Bayesian networks (BN) are probabilistic graphical models that enable efficient knowledge representation and inference. These have proven effective across diverse domains, including healthcare, bioinformatics and economics. The structure and parameters of a BN can be obtained by domain experts or directly learned from available data. However, as privacy concerns escalate, it becomes increasingly critical for publicly released models to safeguard sensitive information in training data. Typically, released models do not prioritize privacy by design. In particular, tracing attacks from adversaries can combine the released BN with auxiliary data to determine whether specific individuals belong to the data from which the BN was learned. State-of-the-art protection tecniques involve introducing noise into the learned parameters. While this offers robust protection against tracing attacks, it significantly impacts the model's utility, in terms of both the significance and accuracy of the resulting inferences. Hence, high privacy may be attained at the cost of releasing a possibly ineffective model. This paper introduces credal networks (CN) as a novel solution for balancing the model's privacy and utility. After adapting the notion of tracing attacks, we demonstrate that a CN enables the masking of the learned BN, thereby reducing the probability of successful attacks. As CNs are obfuscated but not noisy versions of BNs, they can achieve meaningful inferences while safeguarding privacy. Moreover, we identify key learning information that must be concealed to prevent attackers from recovering the underlying BN. Finally, we conduct a set of numerical experiments to analyze how privacy gains can be modulated by tuning the CN hyperparameters. Our results confirm that CNs provide a principled, practical, and effective approach towards the development of privacy-aware probabilistic graphical models.

翻译：贝叶斯网络（BN）是一种概率图模型，能够实现高效的知识表示与推理。该模型已在医疗保健、生物信息学及经济学等多个领域被证明具有显著效果。贝叶斯网络的结构与参数可通过领域专家指定或直接从可用数据中学习获得。然而，随着隐私保护问题日益凸显，公开发布的模型必须有效保护训练数据中的敏感信息，这一点变得至关重要。现有模型通常在设计阶段未充分考虑隐私保护需求。具体而言，攻击者可能通过追踪攻击将已发布的贝叶斯网络与辅助数据相结合，从而判定特定个体是否属于该网络的学习数据来源。当前最先进的保护技术主要通过对学习参数引入噪声来实现。虽然这种方法能有效防御追踪攻击，但会显著影响模型的实用性，具体表现为推理结果的重要性和准确性均会下降。因此，高隐私保护往往以模型效能可能受损为代价。本文提出将信度网络（CN）作为平衡模型隐私性与实用性的创新解决方案。在重新定义追踪攻击概念的基础上，我们证明信度网络能够有效掩盖原始贝叶斯网络，从而降低攻击成功率。由于信度网络是贝叶斯网络的模糊化（而非噪声化）版本，其能够在保护隐私的同时实现有效的推理。此外，我们明确了必须隐藏的关键学习信息，以防止攻击者还原底层贝叶斯网络。最后，我们通过一系列数值实验分析如何通过调整信度网络超参数来调控隐私保护强度。实验结果证实，信度网络为开发隐私感知的概率图模型提供了原则性、实用且有效的技术路径。