Regression Model Fitting under Differential Privacy and Model Inversion Attack

Differential privacy preserving regression models guarantee protection against attempts to infer whether a subject was included in the training set used to derive a model. It is not designed to protect attribute privacy of a target individual when model inversion attacks are launched. In model inversion attacks, an adversary uses the released model to make predictions of sensitive attributes (used as input to the model) of a target individual when some background information about the target individual is available. Previous research showed that existing differential privacy mechanisms cannot effectively prevent model inversion attacks while retaining model efficacy. In this paper, we develop a novel approach which leverages the functional mechanism to perturb coefficients of the polynomial representation of the objective function but effectively balances the privacy budget for sensitive and non-sensitive attributes in learning the differential privacy preserving regression model. Theoretical analysis and empirical evaluations demonstrate our approach can effectively prevent model inversion attacks and retain model utility.

[1]  Dan Suciu,et al.  Boosting the accuracy of differentially private histograms through consistency , 2009, Proc. VLDB Endow..

[2]  Marianne Winslett,et al.  Differentially private data cubes: optimizing noise sources and consistency , 2011, SIGMOD '11.

[3]  Johannes Gehrke,et al.  Differential privacy via wavelet transforms , 2009, 2010 IEEE 26th International Conference on Data Engineering (ICDE 2010).

[4]  Dan Suciu,et al.  Relationship privacy: output perturbation for queries with joins , 2009, PODS.

[5]  Khaled El Emam,et al.  The application of differential privacy to health data , 2012, EDBT-ICDT '12.

[6]  Nesime Tatbul,et al.  Proceedings of the VLDB Endowment , 2011 .

[7]  Yehuda Lindell,et al.  More Efficient Constant-Round Multi-Party Computation from BMR and SHE , 2016, IACR Cryptol. ePrint Arch..

[8]  Chris Clifton,et al.  Differential identifiability , 2012, KDD.

[9]  Yang Xiang,et al.  On learning cluster coefficient of private networks , 2012, 2012 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining.

[10]  Kamalika Chaudhuri,et al.  Privacy-preserving logistic regression , 2008, NIPS.

[11]  Frank McSherry,et al.  Privacy integrated queries: an extensible platform for privacy-preserving data analysis , 2009, SIGMOD Conference.

[12]  Leting Wu,et al.  Differential Privacy Preserving Spectral Graph Analysis , 2013, PAKDD.

[13]  Rebecca N. Wright,et al.  A Differentially Private Graph Estimator , 2009, 2009 IEEE International Conference on Data Mining Workshops.

[14]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[15]  David D. Jensen,et al.  Accurate Estimation of the Degree Distribution of Private Networks , 2009, 2009 Ninth IEEE International Conference on Data Mining.

[16]  Ilya Mironov,et al.  Differentially private recommender systems , 2009 .

[17]  Cynthia Dwork,et al.  Privacy, accuracy, and consistency too: a holistic solution to contingency table release , 2007, PODS.

[18]  Yin Yang,et al.  Functional Mechanism: Regression Analysis under Differential Privacy , 2012, Proc. VLDB Endow..

[19]  Ashwin Machanavajjhala,et al.  No free lunch in data privacy , 2011, SIGMOD '11.

[20]  Ben Y. Zhao,et al.  Sharing graphs using differentially private graph models , 2011, IMC '11.

[21]  Xiaowei Ying,et al.  On Linear Refinement of Differential Privacy-Preserving Query Answering , 2013, PAKDD.

[22]  Xintao Wu,et al.  Preserving Differential Privacy in Degree-Correlation based Graph Generation , 2013, Trans. Data Priv..

[23]  Salil P. Vadhan,et al.  Theory of Cryptography , 2016, Lecture Notes in Computer Science.

[24]  Graham Cormode,et al.  Personal privacy vs population privacy: learning to attack anonymization , 2011, KDD.

[25]  Somesh Jha,et al.  Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing , 2014, USENIX Security Symposium.