Thwarting Passive Privacy Attacks in Collaborative Filtering Rui Chen Min Xie Laks V.S. Lakshmanan HKBU, Hong Kong UBC, Canada UBC, Canada Introduction.

Slides:

Advertisements

Similar presentations

Amit Goyal Laks V. S. Lakshmanan RecMax: Exploiting Recommender Systems for Fun and Profit University of British Columbia

Advertisements

Publishing Set-Valued Data via Differential Privacy Rui Chen, Concordia University Noman Mohammed, Concordia University Benjamin C. M. Fung, Concordia.

Differentially Private Transit Data Publication: A Case Study on the Montreal Transportation System ` Introduction With the deployment of smart card automated.

Fast Algorithms For Hierarchical Range Histogram Constructions

Jeff Howbert Introduction to Machine Learning Winter Collaborative Filtering Nearest Neighbor Approach.

Anonymizing Healthcare Data: A Case Study on the Blood Transfusion Service Benjamin C.M. Fung Concordia University Montreal, QC, Canada

Active Learning and Collaborative Filtering

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

Deployment Strategies for Differentiated Detection in Wireless Sensor Network Jingbin Zhang, Ting Yan, and Sang H. Son University of Virginia From SECON.

1 Preserving Privacy in Collaborative Filtering through Distributed Aggregation of Offline Profiles The 3rd ACM Conference on Recommender Systems, New.

Anatomy: Simple and Effective Privacy Preservation Israel Chernyak DB Seminar (winter 2009)

Efficient Data Mining for Path Traversal Patterns CS401 Paper Presentation Chaoqiang chen Guang Xu.

Class-based graph anonymization for social network data Shai Peretz DB Seminar (winter 2009)

Anonymization of Set-Valued Data via Top-Down, Local Generalization Yeye He Jeffrey F. Naughton University of Wisconsin-Madison 1.

RecMax: Exploiting Recommender Systems for Fun and Profit RecMax – Recommendation Maximization Previous research in Recommender Systems mostly focused.

Chapter 12 (Section 12.4) : Recommender Systems Second edition of the book, coming soon.

Differentially Private Transit Data Publication: A Case Study on the Montreal Transportation System Rui Chen, Concordia University Benjamin C. M. Fung,

1.1 Chapter 1: Introduction What is the course all about? Problems, instances and algorithms Running time v.s. computational complexity General description.

Toward a Statistical Framework for Source Anonymity in Sensor Networks.

USpan: An Efficient Algorithm for Mining High Utility Sequential Patterns Authors: Junfu Yin, Zhigang Zheng, Longbing Cao In: Proceedings of the 18th ACM.

Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.

Distributed Networks & Systems Lab. Introduction Collaborative filtering Characteristics and challenges Memory-based CF Model-based CF Hybrid CF Recent.

Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.

APPLYING EPSILON-DIFFERENTIAL PRIVATE QUERY LOG RELEASING SCHEME TO DOCUMENT RETRIEVAL Sicong Zhang, Hui Yang, Lisa Singh Georgetown University August.

Wancai Zhang, Hailong Sun, Xudong Liu, Xiaohui Guo.

Privacy risks of collaborative filtering Yuval Madar, June 2012 Based on a paper by J.A. Calandrino, A. Kilzer, A. Narayanan, E. W. Felten & V. Shmatikov.

Group Recommendations with Rank Aggregation and Collaborative Filtering Linas Baltrunas, Tadas Makcinskas, Francesco Ricci Free University of Bozen-Bolzano.

Approximate Frequency Counts over Data Streams Loo Kin Kong 4 th Oct., 2002.

m-Privacy for Collaborative Data Publishing

Data Publishing against Realistic Adversaries Johannes Gerhrke Cornell University Ithaca, NY Michaela Götz Cornell University Ithaca, NY Ashwin Machanavajjhala.

Differentially Private Data Release for Data Mining Noman Mohammed*, Rui Chen*, Benjamin C. M. Fung*, Philip S. Yu + *Concordia University, Montreal, Canada.

MINING FREQUENT ITEMSETS IN A STREAM TOON CALDERS, NELE DEXTERS, BART GOETHALS ICDM2007 Date: 5 June 2008 Speaker: Li, Huei-Jyun Advisor: Dr. Koh, Jia-Ling.

