隐私保护关联规则挖掘算法的研究

针对MASK算法的不足,将随机响应技术与关联规则挖掘算法相结合,提出一个多参数随机扰动算法—MRD算法。当以不同的随机参数对数据集进行处理时,可以实现对原始数据的干扰或隐藏,解决了单一使用数据干扰策略和数据隐藏策略的缺陷,有效地提高了算法的隐私保护度。在此基础上,给出了在伪装后的数据集上生成频繁项集的挖掘算法。最后,通过具体实例验证,证明了当随机参数选择合适时,MRD算法的隐私性和准确性均优于原算法。     

一种保护原始数据的多属性值分类挖掘算法*

针对基于随机响应的隐私保护分类挖掘算法仅适用于原始数据属性值是二元的问题,设计了一种适用于多属性值原始数据的隐私保护分类挖掘算法。算法分为两个部分：a)通过比较参数设定值和随机产生数之间的大小,决定是否改变原始数据的顺序,以实现对原始数据进行变换,从而起到保护数据隐私性的目的;b)通过求解信息增益比例的概率估计值,在伪装后的数据上构造决策树。     

一种保护原始数据的多属性值分类挖掘算法

针对基于随机响应的隐私保护分类挖掘算法仅适用于原始数据属性值是二元的问题,设计了一种适用于多属性值原始数据的隐私保护分类挖掘算法。算法分为两个部分:a)通过比较参数设定值和随机产生数之间的大小,决定是否改变原始数据的顺序,以实现对原始数据进行变换,从而起到保护数据隐私性的目的;b)通过求解信息增益比例的概率估计值,在伪装后的数据上构造决策树。     

基于概率论的隐私保持分类挖掘

在现有的基于数据扰动的隐私保持分类挖掘算法中,扰动数据和原始数据相关联,对隐私数据的保护并不完善,且扰动算法和分类算法耦合度高,不适合在实际中使用。为此,提出一种基于概率论的隐私保持分类挖掘算法。扰动后可得到一组与原始数据独立同分布的数据,使扰动数据和原始数据不再相互关联,各种分类算法也可直接应用于扰动后的数据。     

满足本地化差分隐私的众包位置数据采集

针对位置数据众包采集中个人位置隐私泄露的问题,提出了一种满足本地化差分隐私的位置数据众包采集方法。首先,使用逐点插入法构造维诺图,对路网空间进行分割;然后,采用满足本地化差分隐私的随机扰动的方式对每个维诺格中的位置数据进行扰动;再次,设计了一种在扰动数据集上进行空间范围查询的方法,获得对真实结果的无偏估计;最后,在空间范围查询下进行了实验验证,并与保护隐私的轨迹数据采集（PTDC）算法进行了对比,算法查询误差率最坏不超过40%,最好情况在20%以下,运行时间在8 s以内,在隐私保护度高于PTDC算法的前提下,上述参数优于PTDC算法。     

满足差分隐私的一种频繁序列挖掘算法

在这个大数据时代,无论是数据量还是数据种类都在以极快的速度增长,因此数据挖掘技术在各行各业(例如移动轨迹预测、广告投递、医疗诊断等方面)中都得到了广泛的运用。频繁序列挖掘是数据挖掘领域中的一个重要方向,但是在挖掘过程中和发布序列数据时很有可能会泄露一些用户的隐私信息,产生严重的安全隐患。Dwork等人提出的差分隐私模型可以为数据挖掘的隐私保护提供安全保证,与传统的隐私保护方法(基于k-匿名及其扩展分组模型)相比,该模型通过添加噪音对数据进行扰动,即使攻击者拥有最大的背景知识也能达到差分隐私保护的目的。文章设计了一种渐进式序列挖掘差分隐私保护算法,该算法通过改进的稀疏向量技术实现对挖掘过程添加拉普拉斯噪音,并对候选频繁序列的真实支持度以及阈值进行扰动。算法在理论角度被证明满足差分隐私,在真实数据集上的实验结果表明该算法具有较好的可用性。     

