1. bookVolume 2021 (2021): Issue 3 (July 2021)
Journal Details
First Published
16 Apr 2015
Publication timeframe
4 times per year
access type Open Access

SoK: Privacy-Preserving Collaborative Tree-based Model Learning

Published Online: 27 Apr 2021
Volume & Issue: Volume 2021 (2021) - Issue 3 (July 2021)
Page range: 182 - 203
Received: 30 Nov 2020
Accepted: 16 Mar 2021
Journal Details
First Published
16 Apr 2015
Publication timeframe
4 times per year

Tree-based models are among the most efficient machine learning techniques for data mining nowadays due to their accuracy, interpretability, and simplicity. The recent orthogonal needs for more data and privacy protection call for collaborative privacy-preserving solutions. In this work, we survey the literature on distributed and privacy-preserving training of tree-based models and we systematize its knowledge based on four axes: the learning algorithm, the collaborative model, the protection mechanism, and the threat model. We use this to identify the strengths and limitations of these works and provide for the first time a framework analyzing the information leakage occurring in distributed tree-based model learning.


[1] “Amazon sagemaker - xgboost algorithm,” https://docs.aws.amazon.com/sagemaker/latest/dg/xgboost.html.Search in Google Scholar

[2] “DBLP: Computer science bibliography,” https://dblp.org/.Search in Google Scholar

[3] “Google scholar,” https://scholar.google.com/.Search in Google Scholar

[4] “Microsoft academic,” https://academic.microsoft.com/home.Search in Google Scholar

[5] M. Abspoel, D. Escudero, and N. Volgushev, “Secure training of decision trees with continuous attributes,” Proceedings on Privacy Enhancing Technologies, 2021.10.2478/popets-2021-0010Search in Google Scholar

[6] R. Agrawal, A. Evfimievski, and R. Srikant, “Information sharing across private databases,” in ACM SIGMOD, 2003.10.1145/872757.872771Search in Google Scholar

[7] R. Agrawal and R. Srikant, “Privacy-preserving data mining,” in ACM SIGMOD, 2000.10.1145/342009.335438Search in Google Scholar

[8] A. Akavia, M. Leibovich, Y. S. Resheff, R. Ron, M. Shahar, and M. Vald, “Privacy-preserving decision tree training and prediction against malicious server,” iacr eprint, 2019, https://eprint.iacr.org/2019/1282.Search in Google Scholar

[9] A. Alabdulkarim, M. Al-Rodhaan, T. Ma, and Y. Tian, “PPSDT: A novel privacy-preserving single decision tree algorithm for clinical decision-support systems using IoT devices,” Sensors, 2019.10.3390/s19010142633902730609816Search in Google Scholar

[10] A. Alabdulkarim, M. Al-Rodhaan, Y. Tian, and A. Al-Dhelaan, “A privacy-preserving algorithm for clinical decision-support systems using random forest,” CMC Comput. Mater. Con, 2019.10.32604/cmc.2019.05637Search in Google Scholar

[11] M. Andriushchenko and M. Hein, “Provably robust boosted decision stumps and trees against adversarial attacks,” in NeurIPS, 2019.Search in Google Scholar

[12] L. J. Aslett, P. M. Esperança, and C. C. Holmes, “Encrypted statistical machine learning: new privacy preserving methods,” arXiv preprint 1508.06845, 2015.Search in Google Scholar

[13] G. Ateniese, L. V. Mancini, A. Spognardi, A. Villani, D. Vitali, and G. Felici, “Hacking smart machines with smarter ones: How to extract meaningful data from machine learning classifiers,” International Journal of Security and Networks, 2015.10.1504/IJSN.2015.071829Search in Google Scholar

[14] E. Bagdasaryan, A. Veit, Y. Hua, D. Estrin, and V. Shmatikov, “How to backdoor federated learning,” in AISTATS, 2020.Search in Google Scholar

[15] R. Baghel and M. Dutta, “Privacy preserving classification by using modified c4. 5,” in IC3. IEEE, 2013.10.1109/IC3.2013.6612175Search in Google Scholar

[16] X. Bai, J. Yao, M. Yuan, K. Deng, X. Xie, and H. Guan, “Embedding differential privacy in decision tree algorithm with different depths,” Science China Information Sciences, 2017.10.1007/s11432-016-0442-1Search in Google Scholar

[17] G. Behera, “Privacy preserving c4. 5 using gini index,” in NCETACS. IEEE, 2011.10.1109/NCETACS.2011.5751385Search in Google Scholar

[18] M. Bellare, R. Dowsley, and S. Keelveedhi, “How secure is deterministic encryption?” in PKC, 2015.10.1007/978-3-662-46447-2_3Search in Google Scholar

[19] A. Blum, C. Dwork, F. McSherry, and K. Nissim, “Practical privacy: the sulq framework,” in ACM PODS, 2005.10.1145/1065167.1065184Search in Google Scholar

[20] M. Bojarski, A. Choromanska, K. Choromanski, and Y. Le-Cun, “Differentially-and non-differentially-private random decision trees,” arXiv preprint 1410.6973, 2014.Search in Google Scholar

