CN115114381A - Graph statistical analysis method oriented to localized differential privacy - Google Patents

Abstract

The invention belongs to the technical field of differential privacy and subgraph statistics, and discloses a graph statistical analysis method facing to localized differential privacy, which comprises the following steps: s1, aiming at the problem that privacy is leaked in the existing graph statistical analysis algorithm, a set framework enables each user to disturb the adjacency list data of the user; s2, sending the noise data to a server, and calculating the unbiased estimation of the sub-graph counting after the server receives the disturbed data; s3, calculating the clustering coefficient in the graph under the condition of not contacting the original data of the user through a practical counting algorithm of a triangle and a k-stars; and S4, the server can push related services to the users in the subgraph with high clustering coefficient according to the clustering coefficient. The graph statistical analysis method facing the localized differential privacy can reduce estimation errors of sub-graph statistics, ensures the practicability of the algorithm, and improves the privacy of the sub-graph statistical analysis without knowing extra information by a client.

Description

Graph statistical analysis method oriented to localized differential privacy

Technical Field

The invention relates to the technical field of differential privacy and subgraph statistics, in particular to a graph statistical analysis method facing to localized differential privacy.

Background

Network graph statistical analysis is a useful tool for finding valuable information in graph databases, commonly used for social, e-mail, citation, and epidemiological network topology analysis. For example, counting the number of k-stars (i.e., a central node connected to k other nodes) in a network graph may reveal average connectivity; the number count of triangles (consisting of 3 vertices and 3 edges) can reflect the degree of denseness and quality in the network, both of which can also be used to measure centrality attributes, such as clustering coefficients, which represent the probability that two friends of a person will also become friends. However, most of the graph statistical analysis is to count the original sensitive data of the user, and assuming that the adversary is honest and curious, the adversary can acquire the privacy information of the user through the graph statistical analysis result; there are also some graph statistical analysis algorithms that use a single trusted data collector to save the entire graph and publish a noisy version of the statistical data by introducing a centralized differential privacy mechanism. However, due to security or backdoor vulnerabilities, centralized data holders are more susceptible to security issues such as data leakage. Furthermore, decentralized social networks do not contain a central server for the entire social graph data, but use many servers around the world. Therefore, there is a need to develop solutions that can analyze these graph attributes while still protecting the privacy of individuals in the network.

Existing solutions have a round of algorithm for estimating graph metrics including clustering coefficients, which apply RR (random response mechanism) of localized differential privacy to adjacency matrices. For a binary input (0 and 1), in this scenario, 0 represents a connection without edges between nodes in the graph, and 1 represents a connection with edges. In the statistical process, the user does not directly respond to the real answer for privacy. It is assumed that it responds to the true answer with a certain probability P, whereas the opposite answer is responded with a probability 1-P. However, it introduces a very large bias for sub-graph counting. Another approach proposes an algorithm for computing subgraphs in the local model, under the assumption that each user allows his friend to see all of his connections. However, this assumption is prone to reveal personal privacy information of friends, and is not true in practical application scenarios.

Overall, the problems of the prior art are: 1) the client adds disturbance to each bit of the user data adjacency list, so that the estimation error of the server on subgraph statistical analysis is overlarge, and the practicability of the data is poor; 2) by assuming that the client knows the relationship graph between the friends, the practicability of the sub-graph statistical analysis data is improved, but the privacy information of the friends is easy to expose, and the privacy of the sub-graph statistical analysis is reduced.

Disclosure of Invention

In order to achieve the purpose, the invention provides the following technical scheme:

a graph statistical analysis method facing to localized differential privacy is characterized by comprising the following steps:

s1, aiming at the problem that privacy is leaked in the existing graph statistical analysis algorithm, a set framework enables each user to disturb the adjacency list data of the user;

s2, sending the noise data to a server, and calculating the unbiased estimation of the sub-graph counting after the server receives the disturbed data;

s3, calculating the clustering coefficient in the graph under the condition of not contacting the original data of the user through a practical counting algorithm of a triangle and a k-stars;

and S4, the server can push related services to the users in the subgraph with high clustering coefficient according to the clustering coefficient.

