Yonghui Xiao,Yilin Shen,Jinfei Liu,Li Xiong,Hongxia Jin,Xiaofeng Xu

DOI: https://doi.org/10.48550/arxiv.1609.09172

2016-01-01

Abstract:Hidden Markov model (HMM) has been well studied and extensively used. In this paper, we present DPHMM (Differentially Private Hidden Markov Model), an HMM embedded with a private data release mechanism, in which the privacy of the data is protected through a graph. Specifically, we treat every state in Markov model as a node, and use a graph to represent the privacy policy, in which "indistinguishability" between states is denoted by edges between nodes. Due to the temporal correlations in Markov model, we show that the graph may be reduced to a subgraph with disconnected nodes, which become unprotected and might be exposed. To detect such privacy risk, we define sensitivity hull and degree of protection based on the graph to capture the condition of information exposure. Then to tackle the detected exposure, we study how to build an optimal graph based on the existing graph. We also implement and evaluate the DPHMM on real-world datasets, showing that privacy and utility can be better tuned with customized policy graph.

Haoran Li,Xiaoqian Jiang,Li Xiong,Jinfei Liu

DOI: https://doi.org/10.1145/2806416.2806441

2015-01-01

Abstract:Differential privacy has recently become a de facto standard for private statistical data release. Many algorithms have been proposed to generate differentially private histograms or synthetic data. However, most of them focus on "one-time" release of a static dataset and do not adequately address the increasing need of releasing series of dynamic datasets in real time. A straightforward application of existing histogram methods on each snapshot of such dynamic datasets will incur high accumulated error due to the composibility of differential privacy and correlations or overlapping users between the snapshots. In this paper, we address the problem of releasing series of dynamic datasets in real time with differential privacy, using a novel adaptive distance-based sampling approach. Our first method, DSFT, uses a fixed distance threshold and releases a differentially private histogram only when the current snapshot is sufficiently different from the previous one, i.e., with a distance greater than a predefined threshold. Our second method, DSAT, further improves DSFT and uses a dynamic threshold adaptively adjusted by a feedback control mechanism to capture the data dynamics. Extensive experiments on real and synthetic datasets demonstrate that our approach achieves better utility than baseline methods and existing state-of-the-art methods.

Tsz On Li,Jianyu Jiang,Ji Qi,Chi Chiu So,Jiacheng Ma,Xusheng Chen,Tianxiang Shen,Heming Cui,Yuexuan Wang,Peng Wang

DOI: https://doi.org/10.1109/dsn48063.2020.00064

2020-01-01

Abstract:In the era of big-data, individuals and institutions store their sensitive data on clouds, and these data are often analyzed and computed by MapReduce frameworks (e.g., Spark). However, releasing the computation result on these data may leak privacy. Differential Privacy (DP) is a powerful method to preserve the privacy of an individual data record from a computation result. Given an input dataset and a query, DP typically perturbs an output value with noise proportional to sensitivity, the greatest change on an output value when a record is added to or removed from the input dataset. Unfortunately, directly computing the sensitivity value for a query and an input dataset is computationally infeasible, because it requires adding or removing every record from the dataset and repeatedly running the same query on the dataset: a dataset of one million input records requires running the same query for more than one million times. This paper presents UPA, the first automated, accurate, and efficient sensitivity inferring approach for big-data mining applications. Our key observation is that MapReduce operators often have commutative and associative properties in order to enable parallelism and fault tolerance among computers. Therefore, UPA can greatly reduce the repeated computations at runtime while computing a precise sensitivity value automatically for general big-data queries. We compared UPA with FLEX, the most relevant work that does static analysis on queries to infer sensitivity values. Based on an extensive evaluation on nine diverse Spark queries, UPA supports all the nine evaluated queries, while FLEX supports only five of the nine queries. For the five queries which both UPA and FLEX can support, UPA enforces DP with five orders of magnitude more accurate sensitivity values than FLEX. UPA has reasonable performance overhead compared to native Spark. UPA's source code is available on https://github.com/hku-systems/UPA.

Hui Li,Jiangtao Cui,Xue Meng,Jianfeng Ma

DOI: https://doi.org/10.1007/s10619-018-07255-6

IF: 0.974

2019-01-02

Distributed and Parallel Databases

Abstract:Differential privacy (DP) is a promising tool for preserving privacy during data publication, as it provides strong theoretical privacy guarantees in face of adversaries with arbitrary background knowledge. Histogram, as the result of a set of count queries, serves as a core statistical tool to report data distributions and is in fact viewed as the fundamental method for many other statistical analysis such as range queries. It is an important form for data publishing. In this paper, we consider the scenario of publishing sensitive histogram data with differential privacy scheme. Existing work in this field has justified that, comparing to directly applying DP techniques (i.e., injecting noise) over the counts in histogram bins, grouping bins before noise injection is more effective (i.e., with higher utility) as it introduces much less error over the sanitized histogram given the same privacy budget. However, state-of-the-art works have not unveiled how the overall utility of a sanitized histogram can be affected by the balance between the privacy budget distributed between grouping and noise injection phases. In this work, we conduct a theoretical study towards how the probability of getting better groups can be improved such that the overall error introduced in sanitized histogram can be further reduced, which directly leads to a higher utility for the sanitized histograms. In particular, we show that the probability of achieving better grouping can be affected by two factors, namely privacy budget assigned in grouping and the normalized utility function used for selecting groups. Motivated by that, we propose a new DP histogram publishing scheme, namely Iterative Histogram Partition, in which we carefully assign privacy budget between grouping and injection phases based on our theoretical study. We also theoretically prove that ϵ\documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$$\epsilon $$\end{document}-differential privacy can be achieved according to our new scheme. Moreover, we also show that, under the same privacy budget, our scheme exhibits less errors in the sanitized histograms comparing with state-of-the-art methods. We also extends the model to multi-dimensional histogram publication cases. Finally, empirical study over four real-world datasets also justifies that our scheme achieves the least error among series of state-of-the-art baseline methods.

computer science, information systems, theory & methods

Ryan McKenna,Gerome Miklau,Michael Hay,Ashwin Machanavajjhala

DOI: https://doi.org/10.14778/3231751.3231769

IF: 2.5

2018-06-01

Proceedings of the VLDB Endowment

Abstract:Differentially private algorithms for answering sets of predicate counting queries on a sensitive database have many applications. Organizations that collect individual-level data, such as statistical agencies and medical institutions, use them to safely release summary tabulations. However, existing techniques are accurate only on a narrow class of query workloads, or are extremely slow, especially when analyzing more than one or two dimensions of the data. In this work we propose HDMM, a new differentially private algorithm for answering a workload of predicate counting queries, that is especially effective for higher-dimensional datasets. HDMM represents query workloads using an implicit matrix representation and exploits this compact representation to efficiently search (a subset of) the space of differentially private algorithms for one that answers the input query workload with high accuracy. We empirically show that HDMM can efficiently answer queries with lower error than state-of-the-art techniques on a variety of low and high dimensional datasets.

computer science, information systems, theory & methods

Xiao Yonghui,Xiong Li,Yuan Chun

DOI: https://doi.org/10.1007/978-3-642-15546-8_11

2010-01-01

Abstract:Differential privacy is a strong notion for protecting individual privacy in privacy preserving data analysis or publishing. In this paper, we study the problem of differentially private histogram release based on an interactive differential privacy interface. We propose two multidimensional partitioning strategies including a baseline cell-based partitioning and an innovative kd-tree based partitioning. In addition to providing formal proofs for differential privacy and usefulness guarantees for linear distributive queries, we also present a set of experimental results and demonstrate the feasibility and performance of our method.

