Tsz On Li,Jianyu Jiang,Ji Qi,Chi Chiu So,Jiacheng Ma,Xusheng Chen,Tianxiang Shen,Heming Cui,Yuexuan Wang,Peng Wang

DOI: https://doi.org/10.1109/dsn48063.2020.00064

2020-01-01

Abstract:In the era of big-data, individuals and institutions store their sensitive data on clouds, and these data are often analyzed and computed by MapReduce frameworks (e.g., Spark). However, releasing the computation result on these data may leak privacy. Differential Privacy (DP) is a powerful method to preserve the privacy of an individual data record from a computation result. Given an input dataset and a query, DP typically perturbs an output value with noise proportional to sensitivity, the greatest change on an output value when a record is added to or removed from the input dataset. Unfortunately, directly computing the sensitivity value for a query and an input dataset is computationally infeasible, because it requires adding or removing every record from the dataset and repeatedly running the same query on the dataset: a dataset of one million input records requires running the same query for more than one million times. This paper presents UPA, the first automated, accurate, and efficient sensitivity inferring approach for big-data mining applications. Our key observation is that MapReduce operators often have commutative and associative properties in order to enable parallelism and fault tolerance among computers. Therefore, UPA can greatly reduce the repeated computations at runtime while computing a precise sensitivity value automatically for general big-data queries. We compared UPA with FLEX, the most relevant work that does static analysis on queries to infer sensitivity values. Based on an extensive evaluation on nine diverse Spark queries, UPA supports all the nine evaluated queries, while FLEX supports only five of the nine queries. For the five queries which both UPA and FLEX can support, UPA enforces DP with five orders of magnitude more accurate sensitivity values than FLEX. UPA has reasonable performance overhead compared to native Spark. UPA's source code is available on https://github.com/hku-systems/UPA.

Dong Li,Xiaojiang Zuo,Rui Han

DOI: https://doi.org/10.1109/icsidp47821.2019.9173114

2019-01-01

Abstract:Using the machine learning technology to explore the potential value of Big Data brings us into a smarter world, and the way data is mined through data sharing patterns also threatens the privacy of personal data. Differential privacy is a prevalent mechanism to effectively protect the personal data privacy due to the strict and the provable privacy definition, although there are several achievements have reached by combining the differential privacy and traditional machine learning algorithms in a stand-alone mode, little to talk about the distributed environment. To fill this gap, this paper proposes a method to embed the differential privacy mechanism into distributed platform, respectively implements the DPLloyd, GUPT k-means and GUPT logistic regression on the platform of Spark. The evaluation demonstrates that the approach barely interferes the effect of distributed machine learning algorithms and thus achieves the goal of differential privacy.

Yi Li,Yitao Duan,Wei Xu

DOI: https://doi.org/10.1007/978-3-319-71246-8_6

2017-01-01

Abstract:Privacy has become a serious concern in data mining. Achieving adequate privacy is especially challenging when the scale of the problem is large. Fundamentally, designing a practical privacy-preserving data mining system involves tradeoffs among several factors such as the privacy guarantee, the accuracy or utility of the mining result, the computation efficiency and the generality of the approach. In this paper, we present PEM, a practical system that tries to strike the right balance among these factors. We use a combination of noise-based and noise-free techniques to achieve provable differential privacy at a low computational overhead while obtaining more accurate result than previous approaches. PEM provides an efficient private gradient descent that can be the basis for many practical data mining and machine learning algorithms, like logistic regression, k-means, and Apriori. We evaluate these algorithms on three real-world open datasets in a cloud computing environment. The results show that PEM achieves good accuracy, high scalability, low computation cost while maintaining differential privacy.

