ProBE: Proportioning Privacy Budget for Complex Exploratory Decision Support

Nada Lahjouji; Sameera Ghayyur; Xi He; Sharad Mehrotra

ProBE: Proportioning Privacy Budget for Complex Exploratory Decision Support

Nada Lahjouji, Sameera Ghayyur, Xi He, Sharad Mehrotra

TL;DR

This paper formally defines complex decision support queries and their accuracy requirements, and provides algorithms that proportion the existing budget to optimally minimize privacy loss while supporting a bounded guarantee on the accuracy.

Abstract

This paper studies privacy in the context of complex decision support queries composed of multiple conditions on different aggregate statistics combined using disjunction and conjunction operators. Utility requirements for such queries necessitate the need for private mechanisms that guarantee a bound on the false negative and false positive errors. This paper formally defines complex decision support queries and their accuracy requirements, and provides algorithms that proportion the existing budget to optimally minimize privacy loss while supporting a bounded guarantee on the accuracy. Our experimental results on multiple real-life datasets show that our algorithms successfully maintain such utility guarantees, while also minimizing privacy loss.

ProBE: Proportioning Privacy Budget for Complex Exploratory Decision Support

TL;DR

Abstract

Paper Structure (28 sections, 7 theorems, 37 equations, 10 figures, 3 tables, 5 algorithms)

This paper contains 28 sections, 7 theorems, 37 equations, 10 figures, 3 tables, 5 algorithms.

Introduction
Background
Problem Definition
Query and Utility Definitions
ProBE Problem Definition
ProBE Framework
Query Conjunction Mechanism
Query Disjunction Mechanism
Combined Conjunctions/Disjunctions
Implementing PROBE
Phase One of ProBE
Phase Two of ProBE
Multi-Step Entropy-based Algorithm
Experiments
Experimental Setup
...and 13 more sections

Key Result

theorem 1

Let $M_{1},...,M_{k}$ be $k$ algorithms that satisfy $\epsilon_{i}$-differential privacy. The sequence of $M_{1},...,M_{k}$ provides $\sum_{i=1}^{k}\epsilon_i$-differential privacy.

Figures (10)

Figure 1: Complex decision support query decomposed into four atomic queries with single HAVING conditions but similar predicates connected by AND/OR operators.
Figure 2: Trade-off between false negatives FN, false positives FP and the privacy budget $\epsilon$ in (i) with APEx and (ii) with MIDE.
Figure 3: Classification of conjunction of outputs $M_1$ and $M_2$ resulting from running the mechanisms on $Q_1$, $Q_2$. False negative (FN) outcomes are highlighted in red.
Figure 4: The figure shows the query trees for (a) $Q_{T1} = Q_1\cup( Q_2\cap Q_3)$, and (b) $Q_{T2} = ( Q_1\cup Q_2)\cap( Q_1\cup Q_3)$
Figure 5: Illustration of sets $O_{p}$, $O_{pp}$, ${O_n}$ on noisy values of predicates for Phase One. In Phase Two, we identify a new $u_{opt}$ such that the newly observed positive set $O'_p$ based on $>c-u_{opt}$ is reduced from $O_p$ by a size of $f_{est}-f_{max}$ (indicated by dots changing from red to blue) if the number of estimated false positives $f_{est}$ in Phase One is greater than the allowed number of false positives $f_{max}$.
...and 5 more figures

Theorems & Definitions (19)

definition 1: $\epsilon$-Differential Privacy (DP)
theorem 1: Sequential Composition
definition 2: Ex-Post Differential Privacy
definition 3: Sensitivity
theorem 2: Laplace Mechanism (LM)
definition 4: Complex DS Query CFG
definition 5: Bound on the False Negative Rate (FNR)/ False Positive Rate(FPR)
definition 6: Query Conjunction Mechanism
theorem 3
theorem 4
...and 9 more

ProBE: Proportioning Privacy Budget for Complex Exploratory Decision Support

TL;DR

Abstract

ProBE: Proportioning Privacy Budget for Complex Exploratory Decision Support

Authors

TL;DR

Abstract

Table of Contents

Key Result

Figures (10)

Theorems & Definitions (19)