Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

PEEL: A Poisoning-Exposing Encoding Theoretical Framework for Local Differential Privacy

Lisha Shuai, Jiuling Dong, Nan Zhang, Shaofeng Tan, Haokun Zhang, Zilong Song, Gaoya Dong, Xiaolong Yang

TL;DR

PEEL introduces a structure-aware post-processing framework for Local Differential Privacy that exposes poisoning attacks by enforcing and testing structural consistency in LDP-perturbed data. Through a sparse mapping, normalization, and a data-independent low-rank projection, PEEL yields a unified encoding where benign samples reconstruct losslessly, while poisoned samples generate observable reconstruction residuals. The authors prove that PEEL preserves unbiasedness and statistical accuracy of standard LDP estimators, and provide robustness analyses against output and rule poisoning, including privacy-budget and projection-matrix attacks. Empirically, Harmony-PEEL delivers superior poisoning-exposure accuracy with substantially lower client-side overhead compared to state-of-the-art defenses, demonstrating practical promise for large-scale IoT deployments.

Abstract

Local Differential Privacy (LDP) is a widely adopted privacy-protection model in the Internet of Things (IoT) due to its lightweight, decentralized, and scalable nature. However, it is vulnerable to poisoning attacks, and existing defenses either incur prohibitive resource overheads or rely on domain-specific prior knowledge, limiting their practical deployment. To address these limitations, we propose PEEL, a Poisoning-Exposing Encoding theoretical framework for LDP, which departs from resource- or prior-dependent countermeasures and instead leverages the inherent structural consistency of LDP-perturbed data. As a non-intrusive post-processing module, PEEL amplifies stealthy poisoning effects by re-encoding LDP-perturbed data via sparsification, normalization, and low-rank projection, thereby revealing both output and rule poisoning attacks through structural inconsistencies in the reconstructed space. Theoretical analysis proves that PEEL, integrated with LDP, retains unbiasedness and statistical accuracy, while being robust to expose both output and rule poisoning attacks. Moreover, evaluation results show that LDP-integrated PEEL not only outperforms four state-of-the-art defenses in terms of poisoning exposure accuracy but also significantly reduces client-side computational costs, making it highly suitable for large-scale IoT deployments.

PEEL: A Poisoning-Exposing Encoding Theoretical Framework for Local Differential Privacy

TL;DR

PEEL introduces a structure-aware post-processing framework for Local Differential Privacy that exposes poisoning attacks by enforcing and testing structural consistency in LDP-perturbed data. Through a sparse mapping, normalization, and a data-independent low-rank projection, PEEL yields a unified encoding where benign samples reconstruct losslessly, while poisoned samples generate observable reconstruction residuals. The authors prove that PEEL preserves unbiasedness and statistical accuracy of standard LDP estimators, and provide robustness analyses against output and rule poisoning, including privacy-budget and projection-matrix attacks. Empirically, Harmony-PEEL delivers superior poisoning-exposure accuracy with substantially lower client-side overhead compared to state-of-the-art defenses, demonstrating practical promise for large-scale IoT deployments.

Abstract

Local Differential Privacy (LDP) is a widely adopted privacy-protection model in the Internet of Things (IoT) due to its lightweight, decentralized, and scalable nature. However, it is vulnerable to poisoning attacks, and existing defenses either incur prohibitive resource overheads or rely on domain-specific prior knowledge, limiting their practical deployment. To address these limitations, we propose PEEL, a Poisoning-Exposing Encoding theoretical framework for LDP, which departs from resource- or prior-dependent countermeasures and instead leverages the inherent structural consistency of LDP-perturbed data. As a non-intrusive post-processing module, PEEL amplifies stealthy poisoning effects by re-encoding LDP-perturbed data via sparsification, normalization, and low-rank projection, thereby revealing both output and rule poisoning attacks through structural inconsistencies in the reconstructed space. Theoretical analysis proves that PEEL, integrated with LDP, retains unbiasedness and statistical accuracy, while being robust to expose both output and rule poisoning attacks. Moreover, evaluation results show that LDP-integrated PEEL not only outperforms four state-of-the-art defenses in terms of poisoning exposure accuracy but also significantly reduces client-side computational costs, making it highly suitable for large-scale IoT deployments.

Paper Structure

This paper contains 25 sections, 2 theorems, 76 equations, 1 figure, 3 tables.

Table of Contents

  1. Introduction
  2. Related Works
  3. Preliminaries
  4. Local Differential Privacy
  5. LDP Poisoning Attacks
  6. Problem Definition
  7. PEEL: Poisoning-Exposing Encoding Mechanism for LDP
  8. Mathematical Model
  9. Poisoning-Exposing Principle
  10. Structural Reversibility
  11. Exposure Mechanism
  12. Theoretical Guarantees of PEEL
  13. Unbiasedness
  14. Statistical Accuracy
  15. Robustness Analysis of PEEL
  16. ...and 10 more sections

Key Result

Theorem 5.1

If $Q$ is linear or dimension-wise, the PEEL-integrated LDP estimator satisfies:

Figures (1)

  • Figure 1: Data Flow of LDP-integrated PEEL

Theorems & Definitions (4)

  • Theorem 5.1: Unbiasedness Preservation
  • proof
  • Theorem 5.2: Accuracy Preservation
  • proof