High accuracy ML & AI over sensitive data
Download as PPTX, PDF1 like1,068 views
The document discusses the implementation of privacy-preserving machine learning and artificial intelligence using anonymized patient data, focusing on methods to enhance health outcomes while maintaining compliance with HIPAA and GDPR. It highlights various techniques to address data identifiability, including k-anonymity and federated approaches, and provides insights on the challenges of anonymizing high-dimensional data. The author emphasizes the importance of using secure pseudonymous identifiers and outlines strategies for effective data sanitization in machine learning applications.
![PII-based quasi-identifiers
// Generalization of quasi-identifying columns
lazy val quasiIdCols: Seq[Column] = Seq(
'gender,
'dob.substr(1, 4).cast(IntegerType).as("yob"), // only year of birth
'zip.substr(1, 3).cast(IntegerType).as("zip3") // only first 3 digits of zip
)](https://image.slidesharecdn.com/2018highaccuracymlaioversensitivedata-shared-180714021421/85/High-accuracy-ML-AI-over-sensitive-data-27-320.jpg)
High accuracy ML & AI over sensitive data
- 1. High-accuracy ML & AI over sensitive data Simeon Simeonov, Swoop @simeons / sim at swoop dot com
- 3. omni-channel marketing for your ideal population supported by privacy-preserving ML/AI e.g., we improve health outcomes by increasing the diagnosis rate of rare diseases through doctor/patient education
- 4. Swoop & IPM.ai data for 300+M people • Anonymized patient data • Online activity • Imprecise location data • Demographics, psychographics, purchase behavior, … Privacy by design: HIPAA-compliant prAIvacy™ platform. Trusted by the largest pharma companies. GDPR compliant.
- 5. Privacy-preserving computation frontiers • Stochastic – Differential privacy • Encryption-based – Fully homomorphic encryption • Protocol-based – Secure multi-party computation (SMC)
- 6. When privacy-preserving algorithms are immature, sanitize the data the algorithms are trained on
- 7. Privacy concerns stem from identifiability • Direct (via personally-identifiable information) • Indirect (via quasi-identifiers) Sim Simeonov; Male; July 7, 1977 One Swoop Way, Cambridge, MA 02140
- 9. Addressing identifiability in a single dataset • Direct – Generate secure pseudonymous identifiers – Often uses clean room to process PII • Indirect – Sanitize quasi-identifiers to desired anonymity trade-offs – Control data enhancement to maintain anonymity anonymity == indistinguishability
- 10. Sanitizing quasi-identifiers • Deterministic – Generalize or suppress quasi-identifiers – k-anonymity + derivatives • any given record maps onto at least k-1 other records • Stochastic – Add noise to data – (k, ℇ)-anonymity • Domain-specific
- 11. Addressing identifiability across datasets • Centralized approach – Join all data + sanitize the whole – Big increase in dimensionality • Federated approach – Keep data separate + sanitize operations across data – Smallest possible increase in dimensionality
- 12. We show that when the data contains a large number of attributes which may be considered quasi-identifiers, it becomes difficult to anonymize the data without an unacceptably high amount of information loss. ... we are faced with ... either completely suppressing most of the data or losing the desired level of anonymity. On k-Anonymity and the Curse of Dimensionality 2005 Aggarwal, C. @ IBM T. J. Watson Research Center Centralized sanitization hurts ML/AI accuracy
- 13. We find that for privacy budgets effective at preventing attacks, patients would be exposed to increased risk of stroke, bleeding events, and mortality. Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing 2014 Fredrikson, M. et. al. @ UW Madison and Marshfield Clinic Research Foundation Centralized sanitization increases risk
- 14. Normalized Certainty Penalty (NCP) 0% 5% 10% 15% 20% 25% 30% 35% 40% 2 3 4 5 6 7 8 9 10 k age gender & age k-anonymizing Titanic passenger survivability
- 15. Federated sanitization: Swoop’s prAIvacy™ • Secure, isolated data pools • Automated sanitization • Min dimensionality growth • Deterministic + stochastic • Optimal + often lossless Model condition X score on other data
- 16. Putting it all to practice (using Spark) • Pre-process data • Generate secure pseudonymous identifiers • Sanitize quasi-identifiers
- 17. dirty quasi-identifiers increase distinguishability: clean data before sanitization to prevent increased sanitization loss
- 18. no anonymization framework for unstructured data: suppress or structure
- 19. Word embedding for text anonymization • Text ➞ high-dimensionality vector – Capture semantics “Texas” + “Milwaukee” – “Wisconsin” ≃ “Dallas” – ML/AI-friendly representation – word2vec, doc2vec, GloVe, … • Anonymizing embeddings – Train secret embeddings model – Add noise to vectors
- 20. Secure pseudonymous ID generation Sim|Simeonov|M|1977-07-07|02140 8daed4fa67a07d7a5 … 6f574021 gPGIoVw … wnNpij1LveZRtKeWU= Sim Simeonov; Male; July 7, 1977 One Swoop Way, Cambridge, MA 02140 // consistent serialization // secure destructive hashing (SHA-xxx) // master encryption (AES-xxx) Vw50jZjh6BCWUzSVu … mfUFtyGZ3q // partner A encryption 6ykWEv7A2lisz8KUi … VT2ZddaOeML // partner B encryption Sim Simeonov; M; 1977-07-07 One Swoop Way, Suite 305, Cambridge, MA 02140 ...