[21] K. Bonawitz, V. Ivanov, B. Kreuter, A. Marcedone, H. B. McMahan, S. Patel, D. Ramage, A. Segal, and K. Seth, “Practical secure aggregation for privacy-preserving machine learning,” in ACM SIGSAC CCS, 2017.10.1145/3133956.3133982Search in Google Scholar

[22] Z. Brakerski, C. Gentry, and V. Vaikuntanathan, “(leveled) fully homomorphic encryption without bootstrapping,” ACM TOCT, 2014.10.1145/2633600Search in Google Scholar

[23] L. Breiman, “Random forests,” Machine learning, 2001.Search in Google Scholar

[24] L. Breiman, J. Friedman, C. J. Stone, and R. A. Olshen, Classification and regression trees. CRC press, 1984.Search in Google Scholar

[25] E. Bresson, D. Catalano, and D. Pointcheval, “A simple public-key cryptosystem with a double trapdoor decryption mechanism and its applications,” in ASIACRYPT. Springer, 2003.10.1007/978-3-540-40061-5_3Search in Google Scholar

[26] J. Brickell and V. Shmatikov, “Privacy-preserving classifier learning,” in FC, 2009.10.1007/978-3-642-03549-4_8Search in Google Scholar

[27] S. Bu, L. V. Lakshmanan, R. T. Ng, and G. Ramesh, “Preservation of patterns and input-output privacy,” in IEEE ICDE, 2007.10.1109/ICDE.2007.367915Search in Google Scholar

[28] N. Buescher, S. Boukoros, S. Bauregger, and S. Katzenbeisser, “Two is not enough: Privacy assessment of aggregation schemes in smart metering,” Proceedings on Privacy Enhancing Technologies, 2017.10.1515/popets-2017-0045Search in Google Scholar

[29] H. Chen, W. Dai, M. Kim, and Y. Song, “Efficient multi-key homomorphic encryption with packed ciphertexts with application to oblivious neural network inference,” in ACM SIGSAC CCS, 2019.10.1145/3319535.3363207Search in Google Scholar

[30] M. Chen, Z. Zhang, T. Wang, M. Backes, M. Humbert, and Y. Zhang, “When machine unlearning jeopardizes privacy,” arXiv preprint 2005.02205, 2020.Search in Google Scholar

[31] T. Chen and C. Guestrin, “Xgboost: A scalable tree boosting system,” in ACM SIGKDD, 2016.10.1145/2939672.2939785Search in Google Scholar

[32] K. Cheng, T. Fan, Y. Jin, Y. Liu, T. Chen, and Q. Yang, “Secureboost: A lossless federated learning framework,” arXiv preprint 1901.08755, 2019.Search in Google Scholar

[33] J. H. Cheon, A. Kim, M. Kim, and Y. Song, “Homomorphic encryption for arithmetic of approximate numbers,” in ASIACRYPT. Springer, 2017.10.1007/978-3-319-70694-8_15Search in Google Scholar

[34] S. Consul and S. Williamson, “Differentially private median forests for regression and classification,” arXiv 2006.08795, 2020.Search in Google Scholar

[35] I. Damgård and M. Jurik, “A generalisation, a simplification and some applications of paillier’s probabilistic public-key system,” in PKC. Springer, 2001.10.1007/3-540-44586-2_9Search in Google Scholar

[36] I. Damgård, V. Pastro, N. Smart, and S. Zakarias, “Multiparty computation from somewhat homomorphic encryption,” in Annual Cryptology Conference. Springer, 2012.10.1007/978-3-642-32009-5_38Search in Google Scholar

[37] J. Dansana, D. Dey, and R. Kumar, “A novel approach: Cart algorithm for vertically partitioned database in multi-party environment,” in IEEE CICT, 2013.10.1109/CICT.2013.6558209Search in Google Scholar

[38] S. de Hoogh, B. Schoenmakers, P. Chen, and H. op den Akker, “Practical secure decision tree learning in a tele-treatment application,” in FC, 2014.10.1007/978-3-662-45472-5_12Search in Google Scholar

[39] F. Doshi-Velez and B. Kim, “Towards a rigorous science of interpretable machine learning,” arXiv preprint 1702.08608, 2017.Search in Google Scholar

[40] J. Dowd, S. Xu, and W. Zhang, “Privacy-preserving decision tree mining based on random substitutions,” in ETRICS, 2006.10.1007/11766155_11Search in Google Scholar

[41] W. Du and Z. Zhan, “Building decision tree classifier on private data,” in CRPIT, 2002.Search in Google Scholar

[42] ——, “Using randomized response techniques for privacy-preserving data mining,” in ACM SIGKDD, 2003.Search in Google Scholar

[43] D. Dua and C. Graff, “UCI machine learning repository,” 2017, http://archive.ics.uci.edu/ml.Search in Google Scholar

[44] C. Dwork, “Differential privacy,” in Automata, Languages and Programming, 2006.10.1007/11787006_1Search in Google Scholar

[45] E.-M. El-Mhamdi, R. Guerraoui, A. Guirguis, L. N. Hoang, and S. Rouault, “Genuinely distributed byzantine machine learning,” in PODC, 2020.10.1145/3382734.3405695Search in Google Scholar

[46] T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” CRYPTO, 1985.10.1109/TIT.1985.1057074Search in Google Scholar

