used to carry out reverse operation and analyze the objective factors causing risk. Bayesian Networks can be obtained by means of data analysis and expert experience.
e individual attribute exposure statuses are denoted as n). Assume the prior probability is pr(F 1 i ). e risk level is denoted as R and new additional information obtained from the investigation ispr(R|F 1 i )(i � 1, 2, . . . , n). According to Bayesian Network, the posterior probability pr(F 1 i |R) can be calculated: e probability of each factor leading to its occurrence can be calculated by (7), when risk R happens. In this paper, the levels of privacy risk is defined as the number of the attributions |A|, from level 1 to level |A|, with level |A| 's risk being the highest. e risk levels can be denoted as e privacy risk level may be affected by the status of the factors. e level of exposed information determines the status of the node and thus the risk level of the node can be calculated. So, it can be considered that there is a causal relationship between various statuses and the levels of privacy risk. According to (7), there is Based on these theoretical foundations, the IPREM can be designed by 4 steps as follows: Bayesian-Based Individual Privacy Risk Evaluation Model (IPREM) Input: the network and the probability of each attribute being exposed. Output: individual privacy risk I i for each individual privacy.
Step 1. e first step is to design a disclosure risk measure. According to the analysis of network, the probability of exposure (e i ) for each attribute can be obtained, and sensitivity weight (w i ) for each value can be calculated by An example of 4 sample attributes is shown in Table 2. According to the analysis of Facebook network, about 81.77% nodes reveal their gender, about 6.26% nodes reveal their individual websites. en the sensitivity weight of the gender is 0.1823. Assume the four statuses of the individual privacy risk is depended by the attribute public situation: (1) e probability of exposure between 0.3 and 1 is defined as status F 1 1 , such as the gender, whose probability p � 0.8177. ese attributes only trigger the lowest level of individual privacy risk For example, the attribution phone number is set to be visible by only 00.36% of users, and then it has a sensitivity weight of 0.9964, which will trigger the highest level of leakage risk.
Step 2. e second step is to calculate the prior probability of each attribute based on (1). e prior probability can be calculated as Table 3 based on (1). Since |A| � 4, the risk levels can be denoted as R 1 , R 2 , . . . , R 4 . Take status F 1 2 as an example; the probability for the privacy risk at level 1, R 1 � 0.1958 can be calculated. en, the coefficient of individual privacy risk evaluation r i can be calculated as the last column of Table 3.
e modeling of Bayesian Network can be completed based on (8).
e individual privacy risk can be calculated by where x i represents the value of the i 's attribute value.

Security and Communication Networks
For example, based on the data in Tables 3 and 5, since |A| � 4, for node u 1 , x 1 � x 2 � 1, and x 3 � x 4 � 0, the individual privacy risk I 1 � 0.3250 can be calculated. In the same way, the individual privacy risk for u 2 , u 3 , and u 4 can be calculated as I 2 � 1, I 3 � 0.3908, and I 4 � 0.9364, respectively. Node u 2 has the highest individual privacy risk.

CICEM: Hierarchy of Influence Capability Based on Cascade Influence Model.
Cascade influence capability is another important factor in the social network. On the one hand, users' cascade influence capability is a key factor for influence maximization. Users with high cascade influence capability are selected into the seed set and can make the spread of influence maximization. On the other hand, the friend influence risk is another factor for privacy protection. A friend with high cascade influence capability may have higher influence risk. For example, if one of your friends who has high cascade influence capability know most of your information, there is a high probability that your information may be leaked indirectly. So, how to evaluate each user's cascade influence capability is the second important issue. e idea is similar to the IPREM, and based on the cascade influence model, the CICEM is designed as follows:

Cascade Influence Capability Evaluation Model (CICEM)
Input: one social network G Output: cascade influence capability C i Step 1. Similar to IPREM, the statuses can be defined according to the cascade index C v , which also can be dynamic regulated by the user or environment requirement. Here, assume the cascade influence has four kinds of statuses F 2 j (j � 1, 2, 3, 4), the prior probability is pr(F 2 j ). According to (2), the probability of cascade influence pr(L i |F 2 j ) can be calculated. L i represents the level of the cascade influence capability, which can be set based on some established principles.
Take Figure 1 as an example. Four levels can be set based on the node degrees. e nodes are arranged in descending order of the degree. e top 25% nodes with the lowest degree are set as L 1 , those arranged between 25% and 50% are set as L 2 , those arranged between 50% and 75% are set as L 3 , and the top 25% nodes with the highest degree are set as L 4 . Figure 1(a) is the original graph. Figure 1(b) is the subgraph; nodes u 3 and u 4 are affected by node u 1 through cascade influence model, that is to say that, in this subgraph, two nodes have been influenced. In this example, set node u j 's influence status to F 2 j . According to (2), the total probability of influence is shown in Table 6. en, the coefficients of cascade influence evaluation c i can be calculated as shown in the last column of Table 6.
e posterior probability pr(F 2 j |L i ) (i � 1, 2, 3, 4; j � 1, 2, 3, 4) can be calculated based on (9). Take the same example, pr(F 2 j |L i )(i � 1, 2, 3, 4; j � 1, 2, 3, 4) are shown in Table 7. It is easy to find that the cascade influence capability is higher when more nodes are influenced. For example, when cascade influence capability L 4 happens, the influence set size more than 4 has a probability of 100%. If cascade influence capability L 1 happens, only one node is influenced with a probability of 61.15%, and nodes 2, 3, and 4 have been influenced with probabilities of 22.93%, 10.19%, and 5.73%, respectively.
Step 3. Based on the cascade influence evaluation c i , the cascade influence capability can be calculated as c i is the cascade influence evaluation, which can be calculated, as shown in Table 6. e selection of coefficient is determined by the node. For example, when node u j is in level L 3 , then c j � c 3 � 0.3125 will be selected as the coefficient. p e is the probability of the edges in the route between the node u i and u j . n is the total number of the nodes in the network. e cascade influence capability needs to be normalized as

