The Trade-off Between Privacy and Utility in Local Differential Privacy

2021 ◽  
Author(s):  
Mengqian Li ◽  
Youliang Tian ◽  
Junpeng Zhang ◽  
Dandan Fan ◽  
Dongmei Zhao
Keyword(s):  
Differential Privacy ◽  
Trade Off

scholarly journals Privacy-Preserving Monotonicity of Differential Privacy Mechanisms

2018 ◽  
Vol 8 (11) ◽  
pp. 2081 ◽  
Author(s):  
Hai Liu ◽  
Zhenqiang Wu ◽  
Yihui Zhou ◽  
Changgen Peng ◽  
Feng Tian ◽  
...  
Keyword(s):  
Differential Privacy ◽  
Estimation Error ◽  
Privacy Preserving ◽  
Randomized Response ◽  
Response Mechanism ◽  
Rational Model ◽  
Trade Off ◽  
Definition Of ◽  
Utility Metrics ◽  
Monotonicity Results

Differential privacy mechanisms can offer a trade-off between privacy and utility by using privacy metrics and utility metrics. The trade-off of differential privacy shows that one thing increases and another decreases in terms of privacy metrics and utility metrics. However, there is no unified trade-off measurement of differential privacy mechanisms. To this end, we proposed the definition of privacy-preserving monotonicity of differential privacy, which measured the trade-off between privacy and utility. First, to formulate the trade-off, we presented the definition of privacy-preserving monotonicity based on computational indistinguishability. Second, building on privacy metrics of the expected estimation error and entropy, we theoretically and numerically showed privacy-preserving monotonicity of Laplace mechanism, Gaussian mechanism, exponential mechanism, and randomized response mechanism. In addition, we also theoretically and numerically analyzed the utility monotonicity of these several differential privacy mechanisms based on utility metrics of modulus of characteristic function and variant of normalized entropy. Third, according to the privacy-preserving monotonicity of differential privacy, we presented a method to seek trade-off under a semi-honest model and analyzed a unilateral trade-off under a rational model. Therefore, privacy-preserving monotonicity can be used as a criterion to evaluate the trade-off between privacy and utility in differential privacy mechanisms under the semi-honest model. However, privacy-preserving monotonicity results in a unilateral trade-off of the rational model, which can lead to severe consequences.

scholarly journals Automatic Discovery of Privacy–Utility Pareto Fronts

2020 ◽  
Vol 2020 (4) ◽  
pp. 5-23
Author(s):  
Brendan Avent ◽  
Javier González ◽  
Tom Diethe ◽  
Andrei Paleyes ◽  
Borja Balle
Keyword(s):  
Differential Privacy ◽  
Decision Makers ◽  
Bayesian Optimization ◽  
Mathematical Framework ◽  
Trade Off ◽  
Learning Tasks ◽  
Automatic Discovery ◽  
Optimization Methodology ◽  
Pareto Fronts ◽  
Analytical Utility

AbstractDifferential privacy is a mathematical framework for privacy-preserving data analysis. Changing the hyperparameters of a differentially private algorithm allows one to trade off privacy and utility in a principled way. Quantifying this trade-off in advance is essential to decision-makers tasked with deciding how much privacy can be provided in a particular application while maintaining acceptable utility. Analytical utility guarantees offer a rigorous tool to reason about this tradeoff, but are generally only available for relatively simple problems. For more complex tasks, such as training neural networks under differential privacy, the utility achieved by a given algorithm can only be measured empirically. This paper presents a Bayesian optimization methodology for efficiently characterizing the privacy– utility trade-off of any differentially private algorithm using only empirical measurements of its utility. The versatility of our method is illustrated on a number of machine learning tasks involving multiple models, optimizers, and datasets.

scholarly journals Research Challenges in Designing Differentially Private Text Generation Mechanisms

