Privacy-Preserving Machine Learning
1st Edition
Published on 23. May 2023
336 pages
978-1-63835-275-4 (ISBN)
Description
Keep sensitive user data safe and secure without sacrificing the performance and accuracy of your machine learning models.
In Privacy Preserving Machine Learning, you will learn:
- Privacy considerations in machine learning
- Differential privacy techniques for machine learning
- Privacy-preserving synthetic data generation
- Privacy-enhancing technologies for data mining and database applications
- Compressive privacy for machine learning
- Differential and compressive privacy techniques
- Privacy for frequency or mean estimation, naive Bayes classifier, and deep learning
- Privacy-preserving synthetic data generation
- Enhanced privacy for data mining and database applications
More details
Other editions
Additional editions
Di Zhuang | J. Chang | G. Samaraweera
Privacy-Preserving Machine Learning
Book
04/2023
Manning Publications
€56.00
Shipment within 10-20 days
Persons
J. Morris Chang is a professor in the Department of Electrical Engineering of University of South Florida, Tampa, USA. He received his PhD from North Carolina State University. Since 2012, his research projects on cybersecurity and machine learning have been funded by DARPA and agencies under DoD. He has led a DARPA project under the Brandeis Program, focusing on privacy-preserving computation over the internet for three years.
Di Zhuang received his BSc degree in computer science and information security from Nankai University, Tianjin, China. He is currently a PhD candidate in the Department of Electrical Engineering of University of South Florida, Tampa, USA. He conducted privacy-preserving machine learning research under the DARPA Brandeis Program from 2015 to 2018.
G. Dumindu Samaraweera received his BSc degree in computer systems and networking from Curtin University, Australia, and a MSc in enterprise application development degree from Sheffield Hallam University, UK. He is currently reading for his PhD in electrical engineering at University of South Florida, Tampa.
Di Zhuang received his BSc degree in computer science and information security from Nankai University, Tianjin, China. He is currently a PhD candidate in the Department of Electrical Engineering of University of South Florida, Tampa, USA. He conducted privacy-preserving machine learning research under the DARPA Brandeis Program from 2015 to 2018.
G. Dumindu Samaraweera received his BSc degree in computer systems and networking from Curtin University, Australia, and a MSc in enterprise application development degree from Sheffield Hallam University, UK. He is currently reading for his PhD in electrical engineering at University of South Florida, Tampa.
Content
- Intro
- inside front cover
- Privacy-Preserving Machine Learning
- Copyright
- contents
- front matter
- preface
- acknowledgments
- about this book
- Who should read this book
- How this book is organized: A road map
- About the code
- liveBook discussion forum
- about the authors
- about the cover illustration
- Part 1 Basics of privacy-preserving machine learning with differential privacy
- 1 Privacy considerations in machine learning
- 1.1 Privacy complications in the AI era
- 1.2 The threat of learning beyond the intended purpose
- 1.2.1 Use of private data on the fly
- 1.2.2 How data is processed inside ML algorithms
- 1.2.3 Why privacy protection in ML is important
- 1.2.4 Regulatory requirements and the utility vs. privacy tradeoff
- 1.3 Threats and attacks for ML systems
- 1.3.1 The problem of private data in the clear
- 1.3.2 Reconstruction attacks
- 1.3.3 Model inversion attacks
- 1.3.4 Membership inference attacks
- 1.3.5 De-anonymization or re-identification attacks
- 1.3.6 Challenges of privacy protection in big data analytics
- 1.4 Securing privacy while learning from data: Privacy-preserving machine learning
- 1.4.1 Use of differential privacy
- 1.4.2 Local differential privacy
- 1.4.3 Privacy-preserving synthetic data generation
- 1.4.4 Privacy-preserving data mining techniques
- 1.4.5 Compressive privacy
- 1.5 How is this book structured?
- Summary
- 2 Differential privacy for machine learning
- 2.1 What is differential privacy?
- 2.1.1 The concept of differential privacy
- 2.1.2 How differential privacy works
- 2.2 Mechanisms of differential privacy
- 2.2.1 Binary mechanism (randomized response)
- 2.2.2 Laplace mechanism
- 2.2.3 Exponential mechanism
- 2.3 Properties of differential privacy
- 2.3.1 Postprocessing property of differential privacy
- 2.3.2 Group privacy property of differential privacy
- 2.3.3 Composition properties of differential privacy
- Summary
- 3 Advanced concepts of differential privacy for machine learning
- 3.1 Applying differential privacy in machine learning
- 3.1.1 Input perturbation
- 3.1.2 Algorithm perturbation
- 3.1.3 Output perturbation
- 3.1.4 Objective perturbation
- 3.2 Differentially private supervised learning algorithms
- 3.2.1 Differentially private naive Bayes classification
- 3.2.2 Differentially private logistic regression
- 3.2.3 Differentially private linear regression
- 3.3 Differentially private unsupervised learning algorithms
- 3.3.1 Differentially private k-means clustering
- 3.4 Case study: Differentially private principal component analysis
- 3.4.1 The privacy of PCA over horizontally partitioned data
- 3.4.2 Designing differentially private PCA over horizontally partitioned data
- 3.4.3 Experimentally evaluating the performance of the protocol
- Summary
- Part 2 Local differential privacy and synthetic data generation
- 4 Local differential privacy for machine learning
- 4.1 What is local differential privacy?
