1 / 15

Differential Privacy (2)

Differential Privacy (2). Outline . Using differential privacy Database queries Data mining Non interactive case New developments. Definition. Mechanism: K(x) = f(x) + D, D is some noise. It is an output perturbation method. Sensitivity function.

connor
Télécharger la présentation

Differential Privacy (2)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Differential Privacy (2)

  2. Outline • Using differential privacy • Database queries • Data mining • Non interactive case • New developments

  3. Definition Mechanism: K(x) = f(x) + D, D is some noise. It is an output perturbation method.

  4. Sensitivity function • Captures how great a difference must be hidden by the additive noise How to design the noise D? It is actually linked back to the function f(x)

  5. Adding LAP noise Why does this work?

  6. Proof sketch Let K(x) = f(x) + D =r. Thus, r-f(x) has Lap distribution with the scale df/e. Similarly, K(x’) = f(x’)+D=r, and r-f(x’) has the same distribution P(K(x) = r) = exp(-|f(x)-r|(e/df)) P(K(x’)= r) = exp(-|f(x’)-r|(e/df)) P(K(x)=r)/P(K(x’)=r) = exp( (|f(x’)-r|-|f(x)-r|)(e/df)) apply triangle inequality <= exp( |f(x’)-f(x)|(e/df)) = exp(e)

  7. Composition • Sequential composition • Parallel composition --for disjoint sets, the ultimate privacy guarantee depends only on the worst of the guarantees of each analysis, not the sum.

  8. Database queries (PINQ) • Basic aggregate operations • Noisy count • Noisy sum • Noisy average • composition rule • Stable transformation |T(A) - T(B)| <= c|A-B|, and M provides e-diff privacy => Composite computation M(T(x)) is ce-diff privacy

  9. Data mining with differential privacy (paper) • Decision tree • Basic operation: scan through the domain to find the split that maximizes some classification measure • Basic idea of the diff-privacy version • Users interact with the data server to find out required information • These operations can be transformed to counting operations -- apply NoisyCount • Sensitivity of the function is determined by the classification measure

  10. Privacy budget e • User specified total budget e • Composite operations need a specific e’ for each operation

  11. Tradeoff between utility and privacy

  12. Non interactive differential privacy • Noisy histogram release

  13. Sampling and filtering

  14. Partitioning

  15. New settings • Against an adversary who has access to the algorithm’s internal state • Differential privacy under continual observation

More Related