The graph statistical analysis method facing the localized differential privacy can prevent the leakage risk of the original data of the user, reduce the counting deviation of the subgraph statistics and improve the practicability of the data after the statistics.

The existing graph statistical analysis algorithm facing to the localization differential privacy adopts a random response RR mechanism, and a client perturbs each edge in a graph with a certain probability, so that each edge in the graph is a noise edge, and when the magnitude of a user is large, data after graph statistical analysis becomes unavailable.

The invention designs a practical response algorithm aiming at the counting of k-stars of the subgraph, and effectively reduces the number of noise edges.

An interaction algorithm based on a two-wheel client-server is designed aiming at the counting of the subgraph triangles, and the practicability of data is effectively improved while the personal privacy information of a user is protected.

Aiming at the problem that privacy is leaked in the existing graph statistical analysis algorithm, the framework provided by the invention enables each user to disturb the adjacency list data of the user, then sends the noise data to the server, and the server calculates the unbiased estimation of sub-graph counting after receiving the disturbed data, so that the client does not need to know any additional information in the process.

A statistical algorithm based on localized differential privacy is designed aiming at the counting of k-stars of the subgraph, and the basic flow is as follows.

First, the graph is represented by an adjacency matrix A (1: with edges, 0: without edges), user v _i Knowing all nodes connected to itself, denoted as adjacency list a _i (line i of A).

Second step, in the client, the adjacency list a of the user _i Divided into two parts X _s ＝{x ₁ ,…,x _k And X _n ＝{x _k+1 ,…,x _n The user can adjust the position of k, which can be moved backwards if the user feels the data sensitive. If the user feels the data to be insensitive, the position of k may be moved forward.

Thirdly, the client perturbs the adjacency list data of the user, and for X _s ＝{x ₁ ,…,x _k The random response RR mechanism is adopted for disturbance, and the probability P is used for 0 and 1 ₁ Turning over; for X _n ＝{x _k+1 ,…,x _n Fraction is only for 1 with probability P ₂ And (6) turning over.

And fourthly, uploading the value of k and the value of the disturbed adjacency list to a server by the client, carrying out statistical analysis on the disturbed data by the server, correcting the statistical result, constructing a likelihood function to obtain the maximum likelihood estimation of the real result, analyzing the mathematical expectation of the maximum likelihood estimation to obtain the unbiased estimation of the real result.

A statistical algorithm based on localization differential privacy is designed aiming at the counting of the subgraph triangles, and the basic flow is as follows.

First, the graph is represented by an adjacency matrix A (1: with edges, 0: without edges), user v _i Knowing all nodes connected to itself, denoted as adjacency list a _i (line i of A);

second step, in the client, the adjacency list a of the user _i Is divided into two parts X _s ＝{x ₁ ,…,x _k And X _n ＝{x _k+1 ,…,x _n The user can adjust the position of k, which can be moved backwards if the user feels the data sensitive. If the user feels the data is insensitive, the position of k may be moved forward;

thirdly, the client perturbs the adjacency list data of the user, and for X _s ＝{x ₁ ,…,x _k Perturbation with random response RR mechanism, with probability P for both 0 and 1 ₁ Turning over; for X _n ＝{x _k+1 ,…,x _n Fraction is only for 1 with probability P ₂ Turning over, and uploading the noise data to a server by the client;

fourthly, the server side counts the noise edges submitted by each user, and the server issues a noise graph G';

fifthly, the client receives the noise map G ', and a user can use the noise map G' to calculate the triangle count containing a noise edge;

sixthly, the user counts the triangle count and the Laplace noise according to the adjacency list and the noise graph G' value, and uploads the triangle count and the Laplace noise to the server;

seventhly, the server calculates an unbiased estimate of the triangle count.

Compared with the prior art, the invention has the beneficial effects that:

1. the graph statistical analysis method facing the localized differential privacy can reduce estimation errors of subgraph statistics and ensure the practicability of the algorithm.