Jun Zhang,Xiaokui Xiao,Xing Xie

DOI: https://doi.org/10.1145/2882903.2882928

2016-01-01

Abstract:Given a set D of tuples defined on a domain Omega, we study differentially private algorithms for constructing a histogram over Omega to approximate the tuple distribution in D. Existing solutions for the problem mostly adopt a hierarchical decomposition approach, which recursively splits Omega into sub-domains and computes a noisy tuple count for each sub-domain, until all noisy counts are below a certain threshold. This approach, however, requires that we (i) impose a limit h on the recursion depth in the splitting of Omega and (ii) set the noise in each count to be proportional to h. The choice of h is a serious dilemma: a small h makes the resulting histogram too coarse-grained, while a large h leads to excessive noise in the tuple counts used in deciding whether sub-domains should be split. Furthermore, h cannot be directly tuned based on D; otherwise, the choice of h itself reveals private information and violates differential privacy. To remedy the deficiency of existing solutions, we present PrivTree, a histogram construction algorithm that adopts hierarchical decomposition but completely eliminates the dependency on a pre-defined h. The core of PrivTree is a novel mechanism that (i) exploits a new analysis on the Laplace distribution and (ii) enables us to use only a constant amount of noise in deciding whether a sub-domain should be split, without worrying about the recursion depth of splitting. We demonstrate the application of PrivTree in modelling spatial data, and show that it can be extended to handle sequence data (where the decision in sub-domain splitting is not based on tuple counts but a more sophisticated measure). Our experiments on a variety of real datasets show that PrivTree considerably outperforms the states of the art in terms of data utility.

Xuanle Ren,Le Su,Zhen Gu,Sheng Wang,Feifei Li,Yuan Xie,Song Bian,Chao Li,Fan Zhang

DOI: https://doi.org/10.14778/3574245.3574248

2022-01-01

Abstract:Recent years have witnessed the rapid development of the encrypted database, due to the increasing number of data privacy breaches and the corresponding laws and regulations that caused millions of dollars in loss. These encrypted databases may rely on different techniques, such as cryptographic primitives and trusted execution environments. In this work, we investigate the feasibility of utilizing fully homomorphic encryption (FHE) to support unbounded database aggregation queries, which typically involve comparisons as filtering predicates and a final aggregation. These operators are theoretically supported by FHE, but need careful algorithm design to maximize the efficiency and have not been explored before. We creatively use two types of FHE schemes, i.e., one for numerical and one for binary value, to enjoy their advantages respectively. To bridge the encrypted values between these two schemes for seamless query processing without client-server interaction, we propose a novel ciphertext transformation mechanism, which is of independent research interest, to close this gap. We further implement our system and test it over three TPC-H queries and a query over a real social media e-commerce database. Evaluation results show that, to process an aggregation query over 8k encrypted rows takes about 430 seconds. Although it is slower than plaintext processing in magnitudes and still has much room for improvement, as the very first work in this domain, our system demonstrates the feasibility of using FHE to process OLAP queries.

Akash Bharadwaj,Graham Cormode

DOI: https://doi.org/10.48550/arXiv.2112.05693

2021-12-10

Cryptography and Security

Abstract:Federated analytics seeks to compute accurate statistics from data distributed across users' devices while providing a suitable privacy guarantee and being practically feasible to implement and scale. In this paper, we show how a strong $(\epsilon, \delta)$-Differential Privacy (DP) guarantee can be achieved for the fundamental problem of histogram generation in a federated setting, via a highly practical sampling-based procedure that does not add noise to disclosed data. Given the ubiquity of sampling in practice, we thus obtain a DP guarantee almost for free, avoid over-estimating histogram counts, and allow easy reasoning about how privacy guarantees may obscure minorities and outliers. Using such histograms, related problems such as heavy hitters and quantiles can be answered with provable error and privacy guarantees. Experimental results show that our sample-and-threshold approach is accurate and scalable.

Hao Ren,Hongwei Li,Xiaohui Liang,Shibo He,Yuanshun Dai,Lian Zhao

DOI: https://doi.org/10.3390/s16091463

IF: 3.9

2016-01-01

Sensors

Abstract:With the rapid growth of the health data scale, the limited storage and computation resources of wireless body area sensor networks (WBANs) is becoming a barrier to their development. Therefore, outsourcing the encrypted health data to the cloud has been an appealing strategy. However, date aggregation will become difficult. Some recently-proposed schemes try to address this problem. However, there are still some functions and privacy issues that are not discussed. In this paper, we propose a privacy-enhanced and multifunctional health data aggregation scheme (PMHA-DP) under differential privacy. Specifically, we achieve a new aggregation function, weighted average (WAAS), and design a privacy-enhanced aggregation scheme (PAAS) to protect the aggregated data from cloud servers. Besides, a histogram aggregation scheme with high accuracy is proposed. PMHA-DP supports fault tolerance while preserving data privacy. The performance evaluation shows that the proposal leads to less communication overhead than the existing one.

