SoK: Privacy-Preserving Collaborative Tree-based Model Learning

[1] “Amazon sagemaker - xgboost algorithm,” https://docs.aws.amazon.com/sagemaker/latest/dg/xgboost.html.Search in Google Scholar

[2] “DBLP: Computer science bibliography,” https://dblp.org/.Search in Google Scholar

[3] “Google scholar,” https://scholar.google.com/.Search in Google Scholar

[4] “Microsoft academic,” https://academic.microsoft.com/home.Search in Google Scholar

[5] M. Abspoel, D. Escudero, and N. Volgushev, “Secure training of decision trees with continuous attributes,” Proceedings on Privacy Enhancing Technologies, 2021.10.2478/popets-2021-0010Search in Google Scholar

[6] R. Agrawal, A. Evfimievski, and R. Srikant, “Information sharing across private databases,” in ACM SIGMOD, 2003.10.1145/872757.872771Search in Google Scholar

[7] R. Agrawal and R. Srikant, “Privacy-preserving data mining,” in ACM SIGMOD, 2000.10.1145/342009.335438Search in Google Scholar

[8] A. Akavia, M. Leibovich, Y. S. Resheff, R. Ron, M. Shahar, and M. Vald, “Privacy-preserving decision tree training and prediction against malicious server,” iacr eprint, 2019, https://eprint.iacr.org/2019/1282.Search in Google Scholar

[9] A. Alabdulkarim, M. Al-Rodhaan, T. Ma, and Y. Tian, “PPSDT: A novel privacy-preserving single decision tree algorithm for clinical decision-support systems using IoT devices,” Sensors, 2019.10.3390/s19010142633902730609816Search in Google Scholar

[10] A. Alabdulkarim, M. Al-Rodhaan, Y. Tian, and A. Al-Dhelaan, “A privacy-preserving algorithm for clinical decision-support systems using random forest,” CMC Comput. Mater. Con, 2019.10.32604/cmc.2019.05637Search in Google Scholar

[11] M. Andriushchenko and M. Hein, “Provably robust boosted decision stumps and trees against adversarial attacks,” in NeurIPS, 2019.Search in Google Scholar

[12] L. J. Aslett, P. M. Esperança, and C. C. Holmes, “Encrypted statistical machine learning: new privacy preserving methods,” arXiv preprint 1508.06845, 2015.Search in Google Scholar

[13] G. Ateniese, L. V. Mancini, A. Spognardi, A. Villani, D. Vitali, and G. Felici, “Hacking smart machines with smarter ones: How to extract meaningful data from machine learning classifiers,” International Journal of Security and Networks, 2015.10.1504/IJSN.2015.071829Search in Google Scholar

[14] E. Bagdasaryan, A. Veit, Y. Hua, D. Estrin, and V. Shmatikov, “How to backdoor federated learning,” in AISTATS, 2020.Search in Google Scholar

[15] R. Baghel and M. Dutta, “Privacy preserving classification by using modified c4. 5,” in IC3. IEEE, 2013.10.1109/IC3.2013.6612175Search in Google Scholar

[16] X. Bai, J. Yao, M. Yuan, K. Deng, X. Xie, and H. Guan, “Embedding differential privacy in decision tree algorithm with different depths,” Science China Information Sciences, 2017.10.1007/s11432-016-0442-1Search in Google Scholar

[17] G. Behera, “Privacy preserving c4. 5 using gini index,” in NCETACS. IEEE, 2011.10.1109/NCETACS.2011.5751385Search in Google Scholar

[18] M. Bellare, R. Dowsley, and S. Keelveedhi, “How secure is deterministic encryption?” in PKC, 2015.10.1007/978-3-662-46447-2_3Search in Google Scholar

[19] A. Blum, C. Dwork, F. McSherry, and K. Nissim, “Practical privacy: the sulq framework,” in ACM PODS, 2005.10.1145/1065167.1065184Search in Google Scholar

[20] M. Bojarski, A. Choromanska, K. Choromanski, and Y. Le-Cun, “Differentially-and non-differentially-private random decision trees,” arXiv preprint 1410.6973, 2014.Search in Google Scholar

[21] K. Bonawitz, V. Ivanov, B. Kreuter, A. Marcedone, H. B. McMahan, S. Patel, D. Ramage, A. Segal, and K. Seth, “Practical secure aggregation for privacy-preserving machine learning,” in ACM SIGSAC CCS, 2017.10.1145/3133956.3133982Search in Google Scholar

[22] Z. Brakerski, C. Gentry, and V. Vaikuntanathan, “(leveled) fully homomorphic encryption without bootstrapping,” ACM TOCT, 2014.10.1145/2633600Search in Google Scholar

[23] L. Breiman, “Random forests,” Machine learning, 2001.Search in Google Scholar

[24] L. Breiman, J. Friedman, C. J. Stone, and R. A. Olshen, Classification and regression trees. CRC press, 1984.Search in Google Scholar

[25] E. Bresson, D. Catalano, and D. Pointcheval, “A simple public-key cryptosystem with a double trapdoor decryption mechanism and its applications,” in ASIACRYPT. Springer, 2003.10.1007/978-3-540-40061-5_3Search in Google Scholar

[26] J. Brickell and V. Shmatikov, “Privacy-preserving classifier learning,” in FC, 2009.10.1007/978-3-642-03549-4_8Search in Google Scholar