Xuanyu Bai,Jianguo Yao,Mingxuan Yuan,Ke Deng,Xike Xie,Haibing Guan

DOI: https://doi.org/10.1007/s11432-016-0442-1

2017-01-01

Science China Information Sciences

Abstract:Differential privacy (DP) has become one of the most important solutions for privacy protection in recent years. Previous studies have shown that prediction accuracy usually increases as more data mining (DM) logic is considered in the DP implementation. However, although one-step DM computation for decision tree (DT) model has been investigated, existing research has not studied the scenarios when the DP is embedded in two-step DM computation, three-step DM computation until the whole model DM computation. It is very challenging to embed DP in more than two steps of DM computation since the solution space exponentially increases with the increase of computational complexity. In this work, we propose algorithms by making use of Markov Chain Monte Carlo (MCMC) method, which can efficiently search a computationally infeasible space to embed DP into DT generation algorithm. We compare the performance when embedding DP in DT with different depths, i.e., one-step DM computation (previous work), two-step, three-step and the whole model. We find that the deep combination of DP and DT does help to increase the prediction accuracy. However, when the privacy budget is very large (e.g., ϵ = 10), this may overwhelm the complexity of DT model, and the increasing trend is not obvious. We also find that the prediction accuracy decreases with the increase of model complexity.

Samuel Maddock,Graham Cormode,Tianhao Wang,Carsten Maple,Somesh Jha

DOI: https://doi.org/10.1145/3548606.3560687

2022-10-06

Abstract:There is great demand for scalable, secure, and efficient privacy-preserving machine learning models that can be trained over distributed data. While deep learning models typically achieve the best results in a centralized non-secure setting, different models can excel when privacy and communication constraints are imposed. Instead, tree-based approaches such as XGBoost have attracted much attention for their high performance and ease of use; in particular, they often achieve state-of-the-art results on tabular data. Consequently, several recent works have focused on translating Gradient Boosted Decision Tree (GBDT) models like XGBoost into federated settings, via cryptographic mechanisms such as Homomorphic Encryption (HE) and Secure Multi-Party Computation (MPC). However, these do not always provide formal privacy guarantees, or consider the full range of hyperparameters and implementation settings. In this work, we implement the GBDT model under Differential Privacy (DP). We propose a general framework that captures and extends existing approaches for differentially private decision trees. Our framework of methods is tailored to the federated setting, and we show that with a careful choice of techniques it is possible to achieve very high utility while maintaining strong levels of privacy.

Cryptography and Security,Machine Learning

Noman Mohammed,Rui Chen,Benjamin C.M. Fung,Philip S. Yu

DOI: https://doi.org/10.1145/2020408.2020487

2011-01-01

Abstract:Privacy-preserving data publishing addresses the problem of disclosing sensitive data when mining for useful information. Among the existing privacy models, ∈-differential privacy provides one of the strongest privacy guarantees and has no assumptions about an adversary's background knowledge. Most of the existing solutions that ensure ∈-differential privacy are based on an interactive model, where the data miner is only allowed to pose aggregate queries to the database. In this paper, we propose the first anonymization algorithm for the non-interactive setting based on the generalization technique. The proposed solution first probabilistically generalizes the raw data and then adds noise to guarantee ∈-differential privacy. As a sample application, we show that the anonymized data can be used effectively to build a decision tree induction classifier. Experimental results demonstrate that the proposed non-interactive anonymization algorithm is scalable and performs better than the existing solutions for classification analysis.

Weiwei Fang,Bingru Yang,Dingli Song

DOI: https://doi.org/10.4304/jcp.5.5.733-740

2010-01-01

Journal of Computers

Abstract:Data mining over multiple data sources has become an important practical problem with applications in different areas. Although the data sources are willing to mine the union of their data, they don’t want to reveal any sensitive and private information to other sources due to competition or legal concerns. In this paper, we consider two scenarios where data are vertically or horizontally partitioned over more than two parties. We focus on the classification problem, and present novel privacy preserving decision tree learning methods. Theoretical analysis and experiment results show that these methods can provide good capability of privacy preserving, accuracy and efficiency.

Weiwei Fang,Bingru Yang,Dingli Song,Zhigang Tang

DOI: https://doi.org/10.1109/ETCS.2009.376

2009-01-01

Abstract:Privacy-preserving data mining is discovering accurate patterns and rules without precise access to the original data. This paper focuses on privacy-preserving research in the situation of distributed decision-tree mining, and presents a decision-tree mining algorithm based on homomorphic encryption technology, which can get accurate mining effect in the premise of no sharing of private information among mining participators. Theoretical analysis and experiment results show that this algorithm can provide good capability of privacy-preserving, accuracy and efficiency.