Linkang Du,Zhikun Zhang,Shaojie Bai,Changchang Liu,Shouling Ji,Peng Cheng,Jiming Chen

DOI: https://doi.org/10.1145/3460120.3485668

2021-01-01

Abstract:For protecting users' private data, local differential privacy (LDP) has been leveraged to provide the privacy-preserving range query, thus supporting further statistical analysis. However, existing LDP-based range query approaches are limited by their properties, i.e., collecting user data according to a pre-defined structure. These static frameworks would incur excessive noise added to the aggregated data especially in the low privacy budget setting. In this work, we propose an Adaptive Hierarchical Decomposition (A H EA D) protocol, which adaptively and dynamically controls the built tree structure, so that the injected noise is well controlled for maintaining high utility. Furthermore, we derive a guideline for properly choosing parameters for AHEAD so that the overall utility can be consistently competitive while rigorously satisfying LDP. Leveraging multiple real and synthetic datasets, we extensively show the effectiveness of A H EA D in both low and high dimensional range query scenarios, as well as its advantages over the state-of-the-art methods. In addition, we provide a series of useful observations for deploying AHEAD in practice.

Ala Eddine Laouir,Abdessamad Imine

2024-06-17

Abstract:In many real-world scenarios, multiple data providers need to collaboratively perform analysis of their private data. The challenges of these applications, especially at the big data scale, are time and resource efficiency as well as end-to-end privacy with minimal loss of accuracy. Existing approaches rely primarily on cryptography, which improves privacy, but at the expense of query response time. However, current big data analytics frameworks require fast and accurate responses to large-scale queries, making cryptography-based solutions less suitable. In this work, we address the problem of combining Approximate Query Processing (AQP) and Differential Privacy (DP) in a private federated environment answering range queries on horizontally partitioned multidimensional data. We propose a new approach that considers a data distribution-aware online sampling technique to accelerate the execution of range queries and ensure end-to-end data privacy during and after analysis with minimal loss in accuracy. Through empirical evaluation, we show that our solution is able of providing up to 8 times faster processing than the basic non-secure solution while maintaining accuracy, formal privacy guarantees and resilience to learning-based attacks.

Databases,Cryptography and Security

Monika Henzinger,A. R. Sricharan,Teresa Anna Steiner

2023-06-18

Abstract:Differential privacy is the de-facto privacy standard in data analysis. The classic model of differential privacy considers the data to be static. The dynamic setting, called differential privacy under continual observation, captures many applications more realistically. In this work we consider several natural dynamic data structure problems under continual observation, where we want to maintain information about a changing data set such that we can answer certain sets of queries at any given time while satisfying $\epsilon$-differential privacy. The problems we consider include (a) maintaining a histogram and various extensions of histogram queries such as quantile queries, (b) maintaining a predecessor search data structure of a dynamically changing set in a given ordered universe, and (c) maintaining the cardinality of a dynamically changing set. For (a) we give new error bounds parameterized in the maximum output of any query $c_{\max}$: our algorithm gives an upper bound of $O(d\log^2dc_{\max}+\log T)$ for computing histogram, the maximum and minimum column sum, quantiles on the column sums, and related queries. The bound holds for unknown $c_{\max}$ and $T$. For (b), we give a general reduction to orthogonal range counting. Further, we give an improvement for the case where only insertions are allowed. We get a data structure which for a given query, returns an interval that contains the predecessor, and at most $O(\log^2 u \sqrt{\log T})$ more elements, where $u$ is the size of the universe. The bound holds for unknown $T$. Lastly, for (c), we give a parameterized upper bound of $O(\min(d,\sqrt{K\log T}))$, where $K$ is an upper bound on the number of updates. We show a matching lower bound. Finally, we show how to extend the bound for (c) for unknown $K$ and $T$.

