Privacy-preserving Data Mining

Transcription

1 Privacy-preserving Data Mining What is [data] privacy? Privacy and Data Mining Privacy-preserving Data mining: main approaches Anonymization Obfuscation Cryptographic hiding Challenges Definition of privacy Mining mobile data Mining medical data Privacy Freedom to be left alone ability to control who knows what about us [Westin; Moor] [=database views] Jeopardized with the Internet greased data Moral obligation for the community to find solutions

2 Privacy and data mining Individual Privacy Nobody should know more about any entity after the data mining than they did before Approaches: Data Obfuscation, Value swapping Organization Privacy Protect knowledge about a collection of entities Individual entity values are not disclosed to all parties The results alone need not violate privacy Contain no individually identifiable values Reflect overall results, not individual organizations The problem is computing the results without access to the data! 3 Basic ideas Camouflage Hiding obfuscation k-anonymity and cryptographic approaches 4

3 Why naïve anonymization does not work The [Sweeney 0] experiment purchased the voter registration list for Cambridge, MA 54,805 people 69% unique on postal code and birth date; 87% US-wide with all three Also, we do not know with what other data sources we may do oins in the future Solution: k-anonymization 5 Randomization Approach Overview Alice s age 30 70K K Add random number to Age 30 becomes 65 (30+35) Randomizer Reconstruct Distribution of Age Randomizer 65 0K K Reconstruct Distribution of Salary... Classification Algorithm Model 6 3

4 Reconstruction Problem Original values x, x,..., x n from probability distribution X (unknown) To hide these values, we use y, y,..., y n from probability distribution Y Given x +y, x +y,..., x n +y n the probability distribution of Y Estimate the probability distribution of X. 7 Intuition (Reconstruct single point) Use Bayes' rule for density functions 0 V 90 Age Original distribution for Age Probabilistic estimate of original value of V 8 4

5 Intuition (Reconstruct single point) Use Bayes' rule for density functions 0 V 90 Age Original Distribution for Age Probabilistic estimate of original value of V 9 Works well 00 Number of People Original Randomized Reconstructed Age 0 5

6 Recap: Why is privacy preserved? Cannot reconstruct individual values accurately. Can only reconstruct distributions. Naïve Bayes Classification Assumes independence between attributes. Decision Tree Correlations are weakened by randomization, not destroyed. 6

7 Decision Tree Example Age Salary Repeat Visitor? 3 50K Repeat 7 30K Repeat 43 40K Repeat 68 50K Single 3 70K Single 0 0K Repeat Yes Repeat Age < 5 Repeat Yes No Salary < 50K No Single 3 Decision Tree Experiments 00 00% Randomization Level 90 Accuracy Original Randomized Reconstructed Fn Fn Fn 3 Fn 4 Fn 5 4 7

8 Privacy Metric If, from perturbed data, the original value x can be estimated to lie between [x, x ] with c% confidence, then the privacy at c% confidence level is related to x - x Discretization Uniform Gaussian Issues 50% 0.5 x W 0.5 x α.34 x σ Confidence 95% 0.95 x W 0.95 x α 3.9 x σ 99.9% x W x α 6.8 x σ Example Salary 0K - 50K 95% Confidence 50% Privacy in Uniform α = 0.5*30K / 0.95 = 68K For very high privacy, discretization will lead to a poor model Gaussian provides more privacy at higher confidence levels 5 Association Rule Mining Algorithm [Agrawal et al. 993] L. = large -itemsets. for ( k = ; Lk φ; k + + ) do begin 3. C ( ) k = apriori gen Lk 4. for all candidates c C k do begin 5. compute c.count 6. end 7. Lk = { c Ck c. count min sup} 8. end 9. Return L = k L k c.count is the frequency count for a given itemset. Key issue: to compute the frequency count, we needs to access attributes that belong to different parties. 6 8

9 An Example c.count is the vector product. Let s use A to denote Alice s attribute vector and B to denote Bob s attribute vector. AB is a candidate frequent itemset, then c.count = A B = 3. How to conduct this computation across parties without compromising each party s data privacy? Alice 0 A Bob 0 B 7 Homomorphic Encryption [Paillier 999] Privacy-preserving protocols are based on Homomorphic Encryption. Specifically, we use the following additive homomorphism property: e ( m ) e( m) e( mn ) = e( m + m + + m n ) Where e is an encryption function and m i is the data to be encrypted and e( ) 0. m i 8 9

