Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Poisoning Attacks to Local Differential Privacy Protocols for Trajectory Data

I-Jung Hsu, Chih-Hsun Lin, Chia-Mu Yu, Sy-Yen Kuo, Chun-Ying Huang

TL;DR

This work analyzes the vulnerability of local differential privacy (LDP) trajectory protocols to data-poisoning attacks. It introduces TraP, a prefix-suffix heuristic that efficiently generates attack-effective fake trajectories to promote chosen target patterns, achieving substantial gains even with a modest fraction of fake users. The study evaluates TraP across multiple non-realtime protocols (and a realtime variant) and shows that defenses like frequent itemset mining or normalization offer limited protection, underscoring the need for more robust protocol designs. By providing extensive experiments and open-science resources, the paper highlights practical privacy-security tensions in LDP trajectory data collection and points to directions for stronger defenses.

Abstract

Trajectory data, which tracks movements through geographic locations, is crucial for improving real-world applications. However, collecting such sensitive data raises considerable privacy concerns. Local differential privacy (LDP) offers a solution by allowing individuals to locally perturb their trajectory data before sharing it. Despite its privacy benefits, LDP protocols are vulnerable to data poisoning attacks, where attackers inject fake data to manipulate aggregated results. In this work, we make the first attempt to analyze vulnerabilities in several representative LDP trajectory protocols. We propose \textsc{TraP}, a heuristic algorithm for data \underline{P}oisoning attacks using a prefix-suffix method to optimize fake \underline{Tra}jectory selection, significantly reducing computational complexity. Our experimental results demonstrate that our attack can substantially increase target pattern occurrences in the perturbed trajectory dataset with few fake users. This study underscores the urgent need for robust defenses and better protocol designs to safeguard LDP trajectory data against malicious manipulation.

Poisoning Attacks to Local Differential Privacy Protocols for Trajectory Data

TL;DR

This work analyzes the vulnerability of local differential privacy (LDP) trajectory protocols to data-poisoning attacks. It introduces TraP, a prefix-suffix heuristic that efficiently generates attack-effective fake trajectories to promote chosen target patterns, achieving substantial gains even with a modest fraction of fake users. The study evaluates TraP across multiple non-realtime protocols (and a realtime variant) and shows that defenses like frequent itemset mining or normalization offer limited protection, underscoring the need for more robust protocol designs. By providing extensive experiments and open-science resources, the paper highlights practical privacy-security tensions in LDP trajectory data collection and points to directions for stronger defenses.

Abstract

Trajectory data, which tracks movements through geographic locations, is crucial for improving real-world applications. However, collecting such sensitive data raises considerable privacy concerns. Local differential privacy (LDP) offers a solution by allowing individuals to locally perturb their trajectory data before sharing it. Despite its privacy benefits, LDP protocols are vulnerable to data poisoning attacks, where attackers inject fake data to manipulate aggregated results. In this work, we make the first attempt to analyze vulnerabilities in several representative LDP trajectory protocols. We propose \textsc{TraP}, a heuristic algorithm for data \underline{P}oisoning attacks using a prefix-suffix method to optimize fake \underline{Tra}jectory selection, significantly reducing computational complexity. Our experimental results demonstrate that our attack can substantially increase target pattern occurrences in the perturbed trajectory dataset with few fake users. This study underscores the urgent need for robust defenses and better protocol designs to safeguard LDP trajectory data against malicious manipulation.

Paper Structure

This paper contains 50 sections, 4 equations, 78 figures, 1 table, 5 algorithms.

Table of Contents

  1. Introduction
  2. Related Work
  3. Background
  4. Local Differential Privacy
  5. Victim LDP Trajectory Protocols
  6. $n$-gram
  7. PrivTC
  8. LDPTrace
  9. ATP
  10. Attacking LDP Trajectory Protocols
  11. System Model
  12. Baselines
  13. TraP: A Prefix-Suffix Approach
  14. Main Idea
  15. Main Algorithm of TraP
  16. ...and 35 more sections

Figures (78)

  • Figure 1: Average score of IPA and OPA with $\varepsilon = 1$ (higher score indicates greater attack effectiveness).
  • Figure 2: Average percentile rank (PR) of IPA and OPA with $\varepsilon = 1$ (higher score indicates greater attack effectiveness).
  • Figure 3: ATP on CHI
  • Figure 4: ATP on CLE
  • Figure 5: ATP on CPS
  • ...and 73 more figures

Theorems & Definitions (1)

  • Definition 1: $\varepsilon$-Local Differential Privacy