Data Structures and Algorithms,Cryptography and Security

Guohua Shen,Mengnan Cai,Zhiqiu Huang,Yang Yang,Feifei Guo,Linlin Wei

DOI: https://doi.org/10.1002/cpe.8039

2024-02-09

Concurrency and Computation Practice and Experience

Abstract:Summary The increasing availability of high‐dimensional data collected from numerous users has led to the need for multi‐dimensional data publishing methods that protect individual privacy. In this paper, we investigate the use of local differential privacy for such purposes. Existing solutions calculate pairwise attribute marginals to construct probabilistic graphical models for generating attribute clusters. These models are then used to derive low‐dimensional marginals of these clusters, allowing for an approximation of the distribution of the original dataset and the generation of synthetic datasets. Existing solutions have limitations in computing the marginals of pairwise attributes and multi‐dimensional distribution on attribute clusters, as well as constructing relational dependency graphs that contain large clusters. To address these problems, we propose LoHDP, a high‐dimensional data publishing method composed of adaptive marginal computing and an effective attribute clustering method. The adaptive local marginal calculates any k‐dimensional marginals required in the algorithm. In particular, methods such as sampling‐based randomized response are used instead of privacy budget splits to perturb user data. The attribute clustering method measures the correlation between pairwise attributes using an effective method, reduces the search space during the construction of the dependency graph using high‐pass filtering technology, and realizes dimensionality reduction by combining sufficient triangulation operation. We demonstrate through extensive experiments on real datasets that our LoHDP method outperforms existing methods in terms of synthetic dataset quality.

computer science, theory & methods, software engineering

Yiwen Nie,Wei Yang,Liusheng Huang,Xike Xie,Zhenhua Zhao,Shaowei Wang

DOI: https://doi.org/10.1109/tkde.2018.2841360

IF: 9.235

2018-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Local differential privacy (LDP), as a strong and practical notion, has been applied to deal with privacy issues in data collection. However, existing LDP-based strategies mainly focus on utility optimization at a single privacy level while ignoring various privacy preferences of data providers and multilevel privacy demands for statistics. In this poster, we for the first time propose a framework to optimize the utility of histogram estimation with these two privacy requirements. To clarify the goal of privacy protection, we personalize the traditional definition of LDP. We design two independent approaches to minimize the utility loss: Advanced Combination, which composes multilevel results for utility optimization, and Data Recycle with Personalized Privacy, which enlarges sample size for an estimation. We demonstrate their effectiveness on privacy and utility. Moreover, we embed these approaches within a Recycle and Combination Framework and prove that the framework stably achieves the optimal utility by quantifying its error bounds. On real-world datasets, our approaches are experimentally validated and remarkably outperform baseline methods.

Qian Chen,Zhiwei Ni,Xuhui Zhu,Pingfan Xia

DOI: https://doi.org/10.1007/s11704-022-1651-2

IF: 2.6688

2022-12-13

Frontiers of Computer Science

Abstract:Differential privacy has recently become a widely recognized strict privacy protection model of data release. Differential privacy histogram publishing can directly show the statistical data distribution under the premise of ensuring user privacy for data query, sharing, and analysis. The dynamic data release is a study with a wide range of current industry needs. However, the amount of data varies considerably over different periods. Unreasonable data processing will result in the risk of users' information leakage and unavailability of the data. Therefore, we designed a differential privacy histogram publishing method based on the dynamic sliding window of LSTM (DPHP-DL), which can improve data availability on the premise of guaranteeing data privacy. DPHP-DL is integrated by DSW-LSTM and DPHK+. DSW-LSTM updates the size of sliding windows based on data value prediction via long short-term memory (LSTM) networks, which evenly divides the data stream into several windows. DPHK+ heuristically publishes non-isometric histograms based on k-mean++ clustering of automatically obtaining the optimal K , so as to achieve differential privacy histogram publishing of dynamic data. Extensive experiments on real-world dynamic datasets demonstrate the superior performance of the DPHP-DL.

computer science, information systems, theory & methods, software engineering

Zhen Gu,Guoyin Zhang,Chen Yang

DOI: https://doi.org/10.1155/2022/7963004

IF: 1.968

2022-08-02

Security and Communication Networks

Abstract:In this paper, we study the privacy-preserving data publishing problem in a distributed environment. The data contain sensitive information; hence, directly pooling and publishing the local data will lead to privacy leaks. To solve this problem, we propose a multiparty horizontally partitioned data publishing method under differential privacy (HPDP-DP). First, in order to make the noise level of the published data in the distributed scenario the same as in the centralized scenario, we use the infinite divisibility of the Laplace distribution to design a distributed noise addition scheme to perturb the locally shared data and use Paillier encryption to transmit the locally shared data to the semitrusted curator. Then, the semitrusted curator obtains the estimator of the covariance matrix of the aggregated data with Laplace noise and then obtains the principal components of the aggregated data and returns them to each data owner. Finally, the data owner utilizes the generative model of probabilistic principal component analysis to generate a synthetic data set for publication. We conducted experiments on different real data sets; the experimental results demonstrate that the synthetic data set released by the HPDP-DP method can maintain high utility.