2021 ◽  
Vol 34 (1) ◽  
Author(s):  
Oluwaseyi Feyisetan ◽  
Abhinav Aggarwal ◽  
Zekun Xu ◽  
Nathanael Teissier
Keyword(s):  
Differential Privacy ◽  
Recent Literature ◽  
Text Generation ◽  
Trade Off ◽  
Privacy Amplification ◽  
Single Solution ◽  
User Data ◽  
Generation Mechanisms ◽  
High Level ◽  
User Trust

Accurately learning from user data while ensuring quantifiable privacy guarantees provides an opportunity to build better ML models while maintaining user trust. Recent literature has demonstrated the applicability of a generalized form of Differential Privacy to provide guarantees over text queries. Such mechanisms add privacy preserving noise to vectorial representations of text in high dimension and return a text based projection of the noisy vectors. However, these mechanisms are sub-optimal in their trade-off between privacy and utility. In this proposal paper, we describe some challenges in balancing this trade-off. At a high level, we provide two proposals: (1) a framework called LAC which defers some of the noise to a privacy amplification step and (2), an additional suite of three different techniques for calibrating the noise based on the local region around a word. Our objective in this paper is not to evaluate a single solution but to further the conversation on these challenges and chart pathways for building better mechanisms.

scholarly journals Not All Attributes are Created Equal: dX -Private Mechanisms for Linear Queries

2020 ◽  
Vol 2020 (1) ◽  
pp. 103-125
Author(s):  
Parameswaran Kamalaruban ◽  
Victor Perrier ◽  
Hassan Jameel Asghar ◽  
Mohamed Ali Kaafar
Keyword(s):  
Machine Learning ◽  
Data Analysis ◽  
Differential Privacy ◽  
Learning Algorithms ◽  
Machine Learning Algorithms ◽  
Trade Off ◽  
Systematic Procedure ◽  
Privacy Budget ◽  
Sensitivity Vector

AbstractDifferential privacy provides strong privacy guarantees simultaneously enabling useful insights from sensitive datasets. However, it provides the same level of protection for all elements (individuals and attributes) in the data. There are practical scenarios where some data attributes need more/less protection than others. In this paper, we consider dX -privacy, an instantiation of the privacy notion introduced in [6], which allows this flexibility by specifying a separate privacy budget for each pair of elements in the data domain. We describe a systematic procedure to tailor any existing differentially private mechanism that assumes a query set and a sensitivity vector as input into its dX -private variant, specifically focusing on linear queries. Our proposed meta procedure has broad applications as linear queries form the basis of a range of data analysis and machine learning algorithms, and the ability to define a more flexible privacy budget across the data domain results in improved privacy/utility tradeoff in these applications. We propose several dX -private mechanisms, and provide theoretical guarantees on the trade-off between utility and privacy. We also experimentally demonstrate the effectiveness of our procedure, by evaluating our proposed dX -private Laplace mechanism on both synthetic and real datasets using a set of randomly generated linear queries.

scholarly journals Heterogeneous Gaussian Mechanism: Preserving Differential Privacy in Deep Learning with Provable Robustness

2019 ◽  
Author(s):  
NhatHai Phan ◽  
Minh N. Vu ◽  
Yang Liu ◽  
Ruoming Jin ◽  
Dejing Dou ◽  
...  
Keyword(s):  
Neural Networks ◽  
Deep Learning ◽  
Theoretical Analysis ◽  
Gaussian Noise ◽  
Deep Neural Networks ◽  
Differential Privacy ◽  
Trade Off ◽  
Adversarial Examples ◽  
Hidden Layer ◽  
Privacy Budget

In this paper, we propose a novel Heterogeneous Gaussian Mechanism (HGM) to preserve differential privacy in deep neural networks, with provable robustness against adversarial examples. We first relax the constraint of the privacy budget in the traditional Gaussian Mechanism from (0, 1] to (0, infty), with a new bound of the noise scale to preserve differential privacy. The noise in our mechanism can be arbitrarily redistributed, offering a distinctive ability to address the trade-off between model utility and privacy loss. To derive provable robustness, our HGM is applied to inject Gaussian noise into the first hidden layer. Then, a tighter robustness bound is proposed. Theoretical analysis and thorough evaluations show that our mechanism notably improves the robustness of differentially private deep neural networks, compared with baseline approaches, under a variety of model attacks.

