Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2,...
Transcript of Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2,...
![Page 1: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/1.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Dependence Makes You Vulnerable: DifferentialPrivacy Under Dependent Tuples
Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1
Email: 1{cl12, pmittal}@princeton.edu, [email protected],1 Princeton University, 2IBM T.J. Watson Research Center
February 23, 2016
1 / 21
![Page 2: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/2.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Data Privacy
• Privacy is important!
- Snowden case- G20 summit breach- iCloud photo breach· · ·
2 / 21
![Page 3: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/3.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Direct Release Data Would Compromise Privacy!
Individuals Data Provider
Raw Data
Applications Researchers
Data Recipients
Query Results
3 / 21
![Page 4: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/4.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Direct Release Data Would Compromise Privacy!
Individuals Data Provider
Raw Data
Data Recipients
Query Results
3 / 21
![Page 5: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/5.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Obfuscate Data before Release to Protect Privacy
Individuals Data Provider
Raw DataData
Obfuscation
Applications Researchers
Data Recipients
Query Results
Perturbed
Query Results
3 / 21
![Page 6: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/6.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Existing Privacy Metrics
– Differential Privacy [ICALP ’06]
– Pufferfish Privacy [PODS ’12]
– Membership Privacy [CCS ’13]
– Blowfish Privacy [SIGMOD ’14]
4 / 21
![Page 7: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/7.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
ε-Differential Privacy (DP)
D
D¢
Neighboring Databases
The adversary’s ability to infer the individual’s information is bounded!
5 / 21
![Page 8: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/8.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
ε-Differential Privacy (DP)
D
D¢
Neighboring
Databases
Differential Privacy requires:
The adversary’s ability to infer the individual’s information is bounded!
5 / 21
![Page 9: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/9.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
ε-Differential Privacy (DP)
D
D¢
Probability
S Query Output
Neighboring
Databases
Differential Privacy requires:
The adversary’s ability to infer the individual’s information is bounded!
5 / 21
![Page 10: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/10.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Laplace Perturbation Mechanism
S
noise
( )Q D
( ) 1, ~ exppQ
eæ ö= -ç ÷
Dè ø
xb b x
( )( )D Q D= +b( )D Q D( )( )D Q DD Q D
Raw Data
ε is the privacy budgetQ is the query function∆Q is the global sensitivity of Q: maxD,D′‖Q(D)−Q(D′)‖1
6 / 21
![Page 11: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/11.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Limitations for Differential Privacy (DP) Mechanisms
Implicitly assume independent tuples
7 / 21
![Page 12: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/12.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Limitations for Differential Privacy (DP) Mechanisms
In reality, however, tuples are correlated
• large volume• rich semantics• complex structure
8 / 21
![Page 13: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/13.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Data correlation exists almost everywhere
(a) social network data (b) business data
(c) mobility data (d) medical data
9 / 21
![Page 14: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/14.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Data correlation exists almost everywhere
(a) social network data (b) business data
(c) mobility data (d) medical data
friendships
interactions
9 / 21
![Page 15: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/15.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Data correlation exists almost everywhere
(a) social network data (b) business data
(c) mobility data (d) medical data
friendships
interactions
financial
transactions
9 / 21
![Page 16: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/16.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Data correlation exists almost everywhere
(a) social network data (b) business data
(c) mobility data (d) medical data
friendships
interactions
financial
transactions
communication
records
9 / 21
![Page 17: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/17.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Data correlation exists almost everywhere
(a) social network data (b) business data
(c) mobility data (d) medical data
friendships
interactions
financial
transactions
communication
recordsdisease
