Privacy-Preserving Public Release of Datasets for Support Vector Machine Classification
This addresses privacy concerns for data subjects in machine learning applications, though it is incremental as it extends existing privacy techniques to SVM and optimization-based methods.
The paper tackles the problem of publicly releasing datasets for SVM classification without compromising individual privacy by systematically obfuscating data with additive noise, establishing conditions to ensure classifier utility and proving the optimal noise achieves local differential privacy.
We consider the problem of publicly releasing a dataset for support vector machine classification while not infringing on the privacy of data subjects (i.e., individuals whose private information is stored in the dataset). The dataset is systematically obfuscated using an additive noise for privacy protection. Motivated by the Cramer-Rao bound, inverse of the trace of the Fisher information matrix is used as a measure of the privacy. Conditions are established for ensuring that the classifier extracted from the original dataset and the obfuscated one are close to each other (capturing the utility). The optimal noise distribution is determined by maximizing a weighted sum of the measures of privacy and utility. The optimal privacy-preserving noise is proved to achieve local differential privacy. The results are generalized to a broader class of optimization-based supervised machine learning algorithms. Applicability of the methodology is demonstrated on multiple datasets.