[47] F. Emekçi, D. Agrawal, A. E. Abbadi, and A. Gulbeden, “Privacy preserving query processing using third parties,” in ICDE. IEEE, 2006.10.1109/ICDE.2006.116Search in Google Scholar

[48] F. Emekçi, O. D. Sahin, D. Agrawal, and A. El Abbadi, “Privacy preserving decision tree learning over multiple parties,” Data & Knowledge Engineering, 2007.10.1016/j.datak.2007.02.004Search in Google Scholar

[49] V. Estivill-Castro and L. Brankovic, “Data swapping: Balancing privacy against precision in mining for logic rules,” in DaWaK. Springer, 1999.10.1007/3-540-48298-9_41Search in Google Scholar

[50] European Parliament and Council of European Union, “General data protection regulations,” 2016.Search in Google Scholar

[51] W. Fan, H. Wang, P. S. Yu, and S. Ma, “Is random model better? on its accuracy and efficiency,” in ICDM, 2003.Search in Google Scholar

[52] W. Fang and B. Yang, “Privacy preserving decision tree learning over vertically partitioned data,” in CSSE. IEEE, 2008.10.1109/CSSE.2008.731Search in Google Scholar

[53] W. Fang, B. Yang, and D. Song, “Preserving private knowledge in decision tree learning.” JCP, 2010.10.4304/jcp.5.5.733-740Search in Google Scholar

[54] W. Fang, B. Yang, D. Song, and Z. Tang, “A new scheme on privacy-preserving distributed decision-tree mining,” in ETCS. IEEE, 2009.10.1109/ETCS.2009.376Search in Google Scholar

[55] W. Fang, C. Chen, J. Tan, C. Yu, Y. Lu, L. Wang, L. Wang, J. Zhou et al., “A hybrid-domain framework for secure gradient tree boosting,” arXiv preprint 2005.08479, 2020.Search in Google Scholar

[56] Z. Feng, H. Xiong, C. Song, S. Yang, B. Zhao, L. Wang, Z. Chen, S. Yang, L. Liu, and J. Huan, “Securegbm: Secure multi-party gradient boosting,” in Big Data. IEEE, 2019.10.1109/BigData47090.2019.9006000Search in Google Scholar

[57] D. Fiore, R. Gennaro, and V. Pastro, “Efficiently verifiable computation on encrypted data,” in ACM SIGSAC CCS, 2014.10.1145/2660267.2660366Search in Google Scholar

[58] D. Fiore, A. Nitulescu, and D. Pointcheval, “Boosting verifiable computation on encrypted data,” in PKC, 2020, pp. 124–154.10.1007/978-3-030-45388-6_5Search in Google Scholar

[59] S. Fletcher and M. Z. Islam, “A differentially private random decision forest using reliable signal-to-noise ratios,” in Australasian joint conference on artificial intelligence, 2015.10.1007/978-3-319-26350-2_17Search in Google Scholar

[60] ——, “Differentially private random decision forests using smooth sensitivity,” Expert Systems with Applications, 2017.Search in Google Scholar

[61] ——, “Decision tree classification with differential privacy: A survey,” ACM CSUR, 2019.Search in Google Scholar

[62] ——, “A differentially private decision forest,” in AusDM. CRPIT, 2015.Search in Google Scholar

[63] P. K. Fong and J. H. Weber-Jahnke, “Privacy preserving decision tree learning using unrealized data sets,” TKDE, 2012.10.1109/TKDE.2010.226Search in Google Scholar

[64] M. Fredrikson, S. Jha, and T. Ristenpart, “Model inversion attacks that exploit confidence information and basic countermeasures,” in ACM SIGSAC CCS, 2015.10.1145/2810103.2813677Search in Google Scholar

[65] M. J. Freedman, K. Nissim, and B. Pinkas, “Efficient private matching and set intersection,” in EUROCRYPT, 2004.10.1007/978-3-540-24676-3_1Search in Google Scholar

[66] A. A. Freitas, “Comprehensible classification models: a position paper,” ACM SIGKDD explorations newsletter, 2014.10.1145/2594473.2594475Search in Google Scholar

[67] Y. Freund and R. E. Schapire, “A desicion-theoretic generalization of on-line learning and an application to boosting,” in J. Comput. Syst. Sci. Springer, 1995.10.1007/3-540-59119-2_166Search in Google Scholar

[68] A. Friedman and A. Schuster, “Data mining with differential privacy,” in ACM SIGKDD, 2010.10.1145/1835804.1835868Search in Google Scholar

[69] J. H. Friedman, “Greedy function approximation: a gradient boosting machine,” Annals of statistics, 2001.10.1214/aos/1013203451Search in Google Scholar

[70] S. Gambs, B. Kégl, and E. Aïmeur, “Privacy-preserving boosting,” Data Mining and Knowledge Discovery, 2007.10.1007/s10618-006-0051-9Search in Google Scholar

[71] A. Gangrade and R. Patel, “Building privacy-preserving c4. 5 decision tree classifier on multi-parties,” IJCSE, 2009.Search in Google Scholar

[72] ——, “A novel protocol for privacy preserving decision tree over horizontally partitioned data,” IJARCS, 2011.Search in Google Scholar

[73] ——, “Privacy preserving two-layer decision tree classifier for multiparty databases,” IJCIT, 2012.Search in Google Scholar

