Divyesh Shah,Sheng Zhong

DOI: https://doi.org/10.1016/j.ins.2007.07.013

IF: 8.1

2007-01-01

Information Sciences

Abstract:Privacy preserving data mining addresses the need of multiple parties with private inputs to run a data mining algorithm and learn the results over the combined data without revealing any unnecessary information. Most of the existing cryptographic solutions to privacy-preserving data mining assume semi-honest participants. In theory, these solutions can be extended to the malicious model using standard techniques like commitment schemes and zero-knowledge proofs. However, these techniques are often expensive, especially when the data sizes are large. In this paper, we investigate alternative ways to convert solutions in the semi-honest model to the malicious model. We take two classical solutions as examples, one of which can be extended to the malicious model with only slight modifications while another requires a careful redesign of the protocol. In both cases, our solutions for the malicious model are much more efficient than the zero-knowledge proofs based solutions.

Shengyuan Pang,Yanjiao Chen,Jiangyi Deng,Jialin Wu,Yijie Bai,Wenyuan Xu

DOI: https://doi.org/10.1109/metacom62920.2024.00040

2024-01-01

Abstract:Machine learning models dazzle us with their incredible performance but may irritate us with data privacy issues. Various attacks have been proposed to peep into the sensitive training data of machine learning models, the mainstream ones being membership inference attacks and model inversion attacks. As a countermeasure, defense strategies have been devised. Nonetheless, a unified theoretical framework and evaluation testbed for training data privacy analysis is lacking. In this paper, we taxonomize representative attack methods regarding the attack objective, attack knowledge, and attack capability. As for the defense, we focus on the novel idea of turning adversarial attacks into privacy protection tools, hence the title adversarial for good. To provide an open-sourced integrated platform to evaluate different attacks and defenses. Our experiment results show that adopting adversarial example attacks and adversarial training for data privacy protection is compelling, which may motivate more efforts in transforming adversarial to good in the future.

Shenggang Ying,Mingsheng Ying,Yuan Feng

DOI: https://doi.org/10.48550/arXiv.1707.09893

2017-07-31

Abstract:With the extensive applications of machine learning, the issue of private or sensitive data in the training examples becomes more and more serious: during the training process, personal information or habits may be disclosed to unexpected persons or organisations, which can cause serious privacy problems or even financial loss. In this paper, we present a quantum privacy-preserving algorithm for machine learning with perceptron. There are mainly two steps to protect original training examples. Firstly when checking the current classifier, quantum tests are employed to detect data user's possible dishonesty. Secondly when updating the current classifier, private random noise is used to protect the original data. The advantages of our algorithm are: (1) it protects training examples better than the known classical methods; (2) it requires no quantum database and thus is easy to implement.

Quantum Physics,Cryptography and Security,Machine Learning

Guang Li,Xiaohong Su,Yadong Wang

DOI: https://doi.org/10.1007/978-3-030-00214-5_142

2018-01-01

Abstract:For mining privacy data that can not be seen directly, the privacy preserving data mining (PPDM) is needed. As far as we know, for neural network learning on vertically distributed databases, there is no good enough PPDM method. For solving it, a privacy preserving method for learning neural networks on vertically distributed data is proposed by this paper. This method designs protocols to exchange essential information for learning neural networks without opening private data. The learning results with this proposed method are the same as the results with the original BP algorithm without considering privacy preservation. And, in the learning process, every node cannot get the details of other nodes’ data.

Wenyi Tang,Bo Qin,Suyun Zhao,Boning Zhao,Yunzhi Xue,Hong Chen

DOI: https://doi.org/10.1007/978-3-030-36938-5_21

2019-01-01

Abstract:Machine learning is now playing important roles in daily lives, however, the privacy leakages are increasingly getting serious in the meantime. Current solutions to the privacy issues in machine learning, like differential privacy or homomorphic encryption either could only be applied to some specific scenarios or bring huge modification to the model construction, not to mention massive efficiency loss. In this paper, we consider addressing the privacy issue in machine learning from another perspective, without modification to models or severe efficiency loss. We proposed a straightforward privacy preserving machine learning scheme, training machine learning models directly over encrypted data. Ideally, this scheme could provide privacy protection to both training data and test data. We gave it a try by applying order preserving encryption (OPE) to the scheme. We discussed the possibility of using OPE to reveal the order information confidentially for model training. Several OPE algorithms were chosen to utilize the proposed method. Finally, comprehensive experiments were deployed on both synthetic and real datasets. The experiments on real datasets show that the learning performance of several well-known classifiers on before and after encryption changes slightly. The experiments on synthetic datasets show the classifier performance could be ranked according to fidelity and reliability.

