4 research outputs found
Wishart Mechanism for Differentially Private Principal Components Analysis
We propose a new input perturbation mechanism for publishing a covariance
matrix to achieve -differential privacy. Our mechanism uses a
Wishart distribution to generate matrix noise. In particular, We apply this
mechanism to principal component analysis. Our mechanism is able to keep the
positive semi-definiteness of the published covariance matrix. Thus, our
approach gives rise to a general publishing framework for input perturbation of
a symmetric positive semidefinite matrix. Moreover, compared with the classic
Laplace mechanism, our method has better utility guarantee. To the best of our
knowledge, Wishart mechanism is the best input perturbation approach for
-differentially private PCA. We also compare our work with
previous exponential mechanism algorithms in the literature and provide near
optimal bound while having more flexibility and less computational
intractability.Comment: A full version with technical proofs. Accepted to AAAI-1
Differentially-Private Decision Trees with Probabilistic Robustness to Data Poisoning
Decision trees are interpretable models that are well-suited to non-linear
learning problems. Much work has been done on extending decision tree learning
algorithms with differential privacy, a system that guarantees the privacy of
samples within the training data. However, current state-of-the-art algorithms
for this purpose sacrifice much utility for a small privacy benefit. These
solutions create random decision nodes that reduce decision tree accuracy or
spend an excessive share of the privacy budget on labeling leaves. Moreover,
many works do not support or leak information about feature values when data is
continuous. We propose a new method called PrivaTree based on private
histograms that chooses good splits while consuming a small privacy budget. The
resulting trees provide a significantly better privacy-utility trade-off and
accept mixed numerical and categorical data without leaking additional
information. Finally, while it is notoriously hard to give robustness
guarantees against data poisoning attacks, we prove bounds for the expected
success rates of backdoor attacks against differentially-private learners. Our
experimental results show that PrivaTree consistently outperforms previous
works on predictive accuracy and significantly improves robustness against
backdoor attacks compared to regular decision trees