Hua Shen,Yu Wang,Mingwu Zhang

DOI: https://doi.org/10.3390/s23249652

2023-12-06

Abstract:With the popularity of location services and the widespread use of trajectory data, trajectory privacy protection has become a popular research area. k-anonymity technology is a common method for achieving privacy-preserved trajectory publishing. When constructing virtual trajectories, most existing trajectory k-anonymity methods just consider point similarity, which results in a large dummy trajectory space. Suppose there are n similar point sets, each consisting of m points. The size of the space is then mn. Furthermore, to choose suitable k- 1 dummy trajectories for a given real trajectory, these methods need to evaluate the similarity between each trajectory in the space and the real trajectory, leading to a large performance overhead. To address these challenges, this paper proposes a k-anonymity trajectory privacy protection method based on the similarity of sub-trajectories. This method not only considers the multidimensional similarity of points, but also synthetically considers the area between the historic sub-trajectories and the real sub-trajectories to more fully describe the similarity between sub-trajectories. By quantifying the area enclosed by sub-trajectories, we can more accurately capture the spatial relationship between trajectories. Finally, our approach generates k-1 dummy trajectories that are indistinguishable from real trajectories, effectively achieving k-anonymity for a given trajectory. Furthermore, our proposed method utilizes real historic sub-trajectories to generate dummy trajectories, making them more authentic and providing better privacy protection for real trajectories. In comparison to other frequently employed trajectory privacy protection methods, our method has a better privacy protection effect, higher data quality, and better performance.

Meng Li,Liehuang Zhu,Zijian Zhang,Rixin Xu

DOI: https://doi.org/10.1109/dsc.2016.64

2016-01-01

Abstract:Trajectory data. like human mobility trace, in participatory sensing is of vital importance to many applications, like traffic monitoring, urban planning and social relationship mining. However, improper release of trajectory data can incur great threats to user's privacy. Recent researches have adopted Laplace mechanism to achieve differential privacy which can guarantee that small change of one record in database will not breach a user's privacy. However, existing work cannot guarantee privacy perfectly because a randomly picked noise will not contribute to a meaningful trajectory data release and people need to hide their visits to certain sensitive area. In this paper, we propose a differentially private trajectory data publishing algorithm aiming to protect the privacy of sensitive areas. Privacy analysis show that the proposed scheme achieves differential privacy and experiments with real trajectory data exhibits that the proposed scheme achieves good data utility and is scalable to large trajectory databases.

Xichen Wu,Guangzhong Sun

DOI: https://doi.org/10.1109/icdmw.2014.122

2014-01-01

Abstract:In recent years, wireless communication technologies and accurate positioning devices enable us to enjoy various types of location-based services. However, revealing users location information to potentially untrusted LBS providers is one of the most significant privacy threats in location-based services. The dummy-based privacy-preserving approach is a popular technology that can protect real trajectories from exposing to attackers. Moreover, it does not need a trusted third part, while guaranteeing the quality of service. When user requests a service, dummy trajectories anony mize the real trajectory to satisfy privacy-preserving requirements. In this paper, we propose a new privacy model that includes three reasonable privacy metrics. We also design a new algorithm named adaptive dummy trajectories generation algorithm (ADTGA) to derive uniformly distributed dummy trajectories. Dummy trajectories generated by our algorithm can achieve stricter privacy-preserving requirements based on our privacy model. The experimental results show that our proposed algorithm can use fewer dummy trajectories to satisfy the same privacy-preserving requirement than existing algorithms, and the distribution of dummy trajectories is more uniformly.

LI Feng-hua,ZHANG Cui,NIU Ben,LI Hui,HUA Jia-feng,SHI Guo-zhen

DOI: https://doi.org/10.11959/j.issn.1000-436x.2015320

2015-01-01

Abstract:As one of the most important information in location-based services (LBS),the trajectory privacy for smart devices users has gained increasingly popularity over recent years.To address this problem,(k−1) dummy trajectories to achieve trajectory k-anonymity with comprehensively considering side information were generated,user's mobility pattern and the trajectory similarity etc.Without relying on the trusted third party,the scheme could provide trajectory k-anonymity against adversaries with side information by generating (k−1) realistic dummy trajectories.The evaluation results indicate its effectiveness and efficiency.