[27] S. Bu, L. V. Lakshmanan, R. T. Ng, and G. Ramesh, “Preservation of patterns and input-output privacy,” in IEEE ICDE, 2007.10.1109/ICDE.2007.367915Search in Google Scholar

[28] N. Buescher, S. Boukoros, S. Bauregger, and S. Katzenbeisser, “Two is not enough: Privacy assessment of aggregation schemes in smart metering,” Proceedings on Privacy Enhancing Technologies, 2017.10.1515/popets-2017-0045Search in Google Scholar

[29] H. Chen, W. Dai, M. Kim, and Y. Song, “Efficient multi-key homomorphic encryption with packed ciphertexts with application to oblivious neural network inference,” in ACM SIGSAC CCS, 2019.10.1145/3319535.3363207Search in Google Scholar

[30] M. Chen, Z. Zhang, T. Wang, M. Backes, M. Humbert, and Y. Zhang, “When machine unlearning jeopardizes privacy,” arXiv preprint 2005.02205, 2020.Search in Google Scholar

[31] T. Chen and C. Guestrin, “Xgboost: A scalable tree boosting system,” in ACM SIGKDD, 2016.10.1145/2939672.2939785Search in Google Scholar

[32] K. Cheng, T. Fan, Y. Jin, Y. Liu, T. Chen, and Q. Yang, “Secureboost: A lossless federated learning framework,” arXiv preprint 1901.08755, 2019.Search in Google Scholar

[33] J. H. Cheon, A. Kim, M. Kim, and Y. Song, “Homomorphic encryption for arithmetic of approximate numbers,” in ASIACRYPT. Springer, 2017.10.1007/978-3-319-70694-8_15Search in Google Scholar

[34] S. Consul and S. Williamson, “Differentially private median forests for regression and classification,” arXiv 2006.08795, 2020.Search in Google Scholar

[35] I. Damgård and M. Jurik, “A generalisation, a simplification and some applications of paillier’s probabilistic public-key system,” in PKC. Springer, 2001.10.1007/3-540-44586-2_9Search in Google Scholar

[36] I. Damgård, V. Pastro, N. Smart, and S. Zakarias, “Multiparty computation from somewhat homomorphic encryption,” in Annual Cryptology Conference. Springer, 2012.10.1007/978-3-642-32009-5_38Search in Google Scholar

[37] J. Dansana, D. Dey, and R. Kumar, “A novel approach: Cart algorithm for vertically partitioned database in multi-party environment,” in IEEE CICT, 2013.10.1109/CICT.2013.6558209Search in Google Scholar

[38] S. de Hoogh, B. Schoenmakers, P. Chen, and H. op den Akker, “Practical secure decision tree learning in a tele-treatment application,” in FC, 2014.10.1007/978-3-662-45472-5_12Search in Google Scholar

[39] F. Doshi-Velez and B. Kim, “Towards a rigorous science of interpretable machine learning,” arXiv preprint 1702.08608, 2017.Search in Google Scholar

[40] J. Dowd, S. Xu, and W. Zhang, “Privacy-preserving decision tree mining based on random substitutions,” in ETRICS, 2006.10.1007/11766155_11Search in Google Scholar

[41] W. Du and Z. Zhan, “Building decision tree classifier on private data,” in CRPIT, 2002.Search in Google Scholar

[42] ——, “Using randomized response techniques for privacy-preserving data mining,” in ACM SIGKDD, 2003.Search in Google Scholar

[43] D. Dua and C. Graff, “UCI machine learning repository,” 2017, http://archive.ics.uci.edu/ml.Search in Google Scholar

[44] C. Dwork, “Differential privacy,” in Automata, Languages and Programming, 2006.10.1007/11787006_1Search in Google Scholar

[45] E.-M. El-Mhamdi, R. Guerraoui, A. Guirguis, L. N. Hoang, and S. Rouault, “Genuinely distributed byzantine machine learning,” in PODC, 2020.10.1145/3382734.3405695Search in Google Scholar

[46] T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” CRYPTO, 1985.10.1109/TIT.1985.1057074Search in Google Scholar

[47] F. Emekçi, D. Agrawal, A. E. Abbadi, and A. Gulbeden, “Privacy preserving query processing using third parties,” in ICDE. IEEE, 2006.10.1109/ICDE.2006.116Search in Google Scholar

[48] F. Emekçi, O. D. Sahin, D. Agrawal, and A. El Abbadi, “Privacy preserving decision tree learning over multiple parties,” Data & Knowledge Engineering, 2007.10.1016/j.datak.2007.02.004Search in Google Scholar

[49] V. Estivill-Castro and L. Brankovic, “Data swapping: Balancing privacy against precision in mining for logic rules,” in DaWaK. Springer, 1999.10.1007/3-540-48298-9_41Search in Google Scholar

[50] European Parliament and Council of European Union, “General data protection regulations,” 2016.Search in Google Scholar

[51] W. Fan, H. Wang, P. S. Yu, and S. Ma, “Is random model better? on its accuracy and efficiency,” in ICDM, 2003.Search in Google Scholar

[52] W. Fang and B. Yang, “Privacy preserving decision tree learning over vertically partitioned data,” in CSSE. IEEE, 2008.10.1109/CSSE.2008.731Search in Google Scholar

[53] W. Fang, B. Yang, and D. Song, “Preserving private knowledge in decision tree learning.” JCP, 2010.10.4304/jcp.5.5.733-740Search in Google Scholar

