Rui Chen,Benjamin C. M. Fung,Bipin C. Desai

DOI: https://doi.org/10.48550/arXiv.1112.2020

2011-12-09

Databases

Abstract:With the increasing prevalence of location-aware devices, trajectory data has been generated and collected in various application domains. Trajectory data carries rich information that is useful for many data analysis tasks. Yet, improper publishing and use of trajectory data could jeopardize individual privacy. However, it has been shown that existing privacy-preserving trajectory data publishing methods derived from partition-based privacy models, for example k-anonymity, are unable to provide sufficient privacy protection. In this paper, motivated by the data publishing scenario at the Societe de transport de Montreal (STM), the public transit agency in Montreal area, we study the problem of publishing trajectory data under the rigorous differential privacy model. We propose an efficient data-dependent yet differentially private sanitization algorithm, which is applicable to different types of trajectory data. The efficiency of our approach comes from adaptively narrowing down the output domain by building a noisy prefix tree based on the underlying data. Moreover, as a post-processing step, we make use of the inherent constraints of a prefix tree to conduct constrained inferences, which lead to better utility. This is the first paper to introduce a practical solution for publishing large volume of trajectory data under differential privacy. We examine the utility of sanitized data in terms of count queries and frequent sequential pattern mining. Extensive experiments on real-life trajectory data from the STM demonstrate that our approach maintains high utility and is scalable to large trajectory datasets.

Lin Yao,Zhenyu Chen,Haibo Hu,Guowei Wu,Bin Wu

DOI: https://doi.org/10.1145/3474839

IF: 5

2022-06-30

ACM Transactions on Intelligent Systems and Technology

Abstract:With the proliferation of location-aware devices, trajectory data have been used widely in real-life applications. However, trajectory data are often associated with sensitive labels, such as users’ purchase transactions and planned activities. As such, inappropriate sharing or publishing of these data could threaten users’ privacy, especially when an adversary has sufficient background knowledge about a trajectory through other data sources, such as social media (check-in tags). Though differential privacy has been used to address the privacy of trajectory data, no existing method can protect the privacy of both trajectory data and sensitive labels. In this article, we propose a comprehensive trajectory publishing algorithm with three effective procedures. First, we apply density-based clustering to determine hotspots and outliers and then blur their locations by generalization. Second, we propose a graph-based model to efficiently capture the relationship among sensitive labels and trajectory points in all records and leverage Laplace noise to achieve differential privacy. Finally, we generate and publish trajectories by traversing and updating this graph until we travel all vertexes. Our experiments on synthetic and real-life datasets demonstrate that our algorithm effectively protects the privacy of both sensitive labels and location data in trajectory publication. Compared with existing works on trajectory publishing, our algorithm can also achieve higher data utility.

computer science, information systems, artificial intelligence

Haiming Wang,Zhikun Zhang,Tianhao Wang,Shibo He,Michael Backes,Jiming Chen,Yang Zhang

DOI: https://doi.org/10.48550/arXiv.2210.00581

2023-01-01

Abstract:Publishing trajectory data (individual's movement information) is very useful, but it also raises privacy concerns. To handle the privacy concern, in this paper, we apply differential privacy, the standard technique for data privacy, together with Markov chain model, to generate synthetic trajectories. We notice that existing studies all use Markov chain model and thus propose a framework to analyze the usage of the Markov chain model in this problem. Based on the analysis, we come up with an effective algorithm PrivTrace that uses the first-order and second-order Markov model adaptively. We evaluate PrivTrace and existing methods on synthetic and real-world datasets to demonstrate the superiority of our method.