面向车路协同推断的差分隐私保护研究

车路协同推断通过联合车载终端与路侧边缘服务器进行深度卷积网络推断运算,提高了网络架构推断效率,但是存在用户隐私泄露问题。攻击者在未知车载终端网络结构和参数的前提下,通过训练反卷积网络的方式,可复原车载终端上传的计算结果对应的图像数据,从而发起图像还原攻击。基于差分隐私理论,针对图像还原攻击设计模型扰动、输入扰动、输出扰动3种防御算法,分别在车载终端深度卷积网络的模型参数、输入原始图像、输出计算结果中加入随机拉普拉斯噪声,干扰攻击者的图像还原。通过理论分析得出3种算法均满足差分隐私保护,攻击者难以从计算结果中挖掘出原始数据的隐私信息。实验结果表明,3种算法在有效防御黑盒图像还原攻击的同时能保持推断精确度在90%以上,其中模型扰动算法在均衡隐私保护和推断精确度方面的性能表现优于输入扰动和输出扰动算法。     

限制隐私泄露的隐私保护聚类算法

为了解决在极端情况下数据挖掘中隐私泄露的问题,分析了在数据聚类时增加Laplace噪音可以避免隐私泄露的原理,结合主成份分析与噪音扰动方法,提出了一种限制隐私泄露的隐私保护聚类算法.该算法利用主成份分析除掉了数据的相关性,将Laplace噪音加入数据的主成份向量中,然后计算被扰动的数据之间距离变化值,这样可以避免扰动后的数据被还原,以达到在隐私保护聚类挖掘中限制隐私泄露的目的.仿真实验结果表明,该算法对于数据聚类时限制隐私泄露是正确有效的.     

一种面向聚类的对数螺线数据扰动方法

面向挖掘应用的隐私保护数据发布要求对数据集进行隐藏的同时维持数据的挖掘可用性,数据扰动是解决该问题的有效方法.现有的面向聚类的数据扰动方法难以兼顾原始数据个体隐私和维持数据聚类可用性,对此提出了一种基于对数螺线的隐私保护数据干扰方法.通过构建面向聚类的隐私保护数据扰动模型,利用对数螺线对原始数据进行扰动隐藏,维持原始数据的k邻域关系稳定,实现数据集聚类可用性的有效维护;进一步提出多重对数螺线扰动的策略,提高隐私保护强度.理论分析和实验结果表明:文中方法能够有效地避免数据隐私泄露,同时维持数据的聚类可用性.     

一种改进的差分隐私参数设置及数据优化算法

基于差分隐私的数据扰动技术是当前隐私保护技术的研究热点,为了实现对敏感数据差分隐私保护的同时,尽量提高数据的可用性,对隐私参数的合理设置、对添加噪声后数据进行优化是差分隐私保护中的关键技术。提出了隐私参数设置算法RBPPA以及加噪数据的优化算法DPSRUKF。RBPPA将隐私参数设置构建于数据访问者和贡献者的信誉度之上,并与数据隐私度以及访问权限值关联,构造了细粒度的隐私参数设置方案; DPSRUKF采用了平方根无味卡尔曼滤波处理加噪数据,提高了差分隐私数据的可用性。实验分析表明,该算法实现了隐私参数的细粒化设置以及加噪数据优化后数据精度的提高,既为敏感数据的应用提供了数据安全保障,又为数据访问者提供了数据的高可用性。     

FRAPP: a framework for high-accuracy privacy-preserving mining

To preserve client privacy in the data mining process, a variety of techniques based on random perturbation of individual data records have been proposed recently. In this paper, we present FRAPP, a generalized matrix-theoretic framework of random perturbation, which facilitates a systematic approach to the design of perturbation mechanisms for privacy-preserving mining. Specifically, FRAPP is used to demonstrate that (a) the prior techniques differ only in their choices for the perturbation matrix elements, and (b) a symmetric positive-definite perturbation matrix with minimal condition number can be identified, substantially enhancing the accuracy even under strict privacy requirements. We also propose a novel perturbation mechanism wherein the matrix elements are themselves characterized as random variables, and demonstrate that this feature provides significant improvements in privacy at only a marginal reduction in accuracy. The quantitative utility of FRAPP, which is a general-purpose random-perturbation-based privacy-preserving mining technique, is evaluated specifically with regard to association and classification rule mining on a variety of real datasets. Our experimental results indicate that, for a given privacy requirement, either substantially lower modeling errors are incurred as compared to the prior techniques, or the errors are comparable to those of direct mining on the true database. A partial and preliminary version of this paper appeared in the Proc. of the 21st IEEE Intl. Conf. on Data Engineering (ICDE), Tokyo, Japan, 2005, pgs. 193–204.     