[54] W. Fang, B. Yang, D. Song, and Z. Tang, “A new scheme on privacy-preserving distributed decision-tree mining,” in ETCS. IEEE, 2009.10.1109/ETCS.2009.376Search in Google Scholar

[55] W. Fang, C. Chen, J. Tan, C. Yu, Y. Lu, L. Wang, L. Wang, J. Zhou et al., “A hybrid-domain framework for secure gradient tree boosting,” arXiv preprint 2005.08479, 2020.Search in Google Scholar

[56] Z. Feng, H. Xiong, C. Song, S. Yang, B. Zhao, L. Wang, Z. Chen, S. Yang, L. Liu, and J. Huan, “Securegbm: Secure multi-party gradient boosting,” in Big Data. IEEE, 2019.10.1109/BigData47090.2019.9006000Search in Google Scholar

[57] D. Fiore, R. Gennaro, and V. Pastro, “Efficiently verifiable computation on encrypted data,” in ACM SIGSAC CCS, 2014.10.1145/2660267.2660366Search in Google Scholar

[58] D. Fiore, A. Nitulescu, and D. Pointcheval, “Boosting verifiable computation on encrypted data,” in PKC, 2020, pp. 124–154.10.1007/978-3-030-45388-6_5Search in Google Scholar

[59] S. Fletcher and M. Z. Islam, “A differentially private random decision forest using reliable signal-to-noise ratios,” in Australasian joint conference on artificial intelligence, 2015.10.1007/978-3-319-26350-2_17Search in Google Scholar

[60] ——, “Differentially private random decision forests using smooth sensitivity,” Expert Systems with Applications, 2017.Search in Google Scholar

[61] ——, “Decision tree classification with differential privacy: A survey,” ACM CSUR, 2019.Search in Google Scholar

[62] ——, “A differentially private decision forest,” in AusDM. CRPIT, 2015.Search in Google Scholar

[63] P. K. Fong and J. H. Weber-Jahnke, “Privacy preserving decision tree learning using unrealized data sets,” TKDE, 2012.10.1109/TKDE.2010.226Search in Google Scholar

[64] M. Fredrikson, S. Jha, and T. Ristenpart, “Model inversion attacks that exploit confidence information and basic countermeasures,” in ACM SIGSAC CCS, 2015.10.1145/2810103.2813677Search in Google Scholar

[65] M. J. Freedman, K. Nissim, and B. Pinkas, “Efficient private matching and set intersection,” in EUROCRYPT, 2004.10.1007/978-3-540-24676-3_1Search in Google Scholar

[66] A. A. Freitas, “Comprehensible classification models: a position paper,” ACM SIGKDD explorations newsletter, 2014.10.1145/2594473.2594475Search in Google Scholar

[67] Y. Freund and R. E. Schapire, “A desicion-theoretic generalization of on-line learning and an application to boosting,” in J. Comput. Syst. Sci. Springer, 1995.10.1007/3-540-59119-2_166Search in Google Scholar

[68] A. Friedman and A. Schuster, “Data mining with differential privacy,” in ACM SIGKDD, 2010.10.1145/1835804.1835868Search in Google Scholar

[69] J. H. Friedman, “Greedy function approximation: a gradient boosting machine,” Annals of statistics, 2001.10.1214/aos/1013203451Search in Google Scholar

[70] S. Gambs, B. Kégl, and E. Aïmeur, “Privacy-preserving boosting,” Data Mining and Knowledge Discovery, 2007.10.1007/s10618-006-0051-9Search in Google Scholar

[71] A. Gangrade and R. Patel, “Building privacy-preserving c4. 5 decision tree classifier on multi-parties,” IJCSE, 2009.Search in Google Scholar

[72] ——, “A novel protocol for privacy preserving decision tree over horizontally partitioned data,” IJARCS, 2011.Search in Google Scholar

[73] ——, “Privacy preserving two-layer decision tree classifier for multiparty databases,” IJCIT, 2012.Search in Google Scholar

[74] P. Geurts, D. Ernst, and L. Wehenkel, “Extremely randomized trees,” Machine learning, 2006.10.1007/s10994-006-6226-1Search in Google Scholar

[75] I. Giacomelli, S. Jha, R. Kleiman, D. Page, and K. Yoon, “Privacy-preserving collaborative prediction using random forests,” AMIA Jt Summits Transl Sci Proc., 2019.Search in Google Scholar

[76] C. Giannella, K. Liu, T. Olsen, and H. Kargupta, “Communication efficient construction of decision trees over heterogeneously distributed data,” in ICDM. IEEE, 2004.Search in Google Scholar

[77] O. Goldreich, General Cryptographic Protocols. Cambridge University Press, 2004, vol. 2, p. 599–764.10.1017/CBO9780511721656.004Search in Google Scholar

[78] ——, Foundations of cryptography: volume 2, basic applications. Cambridge university press, 2009.Search in Google Scholar

[79] Z. Guan, X. Sun, L. Shi, L. Wu, and X. Du, “A differentially private greedy decision forest classification algorithm with high utility,” Computers & Security, 2020.10.1016/j.cose.2020.101930Search in Google Scholar

[80] S. Han and W. K. Ng, “Multi-party privacy-preserving decision trees for arbitrarily partitioned data,” Int J Intell Control Syst, 2007.Search in Google Scholar