[74] P. Geurts, D. Ernst, and L. Wehenkel, “Extremely randomized trees,” Machine learning, 2006.10.1007/s10994-006-6226-1Search in Google Scholar

[75] I. Giacomelli, S. Jha, R. Kleiman, D. Page, and K. Yoon, “Privacy-preserving collaborative prediction using random forests,” AMIA Jt Summits Transl Sci Proc., 2019.Search in Google Scholar

[76] C. Giannella, K. Liu, T. Olsen, and H. Kargupta, “Communication efficient construction of decision trees over heterogeneously distributed data,” in ICDM. IEEE, 2004.Search in Google Scholar

[77] O. Goldreich, General Cryptographic Protocols. Cambridge University Press, 2004, vol. 2, p. 599–764.10.1017/CBO9780511721656.004Search in Google Scholar

[78] ——, Foundations of cryptography: volume 2, basic applications. Cambridge university press, 2009.Search in Google Scholar

[79] Z. Guan, X. Sun, L. Shi, L. Wu, and X. Du, “A differentially private greedy decision forest classification algorithm with high utility,” Computers & Security, 2020.10.1016/j.cose.2020.101930Search in Google Scholar

[80] S. Han and W. K. Ng, “Multi-party privacy-preserving decision trees for arbitrarily partitioned data,” Int J Intell Control Syst, 2007.Search in Google Scholar

[81] B. Hitaj, G. Ateniese, and F. Perez-Cruz, “Deep models under the gan: information leakage from collaborative deep learning,” in ACM SIGSAC CCS, 2017.10.1145/3133956.3134012Search in Google Scholar

[82] N. Homer, S. Szelinger, M. Redman, D. Duggan, W. Tembe, J. Muehling, J. V. Pearson, D. A. Stephan, S. F. Nelson, and D. W. Craig, “Resolving individuals contributing trace amounts of dna to highly complex mixtures using high-density snp genotyping microarrays,” PLoS Genet, 2008.10.1371/journal.pgen.1000167251619918769715Search in Google Scholar

[83] J. Hou, Q. Li, S. Meng, Z. Ni, Y. Chen, and Y. Liu, “Dprf: A differential privacy protection random forest,” IEEE Access, 2019.10.1109/ACCESS.2019.2939891Search in Google Scholar

[84] G. Jagannathan, K. Pillaipakkamnatt, and R. N. Wright, “A practical differentially private random decision tree classifier,” in IEEE ICDMW, 2009.10.1109/ICDMW.2009.93Search in Google Scholar

[85] M. A. Kadampur et al., “A noise addition scheme in decision tree for privacy preserving data mining,” arXiv preprint 1001.3504, 2010.Search in Google Scholar

[86] Kaggle, “Credit card fraud,” https://www.kaggle.com/mlgulb/creditcardfraud.Search in Google Scholar

[87] ——, “Default of credit card data,” https://www.kaggle.com/uciml/default-of-credit-card-clients-dataset.Search in Google Scholar

[88] ——, “Give me some credit,” https://www.kaggle.com/c/GiveMeSomeCredit/data.Search in Google Scholar

[89] P. Kairouz, H. B. McMahan, B. Avent, A. Bellet, M. Bennis, A. N. Bhagoji, K. Bonawitz, Z. Charles, G. Cormode, R. Cummings et al., “Advances and open problems in federated learning,” arXiv preprint 1912.04977, 2019.Search in Google Scholar

[90] G. Kalyani, M. C. S. Rao, and B. Janakiramaiah, “Decision tree based data reconstruction for privacy preserving classification rule mining,” Informatica, 2017.Search in Google Scholar

[91] M. Kantarcioglu and C. Clifton, “Privacy-preserving distributed mining of association rules on horizontally partitioned data,” IEEE TKDE, 2004.10.1109/TKDE.2004.45Search in Google Scholar

[92] D. Kaplan, J. Powell, and T. Woller, “AMD memory encryption,” Advanced Micro Devices, Tech. Rep., 2016.Search in Google Scholar

[93] H. Kargupta, S. Datta, Q. Wang, and K. Sivakumar, “On the privacy preserving properties of random data perturbation techniques,” in IEEE ICDM, 2003.Search in Google Scholar

[94] M. Keller, “MP-SPDZ: A versatile framework for multi-party computation,” Cryptology ePrint Archive, Report 2020/521, 2020, https://eprint.iacr.org/2020/521.10.1145/3372297.3417872Search in Google Scholar

[95] F. Khodaparast, M. Sheikhalishahi, H. Haghighi, and F. Martinelli, “Privacy preserving random decision tree classification over horizontally and vertically partitioned data,” in DASC/PiCom/DataCom/CyberSciTech. IEEE, 2018.10.1109/DASC/PiCom/DataCom/CyberSciTec.2018.00110Search in Google Scholar

[96] H. Kikuchi, K. Ito, M. Ushida, H. Tsuda, and Y. Yamaoka, “Privacy-preserving distributed decision tree learning with boolean class attributes,” in AINA. IEEE, 2013.10.1109/AINA.2013.140Search in Google Scholar

[97] E. Kim, J. Jeong, H. Yoon, Y. Kim, J. Cho, and J. H. Cheon, “How to securely collaborate on data: Decentralized threshold he and secure key update,” IEEE Access, 2020.10.1109/ACCESS.2020.3030970Search in Google Scholar