Zhaowei Hu,Jing Yang

DOI: https://doi.org/10.1371/journal.pone.0237158

IF: 3.7

2020-08-12

PLoS ONE

Abstract:Aiming to solve the problem of low data utilization and privacy protection, a personalized differential privacy protection method based on cross-correlation constraints is proposed. By protecting sensitive location points on the trajectory and their affiliated sensitive points, this method combines the sensitivity of the user's trajectory location and user privacy protection requirements and privacy budget to propose a (R,Ɛ) -extended differential privacy protection model. Using autocorrelation Laplace transform, specific Gaussian white noise is transformed into noise that is related to the user's real trajectory sequence in both time and space. Then the noise is added to the user trajectory sequence to ensure spatio-temporal correlation between the noise sequence and the user trajectory sequence. This defines the cross-correlation constraint mechanism of the published trajectory sequence. By superimposing the real trajectory sequence on the user's noise sequence that satisfies the autocorrelation, a published trajectory sequence that satisfies the cross-correlation constraint condition is established to provide strong privacy guarantees against adversaries. Finally, the feasibility, effectiveness and rationality of the algorithm are verified by simulation experiments, and the proposed method is compared with recent studies in the same field on basis of merits and weakness and so on.

Yun-Cheng WU,Hong CHEN,Su-Yun ZHAO,Wen-Juan LIANG,Yao WU,Cui-Ping LI,Xiao-Ying ZHANG

DOI: https://doi.org/10.11897/SP.J.1016.2018.00309

2018-01-01

Chinese Journal of Computers

Abstract:In recent years,location based services (LBS) is becoming one of the most important ways for information retrieval in our daily life,and it has broad application prospects and great value.However,people's locations or trajectory may be disclosed when they continuously use LBS to retrieve point of interests.This privacy disclosure problem not only restricts the development of LBS,but also reduces the quality of service the users obtained.Recently,trajectory privacy protection has attracted more and more attention,such as cloaking based technique,perturbation based technique,and so on.However,existing techniques seldom consider the geo-spatial and temporal correlation of the locations between several timestamps,which might degrade the location privacy of users.In this paper,aiming at dealing with the trajectory privacy problem,we explore a popular paradigm for providing privacy with strong theoretical guarantees,differential privacy,which has recently gained significant attention for its robustness to known attacks,and define a new privacy model based on differential privacy for trajectory protection.Specifically,we firstly propose an algorithm (CPL) to calculate the privacy level of each location on the map according to geo-spatial correlation.This algorithm transforms the topology of map into an undirected weighted graph.Based on the initial sensitive locations and the corresponding pre-defined privacy levels that provided by users,CPL algorithm iteratively allocates the privacy level of a location to its adjacent locations by the edge weights,and computes the aggregated privacy levels for all other locations that are not in the set of initial sensitive locations.Secondly,we present a privacy model,called γ-trajectory privacy,that combines the privacy level and differential privacy budget.Fundamentally,for any location in a trajectory,this privacy model requires that the multiplication of privacy level that computed from CPL algorithm and differential privacy budget of this location should equal to γ.In other words,the higher the privacy level is,the lower the differential privacy budget should be.Therefore,we can use this privacy model as a guideline to determine the differential privacy budget for every location.Thirdly,we figure out that if we release locations of a trajectory according to a differentially private location perturbation algorithm independently (which is widely used in existing work),malicious adversaries may also compromise the location privacy by the temporal correlation between perturbed locations.Thus,we propose a differentially private location release mechanism (DPLRM) that considers the temporal correlation to protect the trajectory privacy of users.Specifically,we model the temporal correlation between user's true locations by Markov chain transition matrix,and define the DPLRM as an optimization problem by minimizing an objective function based on the total distance between the true locations and possible released locations.We also give a mathematical deduction to calculate the constraints for this optimization problem.Finally,we conduct extensive experiments on two real world datasets,and show that it is computational efficient for CPL algorithm to compute the privacy levels,and the performance of DPLRM algorithm is close to an optimal approach and better than an existing mechanism.