[81] B. Hitaj, G. Ateniese, and F. Perez-Cruz, “Deep models under the gan: information leakage from collaborative deep learning,” in ACM SIGSAC CCS, 2017.10.1145/3133956.3134012Search in Google Scholar

[82] N. Homer, S. Szelinger, M. Redman, D. Duggan, W. Tembe, J. Muehling, J. V. Pearson, D. A. Stephan, S. F. Nelson, and D. W. Craig, “Resolving individuals contributing trace amounts of dna to highly complex mixtures using high-density snp genotyping microarrays,” PLoS Genet, 2008.10.1371/journal.pgen.1000167251619918769715Search in Google Scholar

[83] J. Hou, Q. Li, S. Meng, Z. Ni, Y. Chen, and Y. Liu, “Dprf: A differential privacy protection random forest,” IEEE Access, 2019.10.1109/ACCESS.2019.2939891Search in Google Scholar

[84] G. Jagannathan, K. Pillaipakkamnatt, and R. N. Wright, “A practical differentially private random decision tree classifier,” in IEEE ICDMW, 2009.10.1109/ICDMW.2009.93Search in Google Scholar

[85] M. A. Kadampur et al., “A noise addition scheme in decision tree for privacy preserving data mining,” arXiv preprint 1001.3504, 2010.Search in Google Scholar

[86] Kaggle, “Credit card fraud,” https://www.kaggle.com/mlgulb/creditcardfraud.Search in Google Scholar

[87] ——, “Default of credit card data,” https://www.kaggle.com/uciml/default-of-credit-card-clients-dataset.Search in Google Scholar

[88] ——, “Give me some credit,” https://www.kaggle.com/c/GiveMeSomeCredit/data.Search in Google Scholar

[89] P. Kairouz, H. B. McMahan, B. Avent, A. Bellet, M. Bennis, A. N. Bhagoji, K. Bonawitz, Z. Charles, G. Cormode, R. Cummings et al., “Advances and open problems in federated learning,” arXiv preprint 1912.04977, 2019.Search in Google Scholar

[90] G. Kalyani, M. C. S. Rao, and B. Janakiramaiah, “Decision tree based data reconstruction for privacy preserving classification rule mining,” Informatica, 2017.Search in Google Scholar

[91] M. Kantarcioglu and C. Clifton, “Privacy-preserving distributed mining of association rules on horizontally partitioned data,” IEEE TKDE, 2004.10.1109/TKDE.2004.45Search in Google Scholar

[92] D. Kaplan, J. Powell, and T. Woller, “AMD memory encryption,” Advanced Micro Devices, Tech. Rep., 2016.Search in Google Scholar

[93] H. Kargupta, S. Datta, Q. Wang, and K. Sivakumar, “On the privacy preserving properties of random data perturbation techniques,” in IEEE ICDM, 2003.Search in Google Scholar

[94] M. Keller, “MP-SPDZ: A versatile framework for multi-party computation,” Cryptology ePrint Archive, Report 2020/521, 2020, https://eprint.iacr.org/2020/521.10.1145/3372297.3417872Search in Google Scholar

[95] F. Khodaparast, M. Sheikhalishahi, H. Haghighi, and F. Martinelli, “Privacy preserving random decision tree classification over horizontally and vertically partitioned data,” in DASC/PiCom/DataCom/CyberSciTech. IEEE, 2018.10.1109/DASC/PiCom/DataCom/CyberSciTec.2018.00110Search in Google Scholar

[96] H. Kikuchi, K. Ito, M. Ushida, H. Tsuda, and Y. Yamaoka, “Privacy-preserving distributed decision tree learning with boolean class attributes,” in AINA. IEEE, 2013.10.1109/AINA.2013.140Search in Google Scholar

[97] E. Kim, J. Jeong, H. Yoon, Y. Kim, J. Cho, and J. H. Cheon, “How to securely collaborate on data: Decentralized threshold he and secure key update,” IEEE Access, 2020.10.1109/ACCESS.2020.3030970Search in Google Scholar

[98] Á. Kiss, M. Naderpour, J. Liu, N. Asokan, and T. Schneider, “Sok: Modular and efficient private decision tree evaluation,” Proceedings on Privacy Enhancing Technologies, 2019.10.2478/popets-2019-0026Search in Google Scholar

[99] L. Kissner and D. Song, “Privacy-preserving set operations,” in Annual International Cryptology Conference. Springer, 2005.10.21236/ADA457144Search in Google Scholar

[100] B. Kuijpers, V. Lemmens, B. Moelans, and K. Tuyls, “Privacy preserving ID3 over horizontally, vertically and grid partitioned data,” arXiv preprint 0803.1555, 2008.Search in Google Scholar

[101] A. Law, C. Leung, R. Poddar, R. A. Popa, C. Shi, O. Sima, C. Yu, X. Zhang, and W. Zheng, “Secure collaborative training and inference for xgboost,” arXiv preprint 2010.02524, 2020.Search in Google Scholar

[102] C. Leung, A. Law, and O. Sima, “Towards privacy-preserving collaborative gradient boosted decision trees,” UC Berkeley, Tech. Rep., 2019.Search in Google Scholar

[103] J. Li, Y. Tian, Y. Zhu, T. Zhou, J. Li, K. Ding, and J. Li, “A multicenter random forest model for effective prognosis prediction in collaborative clinical research network,” Artificial Intelligence in Medicine, 2020.10.1016/j.artmed.2020.10181432143809Search in Google Scholar