transmission
9 / 21
![Page 18: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/18.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Our Objective
Incorporate correlated data in differential privacy
10 / 21
![Page 19: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/19.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Inference Attack for DP based on Correlated TuplesDependent Differential Privacy (DDP)Experimental Results
Differential Privacy under Dependent DataInference Attack for DP based on Correlated TuplesDependent Differential Privacy (DDP)Experimental Results
10 / 21
![Page 20: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/20.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Inference Attack for DP based on Correlated TuplesDependent Differential Privacy (DDP)Experimental Results
Correlation in Gowalla Location Dataset
Gowalla location dataset: 6,969 users, 98,802 location recordsGowalla social dataset: 6,969 users, 47,502 edges
Manhattan, NewYork
Queens, NewYork
Brooklyn, NewYork
San Jose, San Francisco
Pasadena, Los Angeles
Long Beach, Los Angeles
Beverly Hills, Los Angeles
Oakland, San Francisco
11 / 21
![Page 21: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/21.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Inference Attack for DP based on Correlated TuplesDependent Differential Privacy (DDP)Experimental Results
Inference Attack on DP via K-Means Query
Differentially Private K -means for Gowalla Location Dataset
Individuals Data Provider
Raw DataK-means
Clustering
Data Recipients
Differentially Private
K-means Clustering
Perturbation
Inference Attack
12 / 21
![Page 22: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/22.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Inference Attack for DP based on Correlated TuplesDependent Differential Privacy (DDP)Experimental Results
Inference Attack
Social
RelationshipsInference Attack
Check-in
Community
13 / 21
![Page 23: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/23.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Inference Attack for DP based on Correlated TuplesDependent Differential Privacy (DDP)Experimental Results
Inference results by using correlation
0 0.5 1 1.5 2 2.5 30
2
4
6
8
Privacy Budget ε
Lea
ked
In
form
atio
n
with social relationships
w/o social relationships
security guarantee by DP
Exploiting correlation, one can infer more information!Exploiting correlation can break DP security guarantees!
14 / 21
![Page 24: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/24.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Inference Attack for DP based on Correlated TuplesDependent Differential Privacy (DDP)Experimental Results
Inference results by using correlation
0 0.5 1 1.5 2 2.5 30
2
4
6
8
Privacy Budget ε
Lea
ked
In
form
atio
n
with social relationships
w/o social relationships
security guarantee by DP
Exploiting correlation, one can infer more information!Exploiting correlation can break DP security guarantees!
14 / 21
![Page 25: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/25.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Inference Attack for DP based on Correlated TuplesDependent Differential Privacy (DDP)Experimental Results
Differential Privacy under Dependent DataInference Attack for DP based on Correlated TuplesDependent Differential Privacy (DDP)Experimental Results
14 / 21
![Page 26: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/26.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Inference Attack for DP based on Correlated TuplesDependent Differential Privacy (DDP)Experimental Results
ε-Dependent Differential Privacy (DDP)
Neighboring Databases
•R is probabilistic dependence relationship among the L dependent tuples•The adversary’s ability to infer the individual’s information is boundedeven if the adversary has access to data correlation R.
15 / 21
![Page 27: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/27.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Inference Attack for DP based on Correlated TuplesDependent Differential Privacy (DDP)Experimental Results
ε-Dependent Differential Privacy (DDP)
Neighboring
Databases
Dependent Differential
Privacy requires:
•R is probabilistic dependence relationship among the L dependent tuples•The adversary’s ability to infer the individual’s information is boundedeven if the adversary has access to data correlation R.
15 / 21
![Page 28: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/28.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Inference Attack for DP based on Correlated TuplesDependent Differential Privacy (DDP)Experimental Results
ε-Dependent Differential Privacy (DDP)
Probability
S Query Output
Neighboring
Databases
Dependent Differential
Privacy requires:
•R is probabilistic dependence relationship among the L dependent tuples•The adversary’s ability to infer the individual’s information is boundedeven if the adversary has access to data correlation R.