Geometric data perturbation for privacy preserving outsourced data mining

Data perturbation is a popular technique in privacy-preserving data mining. A major challenge in data perturbation is to balance privacy protection and data utility, which are normally considered as a pair of conflicting factors. We argue that selectively preserving the task/model specific information in perturbation will help achieve better privacy guarantee and better data utility. One type of such information is the multidimensional geometric information, which is implicitly utilized by many data-mining models. To preserve this information in data perturbation, we propose the Geometric Data Perturbation (GDP) method. In this paper, we describe several aspects of the GDP method. First, we show that several types of well-known data-mining models will deliver a comparable level of model quality over the geometrically perturbed data set as over the original data set. Second, we discuss the intuition behind the GDP method and compare it with other multidimensional perturbation methods such as random projection perturbation. Third, we propose a multi-column privacy evaluation framework for evaluating the effectiveness of geometric data perturbation with respect to different level of attacks. Finally, we use this evaluation framework to study a few attacks to geometrically perturbed data sets. Our experimental study also shows that geometric data perturbation can not only provide satisfactory privacy guarantee but also preserve modeling accuracy well.     

基于邻域属性熵的隐私保护数据干扰方法

隐私保护微数据发布是数据隐私保护研究的一个热点,数据干扰是隐私保护微数据发布采用的一种有效解决方法.针对隐私保护聚类问题,提出一种隐私保护数据干扰方法NETPA,NETPA干扰方法通过对数据点及邻域点集的分析,借助信息论中熵的理论,提出邻域属性熵和邻域主属性等概念,对原始数据中数据点的邻域主属性值用其k邻域点集内数据点在该属性的均值进行干扰替换,在较好地维持原始数据k邻域关系的情况下达到保护原始数据隐私不泄露的目的.理论分析表明,NETPA干扰方法具有良好地避免隐私泄露的效果,同时可以较好地维持原始数据的聚类模式.实验采用DBSCAN和k-LDCHD聚类算法对干扰前后的数据进行聚类分析比对.实验结果表明,干扰前后数据聚类结果具有较高的相似度,算法是有效可行的.     

一种有效的隐私保护关联规则挖掘方法

隐私保护是当前数据挖掘领域中一个十分重要的研究问题,其目标是要在不精确访问真实原始数据的条件下,得到准确的模型和分析结果.为了提高对隐私数据的保护程度和挖掘结果的准确性,提出一种有效的隐私保护关联规则挖掘方法.首先将数据干扰和查询限制这两种隐私保护的基本策略相结合,提出了一种新的数据随机处理方法,即部分隐藏的随机化回答(randomized response with partial hiding,简称RRPH)方法,以对原始数据进行变换和隐藏.然后以此为基础,针对经过RRPH方法处理后的数据,给出了一种简单而又高效的频繁项集生成算法,进而实现了隐私保护的关联规则挖掘.理论分析和实验结果均表明,基于RRPH的隐私保护关联规则挖掘方法具有很好的隐私性、准确性、高效性和适用性.     

A privacy preserving technique for distance-based classification with worst case privacy guarantees

There has been relatively little work on privacy preserving techniques for distance based mining. The most widely used ones are additive perturbation methods and orthogonal transform based methods. These methods concentrate on privacy protection in the average case and provide no worst case privacy guarantee. However, the lack of privacy guarantee makes it difficult to use these techniques in practice, and causes possible privacy breach under certain attacking methods. This paper proposes a novel privacy protection method for distance based mining algorithms that gives worst case privacy guarantees and protects the data against correlation-based and transform-based attacks. This method has the following three novel aspects. First, this method uses a framework to provide theoretical bound of privacy breach in the worst case. This framework provides easy to check conditions that one can determine whether a method provides worst case guarantee. A quick examination shows that special types of noise such as Laplace noise provide worst case guarantee, while most existing methods such as adding normal or uniform noise, as well as random projection method do not provide worst case guarantee. Second, the proposed method combines the favorable features of additive perturbation and orthogonal transform methods. It uses principal component analysis to decorrelate the data and thus guards against attacks based on data correlations. It then adds Laplace noise to guard against attacks that can recover the PCA transform. Third, the proposed method improves accuracy of one of the popular distance-based classification algorithms: K-nearest neighbor classification, by taking into account the degree of distance distortion introduced by sanitization. Extensive experiments demonstrate the effectiveness of the proposed method.     

A cubic-wise balance approach for privacy preservation in data cubes

A data warehouse stores current and historical records consolidated from multiple transactional systems. Securing data warehouses is of ever-increasing interest, especially considering areas where data are sold in pieces to third parties for data mining practices. In this case, existing data warehouse security techniques, such as data access control, may not be easy to enforce and can be ineffective. Instead, this paper proposes a data perturbation based approach, called the cubic-wise balance method, to provide privacy preserving range queries on data cubes in a data warehouse. This approach is motivated by the following observation: analysts are usually interested in summary data rather than individual data values. Indeed, our approach can provide a closely estimated summary data for range queries without providing access to actual individual data values. As demonstrated by our experimental results on APB benchmark data set from the OLAP council, the cubic-wise balance method can achieve both better privacy preservation and better range query accuracy than random data perturbation alternatives.     

Privacy-Preserving Multiparty Collaborative Mining with Geometric Data Perturbation

In multiparty collaborative data mining, participants contribute their own data sets and hope to collaboratively mine a comprehensive model based on the pooled data set. How to efficiently mine a quality model without breaching each party's privacy is the major challenge. In this paper, we propose an approach based on geometric data perturbation and data mining service-oriented framework. The key problem of applying geometric data perturbation in multiparty collaborative mining is to securely unify multiple geometric perturbations that are preferred by different parties, respectively. We have developed three protocols for perturbation unification. Our approach has three unique features compared to the existing approaches: 1) with geometric data perturbation, these protocols can work for many existing popular data mining algorithms, while most of other approaches are only designed for a particular mining algorithm; 2) both the two major factors: data utility and privacy guarantee are well preserved, compared to other perturbation-based approaches; and 3) two of the three proposed protocols also have great scalability in terms of the number of participants, while many existing cryptographic approaches consider only two or a few more participants. We also study different features of the three protocols and show the advantages of different protocols in experiments.     

A Tree-Based Data Perturbation Approach for Privacy-Preserving Data Mining

Due to growing concerns about the privacy of personal information, organizations that use their customers' records in data mining activities are forced to take actions to protect the privacy of the individuals. A frequently used disclosure protection method is data perturbation. When used for data mining, it is desirable that perturbation preserves statistical relationships between attributes, while providing adequate protection for individual confidential data. To achieve this goal, we propose a kd-tree based perturbation method, which recursively partitions a data set into smaller subsets such that data records within each subset are more homogeneous after each partition. The confidential data in each final subset are then perturbed using the subset average. An experimental study is conducted to show the effectiveness of the proposed method.     

Preserving privacy in association rule mining with bloom filters

Privacy preserving association rule mining has been an active research area since recently. To this problem, there have been two different approaches—perturbation based and secure multiparty computation based. One drawback of the perturbation based approach is that it cannot always fully preserve individual’s privacy while achieving precision of mining results. The secure multiparty computation based approach works only for distributed environment and needs sophisticated protocols, which constrains its practical usage. In this paper, we propose a new approach for preserving privacy in association rule mining. The main idea is to use keyed Bloom filters to represent transactions as well as data items. The proposed approach can fully preserve privacy while maintaining the precision of mining results. The tradeoff between mining precision and storage requirement is investigated. We also propose δ-folding technique to further reduce the storage requirement without sacrificing mining precision and running time.     

A semi-supervised privacy-preserving clustering algorithm for healthcare

With the proliferation of healthcare data, the cloud mining technology for E-health services and applications has become a hot research topic. While on the other hand, these rapidly evolving cloud mining technologies and their deployment in healthcare systems also pose potential threats to patient’s data privacy. In order to solve the privacy problem in the cloud mining technique, this paper proposes a semi-supervised privacy-preserving clustering algorithm. By employing a small amount of supervised information, the method first learns a Large Margin Nearest Cluster metric using convex optimization. Then according to the trained metric, the method imposes multiplicative perturbation on the original data, which can change the distribution shape of the original data and thus protect the privacy information as well as ensuring high data usability. The experimental results on the brain fiber dataset provided by the 2009 PBC demonstrated that the proposed method could not only protect data privacy towards secure attacks, but improve the clustering purity.