[104] Q. Li, Z. Wen, and B. He, “Practical federated gradient boosting decision trees,” arXiv preprint 1911.04206, 2019.Search in Google Scholar

[105] Q. Li, Z. Wu, Z. Wen, and B. He, “Privacy-preserving gradient boosting decision trees,” in AAAI, 2020.10.1609/aaai.v34i01.5422Search in Google Scholar

[106] Y. Li, C. Bai, and C. K. Reddy, “A distributed ensemble approach for mining healthcare data under privacy constraints,” Information sciences, 2016.10.1016/j.ins.2015.10.011467733426681811Search in Google Scholar

[107] Y. Li, Z. L. Jiang, X. Wang, and S.-M. Yiu, “Privacy-preserving ID3 data mining over encrypted data in outsourced environments with multiple keys,” in IEEE Int. Conf. Comp. Sci. & Eng. (CSE) and IEEE EUC. IEEE, 2017.10.1109/CSE-EUC.2017.102Search in Google Scholar

[108] Y. Li, Z. L. Jiang, X. Wang, S.-M. Yiu, and J. Fang, “Outsourced privacy-preserving random decision tree algorithm under multiple parties for sensor-cloud integration,” in ISPEC. Springer, 2017.10.1007/978-3-319-72359-4_31Search in Google Scholar

[109] Y. Li, Z. L. Jiang, X. Wang, S.-M. Yiu, and P. Zhang, “Outsourcing privacy preserving ID3 decision tree algorithm over encrypted data-sets for two-parties,” in 2017 IEEE Trustcom/BigDataSE/ICESS. IEEE, 2017.10.1109/Trustcom/BigDataSE/ICESS.2017.354Search in Google Scholar

[110] Y. Li, Z. L. Jiang, L. Yao, X. Wang, S.-M. Yiu, and Z. Huang, “Outsourced privacy-preserving c4.5 decision tree algorithm over horizontally and vertically partitioned dataset among multiple parties,” Cluster Computing, 2019.Search in Google Scholar

[111] Y. Lindell and B. Pinkas, “Privacy preserving data mining,” in Annual International Cryptology Conference, 2000.10.1007/3-540-44598-6_3Search in Google Scholar

[112] L. Liu, M. Kantarcioglu, and B. Thuraisingham, “Privacy preserving decision tree mining from perturbed data,” in HICSS. IEEE, 2009.Search in Google Scholar

[113] L. Liu, R. Chen, X. Liu, J. Su, and L. Qiao, “Towards practical privacy-preserving decision tree training and evaluation in the cloud,” IEEE TIFS, 2020.10.1109/TIFS.2020.2980192Search in Google Scholar

[114] X. Liu, Q. Li, T. Li, and D. Chen, “Differentially private classification with decision tree ensemble,” Applied Soft Computing, 2018.10.1016/j.asoc.2017.09.010Search in Google Scholar

[115] X. Liu, R. H. Deng, K.-K. R. Choo, and J. Weng, “An efficient privacy-preserving outsourced calculation toolkit with multiple keys,” IEEE TIFS, 2016.10.1109/TIFS.2016.2573770Search in Google Scholar

[116] Y. Liu, M. Chen, W. Zhang, J. Zhang, and Y. Zheng, “Federated extra-trees with privacy preserving,” arXiv, 2020.Search in Google Scholar

[117] Y. Liu, Y. Liu, Z. Liu, Y. Liang, C. Meng, J. Zhang, and Y. Zheng, “Federated forest,” IEEE Trans. on Big Data, 2020.10.1109/TBDATA.2020.2992755Search in Google Scholar

[118] Y. Liu, Z. Ma, X. Liu, S. Ma, S. Nepal, and R. Deng, “Boosting privately: Privacy-preserving federated extreme boosting for mobile crowdsensing,” arXiv preprint 1907.10218, 2019.Search in Google Scholar

[119] Y. Liu, Z. Ma, X. Liu, Z. Wang, S. Ma, and K. Ren, “Revocable federated learning: A benchmark of federated forest,” arXiv preprint 1911.03242, 2019.Search in Google Scholar

[120] Y.-h. Liu, B.-R. Yang, D.-y. Cao, and N. Ma, “State-ofthe-art in distributed privacy preserving data mining,” in IEEE ICCSN, 2011.Search in Google Scholar

[121] P. Lory, “Enhancing the efficiency in privacy preserving learning of decision trees in partitioned databases,” in PSD, 2012.10.1007/978-3-642-33627-0_25Search in Google Scholar

[122] Q. Ma and P. Deng, “Secure multi-party protocols for privacy preserving data mining,” in WASA, 2008.10.1007/978-3-540-88582-5_49Search in Google Scholar

[123] Z. Ma, J. Ma, Y. Miao, and X. Liu, “Privacy-preserving and high-accurate outsourced disease predictor on random forest,” Information Sciences, 2019.10.1016/j.ins.2019.05.025Search in Google Scholar

[124] S. Mabu, M. Obayashi, and T. Kuremoto, “Ensemble learning of rule-based evolutionary algorithm using multi-layer perceptron for supporting decisions in stock trading problems,” Applied soft computing, 2015.10.1016/j.asoc.2015.07.020Search in Google Scholar

[125] F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar, “Innovative instructions and software model for isolated execution.” Hasp@ isca, 2013.10.1145/2487726.2488368Search in Google Scholar

