E-differential Privacy Research Articles

Privacy-Preserving Federated Learning-Based Intrusion Detection System for IoHT Devices

In recent years, Internet of Healthcare Things (IoHT) devices have attracted significant attention from computer scientists, healthcare professionals, and patients. These devices enable patients, especially in areas without access to hospitals, to easily record and transmit their health data to medical staff via the Internet. However, the analysis of sensitive health information necessitates a secure environment to safeguard patient privacy. Given the sensitivity of healthcare data, ensuring security and privacy is crucial in this sector. Federated learning (FL) provides a solution by enabling collaborative model training without sharing sensitive health data with third parties. Despite FL addressing some privacy concerns, the privacy of IoHT data remains an area needing further development. In this paper, we propose a privacy-preserving federated learning framework to enhance the privacy of IoHT data. Our approach integrates federated learning with ϵ-differential privacy to design an effective and secure intrusion detection system (IDS) for identifying cyberattacks on the network traffic of IoHT devices. In our FL-based framework, SECIoHT-FL, we employ deep neural network (DNN) including convolutional neural network (CNN) models. We assess the performance of the SECIoHT-FL framework using metrics such as accuracy, precision, recall, F1-score, and privacy budget (ϵ). The results confirm the efficacy and efficiency of the framework. For instance, the proposed CNN model within SECIoHT-FL achieved an accuracy of 95.48% and a privacy budget (ϵ) of 0.34 when detecting attacks on one of the datasets used in the experiments. To facilitate the understanding of the models and the reproduction of the experiments, we provide the explainability of the results by using SHAP and share the source code of the framework publicly as free and open-source software.

Differentially private recommender framework with Dual semi-Autoencoder

To provide much better recommendation service, traditional recommender systems collect a large amount of user information, which, if obtained and analyzed maliciously, can cause incalculable damage to users. Therefore, differential privacy techniques, such as noise injection, have been widely introduced into recommender systems to safeguard users’ sensitive information. However, the introduction of privacy noise will lead to a degradation in recommendation quality. Hence, it is pragmatic to design a system that can furnish high quality recommendation and ensure privacy guarantee. In this article, we design a novel Differentially private recommender system with Dual Semi-Autoencoder recommender framework referred to as DP-DAE, which aims to improve the quality of recommendation while protecting user privacy. Specifically, DP-DAE is a hybrid framework of dual autoencoder and matrix factorization, which can effectively reduce data dimensionality to extract intricate features. In practice, to prevent potential privacy leaks, the differential privacy mechanism is incorporated into DP-DAE via introducing extra noise. Moreover, theoretical analysis certificates that DP-DAE satisfies ϵ-differential privacy. We do the experimental evaluation for DP-DAE over FilmTrust, Movielens-1M and Movielens-10M. The experimental results indicate that DP-DAE can provide privacy protection as well as high performance in recommendation tasks.

Density-based clustering with differential privacy

In recent years, differentially private clustering has received increasing attention. However, most existing differentially private clustering algorithms cannot achieve better results when handling non-convex datasets. To enhance knowledge extraction from data while protecting users' sensitive information, we propose a density-based clustering algorithm with differential privacy. Specifically, we incorporate differential privacy mechanisms into the density-based clustering paradigm to enhance the effectiveness of differentially private clustering on non-convex datasets. Firstly, to avoid privacy leakage, we employ the Laplace mechanism for inject noise into the density during the density estimation stage. Then, we design a privacy budget allocation scheme in the cluster expansion stage to make it harder for attackers to access private information. Theoretical analysis demonstrates that our algorithm satisfies ϵ-differential privacy. Experimental outcomes in synthetic and real-world datasets show that our introduced algorithm can obtain high-quality clustering results when dealing with non-convex datasets. In the approximation experiments, it is evident that our algorithm outperforms others in terms of approximation.

