Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Differential Privacy of Network Parameters from a System Identification Perspective

Andrew Campbell, Anna Scaglione, Hang Liu, Victor Elvira, Sean Peisert, Daniel Arnold

TL;DR

This work addresses protecting the graph shift operator $\mathbf{S}$ from adversaries that observe graph signals driven by DP inputs. It treats graph filters $\mathbf{H}(\mathbf{S})$ as the forward model and analyzes how DP on the input $\tilde{\mathbf{U}}$ induces DP on the released output $\tilde{\mathbf{Y}} = \mathbf{H}(\mathbf{S})\tilde{\mathbf{U}}$, using a Rényi-divergence-based bound to relate $(\epsilon,\delta)$ to the spectral properties of $\mathbf{H}(\mathbf{S})$ and the covariance $\boldsymbol{\Sigma}_{Tn}$ of the input. A Gaussian-input corollary yields explicit conditions involving the parameters $\omega$, $\Omega$ and the ratio $\Omega/\omega$, showing that smoother filters with well-conditioned noise covariance substantially improve privacy, and that privacy can be achieved for free when non-invertible filters are involved. The results provide a principled DP-privacy-utility trade-off for graph-based system identification in cyber-physical settings, with practical guidance for designing DP inputs and graph filters to protect critical network structure while maintaining analysis utility.

Abstract

This paper addresses the problem of protecting network information from privacy system identification (SI) attacks when sharing cyber-physical system simulations. We model analyst observations of networked states as time-series outputs of a graph filter driven by differentially private (DP) nodal excitations, with the analyst aiming to infer the underlying graph shift operator (GSO). Unlike traditional SI, which estimates system parameters, we study the inverse problem: what assumptions prevent adversaries from identifying the GSO while preserving utility for legitimate analysis. We show that applying DP mechanisms to inputs provides formal privacy guarantees for the GSO, linking the $(ε,δ)$-DP bound to the spectral properties of the graph filter and noise covariance. More precisely, for DP Gaussian signals, the spectral characteristics of both the filter and noise covariance determine the privacy bound, with smooth filters and low-condition-number covariance yielding greater privacy.

Differential Privacy of Network Parameters from a System Identification Perspective

TL;DR

This work addresses protecting the graph shift operator from adversaries that observe graph signals driven by DP inputs. It treats graph filters as the forward model and analyzes how DP on the input induces DP on the released output , using a Rényi-divergence-based bound to relate to the spectral properties of and the covariance of the input. A Gaussian-input corollary yields explicit conditions involving the parameters , and the ratio , showing that smoother filters with well-conditioned noise covariance substantially improve privacy, and that privacy can be achieved for free when non-invertible filters are involved. The results provide a principled DP-privacy-utility trade-off for graph-based system identification in cyber-physical settings, with practical guidance for designing DP inputs and graph filters to protect critical network structure while maintaining analysis utility.

Abstract

This paper addresses the problem of protecting network information from privacy system identification (SI) attacks when sharing cyber-physical system simulations. We model analyst observations of networked states as time-series outputs of a graph filter driven by differentially private (DP) nodal excitations, with the analyst aiming to infer the underlying graph shift operator (GSO). Unlike traditional SI, which estimates system parameters, we study the inverse problem: what assumptions prevent adversaries from identifying the GSO while preserving utility for legitimate analysis. We show that applying DP mechanisms to inputs provides formal privacy guarantees for the GSO, linking the -DP bound to the spectral properties of the graph filter and noise covariance. More precisely, for DP Gaussian signals, the spectral characteristics of both the filter and noise covariance determine the privacy bound, with smooth filters and low-condition-number covariance yielding greater privacy.

Paper Structure

This paper contains 8 sections, 4 theorems, 25 equations, 1 figure.

Table of Contents

  1. Introduction
  2. Network Identification from Graph Signals
  3. Application domain
  4. Problem Formulation
  5. Analysis
  6. Notes on Singular Matrices
  7. Empirical Evaluation
  8. Conclusion

Key Result

Theorem 1

Let, for $\alpha>1$, $D_{\alpha}(P||Q)$ be the order $\alpha$ Rényi Divergence for distributions $P$ and $Q$. Then, for the log-likelihood ratio ${\mathcal{L}}_{{\bm{S}},{\bm{S}}'}(\cdot)$ defined in eq:log-lik and where we have

Figures (1)

  • Figure 1: MSE vs $\epsilon$ w.r.t the GSO and the input.

Theorems & Definitions (8)

  • Definition 1: $(\epsilon, \delta)-DP$ dwork2014algorithmic
  • Definition 2: $(\epsilon,\delta)-PDP$ machanavajjhala2008privacy
  • Theorem 1
  • proof
  • Corollary 1
  • Theorem 2
  • proof
  • Corollary 2