Protecting Sensitive Labels in Social Network Data Anonymization.

Chengjie Sun,Lei Lin, Yuan Chen, Bingquan Liu Harbin Institute of Technology School of Computer Science and Technology 1 19/11/ :09 PM.

SFU Pushing Sensitive Transactions for Itemset Utility (IEEE ICDM 2008) Presenter: Yabo, Xu Authors: Yabo Xu, Benjam C.M. Fung, Ke Wang, Ada. W.C. Fu,

Online Learning for Collaborative Filtering

Accuracy-Constrained Privacy-Preserving Access Control Mechanism for Relational Data.

Data Anonymization (1). Outline  Problem  concepts  algorithms on domain generalization hierarchy  Algorithms on numerical data.

On information theory and association rule interestingness Loo Kin Kong 5 th July, 2002.

SECURED OUTSOURCING OF FREQUENT ITEMSET MINING Hana Chih-Hua Tai Dept. of CSIE, National Taipei University.

Other Perturbation Techniques. Outline  Randomized Responses  Sketch  Project ideas.

1 Publishing Naive Bayesian Classifiers: Privacy without Accuracy Loss Author: Barzan Mozafari and Carlo Zaniolo Speaker: Hongwei Tian.

The 1 st Competition on Critical Assessment of Data Privacy and Protection The privacy workshop is jointly sponsored by iDASH (U54HL108460) and the collaborating.

Privacy-preserving rule mining. Outline  A brief introduction to association rule mining  Privacy preserving rule mining Single party  Perturbation.

Recommender Systems Debapriyo Majumdar Information Retrieval – Spring 2015 Indian Statistical Institute Kolkata Credits to Bing Liu (UIC) and Angshul Majumdar.

1 - CS7701 – Fall 2004 Review of: Detecting Network Intrusions via Sampling: A Game Theoretic Approach Paper by: – Murali Kodialam (Bell Labs) – T.V. Lakshman.

1 AC-Close: Efficiently Mining Approximate Closed Itemsets by Core Pattern Recovery Advisor ： Dr. Koh Jia-Ling Speaker ： Tu Yi-Lang Date ： Hong.

MaskIt: Privately Releasing User Context Streams for Personalized Mobile Applications SIGMOD '12 Proceedings of the 2012 ACM SIGMOD International Conference.

Pairwise Preference Regression for Cold-start Recommendation Speaker: Yuanshuai Sun

Privacy-preserving data publishing

m-Privacy for Collaborative Data Publishing

Presented By Amarjit Datta

FISM: Factored Item Similarity Models for Top-N Recommender Systems

Preserving Privacy GPS Traces via Uncertainty-Aware Path Cloaking Baik Hoh, Marco Gruteser, Hui Xiong, Ansaf Alrabady Presenter:Yao Lu ECE 256, Spring.

Probabilistic km-anonymity (Efficient Anonymization of Large Set-valued Datasets) Gergely Acs (INRIA) Jagdish Achara (INRIA)

Graph Data Management Lab, School of Computer Science Personalized Privacy Protection in Social Networks (VLDB2011)

Differential Privacy (1). Outline  Background  Definition.

Privacy Preserving in Social Network Based System PRENTER: YI LIANG.

Unraveling an old cloak: k-anonymity for location privacy

MMM2005The Chinese University of Hong Kong MMM2005 The Chinese University of Hong Kong 1 Video Summarization Using Mutual Reinforcement Principle and Shot.

南台科技大學資訊工程系 Data hiding based on the similarity between neighboring pixels with reversibility Author:Y.-C. Li, C.-M. Yeh, C.-C. Chang. Date:

Transforming Data to Satisfy Privacy Constraints 컴퓨터교육 전공 032CSE15 최미희.

The Wisdom of the Few Xavier Amatrian, Neal Lathis, Josep M. Pujol SIGIR’09 Advisor: Jia Ling, Koh Speaker: Yu Cheng, Hsieh.

