
# CS 3110/5110: Data Privacy
## Final Project

## Project Plan

My question is: Can I predict income levels (above thresholds or within categories), based on demographic features (age, education, etc.) in a privacy-preserving way? I plan on doing this by training a differentially private logistic regression model on census data using private gradient descent methods. I will also evaluate accuracy and privacy trade-offs by varying epsilon and clipping parameters. 

In [1]:
# Load the data and libraries
import pandas as pd
import numpy as np
import random
from scipy import stats
import matplotlib.pyplot as plt
from sklearn.model_selection import train_test_split
from sklearn.linear_model import LogisticRegression

def laplace_mech(v, sensitivity, epsilon):
    return v + np.random.laplace(loc=0, scale=sensitivity / epsilon)

def laplace_mech_vec(vec, sensitivity, epsilon):
    return [v + np.random.laplace(loc=0, scale=sensitivity / epsilon) for v in vec]

def gaussian_mech(v, sensitivity, epsilon, delta):
    return v + np.random.normal(loc=0, scale=sensitivity * np.sqrt(2*np.log(1.25/delta)) / epsilon)

def gaussian_mech_vec(vec, sensitivity, epsilon, delta):
    return [v + np.random.normal(loc=0, scale=sensitivity * np.sqrt(2*np.log(1.25/delta)) / epsilon)
            for v in vec]

def pct_error(orig, priv):
    return np.abs(orig - priv)/orig * 100.0

## Collecting and Setting up Datasets

note:
- There are some features which originally have 'N' as a possible value so I am removing those or changing it to 0 if 0 has not already been used

- The columns with 'N' possible are: MSP, NOC, NPF, INDP_CAT, EDU, PINCP, PINCP_DECILE POVPIP, DVET, DREM, DPHY, 

In [2]:
# Dataset I am using - NIST data with income information for Massachusetts
data = pd.read_csv('NIST Datasets/ma2019.csv')


# The ones of these that already use 0: INDP_CAT, NOC   (so dropping these)
data = data.drop(columns=['PUMA', 'NOC', 'INDP_CAT'])   #along with PUMA because its a string

#Need to do some cleaning so all features are numeric and can be used in the model
data.replace('N', '0', inplace=True)

np.array(data)

array([[18, 1, '6', ..., 2, 72, 0],
       [21, 2, '6', ..., 2, 6, 0],
       [22, 2, '6', ..., 2, 80, 0],
       ...,
       [3, 1, '0', ..., 2, 69, 75],
       [1, 2, '0', ..., 2, 64, 75],
       [0, 1, '0', ..., 2, 107, 145]], dtype=object)

I will add a column to the data that will be the target feature
- This column will be binary 0 for bottom 50% of income
- and 1 for top 50% of income

This will allow logistic regression to perform the classification

In [None]:
#adds new column to data
data['PINCP_BIN'] = (data['PINCP_DECILE'].astype(int) >= 5).astype(int)
#makes it 1 and -1 instead of 0 and 1
data['PINCP_BIN'] = np.where(data['PINCP_DECILE'].astype(int) >= 5, 1, -1)

#checking to make sure it worked
data['PINCP_BIN'].value_counts()

PINCP_BIN
-1    4022
 1    3612
Name: count, dtype: int64

In [4]:
#now defining the features that are model will be built off
#Age, Sex, Marital Status, Race, and Education 
training_features = ['AGEP', 'SEX', 'MSP', 'RAC1P', 'EDU']
df = data.copy()
df = df[training_features]
df = df.astype(int)
#normalizes age columns
df['AGEP'] = df['AGEP']/df['AGEP'].sum()
#this one-hot encodes all the columns
for col in training_features:
    if col == 'AGEP':
        continue
    # Get one hot encoding of columns B
    one_hot = pd.get_dummies(df[col], prefix=col)
    # Drop column B as it is now encoded
    df = df.drop(col,axis = 1)
    # Join the encoded df
    df = df.join(one_hot)

X = df

#the goal of this project is to predict income percentile so income is our target variable
#I made this a binary variable so people in the top half of income bracket have a score of 1
# and people in the bottom half have a score of -1
y = data['PINCP_BIN']

