Differentially Private Multi-objective Selection: Pareto and Aggregation Approaches

TL;DR

This work tackles the problem of differential privacy for multi-objective selection by introducing two mechanisms, PrivPareto and PrivAgg, to either approach the Pareto frontier or to maximize a weighted aggregate of objectives under privacy constraints. Both mechanisms support global and local sensitivity and provide a theoretical framework for composing sensitivities across multiple utility functions. The authors instantiate these mechanisms in two realistic domains: cost-sensitive decision trees and multi-objective top-k influential node selection, demonstrating that local-sensitivity based variants consistently outperform their global-sensitivity counterparts, often achieving near-nonprivate performance at practical budgets like $\epsilon$ in $[0.01,1]$. The results suggest that sensitivity-aware private selection can be a foundational building block for privacy-preserving multi-objective optimization in data analysis, graphs, and decision-support systems.

Abstract

Differentially private selection mechanisms are fundamental building blocks for privacy-preserving data analysis. While numerous mechanisms exist for single-objective selection, many real-world applications require optimizing multiple competing objectives simultaneously. We present two novel mechanisms for differentially private multi-objective selection: PrivPareto and PrivAgg. PrivPareto uses a novel Pareto score to identify solutions near the Pareto frontier, while PrivAgg enables privacy-preserving weighted aggregation of multiple objectives. Both mechanisms support global and local sensitivity approaches, with comprehensive theoretical analysis showing how to compose sensitivities of multiple utility functions. We demonstrate the practical applicability through two real-world applications: cost-sensitive decision tree construction and multi-objective influential node selection in social networks. The experimental results showed that our local sensitivity-based approaches achieve significantly better utility compared to global sensitivity approaches across both applications and both Pareto and Aggregation approaches. Moreover, the local sensitivity-based approaches are able to perform well with typical privacy budget values $ε\in [0.01, 1]$ in most experiments.

Figures (3)

• Figure 1: Example Pareto scores for 5 elements and 2 utility functions. The left lower subspace of each candidate, delimited by the two dashed lines, contains its dominated elements. For instance, candidate $a$ dominates $d$ and $e$.
• Figure 2: Mean fitness/utility score $u_{agg} = w_{tpr} \cdot TPR + w_{tnr} \cdot TNR$ for $w_{tpr} = 3$, $w_{tnr} = 2$ and $\epsilon \in \{0.01, 0.05, 0.1, 0.5, 1.0, 2.0\}$.
• Figure 3: Mean recall for DP-MOTkIN-Agg methods where $u_{agg} = w_{degree} \cdot degree + w_{egodensity} \cdot egodensity$ for $w_{degree} = 1$ and $w_{egodensity} = 100$ for $\epsilon \in \{0.01, 0.05, 0.1, 0.5, 1.0, 2.0\}$ and $k=5$.

Theorems & Definitions (26)

• definition 1
• theorem 1
• definition 2
• definition 3
• definition 4
• definition 5
• definition 6
• definition 7
• definition 8
• definition 9