Xiaotong Wu,Lianyong Qi,Jiaquan Gao,Genlin Ji,Xiaolong Xu

DOI: https://doi.org/10.1016/j.neucom.2021.01.145

IF: 6

2022-01-01

Neurocomputing

Abstract:Edge computing is an emerging computing paradigm, which offers a great opportunity to implement data mining-based services and applications for a large number of devices and sensors in Internet of Things. However, the new paradigm is faced with security and privacy challenges due to the diversity and the limited capability of edge components. In particular, data privacy is one of the most concerned problems for all the participants. In this paper, we propose a framework of privacy-preserving data mining based on private random decision trees in edge computing, which not only gives the strong privacy guarantee, but also provides a certain amount of data utility. Firstly, we design a preservation framework to implement private random decision trees satisfying local differential privacy. Secondly, we present the concrete implementations of algorithms and the corresponding task that each participant needs to undertake. Thirdly, we analyze the key factors to influence privacy and utility, including the allocation of data and privacy budget. Fourthly, we give the improved algorithms to further increase the utility with strong privacy preservation. Finally, extensive experiments demonstrate the good performance of our designed framework.

Wei-Wei FANG,Bing-Ru YANG,Jun YANG,Chang-Sheng ZHOU

DOI: https://doi.org/10.3969/j.issn.1003-6059.2010.06.004

2010-01-01

Abstract:How to realize privacy-preserving data mining becomes a research hotspot in a distributed environment. A model is proposed to realize privacy-preserving decision-tree classifying when data are vertically partitioned. In this model, a privacy-preserving decision-tree is proposed, which is composed of Global-Table stored by an obvious semi-honest partner and several local decision-trees stored by different sites. By using indexed array and private data comparison protocol, decision-tree generation and classification can be realized without uncovering the original information. Theoretical analysis and experimental results demonstrate the proposed model provides good capabilities of privacies preserving, accuracy and efficiency.

FANG Wei-wei,HU Jian,YANG Bing-ru,ZHOU Chang-sheng

DOI: https://doi.org/10.3969/j.issn.1002-137X.2009.04.063

2009-01-01

Computer Science

Abstract:Privacy-preserving data mining is discovering accurate patterns and rules without precise access to the original data.This paper focused on privacy-preserving research in the situation of distributed decision-tree mining,and presented a decision-tree mining algorithm based on homomorphic encryption technology,which can get accurate mining effect in the premise of no sharing of private information among mining participators.Theoretical analysis and experiment results show that this algorithm can provide good capability of privacy-preserving,accuracy and efficiency.

Xufeng Niu,Wenping Ma

DOI: https://doi.org/10.1007/s40747-023-01017-3

IF: 6.7

2023-01-01

Complex & Intelligent Systems

Abstract:Using differential privacy to provide privacy protection for classification algorithms has become a research hotspot in data mining. In this paper, we analyze the defects in the differentially private decision tree named Maxtree, and propose an improved model DPtree. DPtree can use the Fayyad theorem to process continuous features quickly, and can adjust privacy budget adaptively according to sample category distributions in leaf nodes. Moreover, to overcome the inevitable decline of classification ability of differentially private decision trees, we propose an ensemble learning model for DPtree, namely En-DPtree. In the voting process of En-DPtree, we propose a multi-population quantum genetic algorithm, and introduce immigration operators and elite groups to search the optimal weights for base classifiers. Experiments show that the performance of DPtree is better than Maxtree, and En-DPtree is always superior to other competitive algorithms.

Kang Dong,Zhaobin Liu,Yangyang Xu,Zhiyang Li

DOI: https://doi.org/10.1109/ispan-fcst-iscc.2017.40

2017-01-01

Abstract:Nowadays many service providers accumulate large amounts of data. Sharing data can maximize its value, but the privacy may be leaked. Thus, the issue of privacy protection in data release has attracted the attention of academia and industry. Differential privacy has been applied to varied fields due to its excellent performance. The goal of this paper is to improve the accuracy of the published data while satisfying differential privacy. We propose an algorithm based on the hierarchical random graph (HRG) model. Considering that the users are usually interested in the data within certain communities, we apply differential privacy to the edges of a graph to various extents with the aid of community detection. Based on divide and conquer, our algorithm constructs an HRG for each community and merges sub-level HRG's into a complete one, which eliminates the inefficiency of the original algorithm when processing large-scale graphs. We treat different parts of a graph in different ways, keeping a balance between privacy and usability. According to several criteria in the experiments, our algorithm keeps the properties of the original graphs better.