Differential Privacy-Preserving IoT Data Sharing Through Enhanced PSO

ABSTRACT With the proliferation of Internet of Things (IoT) devices and the generation of massive amounts of sensitive data, preserving privacy while enabling data sharing has become a critical concern. In this research, we propose a novel approach for achieving differential privacy in IoT data sharing through an improved Particle Swarm Optimization (PSO) algorithm. Our objective is to find the optimal configuration of privacy-preserving mechanisms that maximizes privacy while maintaining data utility. The research begins with a comprehensive overview of differential privacy in IoT data sharing, highlighting the limitations of existing optimization algorithms. We then present our proposed improvements to the traditional PSO algorithm, including the design of a suitable fitness function, the use of a dynamic inertia weight, exploration of different neighborhood topologies, and adaptive acceleration coefficients. We define a set of performance metrics, including privacy metrics (e.g. ε-differential privacy parameter) and utility measures (e.g. accuracy, utility loss), to assess the algorithm’s effectiveness. The results of our experiments demonstrate that the improved PSO algorithm achieves higher privacy guarantees while maintaining competitive levels of data utility compared to existing approaches. The proposed algorithm exhibits faster convergence, better exploration of the search space, and improved scalability. Our research contributes to the field of privacy-preserving IoT data sharing by providing an efficient and effective optimization algorithm that enables secure and privacy-aware data sharing while facilitating valuable insights and analysis.

General inferential limits under differential and Pufferfish privacy

Differential privacy (DP) is a class of mathematical standards for assessing the privacy provided by a data-release mechanism. This work concerns two important flavors of DP that are related yet conceptually distinct: pure ε-differential privacy (ε-DP) and Pufferfish privacy. We restate ε-DP and Pufferfish privacy as Lipschitz continuity conditions and provide their formulations in terms of an object from the imprecise probability literature: the interval of measures. We use these formulations to derive limits on key quantities in frequentist hypothesis testing and in Bayesian inference using data that are sanitised according to either of these two privacy standards. Under very mild conditions, the results in this work are valid for arbitrary parameters, priors and data generating models. These bounds are weaker than those attainable when analysing specific data generating models or data-release mechanisms. However, they provide generally applicable limits on the ability to learn from differentially private data – even when the analyst's knowledge of the model or mechanism is limited. They also shed light on the semantic interpretations of the two DP flavors under examination, a subject of contention in the current literature.1

A Quality-Aware and Obfuscation-Based Data Collection Scheme for Cyber-Physical Metaverse Systems

In pursuit of an immersive virtual experience within the Cyber-Physical Metaverse Systems (CPMS), the construction of Avatars often requires a significant amount of real-world data. Mobile Crowd Sensing (MCS) has emerged as an efficient method for collecting data for CPMS. While progress has been made in protecting the privacy of workers, little attention has been given to safeguarding task privacy, potentially exposing the intentions of applications and posing risks to the development of the Metaverse. Additionally, existing privacy protection schemes hinder the exchange of information among entities, inadvertently compromising the quality of the collected data. To this end, we propose a Quality-aware and Obfuscation-based Task Privacy-Preserving (QOTPP) scheme, which protects task privacy and enhances data quality without third-party involvement. The QOTPP scheme initially employs the insight of “showing the fake, and hiding the real” by employing differential privacy techniques to create fake tasks and conceal genuine ones. Additionally, we introduce a two-tier truth discovery mechanism using Deep Matrix Factorization (DMF) to efficiently identify high-quality workers. Furthermore, we propose a Combinatorial Multi-Armed Bandit (CMAB)-based worker incentive and selection mechanism to improve the quality of data collection. Theoretical analysis confirms that our QOTPP scheme satisfies essential properties such as truthfulness, individual rationality, and ϵ-differential privacy. Extensive simulation experiments validate the state-of-the-art performance achieved by QOTPP.

Privacy-preserving federated discovery of DNA motifs with differential privacy

DNA sequence motif discovery is an important issue in gene research, which helps identify transcription factor binding sites in DNA sequences to reveal the mechanisms that regulate gene expression. However, the growing awareness of privacy protection and increasingly stringent regulations pose challenges to data collection and usage. This paper proposes DP-FLMD, a privacy-preserving federated framework for discovering DNA sequence motifs. We employ federated learning, allowing participants to store their raw data locally and upload only selected parameters to protect data privacy. Nevertheless, privacy concerns still persist, as these participant parameters may potentially compromise their privacy to some extent. To enhance privacy protection, we incorporate a differential privacy algorithm to add noise to these parameters. Additionally, we verify that the method satisfies ϵ-differential privacy through theoretical analysis. Extensive experiments are performed on six datasets, demonstrating that DP-FLMD achieves a good trade-off between privacy and utility. Besides, we investigate the effect of parameters on DP-FLMD. In the future, our research will focus on exploring enhanced privacy protection mechanisms, expanding the scope of framework applications, and further optimizing the trade-off between privacy and utility.