Jinzhao Shan,Ying Lin,Xiaoke Zhu

DOI: https://doi.org/10.1109/icaiis49377.2020.9194850

2020-01-01

Abstract:With the rapid development of big data and data analysis technology, a large amount of data is collected and used for data mining. However, the prediction accuracy of data mining often fails to meet the needs of third-party data users, and holders may not explicitly and openly share their data. How to share data and handle data privacy issues between entities while ensuring error-free prediction becomes a challenging problem. Therefore, privacy preserving data mining(PPDM) technology was introduced. Among them, the random perturbation method is a direct and effective method to protect data privacy by modifying some sensitive attribute values. This paper proposes a new method of data mining for privacy protection, which is based on SVM machine learning algorithm for data mining and great balances the utility and security of data. JHI and WBC data sets in machine learning database were used in the experiment, and machine learning privacy protection parameters were used for security evaluation. Experiments were conducted to compare NMF and NMFSVD algorithms, and the experiments results show that RNP privacy protection data mining method not only has less error, but also can better protect the privacy of the data set.

Guanhong Miao,Samuel S. Wu

DOI: https://doi.org/10.1109/tifs.2024.3402319

IF: 7.231

2024-05-30

IEEE Transactions on Information Forensics and Security

Abstract:Conducting secure computations to protect against malicious adversaries is an emerging field of research. Current models designed for malicious security typically necessitate the involvement of two or more servers in an honest-majority setting. Among privacy-preserving data mining techniques, significant attention has been focused on the classification problem. Logistic regression emerges as a well-established classification model, renowned for its impressive performance. We introduce a novel matrix encryption method to build a maliciously secure logistic model. Our scheme involves only a single semi-honest server and is resilient to malicious data providers that may deviate arbitrarily from the scheme. The d-transformation ensures that our scheme achieves indistinguishability (i.e., no adversary can determine, in polynomial time, which of the plaintexts corresponds to a given ciphertext in a chosen-plaintext attack). Malicious activities of data providers can be detected in the verification stage. A lossy compression method is implemented to minimize communication costs while preserving negligible degradation in accuracy. Experiments illustrate that our scheme is highly efficient to analyze large-scale datasets and achieves accuracy similar to non-private models. The proposed scheme outperforms other maliciously secure frameworks in terms of computation and communication costs.

computer science, theory & methods,engineering, electrical & electronic

Hongyang Yan,Li Hu,Xiaoyu Xiang,Zheli Liu,Xu Yuan

DOI: https://doi.org/10.1016/j.ins.2020.09.064

IF: 8.1

2021-02-01

Information Sciences

Abstract:<p>Collaborative learning and related techniques such as federated learning, allow multiple clients to train a model jointly while keeping their datasets at local. <em>Secure Aggregation</em> in most existing works focus on protecting model gradients from the server. However, an dishonest user could still easily get the privacy information from the other users. It remains a challenge to propose an effective solution to prevent information leakage against dishonest users.</p><p>To tackle this challenge, we propose a novel and effective privacy-preserving collaborative machine learning scheme, targeting at preventing information leakage agains adversaries. Specifically, we first propose a privacy-preserving network transformation method by utilizing Random-Permutation in Software Guard Extensions(SGX), which protects the model parameters from being inferred by a curious server and dishonest clients. Then, we apply Partial-Random Uploading mechanism to mitigate the information inference through visualizations. To further enhance the efficiency, we introduce network pruning operation and employ it to accelerate the convergence of training. We present the formal security analysis to demonstrate that our proposed scheme can preserve privacy while ensuring the convergence and accuracy of secure aggregation. We conduct experiments to show the performance of our solution in terms of accuracy and efficiency. The experimental results show that the proposed scheme is practical.</p>