Xiaoqian Liu,Qianmu Li,Tao Li,Dong Chen

DOI: https://doi.org/10.1016/j.asoc.2017.09.010

IF: 8.7

2017-01-01

Applied Soft Computing

Abstract:In decision tree classification with differential privacy, it is query intensive to calculate the impurity metrics, such as information gain and gini index. More queries imply more noise addition. Therefore, a straightforward implementation of differential privacy often yields poor accuracy and stableness. This motivates us to adopt better impurity metric for evaluating attributes to build the tree structure recursively. In this paper, we first give a detailed analysis for the statistical queries involved in decision tree induction. Second, we propose a private decision tree algorithm based on the noisy maximal vote. We also present an effective privacy budget allocation strategy. Third, to boost the accuracy and improve the stableness, we construct the ensemble model, where multiple private decision trees are built on bootstrapped samples. Extensive experiments are executed on real datasets to demonstrate that the proposed ensemble model provides accurate and reliable classification results. (C) 2017 Elsevier B.V. All rights reserved.

Weiwei Fang,Bingru Yang

DOI: https://doi.org/10.1109/csse.2008.731

2008-01-01

Abstract:Data mining over multiple data sources has become an important practical problem with applications in different areas. Although the data sources are willing to mine the union of their data, they donpsilat want to reveal any sensitive and private information to other sources due to competition or legal concerns. In this paper, we consider a scenario where data are vertically partitioned over more than two parties. We focus on the classification problem, and present a novel privacy preserving decision tree learning method. Theoretical analysis and experiment results show that this method can provide good capability of privacy preserving, accuracy and efficiency.

Yingjie Li,Yan Feng,Quan Qian

DOI: https://doi.org/10.1016/j.jisa.2023.103468

IF: 4.96

2023-03-24

Journal of Information Security and Applications

Abstract:The big data era has led to an exponential increase in data usage, resulting in significantly advancements in data-driven domains and data mining. However, due to privacy and regulatory requirements, sharing data among various institutions is not always possible. Federated learning can help address this problem, but existing studies that combine differential privacy with tree models have shown significant accuracy loss. In this study, we propose a Federated Differential Privacy Gradient Boosting Decision Tree (FDPBoost) that protects the private datasets of different owners while improving model accuracy. We select sensitive features according to the secure feature set indicator, and use an exponential mechanism to protect sensitive features and assign significant weight to the Laplace mechanism to protect leaf node values. Additionally, a distributed two-level boosting framework is designed to allocate the privacy budget between intra-iteration and inter-iteration decision trees while protecting model communication. The FDPBoost is tested on five datasets sourced from the materials and medical domains. Our experiments reveal that FDPBoost achieves competitive accuracy with traditional federated gradient boosting decision trees while also exhibiting a significant reduction in error rate as compared to PPGBDT (Zhao et al.) and FV-tree (Gao et al.). Notably, FDPBoost's error rate on the tumor-diagnosis dataset is 30% lower than that of FV-tree.

computer science, information systems

Graham Cormode,Magda Procopiuc,Entong Shen,Divesh Srivastava,Ting Yu

DOI: https://doi.org/10.48550/arXiv.1103.5170

2012-03-14

Abstract:Differential privacy has recently emerged as the de facto standard for private data release. This makes it possible to provide strong theoretical guarantees on the privacy and utility of released data. While it is well-known how to release data based on counts and simple functions under this guarantee, it remains to provide general purpose techniques to release different kinds of data. In this paper, we focus on spatial data such as locations and more generally any data that can be indexed by a tree structure. Directly applying existing differential privacy methods to this type of data simply generates noise. Instead, we introduce a new class of "private spatial decompositions": these adapt standard spatial indexing methods such as quadtrees and kd-trees to provide a private description of the data distribution. Equipping such structures with differential privacy requires several steps to ensure that they provide meaningful privacy guarantees. Various primitives, such as choosing splitting points and describing the distribution of points within a region, must be done privately, and the guarantees of the different building blocks composed to provide an overall guarantee. Consequently, we expose the design space for private spatial decompositions, and analyze some key examples. Our experimental study demonstrates that it is possible to build such decompositions efficiently, and use them to answer a variety of queries privately with high accuracy.