An Efficient and Differential Privacy-Based Scheme for Aggregating Mobility Datasets

Mobile smart devices, such as mobile phones, wearable devices, and in-vehicle navigation systems, bring us convenience and have become necessities in modern daily life. The built-in global positioning system (GPS) of these mobile devices collects the users’ mobility data to support path planning, navigation and other location-related applications, which also inevitably causes privacy issues. Previous research has shown that employing count-min sketch (CMS) to aggregate mobility datasets is a valid privacy-preserving method for resisting the reconstruction attack on population distributions. However, as the utility/accessibility of the protected datasets is excessively correlated with the size of CMS, decreasing the data transmission cost has become an unsolved issue of that approach. In this paper, we propose an efficient scheme with differential privacy to protect mobility datasets, which releases the privacy-preserving population distributions and achieves better utility as well as a much smaller data transmission cost compared to the CMS-based method. Our proposed scheme is comprised of two collaborative components, global sketch and temporal sketch. The global sketch is responsible for aggregating the raw mobility data and decreasing the data transmission cost, while the temporal sketch is in charge of guaranteeing the utility of the population distributions aggregated by the global sketch. Besides, to enhance the privacy preservation, we employ the Laplace mechanism to make the transmitted data satisfy ϵ-differential privacy. Through our analysis and empirical experiments, compared to the other three state-of-the-art privacy-preserving methods on mobility datasets, our scheme could preserve the privacy of the mobility datasets with much less data transmission cost under the same utility loss.

Universal optimality and robust utility bounds for metric differential privacy1

We study the privacy-utility trade-off in the context of metric differential privacy. Ghosh et al. introduced the idea of universal optimality to characterise the “best” mechanism for a certain query that simultaneously satisfies (a fixed) ε-differential privacy constraint whilst at the same time providing better utility compared to any other ε-differentially private mechanism for the same query. They showed that the Geometric mechanism is universally optimal for the class of counting queries. On the other hand, Brenner and Nissim showed that outside the space of counting queries, and for the Bayes risk loss function, no such universally optimal mechanisms exist. Except for the universal optimality of the Laplace mechanism, there have been no generalisations of these universally optimal results to other classes of differentially-private mechanisms. In this paper, we use metric differential privacy and quantitative information flow as the fundamental principle for studying universal optimality. Metric differential privacy is a generalisation of both standard (i.e., central) differential privacy and local differential privacy, and it is increasingly being used in various application domains, for instance in location privacy and in privacy-preserving machine learning. Similar to the approaches adopted by Ghosh et al. and Brenner and Nissim, we measure utility in terms of loss functions, and we interpret the notion of a privacy mechanism as an information-theoretic channel satisfying constraints defined by ε-differential privacy and a metric meaningful to the underlying state space. Using this framework we are able to clarify Nissim and Brenner’s negative results by (a) that in fact all privacy types contain optimal mechanisms relative to certain kinds of non-trivial loss functions, and (b) extending and generalising their negative results beyond Bayes risk specifically to a wide class of non-trivial loss functions. Our exploration suggests that universally optimal mechanisms are indeed rare within privacy types. We therefore propose weaker universal benchmarks of utility called privacy type capacities. We show that such capacities always exist and can be computed using a convex optimisation algorithm. Further, we illustrate these ideas on a selection of examples with several different underlying metrics.

Distributed online bandit linear regressions with differential privacy

This paper addresses the distributed online bandit linear regression problems with privacy protection, in which the training data are spread in a multi-agent network. Each node identifies a linear predictor to fit the training data and experiences a square loss on each round. The purpose is to minimize the regret that assesses the difference of the accumulated loss between the online linear predictor and the optimal offline linear predictor. Moreover, the differential privacy strategy is adopted to prevent the adversary from inferring the parameter vector of any node. Two efficient differentially private distributed online regression algorithms are developed in the cases of one-point and two-point bandit feedback. Our analysis suggests that the developed algorithms achieve ϵ-differential privacy and establish the regret upper bounds in O(K3/4) and O(K) for one-point and two-point bandit feedback, respectively, where K is the time horizon. We also show that there exists a tradeoff between our algorithms’ privacy level and convergence. Finally, the performance of the proposed algorithms is validated by a numerical example.