Wenqing Cheng,Ruxue Wen,Haojun Huang,Wang Miao,Chen Wang

DOI: https://doi.org/10.1016/j.neucom.2021.04.137

IF: 6

2022-02-01

Neurocomputing

Abstract:With the development of location-based applications, more and more trajectory data are collected. Trajectory data often contains users’ sensitive information, and direct release it may pose a threat to users’ privacy. Differential privacy, as a privacy preserving method with solid mathematical foundation, has been widely used in trajectory data publishing. However, current trajectory data publishing methods based on differential privacy cannot fully realize the personalized privacy protection. In this paper, an optimal personalized trajectory differential privacy mechanism is proposed. Firstly, by establishing the probabilistic mobility model of trajectories, we cluster the locations to achieve semantic location matching between different trajectories. Based on the semantic similarity, we identify the templet trajectory, and propose a privacy level allocation method based on stay-points and frequent sub-trajectories. Then, according to the location matching results, we can automatically identify the privacy level of all locations. Combined with the optimal location differential privacy mechanism, we disturb the location points on the user’s trajectory before publishing, where different location privacy levels correspond to different privacy budgets. Experiment results on real-world datasets show that our mechanism provides a better tradeoff between privacy protection and data utility compared with traditional differential privacy methods.

computer science, artificial intelligence

Teddy Cunningham,Graham Cormode,Hakan Ferhatosmanoglu,Divesh Srivastava

DOI: https://doi.org/10.14778/3476249.3476280

2021-08-04

Abstract:Sharing trajectories is beneficial for many real-world applications, such as managing disease spread through contact tracing and tailoring public services to a population's travel patterns. However, public concern over privacy and data protection has limited the extent to which this data is shared. Local differential privacy enables data sharing in which users share a perturbed version of their data, but existing mechanisms fail to incorporate user-independent public knowledge (e.g., business locations and opening times, public transport schedules, geo-located tweets). This limitation makes mechanisms too restrictive, gives unrealistic outputs, and ultimately leads to low practical utility. To address these concerns, we propose a local differentially private mechanism that is based on perturbing hierarchically-structured, overlapping $n$-grams (i.e., contiguous subsequences of length $n$) of trajectory data. Our mechanism uses a multi-dimensional hierarchy over publicly available external knowledge of real-world places of interest to improve the realism and utility of the perturbed, shared trajectories. Importantly, including real-world public data does not negatively affect privacy or efficiency. Our experiments, using real-world data and a range of queries, each with real-world application analogues, demonstrate the superiority of our approach over a range of alternative methods.

Databases,Cryptography and Security

Hua Shen,Yu Wang,Mingwu Zhang

DOI: https://doi.org/10.3390/s23249652

2023-12-06

Abstract:With the popularity of location services and the widespread use of trajectory data, trajectory privacy protection has become a popular research area. k-anonymity technology is a common method for achieving privacy-preserved trajectory publishing. When constructing virtual trajectories, most existing trajectory k-anonymity methods just consider point similarity, which results in a large dummy trajectory space. Suppose there are n similar point sets, each consisting of m points. The size of the space is then mn. Furthermore, to choose suitable k- 1 dummy trajectories for a given real trajectory, these methods need to evaluate the similarity between each trajectory in the space and the real trajectory, leading to a large performance overhead. To address these challenges, this paper proposes a k-anonymity trajectory privacy protection method based on the similarity of sub-trajectories. This method not only considers the multidimensional similarity of points, but also synthetically considers the area between the historic sub-trajectories and the real sub-trajectories to more fully describe the similarity between sub-trajectories. By quantifying the area enclosed by sub-trajectories, we can more accurately capture the spatial relationship between trajectories. Finally, our approach generates k-1 dummy trajectories that are indistinguishable from real trajectories, effectively achieving k-anonymity for a given trajectory. Furthermore, our proposed method utilizes real historic sub-trajectories to generate dummy trajectories, making them more authentic and providing better privacy protection for real trajectories. In comparison to other frequently employed trajectory privacy protection methods, our method has a better privacy protection effect, higher data quality, and better performance.

