Statistical Security of Machine Learning

• Project/Area Number: 16H02864
• Research Category: Grant-in-Aid for Scientific Research (B)
• Allocation Type: Single-year Grants
• Section: 一般
• Research Field: Intelligent informatics
• Research Institution: University of Tsukuba
• Principal Investigator: Sakuma Jun 筑波大学, システム情報系, 教授 (90376963)
• Co-Investigator(Kenkyū-buntansha): 日野 英逸 統計数理研究所, モデリング研究系, 准教授 (10580079) ; 神嶌 敏弘 国立研究開発法人産業技術総合研究所, 情報・人間工学領域, 主任研究員 (50356820) ; 兼村 厚範 国立研究開発法人産業技術総合研究所, 情報・人間工学領域, 招聘研究員 (50580297) ; 松田 隆宏 国立研究開発法人産業技術総合研究所, 情報・人間工学領域, 主任研究員 (60709492) ; 村上 隆夫 国立研究開発法人産業技術総合研究所, 情報・人間工学領域, 主任研究員 (80587981)
• Project Period (FY): 2016-04-01 – 2019-03-31
• Project Status: Completed (Fiscal Year 2019)
• Budget Amount: ¥15,990,000 (Direct Cost: ¥12,300,000、Indirect Cost: ¥3,690,000); Fiscal Year 2018: ¥5,330,000 (Direct Cost: ¥4,100,000、Indirect Cost: ¥1,230,000); Fiscal Year 2017: ¥5,590,000 (Direct Cost: ¥4,300,000、Indirect Cost: ¥1,290,000); Fiscal Year 2016: ¥5,070,000 (Direct Cost: ¥3,900,000、Indirect Cost: ¥1,170,000)
• Keywords: 機械学習 / 人工知能 / セキュリティ / プライバシー / 公平性 / 差分プライバシー / 局所差分プライバシー / プライバシーポリシー / 統計的推定 / 暗号 / 公正性配慮型データマイニング / プライバシ / 安全性 / 予測

Outline of Final Research Achievements

Based on differential privacy/local differential privacy, the de facto standard for statistical safety, we worked on the establishment of a statistical privacy definition of data/model/prediction publication in machine learning and its protection methods. We also construct a cryptographically secure statistical analysis method using highly-functional cryptography, which has been developed in cryptology.In many of our studies, theoretical assurance of its security was shown. Also, its usefulness was demonstrated using real data such as personal genome and location data.

Academic Significance and Societal Importance of the Research Achievements

統計解析や機械学習を実現するためには、個人からプライバシー情報を集めたり、そのような情報を使って解析した結果を公開する必要がある。また機械学習の予測事態が不公平な決定をする可能性がある。このような問題を統計理論および暗号理論の技術を用いて解決する方法を複数提案した。