computer science, information systems

Kaihe Xu,Hao Yue,Linke Guo,Yuanxiong Guo,Yuguang Fang

DOI: https://doi.org/10.1109/icdcs.2015.40

2015-06-01

Abstract:Machine learning has played an increasing important role in big data systems due to its capability of efficiently discovering valuable knowledge and hidden information. Often times big data such as healthcare systems or financial systems may involve with multiple organizations who may have different privacy policy, and may not explicitly share their data publicly while joint data processing may be a must. Thus, how to share big data among distributed data processing entities while mitigating privacy concerns becomes a challenging problem. Traditional methods rely on cryptographic tools and/or randomization to preserve privacy. Unfortunately, this alone may be inadequate for the emerging big data systems because they are mainly designed for traditional small-scale data sets. In this paper, we propose a novel framework to achieve privacy-preserving machine learning where the training data are distributed and each shared data portion is of large volume. Specifically, we utilize the data locality property of Apache Hadoop architecture and only a limited number of cryptographic operations at the Reduce() procedures to achieve privacy-preservation. We show that the proposed scheme is secure in the semi-honest model and use extensive simulations to demonstrate its scalability and correctness.

Yuliang Zheng,Xintao Wu,Songtao Guo

2007-01-01

Abstract:Privacy is often considered as a social, moral or legal concept. As Internet and e-commerce have prospered nowadays, privacy has become one of the most important issues in IT and has received increasing attention from enterprises, consumers and legislators. Although various techniques, such as randomization-based methods, cryptographic-based methods, and database inference control etc. have been developed, many key problems still remain open in this area. Especially, new privacy and security issues have been identified, and the scope of the privacy has been expanded. An essential problem under the context is tradeoffs between the data utility and the disclosure risk. Since previous research only conducted empirical evaluations or limited analysis for existing randomization techniques, a more solid theoretical analysis is needed. This dissertation investigates different perturbation models in randomization-based privacy preserving data mining. Among them, the additive-noise-based model and the projection-based-model are primary tools. For the additive-noise-based perturbation, the explicit relation between noise and mining accuracy has not been carefully studied. We first propose an improved strategy to reconstruct the data based on the representative method. Then we develop explicit bounds of reconstruction error. Both the upper bound and the lower bound provide a guideline to balance the privacy/accuracy tradeoff. We also discuss other potential threats to the privacy based on our defined measure for quantifying the privacy. For the projection-based perturbation, properties of different models and possible disclosures within those models are analyzed in detail. Particularly, we propose an A-priori Knowledge-based ICA attack (AK-ICA) which is effective against all the existing projection models. Due to the vulnerabilities in previous randomization models, a general-location-model-based approach is proposed. It first builds a statistical model to fit the real data with both categorical and numerical types of variables, then generates a synthetic data set for mining by tuning parameters of the model instead of perturbing particular individual values. Since the search space of parameters of the model is much smaller than that of data and all information which attackers can derive is contained in those parameters, this approach is expected to be more effective and efficient. This dissertation investigates privacy issues of the numerical data in this model, wherein the disclosure is analyzed and controlled in different scenarios.

Guoming Wang,Rongxing Lu,Cheng Huang

DOI: https://doi.org/10.1109/ICICS.2015.7459925

2015-01-01

Abstract:In big data era, the explosive data mining techniques are used as popular tools to mine useful knowledge for the hospitals. However, considering the complexity of these techniques, the hospitals tend to outsource both data and calculations to computationally powerful cloud, which however poses a potential threat to user's privacy. In this paper, in order to address the privacy challenge, based on Paillier homomorphic cryptosystem, we propose a feasible privacy-preserving single-layer perceptron scheme, named PSLP. Specifically, in the proposed PSLP scheme, a hospital outsources the sensitive medical information to the cloud in ciphertext, and then the cloud can execute the privacypreserving neural network training to obtain the disease model. Detailed security analysis shows the proposed PSLP can really achieve privacy-preserving property. In addition, extensive performance evaluations also demonstrate it is feasible in terms of computational cost and communication overhead.

Feng Li,Jin Ma,Jian-hua Li

DOI: https://doi.org/10.1109/sitis.2007.139

2007-01-01

Abstract:Privacy preserving becomes an important issue in the development progress of data mining techniques, especially in distributed data mining. Secure multiparty computation methods are proposed to protect the privacy in distributed environment, but shows low performance under massive nodes. This paper presents an adaptive privacy preserving data mining model based on data perturbation method to improve the efficiency while preserving the privacy. Security capability of basic data perturbation is firstly analyzed and an adaptive enhancement method is proposed according to the eigen value decomposition based attacks. A light-weight protocol with homomorphic technique is proposed to perform the perturbation process under distributed environments. The experiment results show that the model has high controllable security and shows more efficiency in large scale distribution environment comparing to secure multiparty related methods.