- 4.1.1 The concept of local differential privacy
- 4.1.2 Randomized response for local differential privacy
- 4.2 The mechanisms of local differential privacy
- 4.2.1 Direct encoding
- 4.2.2 Histogram encoding
- 4.2.3 Unary encoding
- Summary
- 5 Advanced LDP mechanisms for machine learning
- 5.1 A quick recap of local differential privacy
- 5.2 Advanced LDP mechanisms
- 5.2.1 The Laplace mechanism for LDP
- 5.2.2 Duchi's mechanism for LDP
- 5.2.3 The Piecewise mechanism for LDP
- 5.3 A case study implementing LDP naive Bayes classification
- 5.3.1 Using naive Bayes with ML classification
- 5.3.2 Using LDP naive Bayes with discrete features
- 5.3.3 Using LDP naive Bayes with continuous features
- 5.3.4 Evaluating the performance of different LDP protocols
- Summary
- 6 Privacy-preserving synthetic data generation
- 6.1 Overview of synthetic data generation
- 6.1.1 What is synthetic data? Why is it important?
- 6.1.2 Application aspects of using synthetic data for privacy preservation
- 6.1.3 Generating synthetic data
- 6.2 Assuring privacy via data anonymization
- 6.2.1 Private information sharing vs. privacy concerns
- 6.2.2 Using k-anonymity against re-identification attacks
- 6.2.3 Anonymization beyond k-anonymity
- 6.3 DP for privacy-preserving synthetic data generation
- 6.3.1 DP synthetic histogram representation generation
- 6.3.2 DP synthetic tabular data generation
- 6.3.3 DP synthetic multi-marginal data generation
- 6.4 Case study on private synthetic data release via feature-level micro-aggregation
- 6.4.1 Using hierarchical clustering and micro-aggregation
- 6.4.2 Generating synthetic data
- 6.4.3 Evaluating the performance of the generated synthetic data
- Summary
- Part 3 Building privacy-assured machine learning applications
- 7 Privacy-preserving data mining techniques
- 7.1 The importance of privacy preservation in data mining and management
- 7.2 Privacy protection in data processing and mining
- 7.2.1 What is data mining and how is it used?
- 7.2.2 Consequences of privacy regulatory requirements
- 7.3 Protecting privacy by modifying the input
- 7.3.1 Applications and limitations
- 7.4 Protecting privacy when publishing data
- 7.4.1 Implementing data sanitization operations in Python
- 7.4.2 k-anonymity
- 7.4.3 Implementing k-anonymity in Python
- Summary
- 8 Privacy-preserving data management and operations
- 8.1 A quick recap of privacy protection in data processing and mining
- 8.2 Privacy protection beyond k-anonymity
- 8.2.1 l-diversity
- 8.2.2 t-closeness
- 8.2.3 Implementing privacy models with Python
- 8.3 Protecting privacy by modifying the data mining output
- 8.3.1 Association rule hiding
- 8.3.2 Reducing the accuracy of data mining operations
- 8.3.3 Inference control in statistical databases
- 8.4 Privacy protection in data management systems
- 8.4.1 Database security and privacy: Threats and vulnerabilities
- 8.4.2 How likely is a modern database system to leak private information?
- 8.4.3 Attacks on database systems
- 8.4.4 Privacy-preserving techniques in statistical database systems
- 8.4.5 What to consider when designing a customizable privacy-preserving database system
- Summary
- 9 Compressive privacy for machine learning
- 9.1 Introducing compressive privacy
- 9.2 The mechanisms of compressive privacy
- 9.2.1 Principal component analysis (PCA)
- 9.2.2 Other dimensionality reduction methods
- 9.3 Using compressive privacy for ML applications
- 9.3.1 Implementing compressive privacy
- 9.3.2 The accuracy of the utility task
- 9.3.3 The effect of ?' in DCA for privacy and utility
- 9.4 Case study: Privacy-preserving PCA and DCA on horizontally partitioned data
- 9.4.1 Achieving privacy preservation on horizontally partitioned data
- 9.4.2 Recapping dimensionality reduction approaches
- 9.4.3 Using additive homomorphic encryption
- 9.4.4 Overview of the proposed approach
- 9.4.5 How privacy-preserving computation works
- 9.4.6 Evaluating the efficiency and accuracy of the privacy-preserving PCA and DCA
- Summary
- 10 Putting it all together: Designing a privacy-enhanced platform (DataHub)
- 10.1 The significance of a research data protection and sharing platform
- 10.1.1 The motivation behind the DataHub platform
- 10.1.2 DataHub's important features
- 10.2 Understanding the research collaboration workspace
- 10.2.1 The architectural design
- 10.2.2 Blending different trust models
- 10.2.3 Configuring access control mechanisms
- 10.3 Integrating privacy and security technologies into DataHub
- 10.3.1 Data storage with a cloud-based secure NoSQL database
- 10.3.2 Privacy-preserving data collection with local differential privacy
- 10.3.3 Privacy-preserving machine learning
- 10.3.4 Privacy-preserving query processing
- 10.3.5 Using synthetic data generation in the DataHub platform
- Summary
- Appendix A. More details about differential privacy
- A.1 The formal definition of differential privacy
- A.2 Other differential privacy mechanisms
- A.2.1 Geometric mechanism
- A.2.2 Gaussian mechanism
- A.2.3 Staircase mechanism
- A.2.4 Vector mechanism
- A.2.5 Wishart mechanism
- A.3 Formal definitions of composition properties of DP
- A.3.1 The formal definition of sequential composition DP
- A.3.2 The formal definition of parallel composition DP
- references
- Appendix
- index
- inside back cover