Zihao Shen,Yuyang Zhang,Hui Wang,Peiqian Liu,Kun Liu,Yanmei Shen

DOI: https://doi.org/10.1016/j.eswa.2024.124264

IF: 8.5

2024-05-27

Expert Systems with Applications

Abstract:Ignoring the temporal relationship of position points in trajectory data or the change in the number of position points in dummy trajectory generation can result in inadequate data availability. To address the data availability problem of publishing user trajectory data while ensuring privacy protection, this paper proposes an improved privacy protection method combining a Bidirectional Gated Recurrent Unit and differential privacy (BiGRU-DP). First, Laplace noise is added to the time attribute of the trajectory data. Secondly, BiGRU is used to predict the processing of trajectory data, considering the bi-directional data of the predicted point. Then, the k -means clustering method is used to generalize and optimize the trajectory data. Finally, the trajectory data is published after adding noise. The experimental simulation results show that BiGRU-DP enhances the availability of published data and has certain efficiency advantages over traditional trajectory data publishing methods while ensuring privacy protection.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Yuqing Ge,Yunsheng Wang,Nana Wang

2024-08-23

Abstract:Spatiotemporal trajectories collected from GPS-enabled devices are of vital importance to many applications, such as urban planning and traffic analysis. Due to the privacy leakage concerns, many privacy-preserving trajectory publishing methods have been proposed. However, most of them could not strike a good balance between privacy protection and good data utility. In this paper, we propose DP-STTS, a differentially private spatiotemporal trajectory synthesizer with high data utility, which employs a model composed of a start spatiotemporal cube distribution and a 1-order Markov process. Specially, DP-STTS firstly discretizes the raw spatiotemporal trajectories into neighboring cubes, such that the model size is limited and the model's tolerance for noise could be enhanced. Then, a Markov process is utilized for the next location point picking. After adding noise under differential privacy (DP) to the model, synthetic trajectories that preserve essential spatial and temporal characteristics of the real trajectories are generated from the noisy model. Experiments on one real-life dataset demonstrate that DP-STTS provides good data utility. Our code is available at <a class="link-external link-https" href="https://github.com/Etherious72/DP-STTS" rel="external noopener nofollow">this https URL</a>.

Cryptography and Security

Jing Xiong,Hong Zhu

DOI: https://doi.org/10.1186/s13677-022-00332-3

2022-09-30

Journal of Cloud Computing

Abstract:Accurate and real-time trajectory data publishing plays an important role in providing users with the latest traffic and road condition information to help in rationally planning travel time and routes. However, the improper publishing of location information and reverse analysis and reasoning can easily leak users' personal information, which may threaten users' privacy and lives. Owing to the inclusion of differential privacy model noise, privacy protection introduces inaccuracies in data publishing and validity. To improve the accuracy and usability of published data, we propose a data publishing method based on deep learning and differential privacy models for securing spatiotemporal trajectory data publishing. The method divides the trajectory data into two-dimensional grid regions, counts the density of trajectories at grids, performs a top-down recursive division of regions, and formulates rules for privacy budget allocation from multiple perspectives as recurrence depth increases. Furthermore, the method integrates spatiotemporal sequence data according to temporal order. Subsequently, it extracts temporal and spatial features of the data by the temporal graph convolutional network model for budget matrix prediction, adds Laplace noise to the regions, and evaluates the effect of differential privacy protection with the original data to protect trajectory data privacy. Experiments demonstrate that under the premise of satisfying ε -difference privacy, the query error and Jensen–Shannon divergence are smaller, the Kendall coefficient is more consistent, and the upper and lower limit values are more stable. Hence, the top-down division method achieves better results than those of the two traditional region division methods of the uniform grid and adaptive grid. The proposed method can be used to allocate the privacy budget more reasonably and achieve privacy protection of trajectories, which can be applied to a large amount of spatiotemporal trajectory data.

Guangqiang Xie,Haoran Xu,Jiyuan Xu,Shupeng Zhao,Yang Li,Chang-Dong Wang,Xianbiao Hu,Yonghong Tian

DOI: https://doi.org/10.1109/tkde.2024.3449433

IF: 9.235

2024-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:With the rapid development of wireless communication and localization technologies, the easier collection of trajectory data can bring potential data-driven value. Recently, there has been an increasing interest in how to publish trajectory dataset without revealing personal information. However, since the large-scale and real-world sequential trajectory dataset presents a heterogeneous regional distribution, the existing study ignores the relationship between privacy budget allocation and spatial characteristics, resulting in unreasonable continuity and mapping distortion, and thus lowering the utility of the synthetic dataset. To address this problem, we propose a probability distribution model named Adaptive grid-based Weighted Differential Privacy (AWDP). First, trajectories are adaptively discretized into the multi-resolution grid structures to make trajectories more uniformly distributed and less disturbed by the noise. Second, we allocate different weighted budgets for different grids according to density-based regional characteristics. Third, a spatio-temporal continuity maintenance method is designed to solve unrealistic direction- and density-based continuity deviations of synthetic trajectories. An application system is developed for demonstration purposes which is available online at http://qgailab.com/awdp/ . The extensive experiments on three datasets demonstrate that AWDP performs significantly better than the state-of-the-art model in preserving the density distribution of the original trajectories with differential privacy guarantee and high utility.

Jing Zhang,Yanzi Li,Qian Ding,Liwei Lin,Xiucai Ye

DOI: https://doi.org/10.3390/e24091172

IF: 2.738

2022-08-24

Entropy

Abstract:The publication of trajectory data provides critical information for various location-based services, and it is critical to publish trajectory data safely while ensuring its availability. Differential privacy is a promising privacy protection technology for publishing trajectory data securely. Most of the existing trajectory privacy protection schemes do not take into account the user's preference for location and the influence of semantic location. Besides, differential privacy for trajectory protection still has the problem of balance between the privacy budget and service quality. In this paper, a semantics- and prediction-based differential privacy protection scheme for trajectory data is proposed. Firstly, trajectory data are transformed into a prefix tree structure to ensure that they satisfy differential privacy. Secondly, considering the influence of semantic location on trajectory, semantic sensitivity combined with location check-in frequency is used to calculate the sensitivity of each position in the trajectory. The privacy level of the position is classified by setting thresholds. Moreover, the corresponding privacy budget is allocated according to the location privacy level. Finally, a Markov chain is used to predict the attack probability of each position in the trajectory. On this basis, the allocation of the privacy budget is further adjusted and its utilization rate is improved. Thus, the problem of the balance between the privacy budget and service quality is solved. Experimental results show that the proposed scheme is able to ensure data availability while protecting data privacy.

physics, multidisciplinary

Qilong Han,Qianqian Chen,Kejia Zhang,Xiaojiang Du,Nadra Guizani

DOI: https://doi.org/10.48550/arXiv.1804.02052

2018-04-05

Cryptography and Security

Abstract:Collection of user's location and trajectory information that contains rich personal privacy in mobile social networks has become easier for attackers. Network traffic control is an important network system which can solve some security and privacy problems. In this paper, we consider a network traffic control system as a trusted third party and use differential privacy for protecting more personal trajectory data. We studied the influence of the high dimensionality and sparsity of trajectory data sets based on the availability of the published results. Based on similarity point aggregation reconstruction ideas and a prefix tree model, we proposed a hybrid publishing method of differential privacy spatiotemporal trajectory data sets APTB.

