PoisonCatcher: Revealing and Identifying LDP Poisoning Attacks in IIoT
Lisha Shuai, Shaofeng Tan, Nan Zhang, Jiamin Zhang, Min Zhang, Xiaolong Yang
TL;DR
This work studies poisoning attacks on Local Differential Privacy in IIoT and shows how perturbation indistinguishability enables stealthy data manipulation at scale. It introduces PoisonCatcher, a four-stage aggregator-side defense combining temporal-similarity, temporal-correlation, time-series stability detectors, and a latent-bias feature miner to identify poisoned data. The authors provide a unified theoretical framework for LDP poisoning, including indistinguishability bounds and practical detector design, and validate the approach on a real-world weather dataset, achieving an F2 score above 0.907 for poison identification across attack modes. The results demonstrate the practical viability of real-time, edge-lean defenses against LDP poisoning in resource-constrained IIoT environments, with strong implications for privacy-utility trade-offs and secure data sharing.
Abstract
Local Differential Privacy (LDP), a robust privacy-protection model, is widely adopted in the Industrial Internet of Things (IIoT) due to its lightweight, decentralized, and scalable. However, its perturbation-based privacy-protection mechanism hinders distinguishing between any two data, thereby facilitating LDP poisoning attacks. The exposed physical-layer vulnerabilities and resource-constrained prevalent at the IIoT edge not only facilitate such attacks but also render existing LDP poisoning defenses, all of which are deployed at the edge and rely on ample resources, impractical. This work proposes a LDP poisoning defense for IIoT in the resource-rich aggregator. We first reveal key poisoning attack modes occurring within the LDP-utilized IIoT data-collection process, detailing how IIoT vulnerabilities enable attacks, and then formulate a general attack model and derive the poisoned data's indistinguishability. This work subsequently analyzes the poisoning impacts on aggregated data based on industrial process correlation, revealing the distortion of statistical query results' temporal similarity and the resulting disruption of inter-attribute correlation, and uncovering the intriguing paradox that adversaries' attempts to stabilize their poisoning actions for stealth are difficult to maintain. Given these findings, we propose PoisonCatcher, a solution for identifying poisoned data, which includes time-series detectors based on temporal similarity, attribute correlation, and pattern stability metrics to detect poisoned attributes, and a latent-bias feature miner for identifying poisons. Experiments on the real-world dataset indicate that PoisonCatcher successfully identifies poisoned data, demonstrating robust identification capabilities with F2 scores above 90.7\% under various attack settings.