[126] B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y Arcas, “Communication-efficient learning of deep networks from decentralized data,” in AISTATS, 2017.Search in Google Scholar

[127] F. McSherry and K. Talwar, “Mechanism design via differential privacy,” in FOCS. IEEE, 2007.10.1109/FOCS.2007.66Search in Google Scholar

[128] L. Melis, C. Song, E. De Cristofaro, and V. Shmatikov, “Exploiting unintended feature leakage in collaborative learning,” in IEEE S&P, 2019.10.1109/SP.2019.00029Search in Google Scholar

[129] R. Mitchell, “Gradient boosting, decision trees and xgboost with cuda,” https://developer.nvidia.com/blog/gradient-boosting-decision-trees-xgboost-cuda/.Search in Google Scholar

[130] N. Mohammed, R. Chen, B. C. Fung, and P. S. Yu, “Differentially private data release for data mining,” in ACM SIGKDD, 2011.10.1145/2020408.2020487Search in Google Scholar

[131] C. Molnar, Interpretable Machine Learning. Lulu. com, 2020.Search in Google Scholar

[132] C. Mouchet, J. Troncoso-Pastoriza, and J.-P. Hubaux, “Multiparty homomorphic encryption: From theory to practice,” eprint, 2020, https://eprint.iacr.org/2020/304.Search in Google Scholar

[133] M. Naor and B. Pinkas, “Oblivious transfer and polynomial evaluation,” in STOC, 1999.10.1145/301250.301312Search in Google Scholar

[134] ——, “Oblivious polynomial evaluation,” SIAM Journal on Computing, 2006.Search in Google Scholar

[135] M. Nasr, R. Shokri, and A. Houmansadr, “Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning,” in IEEE S&P, 2019.10.1109/SP.2019.00065Search in Google Scholar

[136] M. Naveed, S. Kamara, and C. V. Wright, “Inference attacks on property-preserving encrypted databases,” in ACM SIGSAC CCS, 2015.10.1145/2810103.2813651Search in Google Scholar

[137] R. Nock and W. Henecka, “Boosted and differentially private ensembles of decision trees,” arXiv preprint 2001.09384, 2020.Search in Google Scholar

[138] P. Paillier, “Public-key cryptosystems based on composite degree residuosity classes,” in EUROCRYPT. Springer, 1999.Search in Google Scholar

[139] N. Papernot, P. McDaniel, A. Sinha, and M. P. Wellman, “Sok: Security and privacy in machine learning,” in EuroS&P. IEEE, 2018.10.1109/EuroSP.2018.00035Search in Google Scholar

[140] A. Patil and S. Singh, “Differential private random forest,” in ICACCI. IEEE, 2014.10.1109/ICACCI.2014.6968348Search in Google Scholar

[141] G. Piatetsky, “Top data science and machine learning methods used in 2017,” https://www.kdnuggets.com/2017/12/top-data-science-machine-learning-methods.html.Search in Google Scholar

[142] B. Pinkas, T. Schneider, and M. Zohner, “Faster private set intersection based on OT extension,” in USENIX Security Symposium, 2014.Search in Google Scholar

[143] A. Pyrgelis, C. Troncoso, and E. De Cristofaro, “What does the crowd say about you? evaluating aggregation-based location privacy,” Proceedings on privacy enhancing technologies, 2017.10.1515/popets-2017-0043Search in Google Scholar

[144] J. R. Quinlan, “Induction of decision trees,” Machine learning, 1986.10.1007/BF00116251Search in Google Scholar

[145] J. Quinlan, C4. 5: programs for machine learning. Elsevier, 1993.Search in Google Scholar

[146] S. Rana, S. K. Gupta, and S. Venkatesh, “Differentially private random forest with high utility,” in ICDM, 2015.10.1109/ICDM.2015.76Search in Google Scholar

[147] G. N. Rao, M. S. Harini, and C. R. Kishore, “A cryptographic privacy preserving approach over classification,” in ICT and Critical Infrastructure: Proceedings of the 48th Annual Convention of Computer Society of India-Vol II. Springer, 2014.10.1007/978-3-319-03095-1_53Search in Google Scholar

[148] A. Salem, A. Bhattacharya, M. Backes, M. Fritz, and Y. Zhang, “Updates-leak: Data set inference and reconstruction attacks in online learning,” in USENIX Security Symposium, 2020.Search in Google Scholar

[149] S. Samet and A. Miri, “Privacy preserving ID3 using gini index over horizontally partitioned data,” in AICCSA, 2008.10.1109/AICCSA.2008.4493598Search in Google Scholar

[150] V. Sandulescu and M. Chiru, “Predicting the future relevance of research institutions-the winning solution of the KDD cup 2016,” arXiv preprint 1609.02728, 2016.Search in Google Scholar

[151] A. Shamir, “How to share a secret,” Communications of the ACM, 1979.10.1145/359168.359176Search in Google Scholar

[152] S. Sharma and A. S. Rajawat, “A secure privacy preservation model for vertically partitioned distributed data,” in ICTBIG. IEEE, 2016.10.1109/ICTBIG.2016.7892653Search in Google Scholar

[153] M. A. Sheela and K. Vijayalakshmi, “A novel privacy preserving decision tree induction,” in IEEE CICT, 2013.10.1109/CICT.2013.6558258Search in Google Scholar