10 Digital Envelope [Chaum85] A digital envelope is a random number (a set of random numbers) only known by the owner of private data. V V + R VV 9 The Obective Privacy Correctness Efficiency Solution Homomorphic Encryption Digital Envelope 0 0

11 Frequency Count Protocol Assume Alice s attribute vector is A and Bob s attribute vector is B. Each vector contains N elements. A i : the ith element of A. B i : the ith element of B. One of parties is randomly chosen as a key generator, e.g, Alice, who generates (e, d) and an integer X > N. e and X will be shared with Bob. Let s use e(.) to denote encryption and d(.) to denote decryption. Alice A R X + A R X + AN + R N X Digital envelopes R R,, R N A set of random integers generated by Alice

12 Alice A R X + + AN + RN X A R X e A + R ) e A + R ) e( AN + RN X ) ( X ( X 3 Alice e ( A + R X ) e A + R ) e( A + R X ) ( X N N Bob 4

13 Bob W ( B = e A + R X ) W ( B = e A + R X ) W = e( A + R X) B N N N N B B i i = 0 W = W i i = 0 = e( A i + R X ) B i i = e( A i + R X ) i 5 Bob multiplies all the W i s for those B i s that are not equal to 0. In other words, Bob computes the multiplication of all non-zero W i s, e.g., W where 0. W i = Wi W = W W W 6 3

14 4 7 W W W W = ] ) ( [ ] ) ( [ ] ) ( [ B X R A e B X R A e B X R A e = 8 W W W W = ] ) ( [ ] ) ( [ ] ) ( [ = X R A e X R A e X R A e

15 W = W W W = e( A + R X ) e( A + R X ) e( A + R X ) According to the property of homomorphic encryption = e( A + A + + A + ( R + R + + R ) X ) 9 Bob generates an integer R'. Bob then computes W ' = W e( R' X ) According to the property of homomorphic encryption = e( A + A + + A + ( R + R + + R + R') X ) Alice 30 5

16 The Final Step Alice decrypts W' and computes modulo X. c. count = d( e( A + A + + A + ( R + R + + R + R') ( A + A (( R + R + + A ) N < X + + R + R') X)modX = 0 X )) mod X She then obtains A for those A for which + A + + A corresponding B are 0, which is = c.count 3 Privacy Analysis Goal: Bob never sees Alice s data values. All the information that Bob obtains from Alice is e( A + R X ), e( A + R X ),, e( AN + RN X ). Since Bob doesn t know the decryption key d, he cannot get Alice s original data values. 3 6

17 Privacy Analysis Goal: Alice never sees Bob s data values. The information that Alice obtains from Bob is W = e( A + A + + A + ( R + R + + R + R' ) ) for those =. ' X Alice computes d( W ') mod X. She only obtains the frequency count and cannot know Bob s original data values. B i 33 Complexity Analysis Linear in the number of transactions The total number elements in each attribute vector α( N +) where N is the total number transactions and α is the number of bits for each encrypted element. 34 7

18 Complexity Analysis Linear in the number of transactions The computational cost is (0N g) where N is the total number transactions and g is the computational cost for generating a key pair. 35 Other Privacy-Oriented Protocols Multi-Party Frequency Count Protocol [Zhan et al. 005 (a)] Multi-Party Summation Protocol [Zhan et al. 005 (f)] Multi-Party Comparison Protocol [Zhan et al. 006 (a)] Multi-Party Sorting Protocol [Zhan et al. 006 (a)] 36 8

19 What about the results of DM? Can DM results reveal personal information? In some cases, yes [Atzori et al. 05]: Suppose an association rule is found: a a a a [sup = 80, conf = 98.7%] 3 4 This means then sup({ a, a, a, a }) = sup({ a, a, a3, a4}) 0.8 sup({ a, a, a 3}) = = = therefore a a a3 a4 identifies one person!! has support=, and 37 They propose an approach called k-anonymous patterns and an algorithm (inference channels) which detects violations of k-anonymity The algorithm is expensive computationally We have a new approach which embeds k- anonimity into the concept lattice association rule algorithm [Zaki, Ogihara 98] 38 9

20 Conclusion Important problem, challenge for the field Lots of creative work, but lack of systematic approach Lack of an operational, agreed upon definition of privacy: inspiration in economics? 39 0