scholarly journals Efficient yet Robust Privacy Preservation for MPEG-DASH-Based Video Streaming

2021 ◽  
Vol 2021 ◽  
pp. 1-14
Author(s):  
Luke Cranfill ◽  
Jeehyeong Kim ◽  
Hongkyu Lee ◽  
Victor Youdom Kemmoe ◽  
Sunghyun Cho ◽  
...  
Keyword(s):  
Video Streaming ◽  
Privacy Preservation ◽  
Differential Privacy ◽  
Experimental Results ◽  
Video Content ◽  
Trade Off ◽  
Defense Strategy ◽  
Video Information ◽  
Target User ◽  
And Performance

MPEG-DASH is a video streaming standard that outlines protocols for sending audio and video content from a server to a client over HTTP. However, it creates an opportunity for an adversary to invade users’ privacy. While a user is watching a video, information is leaked in the form of meta-data, the size of data and the time the server sent the data to the user. After a fingerprint of this data is created, the adversary can use this to identify whether a target user is watching the corresponding video. Only one defense strategy has been proposed to deal with this problem: differential privacy that adds sufficient noise in order to muddle the attacks. However, that strategy still suffers from the trade-off between privacy and efficiency. This paper proposes a novel defense strategy against the attacks with rigorous privacy and performance goals creating a private, scalable solution. Our algorithm, “No Data are Alone” (NDA), is highly efficient. The experimental results show that our scheme is more than two times efficient in terms of excess downloaded video (represented as waste) compared to the most efficient differential privacy-based scheme. Additionally, no classifier can achieve an accuracy above 7.07% against videos obfuscated with our scheme.

scholarly journals RECENT PROGRESS OF DIFFERENTIALLY PRIVATE FEDERATED LEARNING WITH THE SHUFFLE MODEL

2021 ◽  
Vol 8 (11) ◽  
pp. 55-75
Author(s):  
Moushira Abdallah Mohamed Ahmed ◽  
Shuhui Wu ◽  
Laure Deveriane Dushime ◽  
Yuanhong Tao
Keyword(s):  
Recent Progress ◽  
Differential Privacy ◽  
High Accuracy ◽  
Local Model ◽  
Modified Technique ◽  
Trade Off ◽  
Privacy Amplification ◽  
Analytic Learning ◽  
Limited Accuracy

The emerging of shuffle model has attracted considerable attention of scientists owing to his unique properties in solving the privacy problems in federated learning, specifically the trade off problem between privacy and utility in central and local model. Where, the central model relies on a trusted server which collects users’ raw data and then perturbs it. While in the local model all users perturb their data locally then they send their perturbed data to server. Both models have pron and con. The server in central model enjoys with high accuracy but the users suffer from insufficient privacy in contrast, the local model which provides sufficient privacy at users’ side but the server suffers from limited accuracy. Shuffle model has advanced property of hide position of input messages by perturbing it with perturbation π. Therefore, the scientists considered on adding shuffle model between users and servers to make the server untrusted where the users communicate with the server through the shuffle and boosting the privacy by adding perturbation π for users’ messages without increasing the noise level. Consequently, the usage of modified technique differential privacy federated learning with shuffle model will explores the gap between privacy and accuracy in both models. So this new model attracted many researchers in recent work. In this review, we initiate the analytic learning of a shuffled model for distributed differentially private mechanisms. We focused on the role of shuffle model for solving the problem between privacy and accuracy by summarizing the recent researches about shuffle model and its practical results. Furthermore, we present two types of shuffle, single shuffle and m shuffles with the statistical analysis for each one in boosting the privacy amplification of users with the same level of accuracy by reasoning the practical results of recent papers.

scholarly journals IFed: A novel federated learning framework for local differential privacy in Power Internet of Things

