Real-Time Trajectory Synthesis with Local Differential Privacy

TL;DR

RetraSyn addresses the challenge of privately publishing real-time trajectory streams by building a dynamic global mobility model from locally perturbed transitions and synthesizing authentic trajectories under $w$-event $\\epsilon$-LDP. It introduces a DMU mechanism to selectively update the most informative transitions, an adaptive portion-based allocation strategy to distribute the privacy budget in realistic dynamic settings, and a Markov-chain–based real-time synthesizer that respects entering/quitting events for authenticity. Extensive experiments on real and synthetic datasets show RetraSyn consistently outperforms state-of-the-art streaming DP/LDP baselines across streaming and historical analyses, while maintaining scalability. The framework enables versatile downstream tasks with high utility and strong privacy guarantees, making it suitable for real-world trajectory management and privacy-preserving data sharing.

Abstract

Trajectory streams are being generated from location-aware devices, such as smartphones and in-vehicle navigation systems. Due to the sensitive nature of the location data, directly sharing user trajectories suffers from privacy leakage issues. Local differential privacy (LDP), which perturbs sensitive data on the user side before it is shared or analyzed, emerges as a promising solution for private trajectory stream collection and analysis. Unfortunately, existing stream release approaches often neglect the rich spatial-temporal context information within trajectory streams, resulting in suboptimal utility and limited types of downstream applications. To this end, we propose RetraSyn, a novel real-time trajectory synthesis framework, which is able to perform on-the-fly trajectory synthesis based on the mobility patterns privately extracted from users' trajectory streams. Thus, the downstream trajectory analysis can be performed on the high-utility synthesized data with privacy protection. We also take the genuine behaviors of real-world mobile travelers into consideration, ensuring authenticity and practicality. The key components of RetraSyn include the global mobility model, dynamic mobility update mechanism, real-time synthesis, and adaptive allocation strategy. We conduct extensive experiments on multiple real-world and synthetic trajectory datasets under various location-based utility metrics, encompassing both streaming and historical scenarios. The empirical results demonstrate the superiority and versatility of our proposed framework.

Figures (7)

• Figure 1: $\mathsf{RetraSyn}$ architecture.
• Figure 2: Illustration of mobility modeling. The process includes four steps: ① original streams are transformed into sequences of transition states; ② the transition states are encoded into binary vectors; ③ LDP perturbation; ④ curator side aggregation and model construction.
• Figure 3: Impact of allocation strategy. Larger values are better for Kendall-tau and smaller values are better for Query Error and Transition Error.
• Figure 4: Impact of window size $w$ on T-Drive and Oldenburg dataset.
• Figure 5: Impact of evaluation time range size $\varphi$ on T-Drive and Oldenburg dataset.

Theorems & Definitions (9)

• Definition 1: $\epsilon$-Local Differential Privacy
• Theorem 1: Sequential Composition
• Theorem 2: Post-Processing
• Definition 2: $w$-neighboring sigmod22_ldpids
• Definition 3: $w$-event LDP sigmod22_ldpids
• Definition 4: Private Trajectory Stream Synthesis
• Definition 5: Entering/Quitting Transitions
• Theorem 3
• Proof