[98] Á. Kiss, M. Naderpour, J. Liu, N. Asokan, and T. Schneider, “Sok: Modular and efficient private decision tree evaluation,” Proceedings on Privacy Enhancing Technologies, 2019.10.2478/popets-2019-0026Search in Google Scholar

[99] L. Kissner and D. Song, “Privacy-preserving set operations,” in Annual International Cryptology Conference. Springer, 2005.10.21236/ADA457144Search in Google Scholar

[100] B. Kuijpers, V. Lemmens, B. Moelans, and K. Tuyls, “Privacy preserving ID3 over horizontally, vertically and grid partitioned data,” arXiv preprint 0803.1555, 2008.Search in Google Scholar

[101] A. Law, C. Leung, R. Poddar, R. A. Popa, C. Shi, O. Sima, C. Yu, X. Zhang, and W. Zheng, “Secure collaborative training and inference for xgboost,” arXiv preprint 2010.02524, 2020.Search in Google Scholar

[102] C. Leung, A. Law, and O. Sima, “Towards privacy-preserving collaborative gradient boosted decision trees,” UC Berkeley, Tech. Rep., 2019.Search in Google Scholar

[103] J. Li, Y. Tian, Y. Zhu, T. Zhou, J. Li, K. Ding, and J. Li, “A multicenter random forest model for effective prognosis prediction in collaborative clinical research network,” Artificial Intelligence in Medicine, 2020.10.1016/j.artmed.2020.10181432143809Search in Google Scholar

[104] Q. Li, Z. Wen, and B. He, “Practical federated gradient boosting decision trees,” arXiv preprint 1911.04206, 2019.Search in Google Scholar

[105] Q. Li, Z. Wu, Z. Wen, and B. He, “Privacy-preserving gradient boosting decision trees,” in AAAI, 2020.10.1609/aaai.v34i01.5422Search in Google Scholar

[106] Y. Li, C. Bai, and C. K. Reddy, “A distributed ensemble approach for mining healthcare data under privacy constraints,” Information sciences, 2016.10.1016/j.ins.2015.10.011467733426681811Search in Google Scholar

[107] Y. Li, Z. L. Jiang, X. Wang, and S.-M. Yiu, “Privacy-preserving ID3 data mining over encrypted data in outsourced environments with multiple keys,” in IEEE Int. Conf. Comp. Sci. & Eng. (CSE) and IEEE EUC. IEEE, 2017.10.1109/CSE-EUC.2017.102Search in Google Scholar

[108] Y. Li, Z. L. Jiang, X. Wang, S.-M. Yiu, and J. Fang, “Outsourced privacy-preserving random decision tree algorithm under multiple parties for sensor-cloud integration,” in ISPEC. Springer, 2017.10.1007/978-3-319-72359-4_31Search in Google Scholar

[109] Y. Li, Z. L. Jiang, X. Wang, S.-M. Yiu, and P. Zhang, “Outsourcing privacy preserving ID3 decision tree algorithm over encrypted data-sets for two-parties,” in 2017 IEEE Trustcom/BigDataSE/ICESS. IEEE, 2017.10.1109/Trustcom/BigDataSE/ICESS.2017.354Search in Google Scholar

[110] Y. Li, Z. L. Jiang, L. Yao, X. Wang, S.-M. Yiu, and Z. Huang, “Outsourced privacy-preserving c4.5 decision tree algorithm over horizontally and vertically partitioned dataset among multiple parties,” Cluster Computing, 2019.Search in Google Scholar

[111] Y. Lindell and B. Pinkas, “Privacy preserving data mining,” in Annual International Cryptology Conference, 2000.10.1007/3-540-44598-6_3Search in Google Scholar

[112] L. Liu, M. Kantarcioglu, and B. Thuraisingham, “Privacy preserving decision tree mining from perturbed data,” in HICSS. IEEE, 2009.Search in Google Scholar

[113] L. Liu, R. Chen, X. Liu, J. Su, and L. Qiao, “Towards practical privacy-preserving decision tree training and evaluation in the cloud,” IEEE TIFS, 2020.10.1109/TIFS.2020.2980192Search in Google Scholar

[114] X. Liu, Q. Li, T. Li, and D. Chen, “Differentially private classification with decision tree ensemble,” Applied Soft Computing, 2018.10.1016/j.asoc.2017.09.010Search in Google Scholar

[115] X. Liu, R. H. Deng, K.-K. R. Choo, and J. Weng, “An efficient privacy-preserving outsourced calculation toolkit with multiple keys,” IEEE TIFS, 2016.10.1109/TIFS.2016.2573770Search in Google Scholar

[116] Y. Liu, M. Chen, W. Zhang, J. Zhang, and Y. Zheng, “Federated extra-trees with privacy preserving,” arXiv, 2020.Search in Google Scholar

[117] Y. Liu, Y. Liu, Z. Liu, Y. Liang, C. Meng, J. Zhang, and Y. Zheng, “Federated forest,” IEEE Trans. on Big Data, 2020.10.1109/TBDATA.2020.2992755Search in Google Scholar

