A differential privacy framework for matrix factorization recommender systems

Recommender systems rely on personal information about user behavior for the recommendation generation purposes. Thus, they inherently have the potential to hamper user privacy and disclose sensitive information. Several works studied how neighborhood-based recommendation methods can incorporate user privacy protection. However, privacy preserving latent factor models, in particular, those represented by matrix factorization techniques, the state-of-the-art in recommender systems, have received little attention. In this paper, we address the problem of privacy preserving matrix factorization by utilizing differential privacy, a rigorous and provable approach to privacy in statistical databases. We propose a generic framework and evaluate several ways, in which differential privacy can be applied to matrix factorization. By doing so, we specifically address the privacy-accuracy trade-off offered by each of the algorithms. We show that, of all the algorithms considered, input perturbation results in the best recommendation accuracy, while guaranteeing a solid level of privacy protection against attacks that aim to gain knowledge about either specific user ratings or even the existence of these ratings. Our analysis additionally highlights the system aspects that should be addressed when applying differential privacy in practice, and when considering potential privacy preserving solutions.

[1]  T. Graepel,et al.  Private traits and attributes are predictable from digital records of human behavior , 2013, Proceedings of the National Academy of Sciences.

[2]  Alan Said,et al.  Challenge on context-aware movie recommendation: CAMRa2011 , 2011, RecSys '11.

[3]  Ashwin Machanavajjhala,et al.  Principled Evaluation of Differentially Private Algorithms using DPBench , 2015, SIGMOD Conference.

[4]  Ashwin Machanavajjhala,et al.  Personalized Social Recommendations - Accurate or Private? , 2011, Proc. VLDB Endow..

[5]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[6]  Vitaly Shmatikov,et al.  2011 IEEE Symposium on Security and Privacy “You Might Also Like:” Privacy Risks of Collaborative Filtering , 2022 .

[7]  Ashwin Machanavajjhala,et al.  No free lunch in data privacy , 2011, SIGMOD '11.

[8]  Roksana Boreli,et al.  Applying Differential Privacy to Matrix Factorization , 2015, RecSys.

[9]  Pieter H. Hartel,et al.  Privacy in Recommender Systems , 2013, Social Media Retrieval.

[10]  C. Dwork,et al.  Differential Privacy – A Primer for the Perplexed , 2011 .

[11]  Willi Klösgen Anonymization Techniques for Knowledge Discovery in Databases , 1995, KDD.

[12]  Yehuda Koren,et al.  Advances in Collaborative Filtering , 2011, Recommender Systems Handbook.

[13]  Kris Vanhecke,et al.  Privacy Aspects of Recommender Systems , 2015, Recommender Systems Handbook.

[14]  Kunal Talwar,et al.  On the geometry of differential privacy , 2009, STOC '10.

[15]  Ilya Mironov,et al.  Differentially private recommender systems: building privacy into the net , 2009, KDD.

[16]  Assaf Schuster,et al.  Data mining with differential privacy , 2010, KDD.

[17]  John F. Canny,et al.  Collaborative filtering with privacy , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[18]  George Karypis,et al.  A Comprehensive Survey of Neighborhood-based Recommendation Methods , 2011, Recommender Systems Handbook.

[19]  Adam D. Smith,et al.  Discovering frequent patterns in sensitive data , 2010, KDD.

[20]  Patrick Seemann,et al.  Matrix Factorization Techniques for Recommender Systems , 2014 .

[21]  F. Maxwell Harper,et al.  The MovieLens Datasets: History and Context , 2016, TIIS.

[22]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[23]  Alfred Kobsa,et al.  Privacy-Enhanced Web Personalization , 2007, The Adaptive Web.

[24]  Stratis Ioannidis,et al.  BlurMe: inferring and obfuscating user gender based on ratings , 2012, RecSys.

[25]  George Karypis,et al.  A Comprehensive Survey of Neighborhood-based Recommendation Methods , 2011, Recommender Systems Handbook.

[26]  Stratis Ioannidis,et al.  Privacy-preserving matrix factorization , 2013, CCS.

[27]  David Vallet,et al.  Matrix Factorization without User Data Retention , 2014, PAKDD.

[28]  Ting Li,et al.  Willing to pay for quality personalization? Trade-off between quality and privacy , 2012, Eur. J. Inf. Syst..

[29]  Anand D. Sarwate,et al.  Differentially Private Empirical Risk Minimization , 2009, J. Mach. Learn. Res..

[30]  Lior Rokach,et al.  Introduction to Recommender Systems Handbook , 2011, Recommender Systems Handbook.

[31]  S. Berkovsky Hierarchical Neighborhood Topology for Privacy Enhanced Collaborative Filtering , 2006 .

[32]  Douglas M. Blough,et al.  Privacy Preserving Collaborative Filtering Using Data Obfuscation , 2007, 2007 IEEE International Conference on Granular Computing (GRC 2007).

[33]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[34]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[35]  Úlfar Erlingsson,et al.  RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response , 2014, CCS.

[36]  John Riedl,et al.  Do You Trust Your Recommendations? An Exploration of Security and Privacy Issues in Recommender Systems , 2006, ETRICS.

[37]  Huseyin Polat,et al.  Robustness analysis of privacy-preserving model-based recommendation schemes , 2014, Expert Syst. Appl..

[38]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[39]  Tsvi Kuflik,et al.  The impact of data obfuscation on the accuracy of collaborative filtering , 2012, Expert Syst. Appl..

[40]  Xu Sun,et al.  Averaged Stochastic Gradient Descent with Feedback: An Accurate, Robust, and Fast Training Method , 2010, 2010 IEEE International Conference on Data Mining.

[41]  John Riedl,et al.  Analysis of recommendation algorithms for e-commerce , 2000, EC '00.

[42]  Wenliang Du,et al.  Achieving Private Recommendations Using Randomized Response Techniques , 2006, PAKDD.

[43]  Zunping Cheng,et al.  Trading Robustness for Privacy in Decentralized Recommender Systems , 2009, IAAI.

[44]  BerkovskyShlomo,et al.  A differential privacy framework for matrix factorization recommender systems , 2016 .

[45]  Dennis M. Wilkinson,et al.  Large-Scale Parallel Collaborative Filtering for the Netflix Prize , 2008, AAIM.