[154] Y. Shen, H. Shao, and L. Yang, “Privacy preserving C4.5 algorithm over vertically distributed datasets,” in NSWCTC. IEEE, 2009.10.1109/NSWCTC.2009.253Search in Google Scholar

[155] R. Shokri, M. Stronati, C. Song, and V. Shmatikov, “Membership inference attacks against machine learning models,” in IEEE S&P, 2017.10.1109/SP.2017.41Search in Google Scholar

[156] L. Sumalatha and P. U. Sankar, “Fuzzy random decision tree (frdt) framework for privacy preserving data mining,” in SAI. IEEE, 2016.10.1109/SAI.2016.7555982Search in Google Scholar

[157] E. Suthampan and S. Maneewongvatana, “Privacy preserving decision tree in multi party environment,” in AIRS, 2005.10.1007/11562382_75Search in Google Scholar

[158] K. Tandel and J. N. Patel, “Privacy preserving decision tree classification on horizontal partition data,” IJERT, 2016.Search in Google Scholar

[159] V. D. Team, “VIFF, the virtual ideal functionality framework.”Search in Google Scholar

[160] Z. Teng and W. Du, “A hybrid multi-group privacy-preserving approach for building decision trees,” in PAKDD, 2007.Search in Google Scholar

[161] The Health Insurance Portability and Accountability Act of 1996, 2014, www.hhs.gov/hipaa.Search in Google Scholar

[162] Z. Tian, R. Zhang, X. Hou, J. Liu, and K. Ren, “Feder-boost: Private federated learning for gbdt,” arXiv preprint 2011.02796, 2020.Search in Google Scholar

[163] S. Truex, N. Baracaldo, A. Anwar, T. Steinke, H. Ludwig, R. Zhang, and Y. Zhou, “A hybrid approach to privacy-preserving federated learning,” in ACM AISec, 2019.10.1145/3338501.3357370Search in Google Scholar

[164] S. Truex, L. Liu, M. E. Gursoy, and L. Yu, “Privacy-preserving inductive learning with decision trees,” in Big-Data Congress, 2017.10.1109/BigDataCongress.2017.17Search in Google Scholar

[165] P. S. Vadivu and S. Nithya, “An improved privacy preserving with rsa and c5.0 decision tree learning for unrealized datasets,” International Journal, 2014.Search in Google Scholar

[166] J. Vaidya and C. Clifton, “Privacy-preserving decision trees over vertically partitioned data,” in IFIP DBSec. Springer, 2005.10.1007/11535706_11Search in Google Scholar

[167] J. Vaidya, C. Clifton, M. Kantarcioglu, and A. S. Patterson, “Privacy-preserving decision trees over vertically partitioned data,” ACM TKDD, 2008.10.1007/978-0-387-70992-5_14Search in Google Scholar

[168] J. Vaidya, B. Shafiq, W. Fan, D. Mehmood, and D. Lorenzi, “A random decision tree framework for privacy-preserving data mining,” TDSC, 2013.10.1109/TDSC.2013.43Search in Google Scholar

[169] J. Van Bulck, M. Minkin, O. Weisse, D. Genkin, B. Kasikci, F. Piessens, M. Silberstein, T. F. Wenisch, Y. Yarom, and R. Strackx, “Foreshadow: Extracting the keys to the intel SGX kingdom with transient out-of-order execution,” in USENIX Security Symposium, 2018.Search in Google Scholar

[170] V. S. Verykios, E. Bertino, I. N. Fovino, L. P. Provenza, Y. Saygin, and Y. Theodoridis, “State-of-the-art in privacy preserving data mining,” ACM Sigmod Record, 2004.10.1145/974121.974131Search in Google Scholar

[171] K. W. Wang, T. Dick, and M.-F. Balcan, “Scalable and provably accurate algorithms for differentially private distributed decision tree learning,” AAAI PPAI, 2020.Search in Google Scholar

[172] K. Wang, Y. Xu, R. She, and P. S. Yu, “Classification spanning private databases,” in AAAI, 2006.Search in Google Scholar

[173] S. Wang and J. M. Chang, “Privacy-preserving boosting in the local setting,” arXiv preprint 2002.02096, 2020.Search in Google Scholar

[174] W. Wang, G. Chen, X. Pan, Y. Zhang, X. Wang, V. Bind-schaedler, H. Tang, and C. A. Gunter, “Leaky cauldron on the dark land: Understanding memory side-channel hazards in SGX,” in ACM SIGSAC CCS, 2017.10.1145/3133956.3134038640521430853868Search in Google Scholar

[175] Z. Wang, Y. Yang, Y. Liu, X. Liu, B. B. Gupta, and J. Ma, “Cloud-based federated boosting for mobile crowdsensing,” arXiv preprint 2005.05304, 2020.Search in Google Scholar

[176] D. I. Wolinsky, H. Corrigan-Gibbs, B. Ford, and A. Johnson, “Scalable anonymous group communication in the anytrust model,” Naval Research Lab Washington DC, Tech. Rep., 2012.Search in Google Scholar

[177] D. Wu, T. Wu, and X. Wu, “A differentially private random decision tree classifier with high utility,” in ML4CS. Springer, 2020.10.1007/978-3-030-62223-7_32Search in Google Scholar

[178] D. J. Wu, T. Feng, M. Naehrig, and K. Lauter, “Privately evaluating decision trees and random forests,” Proceedings on Privacy Enhancing Technologies, 2016.10.1515/popets-2016-0043Search in Google Scholar

