| CPC G06F 21/6227 (2013.01) [G06F 16/24547 (2019.01); G06F 16/2455 (2019.01); G06F 16/2462 (2019.01); G06F 16/2465 (2019.01); G06F 16/248 (2019.01); G06F 16/25 (2019.01); G06F 21/6218 (2013.01); G06F 21/6245 (2013.01); G06F 21/6254 (2013.01); G06N 5/01 (2023.01); G06N 20/00 (2019.01); G06N 20/20 (2019.01); H04L 63/105 (2013.01)] | 20 Claims |
|
1. A database system configured to implement differential privacy, comprising:
a processor configured to execute computer program instructions; and
a non-transitory computer-readable storage medium storing computer program instructions executable by the processor to perform actions comprising:
receiving a database query requesting a differentially private response to the query;
determining a privacy parameter ε associated with the query, wherein ε describes a degree of information to release about a set of data stored by the database system that is responsive to the query;
identifying a privacy budget associated with the query, the privacy budget specified in terms of ε and representing a degree of information available to be released about data by the database system;
decrementing the privacy budget by a first ε spend determined responsive to the query; and
applying the query to the database system by performing a differentially private set of operations on the set of data stored by the database system that is responsive to the query to produce a differentially private result set that releases the degree of information about the set of data described by the privacy parameter ε, wherein a second subset of the set of data is labeled with a category chosen from a set of two or more categories, wherein the differentially private set of operations comprises:
performing a count operation on a first subset of the set of data;
perturbing results of the count operation on the first subset by a factor defined by a Gaussian random variable G( ) to produce the differentially private result set;
receiving a trained classifier and generating an output vector by applying the classifier to entries of the second subset, each element of the output vector corresponding to a numerical output of the classifier for a corresponding entry in the second subset;
identifying a threshold value and assigning categories for each of the elements of the output vector based on a perturbed threshold value; and
recording counts related to a performance of the classifier, the counts generated by comparing the assigned categories of the elements of the output vector to the corresponding label in the second subset, and the differentially private set of operations comprises:
perturbing the threshold value based on a second ε spend ε2 to generate the perturbed threshold value; and
perturbing the counts relating to the performance of the classifier based on ε2 to produce the perturbed counts as the differentially private result set.
|