Chao WANG,Jing YANG,Jian-Pei ZHANG

DOI: https://doi.org/10.16383/j.aas.2015.c140139

2015-01-01

Abstract:The rise of mobile social networks as well as mobile intelligent terminal has generated a lot of spatial-temporal trajectory data, publishing and analyzing such data is essential to improve transportation, to understand the dynamics of the economy in a region, etc. However, it will be a serious threat to the user0s privacy, if adversary is able to identify user0s identity corresponding to the trajectory. While calculating similarity of trajectories, the existing methods consider only locations proximity of the sampling point in the trajectory, and ignore the dynamic proximity of locations in the trajectory. So the produced trajectory anonymity set has a low utility. To solve this problem, we first present the concept of neighborhood similarity and neighborhood distortion density to fully consider the dynamics proximity of locations in the trajectory, and then propose two algorithms, i.e., trajectory anonymity algorithm based on neighborhood similarity and trajectory anonymity algorithm based on trajectory neighborhood distortion density. The former one only considers the dynamics proximity of locations in the trajectory, while the latter one also reduces information loss of anonymous collection by minimizing neighborhood distortion density during the clustering process. Finally, experimental results on a synthetic data set and a real-life data set demonstrate that our method offers better utility than comparable previous proposals in the literature.

Lu Qiwei,Wang Caimei,Xiong Yan,Xia Huihua,Huang Wenchao,Gong Xudong

DOI: https://doi.org/10.1049/cje.2017.01.024

IF: 1.019

2017-01-01

Chinese Journal of Electronics

Abstract:Due to the popularity of mobile Internet and location-aware devices, there is an explosion of location and trajectory data of moving objects. A few proposals have been proposed for privacy preserving trajectory data publishing, and most of them assume the attacks with the same adversarial background knowledge. In practice, different users have different privacy requirements. Such non-personalized privacy assumption does not meet the personalized privacy requirements, meanwhile, it looses the chance to achieve better utility by taking advantage of differences of users' privacy requirements. We study the personalized trajectory k-anonymity criterion for trajectory data publication. Specifically, we explore and propose an overall framework which provides privacy preserving services based on users' personal privacy requests, including trajectory clusteiing, editing and publication. We demonstrate the efficiency and effectiveness of our scheme through experiments on real world dataset.

Kangkang Dou,Jian Liu

DOI: https://doi.org/10.1007/978-981-15-7984-4_12

2020-01-01

Abstract:AbstractLocation-based services provide service and convenience, while causing the leakage of track privacy. The existing trajectory privacy protection methods lack the consideration of the correlation between the noise sequence, the user’s original trajectory sequence, and the published trajectory sequence. And they are susceptible to noise filtering attacks using filtering methods. In view of this problem, a differential privacy trajectory protection method based on spatiotemporal correlation is proposed in this paper. With this method, the concept of correlation function was introduced to establish the correlation constraint of release track sequence, and the least square method was used to fit the user’s original track and the overall direction of noise sequence to construct noise candidate set. It ensured that the added noise sequence has spatiotemporal correlation with the user’s original track sequence and release track sequence. Also, it effectively resists attackers’ denoising attacks, and reduces the risk of trajectory privacy leakage. Finally, comparative experiments were carried out on the real data sets. The experimental results show that this method effectively improves the privacy protection effect and the data availability of the release track, and it also has better practicability.

