A Validated Privacy-Utility Preserving Recommendation System with Local Differential Privacy

TL;DR

This paper introduces a privacy-preserving recommendation system using local differential privacy, involving dual perturbation rounds and neural network decoding, achieving high clustering success while maintaining privacy.

Contribution

It presents the first dual-perturbation LDP approach with comprehensive validation, including neural decoding and clustering, demonstrating strong privacy-utility balance.

Findings

Achieves 90% clustering success at ε=0.8

Maintains 80.3% success at ε=2

Demonstrates resistance to plausible deniability and averaging attacks

Abstract

This paper proposes a new recommendation system preserving both privacy and utility. It relies on the local differential privacy (LDP) for the browsing user to transmit his noisy preference profile, as perturbed Bloom filters, to the service provider. The originality of the approach is multifold. First, as far as we know, the approach is the first one including at the user side two perturbation rounds - PRR (Permanent Randomized Response) and IRR (Instantaneous Randomized Response) - over a complete user profile. Second, a full validation experimentation chain is set up, with a machine learning decoding algorithm based on neural network or XGBoost for decoding the perturbed Bloom filters and the clustering Kmeans tool for clustering users. Third, extensive experiments show that our method achieves good utility-privacy trade-off, i.e. a 90$\%$ clustering success rate, resp. 80.3$\%$ for a value of LDP $\epsilon = 0.8$, resp. $\epsilon = 2$. Fourth, an experimental and theoretical analysis gives concrete results on the resistance of our approach to the plausible deniability and resistance against averaging attacks.