#here is our split into train and test data
X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=0.2, random_state=42)
X_train = np.array(X_train)
X_test = np.array(X_test)
y_train = np.array(y_train)
y_test = np.array(y_test)

print("Training set shape:", X_train.shape, y_train.shape)
print("Testing set shape:", X_test.shape, y_test.shape)
y_train

Training set shape: (6107, 31) (6107,)
Testing set shape: (1527, 31) (1527,)


array([-1, -1,  1, ..., -1, -1, -1])

## Building the Model

- I am using a logistic regression model to solve a multiclass classification problem of predicting income for people in this dataset
- My target variable is income decile
- My training features are age, sex, marital status, race, and education

In [115]:
def train_model():
    model = LogisticRegression( solver='lbfgs', max_iter=10000)
    model.fit(X_train, y_train)
    return model

model = train_model()
print('Model coefficients:', model.coef_[0])
print('Model accuracy:', np.sum(model.predict(X_test) == y_test)/X_test.shape[0])

Model coefficients: [-2.47266291e-03  3.32929717e-01 -7.01340715e-01 -3.64423617e+00
  9.22760148e-01  4.84246029e-02  3.64992465e-01  9.25788547e-01
  1.11769026e+00 -1.03830851e-01  3.93530933e-01  1.58505680e-01
 -5.45844934e-01 -4.48631827e-01 -2.33396588e-01 -1.23754298e-01
  5.88021305e-02  3.72377905e-01 -9.05027012e-01 -1.14840691e+00
 -1.01869129e+00 -1.50757213e+00 -1.75810546e+00 -2.81027026e-01
 -4.74937264e-01 -9.18022666e-02  5.47155507e-01  1.15431229e+00
  1.65582964e+00  1.65868174e+00  1.80117919e+00]
Model accuracy: 0.77079240340537


## Gradient Descent

Use gradient descent to find the accuracy of the model

In [6]:
# The loss function measures how good our model is. The training goal is to minimize the loss.
# This is the logistic loss function.
def loss(theta, xi, yi):
    exponent = - yi * (xi.dot(theta))
    return np.log(1 + np.exp(exponent))

# This is the gradient of the logistic loss
# The gradient is a vector that indicates the rate of change of the loss in each direction
def gradient(theta, xi, yi):
    xi = np.array(xi).astype(int)
    yi = np.array(yi).astype(int)  # Ensure yi is a scalar integer
    
    exponent = yi * (xi.dot(theta))
    exponent = np.clip(exponent, -700, 700)
    return - (yi*xi) / (1+np.exp(exponent))

In [7]:
theta = [0 for _ in range(X_train.shape[1])] # I use 5 for the amount of training features I have
i=1


In [8]:
def avg_grad(theta, X, y):
    #list of vectors, each vector has length 104
    all_grads = [gradient(theta, X[i], y[i]) for i in range(len(X))]
    #compute the column-wise average
    avg_grad = np.mean(all_grads, axis=0)
    return avg_grad

avg_grad(theta, X_train, y_train)

array([ 0.00000000e+00, -2.48075978e-02,  5.46913378e-02,  7.40953005e-02,
       -8.35107254e-02,  1.39184542e-03,  7.53233994e-03, -7.12297364e-03,
       -1.14622564e-03,  3.86441788e-02,  1.25266088e-02,  4.42115605e-03,
        2.45619781e-04,  8.18732602e-05,  6.95922712e-03,  8.18732602e-05,
        1.39184542e-03,  4.17553627e-03,  1.30997216e-02,  8.84231210e-03,
        1.36728345e-02,  4.37203209e-02,  2.57082037e-02,  1.76027509e-02,
        1.63746520e-03,  1.35090879e-02, -5.07614213e-03, -4.84689700e-02,
       -3.79073195e-02, -7.69608646e-03, -8.76043884e-03])

In [9]:
# Prediction: take a model (theta) and a single example (xi) and return its predicted label
def predict(xi, theta, bias=0):
    xi = np.array(xi).astype(int)
    label = np.sign(xi @ theta + bias)
    return label

def accuracy(theta):
    return np.sum(predict(X_test, theta) == y_test)/X_test.shape[0]

In [78]:
def gradient_descent(iterations):
    theta = [0 for _ in range(X_train.shape[1])] #initial model
    for _ in range(iterations):
        theta = theta - avg_grad(theta, X_train, y_train)
    return theta

theta = gradient_descent(10)
accuracy(theta)

0.75049115913556

## Adding Noise

So, we have successfully implemented the regression model that predicts income based on the data
- Now we must add Differential Privacy to the gradient descent algorithm

In [13]:
# First we must clip

# L2 Clipping function we will use for our gradient descent
def L2_clip(v, b):
    norm = np.linalg.norm(v, ord=2)
    
    if norm > b:
        return b * (v / norm)
    else:
        return v
    

#Helper function for our noisy gradient descent
def gradient_sum(theta, X, y, b):
    gradients = [L2_clip(gradient(theta, x_i, y_i), b) for x_i, y_i in zip(X,y)]
        
    # sum query
    # L2 sensitivity is b (by clipping performed above)
    return np.sum(gradients, axis=0)

In [125]:
# Noisy gradient descent
# Satisfies (k*epsilon + epsilon, k*delta)-differential privacy
def noisy_gradient_descent(iterations, epsilon, delta):
    theta = np.array([0 for _ in range(X_train.shape[1])]) #resets theta to zeros
    b = 20      #dont do 50 or more
    epsilon_i = epsilon/iterations
    delta_i = delta/iterations


    noisy_count = laplace_mech(X_train.shape[0], 1, epsilon)

    for i in range(iterations):
        clipped_gradient_sum = gradient_sum(theta, X_train, y_train, b)
        noisy_gradient_sum = np.array(gaussian_mech_vec(clipped_gradient_sum, b, epsilon_i, delta_i))
        noisy_avg_gradient = np.array(noisy_gradient_sum) / noisy_count
        theta = theta - noisy_avg_gradient
    return theta

#New accuracy with noise added
theta = noisy_gradient_descent(10, .1, 1e-5)
print('Final accuracy:', accuracy(theta))

Final accuracy: 0.4119187950229208


## A Little Analysis

- With a larger epsilon, I find that the addition of noise does not change the accuracy of the model at all
- The more I decrease the epsilon, the lower the accuracy gets. This is a good sign that the noise is successfully being added and that tradeoff is appearing of less accuracy with more noise.
- My clipping parameter is relatively small because I adjusted for the change in the size of data I was working with. My dataset is not small, but it it not as large as the adult set and does not require as much clipping.

## Alternative Methods

I wanted to try out some of the more advanced Differential Privacy methods as well and see how the model performs with those.

In [79]:
def gaussian_mech_RDP_vec(vec, sensitivity, alpha, epsilon):
    sigma = np.sqrt((sensitivity**2 * alpha) / (2 * epsilon))
    return [v + np.random.normal(loc=0, scale=sigma) for v in vec]

In [91]:
def noisy_gradient_descent_RDP(iterations, alpha, epsilon_bar):
    theta = np.array([0 for _ in range(X_train.shape[1])]) #resets theta to zeros
    b = 20   #or b
    epsilon_i = epsilon_bar/iterations
    alpha_i = alpha/iterations

    noisy_count = laplace_mech(X_train.shape[0], 1, epsilon_bar)

    for i in range(iterations):
        #gradient sum:
        # 1. computes the gradients for all of X_train
        # 2. clips them/
        # 3. and sums them
        grad_sum  = gradient_sum(theta, X_train, y_train, b) 

        #now we add noise with renyi diff priv
        noisy_grad_sum = gaussian_mech_RDP_vec(grad_sum, sensitivity=b, alpha=alpha_i, epsilon=epsilon_i)

        noisy_grad = np.array(noisy_grad_sum)/noisy_count  
        theta = theta - noisy_grad
    return theta

theta = noisy_gradient_descent_RDP(10, 20, .1)
print(theta)
print('Final accuracy:', accuracy(theta))