Item-Based Collaborative Filtering Recommendation Algorithms

Security in Outsourcing of Association Rule Mining

ACHIEVING k-ANONYMITY PRIVACY PROTECTION USING GENERALIZATION AND SUPPRESSION International Journal on Uncertainty, Fuzziness and Knowledge-based Systems,

Collaborative Filtering Nearest Neighbor Approach

“Location Privacy Protection for Smartphone Users”

Presented by : SaiVenkatanikhil Nimmagadda

Walking in the Crowd: Anonymizing Trajectory Data for Pattern Analysis

Presentation transcript:

Thwarting Passive Privacy Attacks in Collaborative Filtering Rui Chen Min Xie Laks V.S. Lakshmanan HKBU, Hong Kong UBC, Canada UBC, Canada Introduction Recently, collaborative filtering has been increasingly deployed in a wide range of applications. As a standard practice, many collaborative filtering systems release related-item lists (RILs) as a means of engaging users. eBay Amazon Netflix Release of RILs brings substantial privacy risks w.r.t. a fairly simple attack model, known as passive privacy attack. In a passive privacy attack, an adversary possesses some background knowledge in the form of a set of items rated by a target user, and seeks to infer for some other item, called a target item, whether it has been rated/bought by the user, from the public RIL releases published by the recommender system. Fig. 1. A sample user-item rating matrix and its public RILs Example. Consider a recommender system with the user-item rating matrix in Fig. 1. Suppose at time T1 an attacker knows that Alice (user 5) has bought items i2, i3, i7 and i8, and intends to learn if Alice has bought a sensitive item i6. The adversary then monitors the temporal changes of the public RILs of i2, i3, i7 and i8. Let the new ratings during (T1, T2] be the shaded ones. At T2, by comparing the RILs with those at T1, the attacker observes that i6 appears or moves up in the RILs of i2, i3, i7 and i8, and consequently infers that Alice has bought i6. Attack Model and Privacy Model Attack model. We propose the concept of attack window to model a real- world adversary. An adversary performs passive privacy attacks by comparing any two RIL releases within his attack window. Fig. 2. An illustration of attack windows Privacy model. We propose a novel inference-proof privacy notion, known as δ-bound, tailored for passive privacy attacks in collaborative filtering. Let Tran(u) denote the transaction of user u, i.e., the set of items bought by u. Definition (δ-bound) Let B be the background knowledge on user u in the form of a subset of items drawn from Tran(u), i.e., B ⊂ Tran(u). A recommender system satisfies δ-bound with respect to a given attack window W if by comparing any two RIL releases R1 and R2 within W, where i ∈ (I − B) is any item that either appears afresh or moves up in R2, and 0 ≤ δ ≤ 1 is the given privacy requirement. We directly anonymize RILs because in real-life recommender systems an adversary does not have access to the underlying matrices. This is critical to both data utility and scalability. Our solution employs two anonymization mechanisms: suppression, a popular mechanism used in privacy-preserving data publishing, and permutation, a novel mechanism tailored to our problem, which permutes an item that has moved up in an RIL to a position equal to or lower than its original position. Identify potential privacy threats. For each item i, identify the set of items whose successive RILs at time T1 and T2 are distinguished by i. Label them with either suppress or permute and record permute position. Determine anonymization locations. Identify the itemsets that can be used to infer some target item with probability > δ. Calculate a set of anonymization locations by modeling the process as a weighted minimum hitting set (WMHS) problem in order to minimize the resultant utility loss. Perform anonymization operations. First suppress all items labeled suppress and then permute items labeled permute without generating new privacy threats. If a permutation without violating the privacy requirement cannot be found, suppression will be used instead. Extend to multiple release. Secure a new RIL release with respect to all previous |W|-1 RIL releases, where |W| is the size of an attack window. Anonymization Algorithm Experimental Evaluation Conclusion Our work is the first remedy to passive privacy attacks in collaborative filtering. In this paper, we proposed the δ-bound model for thwarting passive privacy attacks and developed anonymization algorithms to achieve δ-bound by means of a novel anonymization mechanism called permutation. Fig. 3. Utility results on: MovieLens (a)–(d); Flixster (e)–(h) Fig. 5. Efficiency results on: MovieLens (a)–(d); Flixster (e)–(h) Fig. 4. Attack success probability results on: MovieLens (a)–(d); Flixster (e)–(h)