Jing Xiong,Hong Zhu

DOI: https://doi.org/10.1186/s13677-022-00332-3

2022-09-30

Journal of Cloud Computing

Abstract:Accurate and real-time trajectory data publishing plays an important role in providing users with the latest traffic and road condition information to help in rationally planning travel time and routes. However, the improper publishing of location information and reverse analysis and reasoning can easily leak users' personal information, which may threaten users' privacy and lives. Owing to the inclusion of differential privacy model noise, privacy protection introduces inaccuracies in data publishing and validity. To improve the accuracy and usability of published data, we propose a data publishing method based on deep learning and differential privacy models for securing spatiotemporal trajectory data publishing. The method divides the trajectory data into two-dimensional grid regions, counts the density of trajectories at grids, performs a top-down recursive division of regions, and formulates rules for privacy budget allocation from multiple perspectives as recurrence depth increases. Furthermore, the method integrates spatiotemporal sequence data according to temporal order. Subsequently, it extracts temporal and spatial features of the data by the temporal graph convolutional network model for budget matrix prediction, adds Laplace noise to the regions, and evaluates the effect of differential privacy protection with the original data to protect trajectory data privacy. Experiments demonstrate that under the premise of satisfying ε -difference privacy, the query error and Jensen–Shannon divergence are smaller, the Kendall coefficient is more consistent, and the upper and lower limit values are more stable. Hence, the top-down division method achieves better results than those of the two traditional region division methods of the uniform grid and adaptive grid. The proposed method can be used to allocate the privacy budget more reasonably and achieve privacy protection of trajectories, which can be applied to a large amount of spatiotemporal trajectory data.

Zhaowei Hu,Jing Yang,Jianpei Zhang

DOI: https://doi.org/10.1142/s0218843018500065

2018-01-01

International Journal of Cooperative Information Systems

Abstract:Trajectory data often provides useful information that can be utilized in real-life applications, such as traffic planning and location-based advertising. Because people's trajectory information can result in serious personal privacy leakage, trajectory privacy protection methods are employed. However, existing methods assume and use the same privacy requirements for all trajectories, which affect privacy protection efficiency and data utilization. This paper proposes a trajectory privacy protection method based on user requirement. By dividing different time intervals, it sets different privacy protection parameters for different trajectories to provide more detailed privacy protection. The proposed method utilizes the divided time intervals and privacy protection requirements to form a privacy requirement matrix, to construct an anonymous trajectory equivalence class and undirected graph. Then, trajectories are processed to form anonymous sets. Euclidean distance is also replaced with Manhattan distance in calculating the distance of the trajectories, which would improve the privacy protection and data utility and narrow the gap between the theoretical privacy protection and the actual protective effects. Comparative experiments demonstrate that the proposed method outperforms other similar methods in regards to both privacy protection and data utilization.

Hai Liu,Xinghua Li,Hui Li,Jianfeng Ma,Xindi Ma

DOI: https://doi.org/10.1109/infocom.2017.8056978

2017-01-01

Abstract:Since the dummy-based method can provide precise query results without any requirement for a third party or key sharing, it has been widely used to protect the user's location privacy in location-based services. However, the neighboring location sets submitted in consecutive requests always include a close spatiotemporal correlation, which enables the adversary to identify some dummies. Therefore, the existing dummy-based schemes cannot protect the user's location privacy completely. To solve this problem, based on the dummies generated by the existing schemes, this paper filters out the dummies that can be identified by taking into account of the spatiotemporal correlation from three aspects, namely time reachability, direction similarity and in-degree/out-degree. In this way, the rest dummies can satisfy the user's personalized privacy protection requirement. Security analysis shows that the proposed scheme successfully perturbs the spatiotemporal correlation between neighboring location sets, therefore, it is infeasible for the adversary to distinguish the user's real location from the dummies. Furthermore, extensive experiments indicate that the proposal is able to protect the user's location privacy effectively and efficiently.