ICPM: IPREM and CICEM Based Privacy Protection
Method. Influence maximization problem in privacy protection environment is to find a subset of secure and reliable users that can make the spread of influence maximization and privacy disclosure minimization. For this purpose, at   Gender (x 1 ) 1 1 1 0 Education and work (x 2 ) Step 1. Calculate the individual privacy risk I i based on IPREM.
Step 2. Calculate the cascade influence capability C i based on CICEM.
Step 3. Calculate the σ i � αC i − βI i for each node u i .
Step 4. Select some nodes into seed set X.

Performance Evaluations
In order to analyze the performance of the ICPM method, the Facebook network is selected for experimental analysis. Imitating the data source of literature [7], we captured some Facebook data containing user information. is network contains about 130,000 users and 1,000,000 edges. e profile information includes 26 attributes for users such as age, gender, mobile phone number, and address. Without invasion of privacy, each of the attribute information is defined as true or false. True means this attribute is visible, while false means nonvisible. Since there are 26 attributes in the simulation, the risk levels can be denoted as R 1 , R 2 , . . . , R 26 . Figure 2 shows the percentages of people who enable the particular attribute to be visible. For example, it can be found that 0.36% users enable their mobile phone numbers to be visible. 81.77% users enable their gender to be visible.
In this section, three influence maximization methods, two cascade influence models, and two attack models are discussed for comparison. ree influence maximization methods are degree-based [20], random-based [30], and our ICPM method. For the degree-based method, k nodes with higher degree will be selected. For the random-based seed set selected method, k nodes will be selected randomly. For our ICPM method, k nodes will be selected according to the method proposed in Section 4. e weight coefficients α, β can be set by the environments and requirements. In this simulation experiment, they are set as α � 0.6 and β � 0.4. e nodes selected by these methods are taken as the initial active nodes. Furthermore, ICM and WCM are two cascade influence models we will use. For each influence maximization method, with or without edge weight modified models will be discussed. In addition, in order to test the security, two attack models will be modeled: (1) the attack model based on high individual privacy risk and (2) the attack model based on high degree. Two measurements, influence size and protection degree, are discussed. e simulation experiments are carried out in the MATLAB environment.
e final influence effects and protection degrees are the average of 50 times simulation experiment.

Comparison Experiment Based on ICM.
At first, the comparison experiment based on ICM will be discussed. Figure 3 shows the influence for three methods in Facebook network. For simplicity and lack of information, the activation probability between nodes is set as the same value of 0.05, which is also the probability value commonly used under this model [4]. Figure 3(a) is a comparison of the number of influenced nodes of different seed sizes by three methods in the Facebook network, where the x-coordinate is the seed set size, and the y-coordinate is the size of the set to be influenced to eventually. It can be found that the seed set selected by our ICPM method can spread much wider than other methods when no attack happens.
An important conclusion that can be drawn from Figures 3(b)-3(d) is that, when the high degree attack happens, the ICPM method is affected slightly, and its property of antiattack is the best. e degree-based method has the lowest influence set size. Assume that 200 nodes are selected as the seed set; for the degree method, the influence set sizes are decreased from 933 to 261, 163, and 51 when the attacked set sizes are 50%, 70%, and 90% of the seed set size, respectively. However, for the ICPM method, the influence set sizes are decreased from 1249 to 372, 355. and 331 when the attacked set sizes are 50%, 70%, and 90% of the seed set size, respectively. Take the attacked set size as 90% as an example, the influence set sizes fall to 94% and 73% by degree method and ICPM method, respectively.
However, It is not clear at a glance for the privacy protection level. en, the protection degree is defined as the ratio of the influences set sizes under attack to that without attack. Figure 4 shows the protection degree under high individual privacy risk attack. Figures 4(a) and 4(b) show 10% and 20% nodes of the whole network are attacked, respectively. For example, when 10% nodes are attacked, the protection degree is about 0.4 by our ICPM method, while that is nearly 0 by the degree method. It also can be found that ICPM method is affected slightly under the individual privacy risk attack, which can protect the privacy more. e reason for this behavior is that the degree is not the only factor considered in our ICPM method. e nodes with high    individual privacy risk have a lower probability to be selected as the seed node. at is to say, the ICPM method has the ability to find more security influential nodes than the other methods.

Comparison Experiment with Edge Weight Modification.
Second, based on the ICM, the influence with or without edge weight modification will be discussed. e edge weight modification means that the weight can be modified according to the actual environment and requirement. For example, three kinds of activation probabilities between nodes are set. For the nodes with top 33% highest individual privacy risk, the probabilities of the incidence edge are modified to p ij (1 − λ 1 I i ), and for the nodes with top 33% lowest individual privacy risk, the probability of the incidence edge are modified to p ij (1 + λ 2 I i ), where λ 1 � 1 and λ 2 � 0.5. Figure 5 shows the influence under high degree attack model. Six kinds of influence maximization methods, random-based, degree-based, and ICPM method with or without edge weight modification, are discussed based on ICM. For example, assume that 200 nodes are selected as the seed set. Under high degree attack and without edge weight modification, the attacked set sizes are 70% and 90%, respectively, of the seed set size. For the degree method, the influence set sizes are 165 and 51, respectively. For the random method, the influence set sizes are 302 and 259, respectively. However, for the ICPM method, the influenced set sizes are 355 and 331, respectively. It can be found that the ICPM method is affected slightly under the degree attack.
Furthermore, the protection degrees under the six kinds of methods are discussed. Figure 6 shows the protection degree based on ICM under high individual privacy risk attack in the Facebook network. Figures 6(a) and 6(b) show 10% and 20% nodes of the whole network are attacked, respectively. For example, when 20% nodes are attacked, the protection degree is about 0.35 by our ICMP method, while that is 0 by the degree based method. e reason is that according to equations (9)-(10) and the high individual privacy risk attack principle, the nodes with higher degree will have higher individual privacy risk. ey are selected as the seed nodes by the degree-based method, that is to say, almost all the seed nodes will be attacked by the high individual privacy risk attack, and no information can be spread.
As mentioned above, some important conclusions can be drawn. At first, the attack effect for the ICPM method is less than other methods. Second, the influence set sizes are almost the same by the methods with or without edge weight modification. e reason for this behavior is due to the fact that the individual privacy risk and the cascade influence capability are two factors considered in the ICPM method. e edge weight modification is that the weight can be modified according to the actual environment and requirement.

Comparison Experiment Based on WCM.
At last, the comparison experiment based on WCM will be discussed. Different from the ICM, the activation probability between nodes in WCM is set as the inverse of the degree. e Facebook network is also utilized for the experimental analysis. Figures 7(a)-7(d) show the influence set sizes when different number of nodes are attacked by high degree attacks in the Facebook network. It is easy to find that the ICPM method has higher influence set sizes than the other two kinds of methods. Assume 200 nodes are selected as the seeds. For the degree-based method, the influenced set sizes are decreased from 935 to 547, 365, and 136 when the attacked set sizes are 50%, 70%, and 90% of the seed set size, respectively. However, for the ICPM method, the influenced set sizes are decreased from 1250 to 1153, 1129, and 1096 when the attacked set sizes are 50%, 70%, and 90% of the seed set size, respectively. Furthermore, compared with Figure 3, it can be found that the influence set sizes based on WCM are higher than that based on ICM.
In addition, the protection degrees under six kinds of methods are discussed. Figure 8 shows     show that 10% and 20% nodes of the whole network are attacked, respectively. It is easy to find that our ICPM method is affected slightly under the individual privacy risk attack, which can protect the privacy more. From these two figures, it can be found that the ICPM method has the highest protection degree, while the degree-based method is the worst method. From the analysis, it can be concluded that under different kinds of attacks, the ICPM method is affected slightly and its property of anti-attack is the best.

Conclusion
is paper focuses on the research of privacy protection model in social networks. One of our key methods beyond the existing literature is considering both the individual risk and cascade influence capability: (1) Bayesian-based Individual Privacy Risk Evaluation Model (IPREM) is proposed to rank the individual risk levels; (2) by considering the influence capability, Cascade Influence Capability Evaluation Model (CICEM) is designed; and (3) an IPREM and CICEM based Privacy Protection Method (ICPM) is designed. It is the first attempt, to our knowledge, to consider jointly individual privacy risk and influence maximization on the privacy protection design. Finally, the performance and security are compared with different methods, and our method can obtain the highest influence set sizes and exhibit the best antiattack property when some attacks happened.
Our IPREM, CICEM models and ICPM method provide good starting points in the influence maximization privacy protection research in future social network. Further studies may concentrate on the temporal and spatial variation environment, the case when the attacker has strong reasoning attack ability. Furthermore, the attributes are not discussed independent of analysis in this article. Next, the problem of what is the amount of private attribute leakage and privacy breach when the attacks happen will be discussed.

Data Availability
e data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest
e authors declare that there are no conflicts of interest regarding the publication of this paper.