面向多敏感值的个性化随机响应机制设计与分析

doi:10.3969/j.issn.0372-2112.2019.06.008

电子学报 ›› 2019, Vol. 47 ›› Issue (6): 1236-1243.DOI: 10.3969/j.issn.0372-2112.2019.06.008

面向多敏感值的个性化随机响应机制设计与分析

宋海娜^1,2, 罗涛^1,2, 韩新宇^1,2, 李剑峰^1,2

1. 北京邮电大学北京先进信息网络实验室, 北京 100876;
2. 北京邮电大学网络体系构建与融合北京市重点实验室, 北京 100876

收稿日期:2018-11-23 修回日期:2019-04-02 出版日期:2019-06-25 发布日期:2019-06-25
作者简介:宋海娜 女,1990年出生,湖北襄阳人,现为北京邮电大学信息与通信工程学院博士研究生,主要从事无线通信、信息安全、隐私保护等相关研究.E-mail:songhn_cqupt@163.com;罗涛男,1971年出生,陕西宝鸡人,博士,现为北京邮电大学信息与通信工程学院教授,博士生导师,主要从事移动通信、认知无线电、车联网、机器学习和隐私保护等相关研究.E-mail:tluo@bupt.edu.cn;韩新宇 男,1996年出生,山东烟台人,现为北京邮电大学信息与通信工程学院硕士研究生,主要从事隐私保护等相关研究.E-mail:hanxinyucat@126.com;李剑峰 男,1960年出生,内蒙人,现为北京邮电大学信息与通信工程学院研究员,硕士生导师,主要研究方向为智慧医疗与数据分析.E-mail:lijf@bupt.edu.cn
基金资助:
国家重点研发计划重点专项（No.2016YFF0201003）；国家自然科学基金（No.61571065）

Design and Analysis for Multiple Sensitive Values-Oriented Personalized Randomized Response

SONG Hai-na^1,2, LUO Tao^1,2, HAN Xin-yu^1,2, LI Jian-feng^1,2

1. Beijing Laboratory of Advanced Information Networks, Beijing University of Posts and Telecommunications, Beijing 100876, China;
2. Beijing Key Laboratory of Network System Architecture and Convergence, Beijing University of Posts and Telecommunications, Beijing 100876, China

Received:2018-11-23 Revised:2019-04-02 Online:2019-06-25 Published:2019-06-25

摘要/Abstract

摘要： 在实际数据收集中，不同敏感值的敏感度有很大差异，隐私保护需求也不相同.然而，现有的基于随机响应的本地化隐私保护模型针对所有敏感值都执行同样程度的隐私保护，从而可能造成某些低敏感度的敏感值过度保护，而某些高敏感度的敏感值却保护不足.基于此，本文在常规随机响应（Conventional Randomized Response，CRR）模型的基础上，考虑个性化的隐私需求，引入敏感值权重，并将其引入到随机响应的决策中，提出一种面向多敏感值的个性化随机响应（Personalized Randomized Response，PRR）机制，该机制能够确保不同的敏感值群体均能达到各自期望的隐私保护程度，实现个性化的隐私保护.理论分析和仿真实验表明，在机制的主观隐私泄露程度一定时，相比于CRR模型，本文所提的PRR机制统计估计误差更小，即获得的统计数据的质量更高，同时又保证了个性化的隐私保护.

关键词: 随机响应, 敏感值权重, 主观隐私泄露程度, 数据质量, 个性化隐私保护

Abstract: In actual dada collection,the sensitivity of different sensitive information is different so that the concrete privacy need is different,too.However,the existing local privacy preservation model based on randomized response (RR),which is called conventional randomized response (CRR) for convenience,focuses on a universal approach that exerts the same amount of preservation for all sensitivity values,without catering for their concrete privacy needs.As a result,it may be offering insufficient protection to a subset of people with relatively higher privacy needs,while applying excessive privacy control to another subset with relatively lower privacy needs.Based on this,a new framework which is called personalized randomized response (PRR) is proposed based on the concept of CRR for multiple sensitive values-oriented personalized privacy preservation.The PRR technique considers personalized privacy needs,introduces sensitive value weights for different sensitive values,and then introduces the weights into the decision of RR for satisfying all sensitivity values' privacy needs,and thus,attains personalized privacy preservation.Both theoretical derivation and simulation experiment reveal that the estimate error of statistics of PRR mechanism is smaller than that of the CRR mechanism for a certain subjective degree of privacy leakage,that is,the quality of statistics obtained by PRR mechanism is higher than that of the CRR model while guaranteeing personalized privacy protection for a given subjective degree privacy preservation.

