电子学报 ›› 2019, Vol. 47 ›› Issue (6): 1236-1243.DOI: 10.3969/j.issn.0372-2112.2019.06.008

• 学术论文 • 上一篇    下一篇

面向多敏感值的个性化随机响应机制设计与分析

宋海娜1,2, 罗涛1,2, 韩新宇1,2, 李剑峰1,2   

  1. 1. 北京邮电大学北京先进信息网络实验室, 北京 100876;
    2. 北京邮电大学网络体系构建与融合北京市重点实验室, 北京 100876
  • 收稿日期:2018-11-23 修回日期:2019-04-02 出版日期:2019-06-25 发布日期:2019-06-25
  • 作者简介:宋海娜 女,1990年出生,湖北襄阳人,现为北京邮电大学信息与通信工程学院博士研究生,主要从事无线通信、信息安全、隐私保护等相关研究.E-mail:songhn_cqupt@163.com;罗涛 男,1971年出生,陕西宝鸡人,博士,现为北京邮电大学信息与通信工程学院教授,博士生导师,主要从事移动通信、认知无线电、车联网、机器学习和隐私保护等相关研究.E-mail:tluo@bupt.edu.cn;韩新宇 男,1996年出生,山东烟台人,现为北京邮电大学信息与通信工程学院硕士研究生,主要从事隐私保护等相关研究.E-mail:hanxinyucat@126.com;李剑峰 男,1960年出生,内蒙人,现为北京邮电大学信息与通信工程学院研究员,硕士生导师,主要研究方向为智慧医疗与数据分析.E-mail:lijf@bupt.edu.cn
  • 基金资助:
    国家重点研发计划重点专项(No.2016YFF0201003);国家自然科学基金(No.61571065)

Design and Analysis for Multiple Sensitive Values-Oriented Personalized Randomized Response

SONG Hai-na1,2, LUO Tao1,2, HAN Xin-yu1,2, LI Jian-feng1,2   

  1. 1. Beijing Laboratory of Advanced Information Networks, Beijing University of Posts and Telecommunications, Beijing 100876, China;
    2. Beijing Key Laboratory of Network System Architecture and Convergence, Beijing University of Posts and Telecommunications, Beijing 100876, China
  • Received:2018-11-23 Revised:2019-04-02 Online:2019-06-25 Published:2019-06-25

摘要: 在实际数据收集中,不同敏感值的敏感度有很大差异,隐私保护需求也不相同.然而,现有的基于随机响应的本地化隐私保护模型针对所有敏感值都执行同样程度的隐私保护,从而可能造成某些低敏感度的敏感值过度保护,而某些高敏感度的敏感值却保护不足.基于此,本文在常规随机响应(Conventional Randomized Response,CRR)模型的基础上,考虑个性化的隐私需求,引入敏感值权重,并将其引入到随机响应的决策中,提出一种面向多敏感值的个性化随机响应(Personalized Randomized Response,PRR)机制,该机制能够确保不同的敏感值群体均能达到各自期望的隐私保护程度,实现个性化的隐私保护.理论分析和仿真实验表明,在机制的主观隐私泄露程度一定时,相比于CRR模型,本文所提的PRR机制统计估计误差更小,即获得的统计数据的质量更高,同时又保证了个性化的隐私保护.

关键词: 随机响应, 敏感值权重, 主观隐私泄露程度, 数据质量, 个性化隐私保护

Abstract: In actual dada collection,the sensitivity of different sensitive information is different so that the concrete privacy need is different,too.However,the existing local privacy preservation model based on randomized response (RR),which is called conventional randomized response (CRR) for convenience,focuses on a universal approach that exerts the same amount of preservation for all sensitivity values,without catering for their concrete privacy needs.As a result,it may be offering insufficient protection to a subset of people with relatively higher privacy needs,while applying excessive privacy control to another subset with relatively lower privacy needs.Based on this,a new framework which is called personalized randomized response (PRR) is proposed based on the concept of CRR for multiple sensitive values-oriented personalized privacy preservation.The PRR technique considers personalized privacy needs,introduces sensitive value weights for different sensitive values,and then introduces the weights into the decision of RR for satisfying all sensitivity values' privacy needs,and thus,attains personalized privacy preservation.Both theoretical derivation and simulation experiment reveal that the estimate error of statistics of PRR mechanism is smaller than that of the CRR mechanism for a certain subjective degree of privacy leakage,that is,the quality of statistics obtained by PRR mechanism is higher than that of the CRR model while guaranteeing personalized privacy protection for a given subjective degree privacy preservation.

Key words: randomized response, sensitive value weight, subjective degree of privacy leakage, data quality, personalized privacy preservation

中图分类号: