We now implement our scheme to support privacy-preserving mining of association rules. Recall that there are two basic components in our scheme: 1) the perturbation guidance component of the data warehouse server, which computes the current system privacy disclosure level k* and the perturbation guidance Vk*, and 2) the perturbation component of the data providers, which validates Vk* and perturbs the private data. We will present the implementation of these components for privacy-preserving association rule mining systems after introducing notions of the private dataset.
III.4.1 Basic Notions
Let there be m data providers in the system, each of which holds a private transaction ti (i ∈ [1, m]). Let I be a set of n items a1, …, an. Each transaction ti is a set of items such
that ti ⊆ I. The data warehouse server has no external knowledge about the private
information of data providers.
We represent each transaction by an n-dimensional binary vector ti such that the j-th
private data tuples by an m × n matrix T = [t1; …; tm].3 Each transaction ti is represented
by a row vector in T. We denote the transpose of T by T ′. We use 〈T〉ij to denote the
element of T with indices i and j.
Based on these notions, we briefly review the definition of association rule mining. More detailed description of association rule mining can be found in classic textbooks (e.g., [29]). The major objective of association rule mining is to identify all frequent itemsets (i.e., sets of items). An itemset B is frequent if and only if its support supp(B) is larger than or equal to a predetermined minimum threshold min_supp. The support of B is defined as follows. #{ | } ( )B t T B t . m ∈ ⊆ = supp (3.3)
That is, the support of B is the percentage of transactions in T that contain B as a subset. III.4.2 Perturbation Guidance Component
As we are considering the case where perturbed transactions are iteratively fed to the data warehouse server, the data warehouse server maintains a set of all received transactions and updates the set when a new transaction arrives. Let the current matrix of received transactions be T*. When a new (perturbed) transaction R(ti) arrives, R(ti) is
appended to T*. Without loss of generality, we assume that R(ti) is the i-th transaction
received by the data warehouse server. As such, when the data warehouse server receives m* transactions, T* is an m* × n matrix [R(t1); …; R(tm*)].
3
In the context of private dataset, ti is a transaction. In the context of matrix, ti is the corresponding row vector in T.
In order to compute the current system disclosure level and the perturbation guidance for the first data provider, we assume that before the data collection process begins, the data warehouse server already has m0 (m0 << m) randomly generated transactions in T*.
Besides the matrix of received transactions T*, the data warehouse server also keeps track of an n × n symmetric matrix A* = T*'T*. Note that
* * 1 ( ) ( ). m i i i A R t R t = ′ =
∑
(3.4)Thus, the update of A* (after R(tm*) is received) does not need access to any transaction
other than the recently received R(tm*). As such, we do not require matrix T* to remain
in the main memory during data collection.
We now show how to compute the current system privacy disclosure level k* and the perturbation guidance Vk* based on A*. Since A* is a symmetric matrix, we can use eigen decomposition to decompose A* as
* * * *
,
A = ΣV V ′ (3.5)
where Σ* = diag(σ , ···, 1* σ ) is a diagonal matrix with diagonal elements *n σ ≤ ··· ≤ 1* σ , n*
* i
σ is the i-th eigenvalue of A*
, and V* is an n × n unitary matrix composed of the eigenvectors of A* (as the column vectors). As we will show in the theoretical analysis, an appropriate choice of the system privacy disclosure level k* should be the minimum degree of freedom of A* that maintains an accurate estimate of A = T′ T. Based on the eigen decomposition of A*, we can compute k* as the minimum integer that satisfies
*1 1 * * , k σ μσ + ≤ (3.6)
where μ is a parameter predetermined by the data warehouse server. A data warehouse server that desires high accuracy of data mining results can choose a small μ to ensure an accurate estimation of A. A data warehouse server that can tolerate a relatively lower level of accuracy can choose a large μ to help protect data providers’ privacy. In order to choose a good cutoff k* to retain sufficient information about A, a textbook heuristic is to set μ = 15% [28].
Given k*, the perturbation guidance Vk* is an n × k *
matrix that is composed of the first k* eigenvectors of A* (i.e., the first k* column vectors of V* corresponding to the k* largest eigenvalues of A*). In particular, if V* = [v1; …; vn], then Vk* = [v1; …; vk*]. Since V* is a unitary matrix, there is V ′k* *
k
V = I, where I is the k* × k* identity matrix. We note that due to efficiency and privacy concerns, the data warehouse server only updates k* and Vk* once several data tuples are received. The efficiency concern is the overhead of computing k* and Vk*. The privacy concern is that if
* k
V is updated once every data tuple is received, a malicious data provider may infer the newly submitted (perturbed) data tuple by tracking the change of *
k
V . Although a data provider is comfortable transmitting the perturbed data tuple to the data warehouse server, it may be unwilling to divulge it to another data provider. The justification of k* and Vk* will be provided in the theoretical analysis of our scheme. The runtime efficiency and the communication overhead will be discussed in the implementation issues.
III.4.3 Perturbation Component
Recall that our implementation of perturbation component is independent of data mining tasks. Thus, the perturbation component presented here can also be used for privacy- preserving data classification.
The perturbation component has two objectives: 1) to validate Vk*, and 2) to perturb the private data ti based on Vk*. The perturbation component validates
* k
V by checking if
* k
V is an n × k* matrix that satisfies V ′k* * k
V = I, where I is the k* × k* identity matrix. If
* k
V is valid, the perturbation component perturbs ti in a two-step process. Recall that ti is
represented by an n-dimensional row vector with elements of either 0 or 1. In the first step, ti is perturbed to be another n-dimensional row vector t% , such that i
* *
.
k
i i k
t% =t V V ′ (3.7)
Note that the elements of t% may be real values. Thus, we need a second step to i transform t% to R(ti i) such that each element in R(ti) is either 0 or 1. In the second step,
for all j ∈ [1, n], the data provider generates a random number rj that is chosen uniformly
at random from [0, 1], and computes R(ti) as follows.
2 1, if , ( ) 0, otherwise, j j i i j r t R t ⎧ ≤ ⎪ = ⎨ ⎪⎩ % (3.8)
where 〈⋅〉j is the j–th element of a vector. As we can see, the probability that 〈R(ti)〉j = 1
is equal to 〈t%i〉2