Qilong Han,Zuobin Xiong,Kejia Zhang

DOI: https://doi.org/10.1155/2018/4248092

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:A number of security and privacy challenges of cyber system are arising due to the rapidly evolving scale and complexity of modern system and networks. The cyber system is a fundamental ingredient for Internet of Things (IoT) and smart city which are driven by huge amount of data. These data carry a lot of information for mining and analysis, especially trajectory data. If unprotected trajectory data is released, it may disclose user’s personal privacy, such as home, religion, and behavior mode, which will endanger their personal security. Until now, many methods for protecting trajectory information have been proposed. However, these methods have the following deficiencies: (i) they cannot defend against speculative attacks if the attacker’s background knowledge is maximized; (ii) when studying the problem, they made some strong assumptions that did not match the reality; (iii) the implementation algorithm is complicated and the time complexity is high, which means that data cannot be executed quickly when the amount is large. So, in this paper, we propose a spatial partition based method to publish trajectory data via differential privacy. First, by exponential mechanism, we divide location set at the same time into different partitions fast and accurately. Then we propose another effective method to release trajectory in a differential private manner. We design experiment based on the real-life dataset and compare it with existing method. The results show that the trajectory dataset released by our algorithm has better usability while ensuring privacy.

Yan Dai,Jie Shao

DOI: https://doi.org/10.1007/978-3-319-68542-7_19

2017-01-01

Abstract:Trajectory data of mobile users contain plenty of sensitive spatial and temporal information, and can support many applications through data analysing and mining. However, re-identification attack and inference attack on such data may cause serious personal privacy leakage. Existing privacy preserving techniques cannot protect trajectory privacy well or largely scarify data utility. In view of these issues, in this paper we propose an enhanced trajectory privacy preserving method which can protect the trajectory privacy preferably while maintaining a high utility of the trajectory in data publishing. A mechanism is proposed to protect the privacy through replacing stop points in the trajectory and an effective trajectory reconstruction algorithm is introduced to avoid the mutations of trajectory, and also deal with the possible presence of obstacles around trajectories. The performance of our proposal is comprehensively evaluated on a real trajectory dataset. The results show that our method achieves a high privacy level and improves the utility of trajectory data greatly, compared with the state-of-the-art method.

Lin Yao,Zhenyu Chen,Haibo Hu,Guowei Wu,Bin Wu

DOI: https://doi.org/10.1145/3474839

IF: 5

2022-06-30

ACM Transactions on Intelligent Systems and Technology

Abstract:With the proliferation of location-aware devices, trajectory data have been used widely in real-life applications. However, trajectory data are often associated with sensitive labels, such as users’ purchase transactions and planned activities. As such, inappropriate sharing or publishing of these data could threaten users’ privacy, especially when an adversary has sufficient background knowledge about a trajectory through other data sources, such as social media (check-in tags). Though differential privacy has been used to address the privacy of trajectory data, no existing method can protect the privacy of both trajectory data and sensitive labels. In this article, we propose a comprehensive trajectory publishing algorithm with three effective procedures. First, we apply density-based clustering to determine hotspots and outliers and then blur their locations by generalization. Second, we propose a graph-based model to efficiently capture the relationship among sensitive labels and trajectory points in all records and leverage Laplace noise to achieve differential privacy. Finally, we generate and publish trajectories by traversing and updating this graph until we travel all vertexes. Our experiments on synthetic and real-life datasets demonstrate that our algorithm effectively protects the privacy of both sensitive labels and location data in trajectory publication. Compared with existing works on trajectory publishing, our algorithm can also achieve higher data utility.

computer science, information systems, artificial intelligence

Jianfeng Xu,Yiping Wei,Yingxiao Chen

DOI: https://doi.org/10.1016/j.asoc.2024.111591

IF: 8.7

2024-01-01

Applied Soft Computing

Abstract:The prevalent method in trajectory privacy protection through publishing k-1 similar trajectories alongside a target trajectory, often relies on a single feature, which can compromise the balance between privacy, data utility, and processing efficiency. Addressing this, our study introduces a nuanced three-way decision model that integrates multiple trajectory features: staying areas, average velocity, and distance. This model begins by filtering candidate trajectories through staying areas and average velocity. Subsequently, it employs a three-way decision-making process based on a novel dynamic trajectory warping (DTrW) distance metric, which obviates the need for trajectory pre-alignment and mitigates information loss. This process classifies trajectories into accepted, rejected, or pending categories, with the final set compiled through a combined metric of average speed and staying areas. Comparative experiments on a classic real trajectory dataset validate the model’s superiority, demonstrating enhanced privacy protection, improved data utility, and increased efficiency over single-feature-based approaches and other k-anonymity models.