Optimizing Error of High-Dimensional Statistical Queries Under Differential Privacy

In this work we describe the High-Dimensional Matrix Mechanism (HDMM),a differentially private algorithm for answering a workload of predicate counting queries. HDMM represents query workloads using a compact implicit matrix representation and exploits this representation to efficiently optimize over (a subset of) the space of differentially private algorithms for one that is unbiased and answers the input query workload with low expected error. HDMM can be deployed for both ϵ-differential privacy (with Laplace noise) and (ϵ, δ)-differential privacy (with Gaussian noise), although the core techniques are slightly different for each. We demonstrate empirically that HDMM can efficiently answer queries with lower expected error than state-of-the-art techniques, and in some cases, it nearly matches existing lower bounds for the particular class of mechanisms we consider.

Gradient-tracking based differentially private distributed optimization with enhanced optimization accuracy

Privacy protection has become an increasingly pressing requirement in distributed optimization. However, equipping distributed optimization with differential privacy, the state-of-the-art privacy protection mechanism, will unavoidably compromise optimization accuracy. In this paper, we propose an algorithm to achieve rigorous ϵ-differential privacy in gradient-tracking based distributed optimization with enhanced optimization accuracy. More specifically, to suppress the influence of differential-privacy noise, we propose a new robust gradient-tracking based distributed optimization algorithm that allows both stepsize and the variance of injected noise to vary with time. Then, we establish a new analyzing approach that can characterize the convergence of the gradient-tracking based algorithm under both constant and time-varying stepsizes. To our knowledge, this is the first analyzing framework that can treat gradient-tracking based distributed optimization under both constant and time-varying stepsizes in a unified manner. More importantly, the new analyzing approach gives a much less conservative analytical bound on the stepsize compared with existing proof techniques for gradient-tracking based distributed optimization. We also theoretically characterize the influence of differential-privacy design on the accuracy of distributed optimization, which reveals that inter-agent interaction has a significant impact on the final optimization accuracy. Numerical simulation results confirm the theoretical predictions.

Contextual Linear Types for Differential Privacy

Language support for differentially private programming is both crucial and delicate. While elaborate program logics can be very expressive, type-system-based approaches using linear types tend to be more lightweight and amenable to automatic checking and inference, and in particular in the presence of higher-order programming. Since the seminal design of Fuzz , which is restricted to ϵ-differential privacy in its original design, significant progress has been made to support more advanced variants of differential privacy, like (ϵ, δ )-differential privacy. However, supporting these advanced privacy variants while also supporting higher-order programming in full has proven to be challenging. We present Jazz , a language and type system that uses linear types and latent contextual effects to support both advanced variants of differential privacy and higher-order programming. Latent contextual effects allow delaying the payment of effects for connectives such as products, sums, and functions, yielding advantages in terms of precision of the analysis and annotation burden upon elimination, as well as modularity. We formalize the core of Jazz , prove it sound for privacy via a logical relation for metric preservation, and illustrate its expressive power through a number of case studies drawn from the recent differential privacy literature.

A Symmetry Histogram Publishing Method Based on Differential Privacy

The differential privacy histogram publishing method based on grouping cannot balance the grouping reconstruction error and Laplace noise error, resulting in insufficient histogram publishing accuracy. To address this problem, we propose a symmetric histogram publishing method DPHR (differential privacy histogram released). Firstly, the algorithm uses the exponential mechanism to sort the counting of the original histogram bucket globally to improve the grouping accuracy; secondly, we propose an optimal dynamic symmetric programming grouping algorithm based on the global minimum error, which uses the global minimum error as the error evaluation function based on the ordered histogram. This way, we can achieve a global grouping of the optimal error balance while balancing the reconstruction and Laplace errors. Experiments show that this method effectively reduces the cumulative error between the published histogram and the original histogram under long-range counting queries based on satisfying ε-differential privacy and improves the usability of the published histogram data.