Databases

Lei Xu,Chunxiao Jiang,Yi Qian,Jianhua Li,Youjian Zhao,Yong Ren

DOI: https://doi.org/10.1109/tbdata.2017.2777968

2017-01-01

IEEE Transactions on Big Data

Abstract:Nowadays the privacy issue arising in data mining applications has attracted much attention. In the context of distributed data mining, a major concern of the participant is that its privacy may be disclosed to other participants or a third party. To protect privacy, one can apply a differential privacy approach to perturb the data before sharing them with others, which generally causes a negative effect on the mining result. Thus there is a trade-off between privacy and the mining result. In this paper, we study a distributed classification scenario where a mediator builds a classifier based on the perturbed query results returned by a number of users. We propose a game theoretical approach to analyze how users choose their privacy budgets. Specifically, interactions among users are modeled as a game in satisfaction form. And an algorithm is proposed for users to learn the satisfaction equilibrium (SE) of the game. Experimental results demonstrate that, when the differences among users’ expectations are not significant, the proposed learning algorithm can converge to an SE, at which every user achieves a balance between the accuracy of the classifier and the preserved privacy.

Lei Xu,Chunxiao Jiang,Yi Qian,Yong Ren

DOI: https://doi.org/10.1007/978-3-319-77965-2_6

2018-01-01

Abstract:An important issue in distributed data mining is privacy. It is necessary for each participant to make sure that its privacy is not disclosed to other participants or a third party. To protect privacy, one can apply a differential privacy approach to perturb the data before sharing them with others, which generally hurts the mining result. That is to say, the participant faces a trade-off between privacy and the mining result. In this chapter, we study a distributed classification scenario where a mediator builds a classifier based on the perturbed query results returned by a number of users. A game theoretical approach is proposed to analyze how users choose their privacy budgets. Specifically, interactions among users are modeled as a game in satisfaction form. And an algorithm is proposed for users to learn the satisfaction equilibrium (SE) of the game. Experimental results demonstrate that, when the differences among users’ expectations are not significant, the proposed learning algorithm can converge to an SE, at which every user achieves a balance between the accuracy of the classifier and the preserved privacy.

Xueyang Hu,Mingxuan Yuan,Jianguo Yao,Yu Deng,Lei Chen,Qiang Yang,Haibing Guan,Jia Zeng

DOI: https://doi.org/10.14778/2824032.2824067

IF: 2.5

2015-01-01

Proceedings of the VLDB Endowment

Abstract:Differential privacy (DP) has been widely explored in academia recently but less so in industry possibly due to its strong privacy guarantee. This paper makes the first attempt to implement three basic DP architectures in the deployed telecommunication (telco) big data platform for data mining applications. We find that all DP architectures have less than 5% loss of prediction accuracy when the weak privacy guarantee is adopted (e.g., privacy budget parameter ε ≥ 3). However, when the strong privacy guarantee is assumed (e.g., privacy budget parameter ε ≤ 0:1), all DP architectures lead to 15% ~ 30% accuracy loss, which implies that real-word industrial data mining systems cannot work well under such a strong privacy guarantee recommended by previous research works. Among the three basic DP architectures, the Hybridized DM (Data Mining) and DB (Database) architecture performs the best because of its complicated privacy protection design for the specific data mining algorithm. Through extensive experiments on big data, we also observe that the accuracy loss increases by increasing the variety of features, but decreases by increasing the volume of training data. Therefore, to make DP practically usable in large-scale industrial systems, our observations suggest that we may explore three possible research directions in future: (1) Relaxing the privacy guarantee (e.g., increasing privacy budget ε) and studying its effectiveness on specific industrial applications; (2) Designing specific privacy scheme for specific data mining algorithms; and (3) Using large volume of data but with low variety for training the classification models.