Specifically, the invention designs two privacy enhancement algorithms aiming at triangular and k-stars sub-image counting, reduces the estimation error of sub-image counting while ensuring the privacy protection effect, and achieves the effect of improving the practicability of the algorithm. The algorithm for triangle counting uses an additional round of interaction between the user and the data collector; and the URR algorithm is used for the k-stars counting algorithm to disturb, the disturbance to 0 is reduced, and the number of noise edges can be effectively reduced.

2. According to the graph statistical analysis method facing the localized differential privacy, the client does not need to know extra information, and the privacy of the subgraph statistical analysis is improved.

3. According to the method, a localized differential privacy mechanism is introduced to carry out statistical analysis on the graph data, so that the user can confuse the personal data of the user without relying on a safe and credible third-party server, the client only knows the data of the user, and does not need to know additional information such as a relationship graph between friends and the like, the personal data of the user is better protected, and the privacy of the subgraph statistical analysis system is improved.

Drawings

FIG. 1 is a frame diagram of a statistical algorithm based on localized differential privacy designed for the counting of k-stars in the sub-graph according to the embodiment of the present invention;

FIG. 2 is a frame diagram of a statistical algorithm based on localized differential privacy designed for counting sub-graph triangles according to an embodiment of the present invention;

fig. 3 is a frame diagram of a localized differential privacy oriented subgraph statistical analysis overall scheme in the embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Example one

Referring to fig. 1-3, the graph statistical analysis method for localized differential privacy provided by the present invention includes the following steps:

s1, aiming at the problem that privacy is leaked in the existing graph statistical analysis algorithm, a set framework enables each user to disturb the adjacency list data of the user;

s2, sending the noise data to a server, and calculating the unbiased estimation of the sub-graph counting after the server receives the disturbed data;

s3, calculating the clustering coefficient in the graph under the condition of not contacting the original data of the user through a practical counting algorithm of a triangle and a k-stars;

and S4, the server can push related services to the users in the subgraph with high clustering coefficient according to the clustering coefficient.

The graph statistical analysis method facing the localized differential privacy can prevent the leakage risk of the original data of the user, reduce the counting deviation of sub-graph statistics and improve the practicability of the data after statistics.

The invention designs a practical response algorithm (as figure 1) aiming at the counting of k-stars of the subgraph, and effectively reduces the number of noise edges.

Aiming at the counting of the subgraph triangles, a two-wheel client-server based interaction algorithm (as shown in figure 2) is designed, and the practicability of data is effectively improved while the personal privacy information of a user is protected.

Aiming at the problem that privacy is leaked in the existing graph statistical analysis algorithm, the framework (such as the graph 3) arranged in the invention enables each user to disturb the adjacency list data of the user, then the noise data is sent to the server, and the server calculates the unbiased estimation of the sub-graph counting after receiving the disturbed data, so that the client does not need to know any additional information in the process.

A statistical algorithm based on localized differential privacy is designed aiming at the counting of k-stars of the subgraph, and the basic flow is as follows.

First, the graph is represented by an adjacency matrix A (1: with edges, 0: without edges), user v _i Knowing all nodes connected to itself, denoted as adjacency list a _i (line i of A).

Second step, in the client, the adjacency list a of the user _i Divided into two parts X _s ＝{x ₁ ,…,x _k And X _n ＝{x _k+1 ,…,x _n The user can adjust the position of k, which can be moved backwards if the user feels the data sensitive. If the user feels the data to be insensitive, the position of k may be moved forward.

Thirdly, the client perturbs the adjacency list data of the user, and for X _s ＝{x ₁ ,…,x _k The random response RR mechanism is adopted for disturbance, and the probability P is used for 0 and 1 ₁ Turning over; for X _n ＝{x _k+1 ,…,x _n Part 1 with probability P only ₂ And (6) turning over.

And fourthly, uploading the value of k and the value of the disturbed adjacency list to a server by the client, carrying out statistical analysis on the disturbed data by the server, correcting the statistical result, constructing a likelihood function to obtain the maximum likelihood estimation of the real result, analyzing the mathematical expectation of the maximum likelihood estimation to obtain the unbiased estimation of the real result.

A statistical algorithm based on localization differential privacy is designed aiming at the counting of the subgraph triangles, and the basic flow is as follows.

First, the graph is represented by an adjacency matrix A (1: with edges, 0: without edges), user v _i Knowing all nodes connected to itself, denoted as adjacency list a _i (line i of A);

second step, in the client, the adjacency list a of the user _i Divided into two parts X _s ＝{x ₁ ,…,x _k AndX _n ＝{x _k+1 ,…,x _n the user can adjust the position of k, which can be moved backwards if the user feels the data sensitive. If the user feels the data is insensitive, the position of k may be moved forward;

thirdly, the client perturbs the adjacency list data of the user, and for X _s ＝{x ₁ ,…,x _k The random response RR mechanism is adopted for disturbance, and the probability P is used for 0 and 1 ₁ Turning over; for X _n ＝{x _k+1 ,…,x _n Fraction is only for 1 with probability P ₂ Turning over, and uploading the noise data to a server by the client;

fourthly, the server side counts the noise edges submitted by each user, and the server issues a noise graph G';

fifthly, the client receives the noise graph G ', and a user can use the noise graph G' to calculate the triangle count containing a noise edge;

sixthly, the user counts the triangle count and the Laplace noise according to the adjacency list and the noise graph G' value, and uploads the triangle count and the Laplace noise to the server;

seventhly, the server calculates an unbiased estimate of the triangle count.

Example two

A mobile phone company applies a localized differential privacy mechanism to each mobile phone, and the friend relationship of each mobile phone user is stored locally in the mobile phone. For the user, the friend relationship belongs to the private information of the user, and the user does not want to upload the friend information to the server. However, the server wants to push services to friend users with high similarity according to the friend relationships of the users. Under the condition of protecting friend relation information of a user, the method and the system can enable the server to push related services, and the implementation process is as follows.

The user sets the privacy protection degree of the friend information (representing the position of k in the algorithm) locally in the mobile phone according to the self requirement.

And the mobile phone terminal disturbs the friend information of the user through a noise adding and disturbing algorithm of the k-stars according to the privacy protection degree set by the user, and uploads the noisy data to the server.

The server receives the noise data uploaded by the user, counts the number of k-stars, corrects the result, constructs a likelihood function, obtains the maximum likelihood estimation of a real result, analyzes the mathematical expectation of the maximum likelihood estimation, and obtains the unbiased estimation of the number of k-stars.

And the mobile phone terminal disturbs friend information of the user by adopting a triangular noise adding and disturbing algorithm, uploads the noisy data to a server, the server counts noise edges submitted by each user, and the server issues a noise graph G'.

The mobile phone end receives the noise map G ', calculates the triangle count containing a noise edge by using the noise map G', counts the triangle count of the mobile phone end plus the Laplace noise, and uploads the triangle count plus the Laplace noise to the server.

The server calculates an unbiased estimate of the triangle counts and calculates the clustering coefficients in the graph by the counts of the triangles and k-stars.

And the server can push related services to users in the subgraph with high clustering coefficient according to the clustering coefficient.

The invention designs two privacy enhancement algorithms aiming at triangular and k-stars sub-graph counting, reduces the estimation error of sub-graph counting while ensuring the privacy protection effect, and achieves the effect of improving the practicability of the algorithm. The algorithm for triangle counting uses an additional round of interaction between the user and the data collector; and the URR algorithm is used for the k-stars counting algorithm to disturb, the disturbance to 0 is reduced, and the number of noise edges can be effectively reduced.

According to the method, a localized differential privacy mechanism is introduced to carry out statistical analysis on the graph data, so that the user can confuse the personal data of the user without relying on a safe and credible third-party server, the client only knows the data of the user, and does not need to know additional information such as a relationship graph between friends and the like, the personal data of the user is better protected, and the privacy of the subgraph statistical analysis system is improved.

Therefore, the graph statistical analysis method facing the localized differential privacy can reduce the estimation error of the subgraph statistics, ensure the practicability of the algorithm, and improve the privacy of the subgraph statistical analysis without knowing extra information by a client.

It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. The term "comprising", without further limitation, means that the element so defined is not excluded from the group consisting of additional identical elements in the process, method, article, or apparatus that comprises the element.

Claims (4)

1. A graph statistical analysis method facing to localized differential privacy is characterized by comprising the following steps:

s1, aiming at the problem that privacy is leaked in the existing graph statistical analysis algorithm, a set framework enables each user to disturb the adjacency list data of the user;

s2, sending the noise data to a server, and calculating the unbiased estimation of the sub-graph counting after the server receives the disturbed data;

s3, calculating the clustering coefficient in the graph under the condition of not contacting the original data of the user through a practical counting algorithm of a triangle and a k-stars;

and S4, the server can push related services to the users in the subgraph with high clustering coefficient according to the clustering coefficient.

2. The graph statistical analysis method for localized differential privacy oriented according to claim 1, characterized in that: in the step S3, a practical response algorithm is designed for the count of k-stars in the sub-graph, and a two-round client-server-based interaction algorithm is designed for the count of triangles in the sub-graph.

3. The statistical analysis method for localized differential privacy oriented graphs as claimed in claim 2, wherein a statistical algorithm based on localized differential privacy is designed for the counting of k-stars of sub-graphs, and the steps are as follows:

first, the graph is represented by an adjacency matrix A (1: with edges, 0: without edges), user v _i Knowing all nodes connected to itself, denoted as adjacency list a _i (line i of A);

second step, in the client, the adjacency list a of the user _i Divided into two parts X _s ＝{x ₁ ,…,x _k And X _n ＝{x _k+1 ,…,x _n The user can adjust the position of k, which can be moved backwards if the user feels the data sensitive. If the user feels the data is insensitive, the position of k may be moved forward;

thirdly, the client perturbs the adjacency list data of the user, and for X _s ＝{x ₁ ,…,x _k The random response RR mechanism is adopted for disturbance, and the probability P is used for 0 and 1 ₁ Turning over; for X _n ＝{x _k+1 ,…,x _n Fraction is only for 1 with probability P ₂ Turning over;

and fourthly, uploading the value of k and the value of the disturbed adjacency list to a server by the client, carrying out statistical analysis on the disturbed data by the server, correcting the statistical result, constructing a likelihood function to obtain the maximum likelihood estimation of the real result, analyzing the mathematical expectation of the maximum likelihood estimation to obtain the unbiased estimation of the real result.

4. The graph statistical analysis method for localized differential privacy-oriented according to claim 2, wherein a statistical algorithm based on localized differential privacy is designed for the counting of subgraph triangles, and the steps are as follows:

first, by an abutment torqueMatrix A represents the graph (1: with edge, 0: without edge), user v _i Knowing all nodes connected to itself, denoted as adjacency list a _i (line i of A);

second step, in the client, the adjacency list a of the user _i Divided into two parts X _s ＝{x ₁ ,…,x _k And X _n ＝{x _k+1 ,…,x _n The user can adjust the position of k, which can be moved backwards if the user feels the data sensitive. If the user feels the data is insensitive, the position of k may be moved forward;

thirdly, the client perturbs the adjacency list data of the user, and for X _s ＝{x ₁ ,…,x _k The random response RR mechanism is adopted for disturbance, and the probability P is used for 0 and 1 ₁ Turning over; for X _n ＝{x _k+1 ,…,x _n Fraction is only for 1 with probability P ₂ Turning over, and uploading the noise data to a server by the client;

fourthly, the server side counts the noise edges submitted by each user, and the server issues a noise graph G';

fifthly, the client receives the noise map G ', and a user can use the noise map G' to calculate the triangle count containing a noise edge;

sixthly, the user counts the triangle count and the Laplace noise according to the adjacency list and the noise graph G' value, and uploads the triangle count and the Laplace noise to the server;

seventhly, the server calculates an unbiased estimate of the triangle count.

Images