computer science, information systems,telecommunications

Shaowei Wang,Liusheng Huang,Miaomiao Tian,Wei Yang,Hongli Xu,Hansong Guo

DOI: https://doi.org/10.1109/glocom.2015.7417364

2015-01-01

Abstract:Histogram estimation is one of the fundamental tasks in crowdsourcing data aggregation. Since contributing data reveal more or less information about individuals' identifications and activities, participants need to preserve privacy of data according to their own levels of privacy concern. However, most of the existing work only aggregates data with an identical privacy level. In this paper, we propose an aggregation scheme for histogram estimation, wherein participants can publish their data at personalized differential-privacy levels. The aggregator also benefits from potential wider engagement or more honest data. Specially, since privacy levels under personalized privacy policy are sensitive information for participants, our scheme permits participants to keep their privacy levels secret even from the aggregator. We also show how to further optimize the estimation accuracy under given privacy levels by choosing specific randomization strategies.

Yuecen Wei,Haonan Yuan,Xingcheng Fu,Qingyun Sun,Hao Peng,Xianxian Li,Chunming Hu

2024-02-29

Abstract:Hierarchy is an important and commonly observed topological property in real-world graphs that indicate the relationships between supervisors and subordinates or the organizational behavior of human groups. As hierarchy is introduced as a new inductive bias into the Graph Neural Networks (GNNs) in various tasks, it implies latent topological relations for attackers to improve their inference attack performance, leading to serious privacy leakage issues. In addition, existing privacy-preserving frameworks suffer from reduced protection ability in hierarchical propagation due to the deficiency of adaptive upper-bound estimation of the hierarchical perturbation boundary. It is of great urgency to effectively leverage the hierarchical property of data while satisfying privacy guarantees. To solve the problem, we propose the Poincaré Differential Privacy framework, named PoinDP, to protect the hierarchy-aware graph embedding based on hyperbolic geometry. Specifically, PoinDP first learns the hierarchy weights for each entity based on the Poincaré model in hyperbolic space. Then, the Personalized Hierarchy-aware Sensitivity is designed to measure the sensitivity of the hierarchical structure and adaptively allocate the privacy protection strength. Besides, the Hyperbolic Gaussian Mechanism (HGM) is proposed to extend the Gaussian mechanism in Euclidean space to hyperbolic space to realize random perturbations that satisfy differential privacy under the hyperbolic space metric. Extensive experiment results on five real-world datasets demonstrate the proposed PoinDP's advantages of effective privacy protection while maintaining good performance on the node classification task.

Machine Learning,Cryptography and Security

Yilin Kang,Qiao Zhang,Bingbing Jiang,Youjun Bu

DOI: https://doi.org/10.3390/electronics13101805

IF: 2.9

2024-05-08

Electronics

Abstract:With the development of information technology, tremendous vulnerabilities and backdoors have evolved, causing inevitable and severe security problems in cyberspace. To fix them, the endogenous safety and security (ESS) theory and one of its practices, the Dynamic Heterogeneous Redundant (DHR) architecture, are proposed. In the DHR architecture, as an instance of the multi-heterogeneous system, a decision module is designed to obtain intermediate results from heterogeneous equivalent functional executors. However, privacy-preserving is not paid attention to in the architecture, which may cause privacy breaches without compromising the ESS theory. In this paper, based on differential privacy (DP), a theoretically rigorous privacy tool, we propose a privacy-preserving DHR framework called DP-DHR. Gaussian random noise is injected into each (online) executor output in DP-DHR to guarantee DP, but it also makes the decision module unable to choose the final result because each executor output is potentially correct even if it is compromised by adversaries. To weaken this disadvantage, we propose the advanced decision strategy and the hypersphere clustering algorithm to classify the perturbed intermediate results into two categories, candidates and outliers, where the former is closer to the correct value than the latter. Finally, the DP-DHR is proven to guarantee DP, and the experimental results also show that the utility is not sacrificed for the enhancement of privacy by much (a ratio of 4–7% on average), even in the condition of some executors (less than one-half) being controlled by adversaries.

engineering, electrical & electronic,computer science, information systems,physics, applied