Nana Wang,Mohan Kankanhalli

2024-04-22

Abstract:The increasing use of GPS-enabled devices has generated a large amount of trajectory data. These data offer us vital insights to understand the movements of individuals and populations, benefiting a broad range of applications from transportation planning to epidemic modeling. However, improper release of trajectory data is increasing concerns on individual privacy. Previous attempts either lack strong privacy guarantees, or fail to preserve sufficient basic characteristics of the original data. In this paper, we propose DPTraj-PM, a method to synthesize trajectory dataset under the differential privacy (DP) framework while ensures high data utility. Based on the assumption that an individual's trajectory could be mainly determined by the initial trajectory segment (which depicts the starting point and the initial direction) and the next location point, DPTraj-PM discretizes the raw trajectories into neighboring cells, and models them by combining a prefix tree structure and an m-order Markov process. After adding noise to the model under differential privacy, DPTraj-PM generates a synthetic dataset from the noisy model to enable a wider spectrum of data mining and modeling tasks. The output traces crafted by DPTraj-PM not only preserves the patterns and variability in individuals' mobility behaviors, but also protects individual privacy. Experiments on two real-world datasets demonstrate that DPTraj-PM substantially outperforms the state-of-the-art techniques in terms of data utility. Our code is available at

Cryptography and Security

Yuan Shen,Wei Song,Yang Cao,Zechen Liu,Zhe Wei,Zhiyong Peng

DOI: https://doi.org/10.1016/j.ins.2023.119959

IF: 8.1

2024-01-01

Information Sciences

Abstract:Differential Privacy (DP), as a de facto privacy-preserving paradigm, can be widely applied in numerous event streams publishing schemes to protect private events (i.e., trajectory points of users). However, most existing schemes assume these events are independent, which is a vulnerable assumption that can lead to unforeseeable privacy degradation. The privacy-preserving for event streams publishing under data dependence is still challenging because existing dependence quantify models cannot dynamically measure the degree of dependent relationships between events. In this paper, we investigate the privacy degradation issue of trajectory event streams publishing and propose (Θ,ϵ)-dependent privacy mechanism to mitigate this issue. Specifically, we introduce spatial dependence to model the dependent relationship between events in trajectory data and extend it to quantify the influence of multiple dependent events on the target event. We define the notion of max dissimilarity to formalize the privacy level of DP mechanisms in trajectory event streams publishing. The proposed notion of global dependent coefficient helps the private mechanism to provide the expected privacy level by calibrating the added noise. We further achieve ω-event privacy protection over trajectory event streams under data dependence constraints with (Θ,ϵ)-dependent privacy mechanism. Theoretical analysis proves our scheme provides the expected privacy guarantee under data dependence constraints. Extensive experiments validate our scheme is efficient and effective.

Yuntao Du,Yujia Hu,Zhikun Zhang,Ziquan Fang,Lu Chen,Baihua Zheng,Yunjun Gao

DOI: https://doi.org/10.14778/3594512.3594520

IF: 2.5

2023-01-01

Proceedings of the VLDB Endowment

Abstract:Trajectory data has the potential to greatly benefit a wide-range of real-world applications, such as tracking the spread of the disease through people's movement patterns and providing personalized location-based services based on travel preference. However, privacy concerns and data protection regulations have limited the extent to which this data is shared and utilized. To overcome this challenge, local differential privacy provides a solution by allowing people to share a perturbed version of their data, ensuring privacy as only the data owners have access to the original information. Despite its potential, existing point-based perturbation mechanisms are not suitable for real-world scenarios due to poor utility, dependence on external knowledge, high computational overhead, and vulnerability to attacks. To address these limitations, we introduce LDPTrace, a novel locally differentially private trajectory synthesis framework. Our framework takes into account three crucial patterns inferred from users' trajectories in the local setting, allowing us to synthesize trajectories that closely resemble real ones with minimal computational cost. Additionally, we present a new method for selecting a proper grid granularity without compromising privacy. Our extensive experiments using real-world as well as synthetic data, various utility metrics and attacks, demonstrate the efficacy and efficiency of LDPTrace.