[-0.01831659  0.09504225 -0.38509286 -0.40219744  0.65987646  0.12139743
 -0.0393608   0.03881423 -0.0598912  -0.28006535 -0.13514719 -0.12958657
 -0.13962637 -0.02391976 -0.01251062  0.00275001  0.01778892  0.1213913
  0.06335248 -0.10040623 -0.17161267 -0.36904156 -0.01463687 -0.10685879
  0.04193414 -0.14037366 -0.01873506  0.42306843  0.288214    0.04043388
  0.07210003]
Final accuracy: 0.7098886705959397


In [63]:
def gaussian_mech_zCDP_vec(vec, sensitivity, rho):
    sigma = np.sqrt((sensitivity**2) / (2 * rho))
    return [v + np.random.normal(loc=0, scale=sigma) for v in vec]

In [136]:
def noisy_gradient_descent_zCDP(iterations, rho):
    theta = np.array([0 for _ in range(X_train.shape[1])]) #resets theta to zeros
    b = 20
    rho_i = rho/iterations

    noisy_count = laplace_mech(X_train.shape[0], 1, rho)

    for i in range(iterations):
        #gradient sum:
        # 1. computes the gradients for all of X_train
        # 2. clips them
        # 3. and sums them
        grad_sum  = gradient_sum(theta, X_train, y_train, b) 

        #now we add noise with renyi diff priv
        noisy_grad_sum = gaussian_mech_zCDP_vec(grad_sum, sensitivity=b, rho=rho_i)

        noisy_grad = np.array(noisy_grad_sum)/noisy_count
        theta = theta - noisy_grad
    return theta

theta = noisy_gradient_descent_zCDP(10, .1)
print('Final accuracy:', accuracy(theta))

Final accuracy: 0.739358218729535


In [114]:
def noisy_gradient_descent_zCDP_ED(iterations, epsilon, delta):
    theta = np.array([0 for _ in range(X_train.shape[1])]) #resets theta to zeros
    b = 20
    tolerance = 0.1 * epsilon
    
    #convert epsilon and delta to rho

    rho_low, rho_high = 0, 1  # initial bounds for rho
    while rho_high - rho_low > tolerance:
        rho_mid = (rho_high + rho_low) / 2
        # Calculate epsilon for this rho using zCDP to DP conversion formula
        calculated_epsilon = np.sqrt(2 * rho_mid * np.log(1 / delta)) + rho_mid
        if calculated_epsilon < epsilon:
            rho_low = rho_mid
        else:
            rho_high = rho_mid
    
    rho = (rho_high + rho_low) / 2
    rho_i = rho/iterations


    for i in range(iterations):
        #gradient sum:
        # 1. computes the gradients for all of X_train
        # 2. clips them
        # 3. and sums them
        grad_sum  = gradient_sum(theta, X_train, y_train, b) 

        #now we add noise with renyi diff priv
        noisy_grad_sum = gaussian_mech_zCDP_vec(grad_sum, sensitivity=b, rho=rho_i)

        noisy_grad = np.array(noisy_grad_sum)/len(X_train)
        theta = theta - noisy_grad
    return theta



theta = noisy_gradient_descent_zCDP_ED(10, .1, 1e-5)
print('Final accuracy:', accuracy(theta))

Final accuracy: 0.7007203667321545


# More Analysis

These methods basically all show similar solutions, but just test the same model out with a different differential privacy algorithm.

Tested with 10 iterations, .1 epsilon, b=20, and delta of 1e-5

The models have varying accuracies:
- scikit learn logistic regression - 77% accurate

- pure gradient descent - 75% accurate

- gradient descent with noise - roughly 50% accurate(40-60% range)

- Renyi-Differentially Private Gradient Descent - roughly 70% accurate

- zero-Concentrated differential privacy gradient descent - roughly 74% accurate

- zCDP to Epsilon, Delta gradient descent - roughly 65-70% accurate
    - Above algorithm seems to vary more: probably due to the nature of its algorithm and guessing rho