Key words: randomized response, sensitive value weight, subjective degree of privacy leakage, data quality, personalized privacy preservation

中图分类号:

TP309.2

宋海娜, 罗涛, 韩新宇, 李剑峰. 面向多敏感值的个性化随机响应机制设计与分析[J]. 电子学报, 2019, 47(6): 1236-1243.

SONG Hai-na, LUO Tao, HAN Xin-yu, LI Jian-feng. Design and Analysis for Multiple Sensitive Values-Oriented Personalized Randomized Response[J]. Acta Electronica Sinica, 2019, 47(6): 1236-1243.

参考文献

[1] Warner S L.Randomized response:A survey technique for eliminating evasive answer bias[J].Journal of the American Statistical Association,1965,60(309):63-69.
[2] 罗永龙,黄刘生,荆巍巍,等.一个保护私有信息的布尔关联规则挖掘算法[J].电子学报,2005,33(5):133-136. Luo Y L,Huang L S,Jing W W,et al.An algorithm for privacy-preserving boolean association rule mining[J].Acta Electronica Sinica,2005,33(5):133-136.(in Chinese)
[3] Hsieh S H,Lee S M,Tu S H.Randomized response techniques for a multi-level attribute using a single sensitive question[J].Statistical Papers,2018,59(1):291-306.
[4] Tian X,Taylor J.Selective inference with a randomized response[J].The Annals of Statistics,2018,46(2):679-710.
[5] 叶青青,孟小峰,朱敏杰,等.本地化差分隐私研究综述[J].软件学报,2018,29(7):159-183. Ye Q Q,Meng X F,Zhu M J,et al.Survey on local differential privacy[J].Journal of Software,2018,29(7):159-183.(in Chinese)
[6] Lin B C,Wu S H,Tsou Y T,et al.PPDCA:Privacy-preserving crowdsensing data collection and analysis with randomized response[A].Proceedings of IEEE Wireless Communications and Networking Conference (WCNC)[C].Barcelona,Spain:IEEE,2018.1-6.
[7] Aoki S,Iwai M,Sezaki K.Privacy-aware community sensing using randomized response[A].Proceedings of the 37th Annual Computer Software and Applications Conference Workshops[C].Japan:IEEE,2013.127-132.
[8] Xiao X K,Tao Y F,Chen M H.Optimal random perturbation at multiple privacy levels[J].Proceedings of the VLDB Endowment,2009,2(1):814-825.
[9] Kairouz P,Oh S,Viswanath P.Extremal mechanisms for local differential privacy[A].Advances in Neural Information Processing Systems (NIPS)[C].Red Hook,NY,USA:Curran Associates,Inc,2014.2879-2887.
[10] Kairouz P,Bonawitz K,Ramage D.Discrete distribution estimation under local privacy[A].Proceedings of the 33rd International Conference on Machine Learning[C].New York,NY,USA:2016.2436-2444.
[11] Dwork C.Differential privacy[A].Proceedings of the 33rd International Colloquium on Automata,Languages and Programming (ICALP)[C].Venice,Italy:Springer,2006.1-12.
[12] Wang W N,Ying L,Zhang J S.A game-theoretic approach to quality control for collecting privacy-preserving data[A].Proceedings of the 53rd Annual Allerton Conference on Communication,Control,and Computing[C].Allerton House,UIUC,lllinois,USA:IEEE,2016.474-479.
[13] Kim J W,Kim D,Jang B.Application of local differential privacy to collection of indoor positioning data[J].IEEE Access,2018,6:4276-4286.
[14] Holohan N,Leith D J,Mason O.Optimal differentially private mechanisms for randomised response[J].IEEE Transactions on Information Forensics and Security,2017,12(11):2726-2735.
[15] Ye M,Barg A.Optimal schemes for discrete distribution estimation under local differential privacy[J].IEEE Transactions on Information Theory,2018,64(8):5662-5676.
[16] Xiao X,Tao Y.Personalized privacy preservation[A].Proceedings of the ACM SIGMOD International Conference on Management of Data[C].Chicago,IL,USA:ACM,2006.229-240.
[17] Braun C,Chatzikokolakis K,Palamidessi C.Quantitative notions of leakage for one-try attacks[J].Electronic Notes in Theoretical Computer Science,2009,249:75-91.

面向多敏感值的个性化随机响应机制设计与分析

Design and Analysis for Multiple Sensitive Values-Oriented Personalized Randomized Response

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 2

编辑推荐

Metrics

[1]	杨高明, 朱海明, 方贤进, 苏树智. 局部差分隐私约束的关联属性不变后随机响应扰动[J]. 电子学报, 2019, 47(5): 1079-1085.
[2]	罗永龙;黄刘生;荆巍巍;姚亦飞;陈国良. 一个保护私有信息的布尔关联规则挖掘算法[J]. 电子学报, 2005, 33(5): 900-903.