2020 ◽  
Vol 16 (5) ◽  
pp. 155014772091969
Author(s):  
Hui Cao ◽  
Shubo Liu ◽  
Renfang Zhao ◽  
Xingxing Xiong
Keyword(s):  
Machine Learning ◽  
Internet Of Things ◽  
Differential Privacy ◽  
Learning Model ◽  
Wireless Sensor ◽  
Trade Off ◽  
Privacy Requirements ◽  
Learning Framework ◽  
Machine Learning Model ◽  
Internet Of Thing

Nowadays, wireless sensor network technology is being increasingly popular which is applied to a wide range of Internet of Things. Especially, Power Internet of Things is an important and rapidly growing section in Internet of Thing systems, which benefited from the application of wireless sensor networks to achieve fine-grained information collection. Meanwhile, the privacy risk is gradually exposed, which is the widespread concern for electricity power consumers. Non-intrusive load monitoring, in particular, is a technique to recover state of appliances from only the energy consumption data, which enables adversary inferring the behavior privacy of residents. There can be no doubt that applying local differential privacy to achieve privacy preserving in the local setting is more trustworthy than centralized approach for electricity customers. Although it is hard to control the risk and achieve the trade-off between privacy and utility by traditional local differential privacy obfuscation mechanisms, some existing obfuscation mechanisms based on artificial intelligence, called advanced obfuscation mechanisms, can achieve it. However, the large computing resource consumption to train the machine learning model is not affordable for most Power Internet of Thing terminal. In this article, to solve this problem, IFed was proposed—a novel federated learning framework that let electric provider who normally is adequate in computing resources to help Power Internet of Thing users. First, the optimized framework was proposed in which the trade-off between local differential privacy, data utility, and resource consumption was incorporated. Concurrently, the following problem of privacy preserving on the machine learning model transport between electricity provider and customers was noted and resolved. Last, users were categorized based on different levels of privacy requirements, and stronger privacy guarantee was provided for sensitive users. The formal local differential privacy analysis and the experiments demonstrated that IFed can fulfill the privacy requirements for Power Internet of Thing users.

scholarly journals Per-instance Differential Privacy

2019 ◽  
Vol 9 (1) ◽  
Author(s):  
Yu-Xiang Wang
Keyword(s):  
Differential Privacy ◽  
Side Information ◽  
Learning Problems ◽  
Data Set ◽  
Trade Off ◽  
Multiplicative Factor ◽  
Specific Individual ◽  
The One ◽  
Leave One Out

We consider a refinement of differential privacy --- per instance differential privacy (pDP), which captures the privacy of a specific individual with respect to a fixed data set.  We show that this is a strict generalization of the standard DP and inherits all its desirable properties, e.g.,  composition, invariance to side information and closedness to postprocessing, except that they all hold for every instance separately. We consider a refinement of differential privacy --- per instance differential privacy (pDP), which captures the privacy of a specific individual with respect to a fixed data set.  We show that this is a strict generalization of the standard DP and inherits all its desirable properties, e.g.,  composition, invariance to side information and closedness to postprocessing, except that they all hold for every instance separately.  When the data is drawn from a distribution, we show that per-instance DP implies generalization. Moreover, we provide explicit calculations of the per-instance DP for the output perturbation on a class of smooth learning problems. The result reveals an interesting and intuitive fact that an individual has stronger privacy if he/she has small ``leverage score'' with respect to the data set and if he/she can be predicted more accurately using the leave-one-out data set. Simulation shows several orders-of-magnitude more favorable privacy and utility trade-off when we consider the privacy of only the users in the data set. In a case study on differentially private linear regression, provide a novel analysis of the One-Posterior-Sample (OPS) estimator and show that when the data set is well-conditioned it provides $(\epsilon,\delta)$-pDP for any target individuals and matches the exact lower bound up to a $1+\tilde{O}(n^{-1}\epsilon^{-2})$ multiplicative factor.  We also demonstrate how we can use a ``pDP to DP conversion'' step to design AdaOPS which uses adaptive regularization to achieve the same results with $(\epsilon,\delta)$-DP.

Sign in / Sign up

Export Citation Format

Share Document