Distributed dynamic online learning with differential privacy via path-length measurement

Dynamic online learning has been given great concerns as real-time and non-stationary systems develop and it can be used for solving many practical sequential decision problems like dynamic recommendation systems for online advertisement. Due to the large volume of big data in online learning, dynamic online learning is required to be deployed under the distributed framework where the communication among agents is time-varying and real-time. Meanwhile, since the information sharing among agents is vulnerable to interception by the adversary, the privacy protection problem is significant, but to the best of our knowledge, this work is the first to consider privacy-preserving distributed online learning under dynamic circumstances. Specifically, based on a differentially private distributed online gradient descent algorithm, we minimize the regret of the network. Moreover, via the rigorous mathematical analysis, we achieve the sublinear regret bound under ϵ-differential privacy, that is, we respectively obtain O(T+VT) and O(log⁡T+VT) for convex and strongly convex function, where T is the time horizon and the path-length VT reflects the variation of the minimizer sequence. The experiments performed on the real datasets validate that the presented algorithm achieves acceptable optimization performance even when privacy protection is relatively strict.

ε-Differential Privacy, and a Two Step

ε-Differential Privacy, and a Two Step

Quantitative Information Flow Techniques for Studying Optimality in Differential Privacy

Universal optimality for differential privacy seeks to characterise the "best" mechanisms, which are the ones that provide the most utility to some class of consumers whilst simultaneously satisfying a fixed ε-differential privacy constraint. The study of universal optimality was initiated in 2009 in two important papers: the first by Ghosh et al., who discovered a universally optimal mechanism for a large class of consumers within the differential privacy constraint context of "counting queries" on statistical datasets; the second by Brenner and Nissim who found that outside of this context, no such universally optimal mechanisms exist. Since those remarkable results, there have been few advances in this field. In this article we detail some recent work which sheds new light on these results using Quantitative Information Flow (QIF), a mathematical framework for quantifying information leaks under a Bayesian adversarial model. Using standard QIF reasoning we show how the earlier results can be both generalised and extended, opening up new avenues for exploring optimality in a wide variety of differential privacy contexts.

Security and Privacy Column

Differential privacy is nowadays considered the "gold standard" when releasing information, e.g., statistics, on sensitive data. To avoid leaking too much sensitive data noise-adding mechanisms may be used. ϵ-differential privacy measures the amount of privacy ϵ that such a mechanism ensures. Of course, adding too much noise results into useless, random information, while adding not enough may lead to privacy violations. This problem is known as the privacy-utility trade-off and raises a natural optimality question: how can we maximise utility for a given amount of privacy ϵ.

A Differential Privacy Budget Allocation Algorithm Based on Out-of-Bag Estimation in Random Forest

The issue of how to improve the usability of data publishing under differential privacy has become one of the top questions in the field of machine learning privacy protection, and the key to solving this problem is to allocate a reasonable privacy protection budget. To solve this problem, we design a privacy budget allocation algorithm based on out-of-bag estimation in random forest. The algorithm firstly calculates the decision tree weights and feature weights by the out-of-bag data under differential privacy protection. Secondly, statistical methods are introduced to classify features into best feature set, pruned feature set, and removable feature set. Then, pruning is performed using the pruned feature set to avoid decision trees over-fitting when constructing an ϵ-differential privacy random forest. Finally, the privacy budget is allocated proportionally based on the decision tree weights and feature weights in the random forest. We conducted experimental comparisons with real data sets from Adult and Mushroom to demonstrate that this algorithm not only protects data security and privacy, but also improves model classification accuracy and data availability.

Privacy-Preserving Statistical Analysis of Genomic Data Using Compressive Mechanism with Haar Wavelet Transform.

To promote the use of personal genome information in medicine, it is important to analyze the relationship between diseases and the human genomes. Therefore, statistical analysis using genomic data is often conducted, but there is a privacy concern with respect to releasing the statistics as they are. Existing methods to address this problem using the concept of differential privacy cannot provide accurate outputs under strong privacy guarantees, making them less practical. In this study, for the first time, we investigate the application of a compressive mechanism to genomic statistical data and propose two approaches. The first is to apply the normal compressive mechanism to the statistics vector along with an algorithm to determine the number of nonzero entries in a sparse representation. The second is to alter the mechanism based on the data, aiming to release significant single nucleotide polymorphisms with a high probability. In this algorithm, we apply the compressive mechanism with the input as a sparse vector for significant data and the Laplace mechanism for nonsignificant data. By using the Haar wavelet transform for the compressive mechanism, we can determine the number of nonzero elements and the amount of noise. In addition, we give theoretical guarantees that our proposed methods achieve ϵ-differential privacy. We evaluated our methods in terms of accuracy and rank error compared with the Laplace and exponential mechanisms. The results show that our second method in particular can guarantee high privacy assurance as well as utility.