差分隐私的博弈模型及其应用
摘要
随着位置服务、社交网络等应用的不断深入,隐私保护与服务质量之间的矛盾愈演愈烈,要获得良好的信息服务,只能以牺牲部分隐私为交换,用户与服务提供者之间存在着一种合作与竞争的关系。鉴于这种现状,本文通过引入自利的理性参与者,结合差分隐私保护技术,在明确差分隐私保护参数ε意义的条件下,设计了差分隐私激励相容机制,在该机制的约束下构建了用户与服务提供者的差分隐私博弈模型,进而从理性的角度解决了隐私保护与服务质量之间的最优均衡,并将其应用到移动用户的位置数据或运动轨迹数据的隐私保护。主要研究工作如下:
(1)针对用户不十分明确差分隐私保护参数ε的意义,提出了一种重复攻击下实现差分隐私保护技术安全性的攻击模型,可以用来选取参数ε的值;基于该模型,提出了一个可以根据攻击结果来回答攻击对象是否在查询数据集中的差分隐私保护的攻击算法;最后给出了选取参数的一个计算方法,让用户更好的理解参数ε的重要性,为下文的研究奠定基础。
(2)针对隐私保护数据发布过程中数据管理者不可信的问题,基于激励相容理论设计了一个差分隐私激励相容机制,通过该机制数据管理者在实现隐私保护的同时会如实的报告真实的差分隐私数据给数据分析者,并且给出了该机制具体执行的过程和实现算法,最后证明了所设计的机制满足激励相容和差分隐私。
(3)在差分隐私激励相容机制的约束下,基于扩展式博弈结合具体的场景构建了差分隐私和可用性的博弈模型,并对用户和服务提供者的利益进行了分析,建立了隐私度量和效用度量函数;其次运用逆向归纳法对该博弈进行均衡分析;最后利用移动用户在贵州大学的真实轨迹数据对该模型进行了仿真实验,实验结果表明了该模型的合理性。关键词:差分隐私;攻击模型;扩展式博弈;机制设计;数据隐私;
中图分类号:文献标识码:
The Game Model of Differential Privacy and Its Application
Abstract
With the deepening of applications such as location services and social networks,the contradiction between privacy protection and quality of service has intensified.To get a good information services,only to sacrifice part of the privacy for the exchange,there is a relationship between cooperation and competition.In view of this situation,we design a differential privacy incentive compatible mechanism under clarified the meaning of differential privacy protection parameterεby introducing the rational participants of selfishness and combining with differential privacy protection technologies.Under the constraint of the mechanism,we construct a game model of differential privacy and service availability,and from a rational point of view to solve the privacy and quality of service Optimal balance.And apply it to the privacy protection of mobile users'location data or motion trajectory data.The main study works of this paper are as follows:
(1)For the user is unclear about the significance of the differential privacy protection parameterε,a new attack moder,which can be used to choose the value for the parameterεwas proposed.Based on the model,an attack algorithm is proposed.Finally,a calculation method for the selected parameters is given,which allows the user to better understand the importance of the parameterε,and lays a foundation for the following research.
(2)For data curators are trusted,when differential privacy is used to interactive or non-interactive framework with data manipulation.We design a differential privacy incentive compatible mechanism based on the incentive compatible theory.Through this mechanism, the data manager will truthfully report the truth while realizing the privacy protection.The differential privacy data is given to the data analyst,and the process and implementation algorithm of the mechanism are given.Finally,it is proved that the designed mechanism meets the incentive compatible and differential privacy.
(3)Under the constraint of differential privacy incentive compatible mechanism,a game