[118] Y. Liu, Z. Ma, X. Liu, S. Ma, S. Nepal, and R. Deng, “Boosting privately: Privacy-preserving federated extreme boosting for mobile crowdsensing,” arXiv preprint 1907.10218, 2019.Search in Google Scholar

[119] Y. Liu, Z. Ma, X. Liu, Z. Wang, S. Ma, and K. Ren, “Revocable federated learning: A benchmark of federated forest,” arXiv preprint 1911.03242, 2019.Search in Google Scholar

[120] Y.-h. Liu, B.-R. Yang, D.-y. Cao, and N. Ma, “State-ofthe-art in distributed privacy preserving data mining,” in IEEE ICCSN, 2011.Search in Google Scholar

[121] P. Lory, “Enhancing the efficiency in privacy preserving learning of decision trees in partitioned databases,” in PSD, 2012.10.1007/978-3-642-33627-0_25Search in Google Scholar

[122] Q. Ma and P. Deng, “Secure multi-party protocols for privacy preserving data mining,” in WASA, 2008.10.1007/978-3-540-88582-5_49Search in Google Scholar

[123] Z. Ma, J. Ma, Y. Miao, and X. Liu, “Privacy-preserving and high-accurate outsourced disease predictor on random forest,” Information Sciences, 2019.10.1016/j.ins.2019.05.025Search in Google Scholar

[124] S. Mabu, M. Obayashi, and T. Kuremoto, “Ensemble learning of rule-based evolutionary algorithm using multi-layer perceptron for supporting decisions in stock trading problems,” Applied soft computing, 2015.10.1016/j.asoc.2015.07.020Search in Google Scholar

[125] F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar, “Innovative instructions and software model for isolated execution.” Hasp@ isca, 2013.10.1145/2487726.2488368Search in Google Scholar

[126] B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y Arcas, “Communication-efficient learning of deep networks from decentralized data,” in AISTATS, 2017.Search in Google Scholar

[127] F. McSherry and K. Talwar, “Mechanism design via differential privacy,” in FOCS. IEEE, 2007.10.1109/FOCS.2007.66Search in Google Scholar

[128] L. Melis, C. Song, E. De Cristofaro, and V. Shmatikov, “Exploiting unintended feature leakage in collaborative learning,” in IEEE S&P, 2019.10.1109/SP.2019.00029Search in Google Scholar

[129] R. Mitchell, “Gradient boosting, decision trees and xgboost with cuda,” https://developer.nvidia.com/blog/gradient-boosting-decision-trees-xgboost-cuda/.Search in Google Scholar

[130] N. Mohammed, R. Chen, B. C. Fung, and P. S. Yu, “Differentially private data release for data mining,” in ACM SIGKDD, 2011.10.1145/2020408.2020487Search in Google Scholar

[131] C. Molnar, Interpretable Machine Learning. Lulu. com, 2020.Search in Google Scholar

[132] C. Mouchet, J. Troncoso-Pastoriza, and J.-P. Hubaux, “Multiparty homomorphic encryption: From theory to practice,” eprint, 2020, https://eprint.iacr.org/2020/304.Search in Google Scholar

[133] M. Naor and B. Pinkas, “Oblivious transfer and polynomial evaluation,” in STOC, 1999.10.1145/301250.301312Search in Google Scholar

[134] ——, “Oblivious polynomial evaluation,” SIAM Journal on Computing, 2006.Search in Google Scholar

[135] M. Nasr, R. Shokri, and A. Houmansadr, “Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning,” in IEEE S&P, 2019.10.1109/SP.2019.00065Search in Google Scholar

[136] M. Naveed, S. Kamara, and C. V. Wright, “Inference attacks on property-preserving encrypted databases,” in ACM SIGSAC CCS, 2015.10.1145/2810103.2813651Search in Google Scholar

[137] R. Nock and W. Henecka, “Boosted and differentially private ensembles of decision trees,” arXiv preprint 2001.09384, 2020.Search in Google Scholar

[138] P. Paillier, “Public-key cryptosystems based on composite degree residuosity classes,” in EUROCRYPT. Springer, 1999.Search in Google Scholar

[139] N. Papernot, P. McDaniel, A. Sinha, and M. P. Wellman, “Sok: Security and privacy in machine learning,” in EuroS&P. IEEE, 2018.10.1109/EuroSP.2018.00035Search in Google Scholar

[140] A. Patil and S. Singh, “Differential private random forest,” in ICACCI. IEEE, 2014.10.1109/ICACCI.2014.6968348Search in Google Scholar

[141] G. Piatetsky, “Top data science and machine learning methods used in 2017,” https://www.kdnuggets.com/2017/12/top-data-science-machine-learning-methods.html.Search in Google Scholar

[142] B. Pinkas, T. Schneider, and M. Zohner, “Faster private set intersection based on OT extension,” in USENIX Security Symposium, 2014.Search in Google Scholar

[143] A. Pyrgelis, C. Troncoso, and E. De Cristofaro, “What does the crowd say about you? evaluating aggregation-based location privacy,” Proceedings on privacy enhancing technologies, 2017.10.1515/popets-2017-0043Search in Google Scholar

[144] J. R. Quinlan, “Induction of decision trees,” Machine learning, 1986.10.1007/BF00116251Search in Google Scholar

[145] J. Quinlan, C4. 5: programs for machine learning. Elsevier, 1993.Search in Google Scholar