- 21. Multiple IDs for dirty data Sim|Simeonov|M|1977-07-07|02140 // full entry when data is clean S|S551|M|1977-07-07|02140 // fuzzify names to handle limited entry & typos Sim|Simeonov|M|1977-07|02140 // also may reduce dob/geo accuracy tune fuzzification to use cases & desired FP/FN rates
- 22. Build pseudonymous IDs with Spark (and sanitize PII-based quasi-identifiers)
- 23. We need a few user-defined functions • Strong secure hash function with very few collisions – sha256(data) computes SHA-256 • Strong symmetric key encryption – aes_encrypt(data, secret) in Hive but not ported to Spark – aes__encrypt(data, secret) is a UDF to avoid name conflict • Demo sugar to build secrets from pass phrases – secret(pass_phrase)
- 24. Let’s create some PII case class PII(firstName: String, lastName: String, gender: String, dob: String, zip: String) val sim = PII("Sim", "Simeonov", "M", "1977-07-07", "02140") val ids = spark.createDataset(Seq(sim))
- 25. Consistent serialization val p = lit("|") // just a pipe symbol to save us typing lazy val idRules = Seq( // Rule 1: Use all PII concat(upper('firstName), p, upper('lastName), p, 'gender, p, 'dob, p, 'zip), // Rule 2: Use only first initial of first name and soundex of last name concat(upper('firstName.substr(1, 1)), p, soundex(upper('lastName)), p, 'gender, p, 'dob, p, 'zip) )
- 26. Hash & encrypt // The pseudonymous ID columns built from the rules lazy val psids = { val masterPassword = "Master Password" // master password to encrypt IDs with // Serialize -> Hash -> Encrypt idRules.zipWithIndex.map { case (serialization, idx) => aes__encrypt(sha256(serialization), secret(lit(masterPassword))) .as(s"psid${idx + 1}") } }
- 27. PII-based quasi-identifiers // Generalization of quasi-identifying columns lazy val quasiIdCols: Seq[Column] = Seq( 'gender, 'dob.substr(1, 4).cast(IntegerType).as("yob"), // only year of birth 'zip.substr(1, 3).cast(IntegerType).as("zip3") // only first 3 digits of zip )
- 28. Generate master IDs // Master pseudonymous IDs lazy val masterIds = ids.select(quasiIdCols ++ psids: _*)
- 29. Generate per partner IDs val partnerPasswords = Map("A" -> "A Password", "B" -> "B Password") val partnerIds = spark.createDataset(partnerPasswords.toSeq) .toDF("partner_name", "pwd").withColumn("pwd", secret('pwd)) .crossJoin(masterIds) .transform { df => psids.indices.foldLeft(df) { case (current, idx) => val colName = s"psid${idx + 1}" current.withColumn(colName, base64(aes__encrypt(col(colName), 'pwd))) } } .drop("pwd")
- 30. The end result
- 31. Sanitizing quasi-identifiers in Spark • Optimal k-anonymity is an NP-hard problem – Mondrian algorithm: greedy O(nlogn) approximation • https://github.com/eubr-bigsea/k-anonymity-mondrian • Active research – Locale-sensitive hashing (LSH) improvements – Risk-based approaches (e.g., LBS algorithm)
- 32. Interested in challenging data engineering, ML & AI on petabytes of data? I’d love to hear from you. @simeons / sim at swoop dot com https://databricks.com/session/great-models-with-great-privacy-optimizing-ml-ai-under-gdpr https://databricks.com/session/the-smart-data-warehouse-goal-based-data-production https://swoop-inc.github.io/spark-records/ Privacy matters. Thank you for caring.