Fei Zheng,Chaochao Chen,Xiaolin Zheng,Mingjie Zhu

DOI: https://doi.org/10.1016/j.knosys.2022.108609

IF: 8.139

2022-01-01

Knowledge-Based Systems

Abstract:With the increasing demand for privacy protection, privacy-preserving machine learning has been drawing much attention from both academia and industry. However, most existing methods have their limitations in practical applications. On the one hand, although most cryptographic methods are provable secure, they bring heavy computation and communication. On the other hand, the security of many relatively efficient privacy-preserving techniques (e.g., federated learning and split learning) is being questioned, since they are non-provable secure. Inspired by previous work on privacy-preserving machine learning, we build a privacy-preserving machine learning framework by combining random permutation and arithmetic secret sharing via our compute-after-permutation technique. Our method is more efficient than existing cryptographic methods, since it can reduce the cost of element-wise function computation. Moreover, by adopting distance correlation as a metric for evaluating privacy leakage, we demonstrate that our method is more secure than previous non-provable secure methods. Overall, our proposal achieves a good balance between security and efficiency. Experimental results show that our method not only is up to 5 × faster and reduces up to 80% network traffic compared with state-of-the-art cryptographic methods, but also leaks less privacy during the training process compared with non-provable secure methods.

Tianwei Zhang,Zecheng He,Ruby B. Lee

DOI: https://doi.org/10.48550/arXiv.1807.01860

2018-07-05

Cryptography and Security

Abstract:As machine learning becomes a practice and commodity, numerous cloud-based services and frameworks are provided to help customers develop and deploy machine learning applications. While it is prevalent to outsource model training and serving tasks in the cloud, it is important to protect the privacy of sensitive samples in the training dataset and prevent information leakage to untrusted third parties. Past work have shown that a malicious machine learning service provider or end user can easily extract critical information about the training samples, from the model parameters or even just model outputs. In this paper, we propose a novel and generic methodology to preserve the privacy of training data in machine learning applications. Specifically we introduce an obfuscate function and apply it to the training data before feeding them to the model training task. This function adds random noise to existing samples, or augments the dataset with new samples. By doing so sensitive information about the properties of individual samples, or statistical properties of a group of samples, is hidden. Meanwhile the model trained from the obfuscated dataset can still achieve high accuracy. With this approach, the customers can safely disclose the data or models to third-party providers or end users without the need to worry about data privacy. Our experiments show that this approach can effective defeat four existing types of machine learning privacy attacks at negligible accuracy cost.

Zhuoran Ma,Jianfeng Ma,Yinbin Miao,Ximeng Liu,Kim-Kwang Raymond Choo,Yu Gao,Robert H. Deng

DOI: https://doi.org/10.1109/tii.2021.3077005

IF: 12.3

2022-02-01

IEEE Transactions on Industrial Informatics

Abstract:With the large-scaled data generated from various interconnected machines and networks, Industrial Internet of Things (IIoT) provides unprecedented opportunities for facilitating data mining for industrial applications. The current IIoT architecture tends to adopt cloud computing for further timely mining IIoT data, however, the openness of security-critical IIoT becomes challenging in terms of unbearable privacy issues. Most existing privacy-preserving data mining (PPDM) techniques are designed to resist honest-but-curious adversaries (i.e., cloud servers and data users). Due to the complexity and openness in IIoT, PPDM is significantly difficult with the presence of malicious adversaries in IIoT who may incur incorrect learned models and inference results. To solve the aforementioned issues, we propose a framework to extend existing PPDM to guard linear regression against malicious behaviors (hereafter referred to as GuardLR). To prevent dishonest computations of cloud servers and inconsistent inputs of data users, we first design a privacy-preserving verifiable learning scheme for linear regression, which guarantees the correctness of learning. In this article, to avoid malicious clouds from returning incorrect inference results, we design a privacy-preserving prediction scheme with lightweight verification. Our formal security analysis shows that GuardLR achieves privacy, completeness, and soundness. Empirical experiments using real-world datasets also demonstrate that GuardLR has high computational efficiency and accuracy.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Tianpei Lu,Bingsheng Zhang,Lichun Li,Kui Ren