[146] S. Rana, S. K. Gupta, and S. Venkatesh, “Differentially private random forest with high utility,” in ICDM, 2015.10.1109/ICDM.2015.76Search in Google Scholar

[147] G. N. Rao, M. S. Harini, and C. R. Kishore, “A cryptographic privacy preserving approach over classification,” in ICT and Critical Infrastructure: Proceedings of the 48th Annual Convention of Computer Society of India-Vol II. Springer, 2014.10.1007/978-3-319-03095-1_53Search in Google Scholar

[148] A. Salem, A. Bhattacharya, M. Backes, M. Fritz, and Y. Zhang, “Updates-leak: Data set inference and reconstruction attacks in online learning,” in USENIX Security Symposium, 2020.Search in Google Scholar

[149] S. Samet and A. Miri, “Privacy preserving ID3 using gini index over horizontally partitioned data,” in AICCSA, 2008.10.1109/AICCSA.2008.4493598Search in Google Scholar

[150] V. Sandulescu and M. Chiru, “Predicting the future relevance of research institutions-the winning solution of the KDD cup 2016,” arXiv preprint 1609.02728, 2016.Search in Google Scholar

[151] A. Shamir, “How to share a secret,” Communications of the ACM, 1979.10.1145/359168.359176Search in Google Scholar

[152] S. Sharma and A. S. Rajawat, “A secure privacy preservation model for vertically partitioned distributed data,” in ICTBIG. IEEE, 2016.10.1109/ICTBIG.2016.7892653Search in Google Scholar

[153] M. A. Sheela and K. Vijayalakshmi, “A novel privacy preserving decision tree induction,” in IEEE CICT, 2013.10.1109/CICT.2013.6558258Search in Google Scholar

[154] Y. Shen, H. Shao, and L. Yang, “Privacy preserving C4.5 algorithm over vertically distributed datasets,” in NSWCTC. IEEE, 2009.10.1109/NSWCTC.2009.253Search in Google Scholar

[155] R. Shokri, M. Stronati, C. Song, and V. Shmatikov, “Membership inference attacks against machine learning models,” in IEEE S&P, 2017.10.1109/SP.2017.41Search in Google Scholar

[156] L. Sumalatha and P. U. Sankar, “Fuzzy random decision tree (frdt) framework for privacy preserving data mining,” in SAI. IEEE, 2016.10.1109/SAI.2016.7555982Search in Google Scholar

[157] E. Suthampan and S. Maneewongvatana, “Privacy preserving decision tree in multi party environment,” in AIRS, 2005.10.1007/11562382_75Search in Google Scholar

[158] K. Tandel and J. N. Patel, “Privacy preserving decision tree classification on horizontal partition data,” IJERT, 2016.Search in Google Scholar

[159] V. D. Team, “VIFF, the virtual ideal functionality framework.”Search in Google Scholar

[160] Z. Teng and W. Du, “A hybrid multi-group privacy-preserving approach for building decision trees,” in PAKDD, 2007.Search in Google Scholar

[161] The Health Insurance Portability and Accountability Act of 1996, 2014, www.hhs.gov/hipaa.Search in Google Scholar

[162] Z. Tian, R. Zhang, X. Hou, J. Liu, and K. Ren, “Feder-boost: Private federated learning for gbdt,” arXiv preprint 2011.02796, 2020.Search in Google Scholar

[163] S. Truex, N. Baracaldo, A. Anwar, T. Steinke, H. Ludwig, R. Zhang, and Y. Zhou, “A hybrid approach to privacy-preserving federated learning,” in ACM AISec, 2019.10.1145/3338501.3357370Search in Google Scholar

[164] S. Truex, L. Liu, M. E. Gursoy, and L. Yu, “Privacy-preserving inductive learning with decision trees,” in Big-Data Congress, 2017.10.1109/BigDataCongress.2017.17Search in Google Scholar

[165] P. S. Vadivu and S. Nithya, “An improved privacy preserving with rsa and c5.0 decision tree learning for unrealized datasets,” International Journal, 2014.Search in Google Scholar

[166] J. Vaidya and C. Clifton, “Privacy-preserving decision trees over vertically partitioned data,” in IFIP DBSec. Springer, 2005.10.1007/11535706_11Search in Google Scholar

[167] J. Vaidya, C. Clifton, M. Kantarcioglu, and A. S. Patterson, “Privacy-preserving decision trees over vertically partitioned data,” ACM TKDD, 2008.10.1007/978-0-387-70992-5_14Search in Google Scholar

[168] J. Vaidya, B. Shafiq, W. Fan, D. Mehmood, and D. Lorenzi, “A random decision tree framework for privacy-preserving data mining,” TDSC, 2013.10.1109/TDSC.2013.43Search in Google Scholar

[169] J. Van Bulck, M. Minkin, O. Weisse, D. Genkin, B. Kasikci, F. Piessens, M. Silberstein, T. F. Wenisch, Y. Yarom, and R. Strackx, “Foreshadow: Extracting the keys to the intel SGX kingdom with transient out-of-order execution,” in USENIX Security Symposium, 2018.Search in Google Scholar

