This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
sql-derivative-sensitivity-analyser_advanced [2018/11/26 10:09] alisa |
sql-derivative-sensitivity-analyser_advanced [2018/11/26 11:43] alisa |
||
---|---|---|---|
Line 37: | Line 37: | ||
</code> | </code> | ||
- | The line ''u = lp 2.0 latitude longitude;'' combines latitude and longitude to define Euclidean distance (i.e l<sub>2</sub>-norm). We may scale the distances, and 0.2 in the line ''z = scaleNorm 0.2 u''; means that we conceal changes in location up to 1/0.2 = 5 units. Finally, ''return linf z;'' shows how the distance between the tables is computed from the distances between their rows, and ''linf'' means that we take the maximum row distance (i.e l<sub>∞</sub>-norm), so DP conceals the change even if all sensitive rows change by a unit. | + | The line ''u = lp 2.0 latitude longitude;'' combines latitude and longitude to define Euclidean distance (i.e l<sub>2</sub>-norm). We may scale the distances, and 0.2 in the line ''z = scaleNorm 0.2 u;'' means that we conceal changes in location up to 1/0.2 = 5 units. Finally, ''return linf z;'' shows how the distance between the tables is computed from the distances between their rows, and ''linf'' means that we take the maximum row distance (i.e l<sub>∞</sub>-norm), so DP conceals the change even if all sensitive rows change by a unit. |
=== Combined sensitivity === | === Combined sensitivity === | ||
- | TODO: explain shortly what combined sensitivity is and how to use it | + | In the previous section, we considered differential privacy w.r.t. change in some particular cells of the data tables. The number of rows was considered immutable. To achieve a more traditional differential privacy, which considers addition or deletion of a row as a unit change, we need to define a cost of such operation, expressed by the line ''G: 1.0 ;''. It is possible to combine these two distances. |
+ | |||
+ | <code> | ||
+ | rows: all ; | ||
+ | cols: latitude longitude ; | ||
+ | G: 1.0 ; | ||
+ | </code> | ||
+ | |||
+ | Intuitively, this means that both types of changes are allowed. In this example, differential privacy conceals the facts that a row has been added or removed, as well as that the latitude or longitude have been changed by a unit. More precisely, we define the distance between two tables as a //table edit distance// (analogous to string edit distance) that takes combines the following operations: | ||
+ | * the cost of row insertion/deletion (defined by the line ''G:''). | ||
+ | * the cost of cell modification (defined by the line ''cols:'' and the possible extension). | ||
+ | |||
+ | Table edit distance is defined as the minimal cost of operations required to transform one table into the other. |