Xiaoxin Du,Hui Zhu,Yandong Zheng,Rongxing Lu,Fengwei Wang,Hui Li

DOI: https://doi.org/10.1109/jiot.2023.3262964

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:With the ubiquity of Internet of Things, location-based service (LBS) providers have collected huge volumes of individuals’ trajectories, which are valuable for some applications, e.g., store location choosing for merchants. However, directly publishing raw trajectories to applications may violate individuals’ data privacy and lead to unexpected loss. Although many trajectory synthesis methods under differential privacy have been proposed to privately publish trajectories data, they cannot sufficiently preserve the semantic information of trajectories. Aiming at this issue, in this paper, we introduce a semantic-preserving scheme to synthesize trajectories for publishing under differential privacy. Specifically, we first design a hierarchical graphical model (HGM) to capture the semantic feature of trajectories. Then, we propose a metric, named the correlation score, to measure the relationship between two locations, which can well capture the geographic feature of trajectories. After that, we propose a private trajectory synthesis algorithm by first adding Laplace noises to the extracted features and then synthesizing trajectories based on the noisy features and the Markov chain theory. Privacy analysis demonstrates that our scheme can protect the privacy of trajectories. In addition, performance evaluation illustrates that our synthetic trajectories maintain good utility semantically and geographically.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yongli Wang,Xiaoze Gong,Weicheng Zhi

DOI: https://doi.org/10.1109/bdicn58493.2023.00016

2023-01-01

Abstract:As a reliable privacy protection method, differential privacy has been widely used in trajectory data release. However, the current trajectory protection method based on differential privacy lacks the analysis of the privacy requirements of each user and allocates the same privacy budget to all trajectory location points of the user, which cannot provide personalized trajectory privacy protection according to user characteristics. Aiming at this problem, we propose a trajectory protection method based on area density analysis. Analyze the stay area of each user, calculate the stay point and reconstruct the trajectory set according to the time and distance thresholds. Using the minimum spanning tree clustering algorithm based on local density peaks to obtain the privacy-sensitive location points and active hotspot areas of the user’s trajectory. According to the designed privacy importance degree expression, calculate privacy score of each sensitive location point, and assign them the proper privacy budget value. The experimental comparison on real data sets shows that this trajectory privacy protection method can better reduce the privacy budget waste and improve the availability of data compared with the traditional differential privacy trajectory protection method.

Computer Science

Huichuan Liu,Yong Zeng,Zhihong Liu,Jianfeng Ma,Xiaoyan Zhu

DOI: https://doi.org/10.1109/nana.2019.00068

2019-01-01

Abstract:With the development of data science and deep learning, people tend to share their data to boost the precision of the trained model. However, the data to be shared may contain a very large number of private information, which may harm user privacy. Therefore, in this paper, based on n-gram model, a differentially private trajectory data publishing framework is proposed. To mitigate the impact of noise on the utility, we novelly propose a sparse vector technique based tree pruning method to generate an adaptive n-gram model which can adapt to height-unlimited tree. We also combine n-gram model and start-end distribution to solve the intrinsic problem of existing methods based on Markov model. Finally, we use empirical experiments to verify that our method could synthesize more similar trajectories to the original dataset than the state-of-the-art method.

Zhaowei Hu,Jing Yang,Jianpei Zhang

DOI: https://doi.org/10.1016/j.cose.2018.05.001

2018-08-01

Abstract:Trajectory data often provides information that is well applicable to real-world scenarios such as traffic planning and location-based advertising. Individual trajectory information may disclose sensitive personal data, thus necessitating privacy protection methods. Current methods assume and utilize the same privacy requirements for all trajectories, which can impact their protection and data utilization efficiency. This paper proposes a privacy protection method based on divided time intervals which satisfy different privacy requirements. The method works by constructing a privacy requirement matrix and running trajectory pre-processing based on the different privacy requirements for trajectories in different time points and locations. It uses trajectories that satisfy the (l, δ) -constraint to construct an undirected trajectory graph. By finding the trajectory corresponding to the edge and vertex with the minimum weight, ki-anonymous sets are then constructed with trajectories which share the same or similar privacy requirements. The Manhattan distance can then be applied to calculate the space between trajectories distance, which narrows the gap between the theoretical privacy protection and the actual protective effects. Comparative experiments demonstrate that the proposed method outperforms other similar methods in regards to both privacy protection and data utilization.

computer science, information systems