[170] V. S. Verykios, E. Bertino, I. N. Fovino, L. P. Provenza, Y. Saygin, and Y. Theodoridis, “State-of-the-art in privacy preserving data mining,” ACM Sigmod Record, 2004.10.1145/974121.974131Search in Google Scholar

[171] K. W. Wang, T. Dick, and M.-F. Balcan, “Scalable and provably accurate algorithms for differentially private distributed decision tree learning,” AAAI PPAI, 2020.Search in Google Scholar

[172] K. Wang, Y. Xu, R. She, and P. S. Yu, “Classification spanning private databases,” in AAAI, 2006.Search in Google Scholar

[173] S. Wang and J. M. Chang, “Privacy-preserving boosting in the local setting,” arXiv preprint 2002.02096, 2020.Search in Google Scholar

[174] W. Wang, G. Chen, X. Pan, Y. Zhang, X. Wang, V. Bind-schaedler, H. Tang, and C. A. Gunter, “Leaky cauldron on the dark land: Understanding memory side-channel hazards in SGX,” in ACM SIGSAC CCS, 2017.10.1145/3133956.3134038640521430853868Search in Google Scholar

[175] Z. Wang, Y. Yang, Y. Liu, X. Liu, B. B. Gupta, and J. Ma, “Cloud-based federated boosting for mobile crowdsensing,” arXiv preprint 2005.05304, 2020.Search in Google Scholar

[176] D. I. Wolinsky, H. Corrigan-Gibbs, B. Ford, and A. Johnson, “Scalable anonymous group communication in the anytrust model,” Naval Research Lab Washington DC, Tech. Rep., 2012.Search in Google Scholar

[177] D. Wu, T. Wu, and X. Wu, “A differentially private random decision tree classifier with high utility,” in ML4CS. Springer, 2020.10.1007/978-3-030-62223-7_32Search in Google Scholar

[178] D. J. Wu, T. Feng, M. Naehrig, and K. Lauter, “Privately evaluating decision trees and random forests,” Proceedings on Privacy Enhancing Technologies, 2016.10.1515/popets-2016-0043Search in Google Scholar

[179] Y. Wu, S. Cai, X. Xiao, G. Chen, and B. C. Ooi, “Privacy preserving vertical federated learning for tree-based models,” VLDB, no. 11, 2020.10.14778/3407790.3407811Search in Google Scholar

[180] T. Xiang, Y. Li, X. Li, S. Zhong, and S. Yu, “Collaborative ensemble learning under differential privacy,” in Web Intelligence, 2018.10.3233/WEB-180374Search in Google Scholar

[181] M.-J. Xiao, K. Han, L.-S. Huang, and J.-Y. Li, “Privacy preserving c4. 5 algorithm over horizontally partitioned data,” in GCC. IEEE, 2006.10.1109/GCC.2006.73Search in Google Scholar

[182] M.-J. Xiao, L.-S. Huang, Y.-L. Luo, and H. Shen, “Privacy preserving ID3 algorithm over horizontally partitioned data,” in PDCAT. IEEE, 2005.Search in Google Scholar

[183] B. Xin, W. Yang, S. Wang, and L. Huang, “Differentially private greedy decision forest,” in ICASSP. IEEE, 2019.10.1109/ICASSP.2019.8682219Search in Google Scholar

[184] M. Yang, L. Song, J. Xu, C. Li, and G. Tan, “The tradeoff between privacy and accuracy in anomaly detection using federated xgboost,” arXiv preprint 1907.07157, 2019.Search in Google Scholar

[185] A. C.-C. Yao, “How to generate and exchange secrets,” in SFCS. IEEE, 1986.Search in Google Scholar

[186] J. Zhan, “Using homomorphic encryption for privacy-preserving collaborative decision tree classification,” in IEEE CIDM, 2007.10.1109/CIDM.2007.368936Search in Google Scholar

[187] J. Zhan, S. Matwin, and L. Chang, “Privacy preserving decision tree classiffcation over horizontally partitioned data,” in ICEB, 2005.Search in Google Scholar

[188] C. Zhang, Y. Li, and Z. Chen, “Dpets: A differentially private extratrees,” in CIS, 2017.10.1109/CIS.2017.00072Search in Google Scholar

[189] J. Zhang, Z. Fang, Y. Zhang, and D. Song, “Zero knowledge proofs for decision tree predictions and accuracy,” in ACM SIGSAC CCS, 2020.10.1145/3372297.3417278Search in Google Scholar

[190] L. Zhao, L. Ni, S. Hu, Y. Chen, P. Zhou, F. Xiao, and L. Wu, “Inprivate digging: Enabling tree-based distributed data mining with differential privacy,” in IEEE INFOCOM, 2018.10.1109/INFOCOM.2018.8486352Search in Google Scholar

[191] L. Zhu, Z. Liu, and S. Han, “Deep leakage from gradients,” in NeurIPS, 2019.10.1007/978-3-030-63076-8_2Search in Google Scholar

[192] T. Zhu, P. Xiong, Y. Xiang, and W. Zhou, “An effective deferentially private data releasing algorithm for decision tree,” in IEEE TrustCom, 2013.10.1109/TrustCom.2013.49Search in Google Scholar

[193] Z. Zhu and W. Du, “Understanding privacy risk of publishing decision trees,” in IFIP DBSec. Springer, 2010.10.1007/978-3-642-13739-6_3Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo