1 / 41

Personalized Social Recommendations – Accurate or Private?

Personalized Social Recommendations – Accurate or Private?. A. Machanavajjhala (Yahoo!), with A. Korolova (Stanford), A. Das Sarma (Google). Social Advertising. Recommend ads based on private shopping histories of “friends” in the social network. . Armani Gucci Prada. Nikon HP

toby
Download Presentation

Personalized Social Recommendations – Accurate or Private?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Personalized Social Recommendations – Accurate or Private? A. Machanavajjhala (Yahoo!), with A. Korolova (Stanford), A. Das Sarma (Google)

  2. Social Advertising Recommend ads based on private shopping histories of “friends” in the social network. • Armani • Gucci • Prada • Nikon • HP • Nike Alice Betty

  3. Social Advertising … in real world Items (products/people) liked by Alice’s friends are better recommendations for Alice A product that is followed by your friends …

  4. Social Advertising … privacy problem Only the items (products/people) liked by Alice’s friends are recommendations for Alice Fact that “Betty” liked “VistaPrint” is leaked to “Alice” Betty Alice

  5. Social Advertising … privacy problem Recommending irrelevant items some timesimproves privacy, but reduces accuracy Betty Alice

  6. Social Advertising Privacy problem Alice is recommended ‘X’ Can we provide accurate recommendations to Alice based on the social network, while ensuring that Alice cannot deduce that Betty likes ‘X’ ? Alice Betty

  7. Outline of this talk • Formal social recommendations problem • Privacy for social recommendations • Accuracy of social recommendations • Example private algorithm and its accuracy • Privacy-Accuracy trade-off • Properties satisfied by a general algorithm • Theoretical bound

  8. Social Recommendations • A set of agents • Yahoo/Facebook users, medical patients • A set of recommended items • Other users (friends) , advertisements, products (drugs) • A network of edges connecting the agents, items • Social network, patient-doctor and patient-drug history • Problem: • Recommend a new item i to agent a based on the network

  9. Social Recommendations(this talk) • A set of agents • Yahoo/Facebook users, medical patients • A set of recommended items • Other users (friends), advertisements, products (drugs) • A network of edges connecting the agents, items • Social network, patient-doctor and patient-drug history • Problem: • Recommend a new friend i to target user a based on the social network

  10. Social Recommendations Target Node (a) • Utility Function – u(a, i) • utility of recommending candidate i to target a • Examples [Liben-Nowell et al. 2003]: • # of Common Neighbors • # of Weighted Paths • Personalized Page Rank u(a, i1) u(a, i2) u(a, i3) Candidate Recommendations

  11. Non-Private Recommendation Algorithm a Utility Function – u(a, i) utility of recommending candidate i to target a u(a, i1) u(a, i2) u(a, i3) Algorithm For each target node a For each candidate i Compute p(a, i) that maximizes Σ u(a,i) p(a,i) endfor Randomly pick one of the candidates with probability p(a,i) endfor

  12. Example: Common Neighbors Utility a Utility Function – u(a, i) utility of recommending candidate i to target a u(a, i1) u(a, i2) u(a, i3) • Common Neighbors Utility: • “Alice and Bob are likely to be friends if they have many common neighbors” • u(a,i1) = f(2), u(a, i2) = f(3), u(a,i3) = f(1) • Non-Private Algorithm • Return the candidate with max u(a, i) • Randomly pick a candidate with probability proportional to u(a,i)

  13. Outline of this talk • Formal social recommendations problem • Privacy for social recommendations • Accuracy of social recommendations • Example private algorithm and its accuracy • Privacy-Accuracy trade-off • Properties satisfied by a general algorithm • Theoretical bound

  14. Differential Privacy [Dwork 2006] For every pair of inputs that differ in one value For every output … D1 D2 O Adversary should not be able to distinguish between any D1 and D2 based on any O Pr[D1 O] Pr[D2 O] . log < ε (ε>1)

  15. Privacy for Social Recommendations • Sensitive information: Recommendation should not disclose the existence of an edge between two nodes. i i a a G1 G2 Pr[ recommending (i, a) | G1] log < ε Pr[ recommending (i, a) | G2]

  16. Outline of this talk • Formal social recommendations problem • Privacy for social recommendations • Accuracy of social recommendations • Example private algorithm and its accuracy • Privacy-Accuracy trade-off • Properties satisfied by a general algorithm • Theoretical bound

  17. Measuring loss in utility due to privacy • Suppose algorithm Arecommends node i of utility ui with probability pi. • Accuracy of A is defined as • comparison with utility of non-private algorithm

  18. Outline of this talk • Formal social recommendations problem • Privacy for social recommendations • Accuracy of social recommendations • Example private algorithm and its accuracy • Privacy-Accuracy trade-off • Properties satisfied by a general algorithm • Theoretical bound

  19. Algorithms for Differential Privacy Theorem: No deterministic algorithm guarantees differential privacy. • Exponential Mechanism • Sample output space based on a distance metric. • Laplace Mechanism • Add noise from a Laplace distribution to query answers.

  20. Privacy Preserving Recommendations a Must pick a node with non-zero probability even if u = 0 Exponential Mechanism [McSherry et al. 2007] u(a, i1) u(a, i2) u(a, i3) Randomly pick a candidate with probabilityproportional to exp( ε∙u(a,i) / Δ ) (Δ is maximum change in utilities by changing one edge) • Satisfies ε-differential privacy

  21. Accuracy of Exponential Mechanism + Common Neighbors Utility WikiVote Network (ε = 0.5) 60% of users have accuracy < 10%

  22. Accuracy of Exponential Mechanism + Common Neighbors Utility Twitter sample (ε = 1) 98% of users have accuracy < 5%

  23. Can we do better? • Maybe common neighbors utility is an especially non-private utility … • Consider a general utility functions that follow intuitive axioms • Maybe the Exponential Mechanism algorithm does not guarantee sufficient accuracy ... • Consider any algorithm that satisfies differential privacy

  24. Outline of this talk • Formal social recommendations problem • Privacy for social recommendations • Accuracy of social recommendations • Example private algorithm and its accuracy • Privacy-Accuracy trade-off • Properties satisfied by a general algorithm • Theoretical bound

  25. Axioms on Utility Functions u(a, i4) a Identical with respect to ‘a’. Hence, u(a, i3) = u(a, i4) u(a, i1) u(a, i2) u(a, i3)

  26. Axioms on Utility Functions “Most of the utility of recommendation to a target is concentrated on a small number of candidates.”

  27. Outline of this talk • Formal social recommendations problem • Privacy for social recommendations • Accuracy of social recommendations • Example private algorithm and its accuracy • Privacy-Accuracy trade-off • Properties satisfied by a general algorithm • Theoretical bound

  28. Accuracy-Privacy Tradeoff Common Neighbors & Weighted Paths Utility*: To achieve constant accuracy for target node a, ε > Ω(log n / degree(a)) * under some mild assumptions on the weighted paths utility …

  29. Implications of Accuracy-Privacy Tradeoff WikiVote Network (ε = 0.5) 60% of users have accuracy < 55%

  30. Implications of Accuracy-Privacy Tradeoff Twitter sample (ε = 1) 95% of users have accuracy < 5%

  31. Takeaway … • “For majority of the nodes in the network, recommendations must either be inaccurate or violate differential privacy!” • Maybe this is a “bad idea” • Or, Maybe differential privacy is too strong a privacy definition to shoot for.

  32. Intuition behind main result Skip >>

  33. Intuition behind main result i i u1(a, i), p1(a, i) a a j j u1(a, j), p1(a, j) G1 G2 p1(a,i) < eε u2(a, i), p2(a, i) p2(a,i) u2(a, j), p2(a, j)

  34. Intuition behind main result i i i a a a j j j G1 G2 G3 p1(a,i) p3(a,j) < eε < eε p2(a,i) p1(a,j)

  35. Using Exchangeability i i G3 is an isomorphism of G2. a a u2(a,i) = u3(a,j) implies p2(a,i) = p3(a,j) j j G2 G3 p1(a,i) p3(a,j) < eε < eε p2(a,i) p1(a,j)

  36. Using Exchangeability G3 is an isomorphism of G2. u2(a,i) = u3(a,j) implies p2(a,i) = p3(a,j) p1(a,i) < e2ε p1(a,j)

  37. Using Exchangeability • In general if any node i can be “transformed” to node j in t edge changes. • Then, probability of recommending highest utility node is at most etε times probability of recommending worst utility node. p1(a,i) < etε p1(a,j)

  38. Final Act: Using Concentration • Few nodes have high utility for target a • 10s of nodes share a common neighbor with a • Many nodes have low utility for target a • Millions of nodes don’t share a common neighbor with a • Thus, there exist i and j such that p1(a,i) Ω(n) = < etε p1(a,j)

  39. Summary of Social Recommendations • Question: “Can social recommendations be made while guaranteeing strong privacy conditions?” • General utility functions satisfying natural axioms • Any algorithm satisfying differential privacy • Answer: “For majority of nodes in the network, recommendations must either be inaccurate or violate differential privacy!” • Maybe this is a “bad idea” • Or, Maybe differential privacy is too strong a privacy definition to shoot for.

  40. Summary of Social Recommendations • Answer: “For majority of nodes in the network, recommendations must either be inaccurate or violate differential privacy!” • Maybe this is a “bad idea” • Or, Maybe differential privacy is too strong a privacy definition to shoot for. • Open Question: “What is the minimum amount of personal information that a user must be willing to disclose in order to get personalized recommendations?”

  41. Thank you 

More Related