15 / 21
![Page 29: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/29.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Inference Attack for DP based on Correlated TuplesDependent Differential Privacy (DDP)Experimental Results
Dependent Perturbation Mechanism
• Augment conventional LPM with additional noise relevant to ρij
• Dependent coefficient ρij
− extent of dependence of Dj on the modification of Di
16 / 21
![Page 30: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/30.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Inference Attack for DP based on Correlated TuplesDependent Differential Privacy (DDP)Experimental Results
Dependent Coefficient
Laplace noise in dependent perturbation mechanism
exp
{− ε
Sensitivityi + ρij ×Sensitivityj
}Dependent coefficient satisfies: 0≤ ρij ≤ 1
• ρij = 0: standard differential privacy (independent setting)
• ρij = 1: fully dependent setting
• ρij : formulate correlation from privacy perspective
17 / 21
![Page 31: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/31.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Inference Attack for DP based on Correlated TuplesDependent Differential Privacy (DDP)Experimental Results
Limitations of Dependent Coefficient
The exact computation of ρij
relies on knowledge of data generation model
18 / 21
![Page 32: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/32.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Inference Attack for DP based on Correlated TuplesDependent Differential Privacy (DDP)Experimental Results
Differential Privacy under Dependent DataInference Attack for DP based on Correlated TuplesDependent Differential Privacy (DDP)Experimental Results
18 / 21
![Page 33: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/33.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Inference Attack for DP based on Correlated TuplesDependent Differential Privacy (DDP)Experimental Results
Resilience to Inference Attack
0 0.5 1 1.5 2 2.5 30
2
4
6
8
Privacy Budget ε
Lea
ked
In
form
atio
n
attack DPattack DDP
DDP is more resilient to inference attack
19 / 21
![Page 34: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/34.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Inference Attack for DP based on Correlated TuplesDependent Differential Privacy (DDP)Experimental Results
Resilience to Inference Attack
0 0.5 1 1.5 2 2.5 30
2
4
6
8
Privacy Budget ε
Lea
ked
In
form
atio
n
attack DPattack DDP
DDP is more resilient to inference attack
19 / 21
![Page 35: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/35.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Inference Attack for DP based on Correlated TuplesDependent Differential Privacy (DDP)Experimental Results
Further Analysis and Experiments
• Composition Property
− Sequential/parallel composition property
• Theoretical utility analysis
• Different classes of queries
− Machine learning queries− Graph queries
20 / 21
![Page 36: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/36.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Conclusion and Future work
• Incorporate correlation into differential privacy
− Dependent differential privacy− More resilient to inference attack
• Alternative data generation models in the future work
21 / 21
![Page 37: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/37.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Appendix1: Dependence between tuples can seriouslydegrade the privacy guarantees provided by the existing DPmechanisms
QuerySum
,i jD Dé ùë û ( )1Lap e
Add noise Noisy ( )i jD D+
Independent
Privacy
Guarantee( )exp e
( )exp 1.5eDependent
i jD D^
Smaller means better privacy e
[ ]0.5 0.5
0,1
j i
i
D D X
D X
= +
and are i.i.d in
Privacy
Guarantee
21 / 21
![Page 38: Dependence Makes You Vulnerable: Differential Privacy ... · Changchang Liu1, Supriyo Chakraborty2, Prateek Mittal1 Email: 1{cl12, pmittal}@princeton.edu, 2supriyo@us.ibm.com, 1 Princeton](https://reader034.fdocuments.us/reader034/viewer/2022042317/5f0639a97e708231d416ec9c/html5/thumbnails/38.jpg)
IntroductionDifferential Privacy under Dependent Data
Conclusion and Future Work
Appendix 2: Model to Compute Dependent Coefficient
Here, we consider to utilize the friend-based model to compute theprobabilistic dependence relationship, where a user’s location can beestimated by her friend’s location based on the distance between theirlocations. Specifically, the probability of a user j locating at dj whenher friend i is locating at di is
P(Dj = dj |Di = di) = a(‖dj −di‖1 + b)−c (1)
where a > 0,b > 0,c > 0.
21 / 21