ldp deployments are vulnerable to inference attacks as an adversary can link the noisy responses to their identity and subsequently, auxiliary information using the order of the data. An alternative model, shuffle DP, prevents this by shuffling the noisy responses uniformly at random. However, this limits the data learnability -- only symmetric functions (input order agnostic) can be learned. In this paper, we strike a balance and show that systematic shuffling of the noisy responses can thwart specific inference attacks while retaining some meaningful data learnability. To this end, we propose a novel privacy guarantee, d-sigma-privacy, that captures the privacy of the order of a data sequence. d-sigma-privacy allows tuning the granularity at which the ordinal information is maintained, which formalizes the degree the resistance to inference attacks trading it off with data learnability. Additionally, we propose a novel shuffling mechanism that can achieve \name-privacy and demonstrate the practicality of our mechanism via evaluation on real-world datasets.
翻译:ldp 部署很容易被推断攻击, 因为对手可以将噪音反应与其身份和随后的数据顺序联系起来, 辅助信息使用数据顺序。 另一种模式, 洗发式 DP, 通过随机地统一打乱噪音反应来防止这种情况。 但是, 这限制了数据的可学习性, 只有对称函数( 输入命令不可知性) 才能学。 在本文中, 我们达成平衡, 并表明对噪音反应的系统调整可以阻止具体的推文攻击, 同时保留一些有意义的数据可学习性。 为此, 我们提议了一个新的隐私保障, d- sigma- privacy, 来捕捉到数据序列顺序的隐私。 d- sigma- privacy 能够调整用于维持恒定信息的颗粒性, 从而正式确定对推断攻击的抵抗程度, 用数据可学习性来交换它。 此外, 我们提议了一个新的抖动机制, 可以实现\ 优先性, 并通过对真实世界的数据集进行评估来显示我们机制的实用性 。