Research Products

• [Journal Article] Minimax Optimal Additive Functional Estimation with Discrete Distribution: Slow Divergence Speed Case (2018)
  • Author(s): Kazuto Fukuchi, Jun Sakuma
  • Journal Title: Proceedings of the 2018 IEEE International Symposium on Information Theory Volume: - Pages: 1041-1045
  • DOI: 10.1109/isit.2018.8437725
  • Peer Reviewed
• [Journal Article] Non-interactive and Output Expressive Private Comparison from Homomorphic Encryption (2018)
  • Author(s): Wen-jie Lu, Jun-jie Zhou, Jun Sakuma
  • Journal Title: Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security Volume: - Pages: 67-74
  • DOI: 10.1145/3196494.3196503
  • Peer Reviewed / Open Access
• [Journal Article] Toward Distribution Estimation under Local Differential Privacy with Small Samples (2018)
  • Author(s): Murakami Takao、Hino Hideitsu、Sakuma Jun
  • Journal Title: Proceedings on Privacy Enhancing Technologies Volume: 2018 Issue: 3 Pages: 84-104
  • DOI: 10.1515/popets-2018-0022
  • Peer Reviewed / Open Access / Int'l Joint Research
• [Journal Article] Outsourced Private Function Evaluation with Privacy Policy Enforcement (2018)
  • Author(s): Noboru Kunihiro, Wenjie Lu, Takashi Nishide, Jun Sakuma
  • Journal Title: Proceedings of the 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications Volume: - Pages: 412-423
  • DOI: 10.1109/trustcom/bigdatase.2018.00068
  • Peer Reviewed
• [Journal Article] Recommendation Independence (2018)
  • Author(s): Toshihiro Kamishima, Shotaro Akaho, Hideki Asoh, Jun Sakuma
  • Journal Title: Proceedings of Machine Learning Research Volume: 81 Pages: 187-201
  • Peer Reviewed / Open Access
• [Journal Article] Malware Analysis of Imaged Binary Samples by Convolutional Neural Network with Attention (2018)
  • Author(s): Hiromu Yakura, Shinnosuke Shinozaki, Reon Nishimura, Yoshihiro Oyama, Jun Sakuma
  • Journal Title: Proceedings of The 8th ACM Conference on Data and Application Security and Privacy Volume: － Pages: 127-134
  • DOI: 10.1145/3176258.3176335
  • Peer Reviewed
• [Journal Article] Model-based and actual independence for fairness-aware classification (2017)
  • Author(s): Toshihiro Kamishima, Shotaro Akaho, Hideki Asoh, and Jun Sakuma
  • Journal Title: Data Mining and Knowledge Discovery Volume: 32 Issue: 1 Pages: 258-286
  • DOI: 10.1007/s10618-017-0534-x
  • NAID: 120007133769
  • Peer Reviewed
• [Journal Article] Mis-operation Resistant Searchable Homomorphic Encryption (2017)
  • Author(s): Keita Emura, Takuya Hayashi, Noboru Kunihiro, Jun Sakuma
  • Journal Title: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security Volume: ASIA CCS'17 Pages: 215-229
  • DOI: 10.1145/3052973.3053015
  • Peer Reviewed / Open Access / Acknowledgement Compliant
• [Journal Article] Differentially Private Semi-Supervised Classification. (2017)
  • Author(s): Xu Long, Jun Sakuma
  • Journal Title: Proceedings of the 3rd IEEE International Conference on Smart Computing Volume: － Pages: 1-6
  • DOI: 10.1109/smartcomp.2017.7947001
  • Peer Reviewed / Open Access
• [Journal Article] Towards Privacy-preserving Record Linkage with Record-wise Linkage Policy (2017)
  • Author(s): Takahito Kaiho , Wen-jie Lu, Toshiyuki Amagasa, and Jun Sakuma
  • Journal Title: Database and Expert Systems Applications. Volume: 10438 Pages: 233-248
  • DOI: 10.1007/978-3-319-64468-4_18
  • ISBN: 9783319644677, 9783319644684
  • Peer Reviewed
• [Journal Article] Differentially Private Chi-squared Test by Unit Circle Mechanism (2017)
  • Author(s): Kazuya Kakizaki, Kazuto Fukuchi, and Jun Sakuma
  • Journal Title: Proceedings of the 34th International Conference on Machine Learning Volume: 70 Pages: 1761-1770
  • Peer Reviewed / Open Access
• [Journal Article] Minimax Optimal Estimators for Additive Scalar Functionals of Discrete Distributions (2017)
  • Author(s): Kazuto Fukuchi and Jun Sakuma
  • Journal Title: Proceedings of the 2017 IEEE International Symposium on Information Theory Volume: － Pages: 2103-2107
  • DOI: 10.1109/isit.2017.8006900
  • Peer Reviewed
• [Journal Article] Differentially Private Empirical Risk Minimization with Input Perturbation (2017)
  • Author(s): Kazuto Fukuchi, Quang Khai Tran, and Jun Sakuma
  • Journal Title: Proceedings of International Conference on Discovery Science Volume: 10558 Pages: 82-90
  • DOI: 10.1007/978-3-319-67786-6_6
  • ISBN: 9783319677859, 9783319677866
  • Peer Reviewed
• [Journal Article] Reconstructable and interpretable representations for time series with time-skip sparse dictionary learning (2017)
  • Author(s): Genta Yoshimura, Atsunori Kanemura, Hideki Asoh
  • Journal Title: Proceedings of the Thematic Workshops of ACM Multimedia Volume: - Pages: 323-331
  • Peer Reviewed
• [Journal Article] Privacy-preserving and Optimal Interval Release for Disease Susceptibility (2017)
  • Author(s): Kosuke Kusano, Ichiro Takeuchi, Jun Sakuma
  • Journal Title: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security Volume: N/A Pages: 532-545
  • Peer Reviewed / Open Access / Acknowledgement Compliant
• [Journal Article] Using Fully Homomorphic Encryption for Statistical Analysis of Categorical, Ordinal and Numerical Data (2016)
  • Author(s): Wen-jie Lu, Shohei Kawasaki, Jun Sakuma
  • Journal Title: Proceedings of The Network and Distributed System Security Symposium 2017 (NDSS2017) Volume: N/A
  • Peer Reviewed / Open Access / Acknowledgement Compliant
• [Journal Article] 近接平均を用いた加速近接勾配法の適応的リスタート (2016)
  • Author(s): 中里佳央，福地 一斗, 佐久間 淳
  • Journal Title: 信学技報 Volume: 116 Pages: 65-71
  • Acknowledgement Compliant
• [Journal Article] 離散分布の加法分解可能なスカラー汎関数におけるミニマックス最適推定量 (2016)
  • Author(s): 福地 一斗, 佐久間 淳
  • Journal Title: 信学技報 Volume: 116 Pages: 259-265
  • Acknowledgement Compliant
• [Journal Article] カイ二乗検定の幾何的解釈に基づく差分プライバシーの実現 (2016)
  • Author(s): 柿崎和也，佐久間淳
  • Journal Title: コンピュータセキュリティシンポジウム2016論文集 Volume: 2016 Pages: 1199-1206
  • NAID: 170000173824
  • Acknowledgement Compliant
• [Journal Article] 線形モデルにおける安全な予測値公開メカニズムの提案とその疾患リスク予測モデルへの適用 (2016)
  • Author(s): 草野 光亮, 竹内 一郎, 佐久間 淳
  • Journal Title: コンピュータセキュリティシンポジウム2016論文集 Volume: 2016 Pages: 1207-1214
  • NAID: 170000173825
  • Acknowledgement Compliant
• [Journal Article] Privately Evaluating Contingency Tables with Suppression (2016)
  • Author(s): 陸文杰，佐久間淳
  • Journal Title: コンピュータセキュリティシンポジウム2016論文集 Volume: 2016 Pages: 1048-1055
  • NAID: 170000173804
  • Acknowledgement Compliant
• [Presentation] ブートストラップ分布に基づく外れ値検定 (2018)
  • Author(s): 日野英逸
  • Organizer: 情報論的学習理論研究会
• [Book] データ解析におけるプライバシ保護 (2016)
  • Author(s): 佐久間淳
  • Total Pages: 240
  • Publisher: 講談社