2024-11-14

Abstract:With the increasing emphasis on privacy regulations, such as GDPR, protecting individual privacy and ensuring compliance have become critical concerns for both individuals and organizations. Privacy-preserving machine learning (PPML) is an innovative approach that allows for secure data analysis while safeguarding sensitive information. It enables organizations to extract valuable insights from data without compromising privacy. Secure multi-party computation (MPC) is a key tool in PPML, as it allows multiple parties to jointly compute functions without revealing their private inputs, making it essential in multi-server environments. We address the performance overhead of existing maliciously secure protocols, particularly in finite rings like $\mathbb{Z}_{2^\ell}$, by introducing an efficient protocol for secure linear function evaluation. We implement our maliciously secure MPC protocol on GPUs, significantly improving its efficiency and scalability. We extend the protocol to handle linear and non-linear layers, ensuring compatibility with a wide range of machine-learning models. Finally, we comprehensively evaluate machine learning models by integrating our protocol into the workflow, enabling secure and efficient inference across simple and complex models, such as convolutional neural networks (CNNs).

Cryptography and Security

Jiang Han,Liu Yiran,Song Xiangfu,Wang Hao,Zheng Zhihua,Xu Qiuliang

DOI: https://doi.org/10.11999/jeit190887

2020-01-01

Abstract:The characteristics of the new generation of artificial intelligence technology are shown as follows: with the help of GPU computing, cloud computing and other high-performance distributed computing capabilities, machine learning algorithms represented by deep learning algorithms are used for learning and training on big data to simulate, extend and expand human intelligence. Different data sources and computing physical locations make the current machine learning face serious privacy leakage problem, so the Privacy Protection of Machine (PPM) Learning has become a widely concerned research area. Using cryptography technology to solve the problem of privacy in machine learning is an important technology to protect the privacy of machine learning. Cryptographic tools used in privacy-preserving machine learning are introduced, such as general Secure Multi-Party Computing (SMPC), privacy protection set operation and Homomorphic Encryption (HE), describes the status and developments applying the tools to solving the problems of privacy protection in various stages of machine learning, such as data processing, model training, model testing, and data prediction.

Weiping Ge,Wei Wang,Xiaorong Li,Baile Shi

DOI: https://doi.org/10.1007/11430919_32

2006-01-01

Journal of Computer Research and Development

Abstract:Privacy-preserving classification mining is one of the fast-growing sub-areas of data mining. How to perturb original data and then build a decision tree based on perturbed data is the key research challenge. By applying transition probability matrix this paper proposes a novel privacy-preserving classification mining algorithm which suits all data types, arbitrary probability distribution of original data, and perturbing all attributes (including label attribute). Experimental results demonstrate that decision tree built using this algorithm on perturbed data has comparable classifying accuracy to decision tree built using un-privacy-preserving algorithm on original data.

Mohammad Al-Rubaie,J. Morris Chang

DOI: https://doi.org/10.48550/arXiv.1804.11238

2018-03-27

Abstract:For privacy concerns to be addressed adequately in current machine learning systems, the knowledge gap between the machine learning and privacy communities must be bridged. This article aims to provide an introduction to the intersection of both fields with special emphasis on the techniques used to protect the data.

Cryptography and Security,Machine Learning

Randa Aljably,Yuan Tian,Mznah Al-Rodhaan

DOI: https://doi.org/10.1155/2020/5874935

IF: 1.968

2020-01-01

Security and Communication Networks

Abstract:Nowadays, user’s privacy is a critical matter in multimedia social networks. However, traditional machine learning anomaly detection techniques that rely on user’s log files and behavioral patterns are not sufficient to preserve it. Hence, the social network security should have multiple security measures to take into account additional information to protect user’s data. More precisely, access control models could complement machine learning algorithms in the process of privacy preservation. The models could use further information derived from the user’s profiles to detect anomalous users. In this paper, we implement a privacy preservation algorithm that incorporates supervised and unsupervised machine learning anomaly detection techniques with access control models. Due to the rich and fine-grained policies, our control model continuously updates the list of attributes used to classify users. It has been successfully tested on real datasets, with over 95% accuracy using Bayesian classifier, and 95.53% on receiver operating characteristic curve using deep neural networks and long short-term memory recurrent neural network classifiers. Experimental results show that this approach outperforms other detection techniques such as support vector machine, isolation forest, principal component analysis, and Kolmogorov–Smirnov test.