User-Driven Synthetic Dataset Generation With Quantifiable Differential Privacy

Abstract

Recently, releasing data to a third party for secondary analysis has become a trend of service computing. However, data owners are concerned that such a move may expose individuals' records, which is in violation of regulations such as the European Union's General Data Protection Regulation. Differential privacy has been proposed as a possible solution to the aforementioned problem. The privacy budget <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$\varepsilon$</tex-math></inline-formula> in differential privacy is for theoretical interpretation, but in practice, its application in measuring the risk of data disclosure has not been well studied, especially with sampling-based synthetic datasets. Moreover, datasets released by data owners with quantifiable privacy levels and the explicit utility for these datasets have yet to be well developed. In this paper, we present an intuitive approach for defining the privacy level ( <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$i.e.$</tex-math></inline-formula> , data hit rate and <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$k$</tex-math></inline-formula> -level) and utility level ( <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$i.e.$</tex-math></inline-formula> , basic statistics and a series of data mining models), and the privacy budget <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$\varepsilon$</tex-math></inline-formula> is quantified for evaluating the risk and utility of private data. In addition, we propose two user-driven synthetic dataset hunting methods to generate a synthetic dataset with the specified privacy objective, enabling the data owner ( <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$e.g.$</tex-math></inline-formula> , the government and financial companies) to understand the possible privacy risk and thereby release datasets with confirmed privacy level. To the best of our knowledge, this is the first method that allows data providers to automatically generate synthetic datasets with a quantifiable privacy level for the service of open data.