[179] Y. Wu, S. Cai, X. Xiao, G. Chen, and B. C. Ooi, “Privacy preserving vertical federated learning for tree-based models,” VLDB, no. 11, 2020.10.14778/3407790.3407811Search in Google Scholar

[180] T. Xiang, Y. Li, X. Li, S. Zhong, and S. Yu, “Collaborative ensemble learning under differential privacy,” in Web Intelligence, 2018.10.3233/WEB-180374Search in Google Scholar

[181] M.-J. Xiao, K. Han, L.-S. Huang, and J.-Y. Li, “Privacy preserving c4. 5 algorithm over horizontally partitioned data,” in GCC. IEEE, 2006.10.1109/GCC.2006.73Search in Google Scholar

[182] M.-J. Xiao, L.-S. Huang, Y.-L. Luo, and H. Shen, “Privacy preserving ID3 algorithm over horizontally partitioned data,” in PDCAT. IEEE, 2005.Search in Google Scholar

[183] B. Xin, W. Yang, S. Wang, and L. Huang, “Differentially private greedy decision forest,” in ICASSP. IEEE, 2019.10.1109/ICASSP.2019.8682219Search in Google Scholar

[184] M. Yang, L. Song, J. Xu, C. Li, and G. Tan, “The tradeoff between privacy and accuracy in anomaly detection using federated xgboost,” arXiv preprint 1907.07157, 2019.Search in Google Scholar

[185] A. C.-C. Yao, “How to generate and exchange secrets,” in SFCS. IEEE, 1986.Search in Google Scholar

[186] J. Zhan, “Using homomorphic encryption for privacy-preserving collaborative decision tree classification,” in IEEE CIDM, 2007.10.1109/CIDM.2007.368936Search in Google Scholar

[187] J. Zhan, S. Matwin, and L. Chang, “Privacy preserving decision tree classiffcation over horizontally partitioned data,” in ICEB, 2005.Search in Google Scholar

[188] C. Zhang, Y. Li, and Z. Chen, “Dpets: A differentially private extratrees,” in CIS, 2017.10.1109/CIS.2017.00072Search in Google Scholar

[189] J. Zhang, Z. Fang, Y. Zhang, and D. Song, “Zero knowledge proofs for decision tree predictions and accuracy,” in ACM SIGSAC CCS, 2020.10.1145/3372297.3417278Search in Google Scholar

[190] L. Zhao, L. Ni, S. Hu, Y. Chen, P. Zhou, F. Xiao, and L. Wu, “Inprivate digging: Enabling tree-based distributed data mining with differential privacy,” in IEEE INFOCOM, 2018.10.1109/INFOCOM.2018.8486352Search in Google Scholar

[191] L. Zhu, Z. Liu, and S. Han, “Deep leakage from gradients,” in NeurIPS, 2019.10.1007/978-3-030-63076-8_2Search in Google Scholar

[192] T. Zhu, P. Xiong, Y. Xiang, and W. Zhou, “An effective deferentially private data releasing algorithm for decision tree,” in IEEE TrustCom, 2013.10.1109/TrustCom.2013.49Search in Google Scholar

[193] Z. Zhu and W. Du, “Understanding privacy risk of publishing decision trees,” in IFIP DBSec. Springer, 2010.10.1007/978-3-642-13739-6_3Search in Google Scholar

• Understanding Privacy-Related Advice on Stack Overflow

• Revisiting Identification Issues in GDPR ‘Right Of Access’ Policies: A Technical and Longitudinal Analysis

• Employees’ privacy perceptions: exploring the dimensionality and antecedents of personal data sensitivity and willingness to disclose

• Visualizing Privacy-Utility Trade-Offs in Differentially Private Data Releases

• Analyzing the Feasibility and Generalizability of Fingerprinting Internet of Things Devices

• CoverDrop: Blowing the Whistle Through A News App

• Building a Privacy-Preserving Smart Camera System

• FP-Radar: Longitudinal Measurement and Early Detection of Browser Fingerprinting

• Are iPhones Really Better for Privacy? A Comparative Study of iOS and Android Apps

• How to prove any NP statement jointly? Efficient Distributed-prover Zero-Knowledge Protocols

• Editors’ Introduction

• PUBA: Privacy-Preserving User-Data Bookkeeping and Analytics

• Who Knows I Like Jelly Beans? An Investigation Into Search Privacy

• SoK: Plausibly Deniable Storage

• d3p - A Python Package for Differentially-Private Probabilistic Programming

• Updatable Private Set Intersection

• Knowledge Cross-Distillation for Membership Privacy

• RegulaTor: A Straightforward Website Fingerprinting Defense

• Privacy-Preserving Positioning in Wi-Fi Fine Timing Measurement

• Efficient Set Membership Proofs using MPC-in-the-Head

• Checking Websites’ GDPR Consent Compliance for Marketing Emails

• Comprehensive Analysis of Privacy Leakage in Vertical Federated Learning During Prediction

• Understanding Utility and Privacy of Demographic Data in Education Technology by Causal Analysis and Adversarial-Censoring

• User-Level Label Leakage from Gradients in Federated Learning

• Privacy-preserving training of tree ensembles over continuous data

• Differentially Private Simple Linear Regression

• Increasing Adoption of Tor Browser Using Informational and Planning Nudges