Ji Yali,Gui Xiaolin,Dai Huijun,An Jian,Zhu Hongyi,Peng Zhenlong,Lin Xinyang

DOI: https://doi.org/10.1155/2022/5114584

IF: 1.43

2022-10-22

Mathematical Problems in Engineering

Abstract:In data opening and sharing, a trajectory privacy protection based on sensitive stay area replacement (SSAR) is proposed in order to improve the availability of protected trajectory while maintaining the same security. Firstly, the stay areas are extracted by analyzing the movement characteristics. Secondly, the sensitive stay areas are obtained according to the user-defined sensitive semantic positions. Then, the sensitive areas are constructed according to the user's privacy requirement needs to randomly select the substitution. Finally, part of the sampling positions in the sensitive area are reset. The parameter selection experiment and the comparison experiment with other schemes show that the trajectory similarity is improved by more than 35% in SSAR. That is to say, SSAR can greatly improve the availability of protected trajectory on the basis of ensuring the safety degree.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Hua Wang

DOI: https://doi.org/10.48550/arXiv.2212.06600

2022-12-13

Cryptography and Security

Abstract:The current trajectory privacy protection technology only considers the temporal and spatial attributes of trajectory data, but ignores the social attributes. However, there is an intrinsic relationship between social attributes and human activity trajectories, which brings new challenges to trajectory privacy protection, making existing trajectory privacy protection technologies unable to resist trajectory privacy attacks based on social attributes. To this end, this paper first studies the social privacy attack in the trajectory data, builds a social privacy attack model based on the fusion of "space-time" features, and reveals the internal impact of the spatial and temporal features in the trajectory data on social privacy leaks. -Anonymous algorithm and trajectory release privacy protection provide theoretical support. On this basis, integrate social attributes into trajectory privacy protection technology, design trajectory k-anonymity algorithm based on "space-time-social" three-dimensional mobile model, and construct trajectory data based on "space-time-social-semantic" multi-dimensional correlation Publish privacy-preserving models.

Yan Dai,Jie Shao,Chengbo Wei,Dongxiang Zhang,Heng Tao Shen

DOI: https://doi.org/10.1007/s11280-017-0489-2

2017-08-26

World Wide Web

Abstract:Trajectory data gathered by mobile positioning techniques and location-aware devices contain plenty of sensitive spatial-temporal and semantic information, and can support many applications through data analysing and mining. However, attribute-linkage and re-identification attacks on such data may cause privacy leakage, and lead to unexpected serious consequences. Existing privacy preserving techniques for trajectory data often ignore the different privacy requirements of different moving objects or largely scarify the availability of trajectory data. In view of these issues, we propose an effective personalized trajectory privacy preserving method which can strike a good balance between user-defined privacy requirement and data availability in off-line trajectory publishing scenario. The main idea is to firstly label semantic attributes of all sampling points on the trajectory and build a corresponding taxonomy tree, next extract sensitive stop points, then for different types of sensitive stop points, adopt different strategies to select the appropriate points of user interests to replace while considering user speed and avoiding reverse mutation, and finally publish the reconstructed trajectory. Besides, to make our method more realistic we further consider possible obstacles appeared in the user space environment. In the experiments, average identification possibility, trajectory semantic consistency and trajectory shape similarity are taken as evaluation criteria, and the performance of our method is comprehensively evaluated. The results show that our method can improve the user trajectory availability as much as possible, while effectively achieving the different trajectory privacy requirements.

Yand Jing,Hu Zhaowei,Zhang Jianpei

DOI: https://doi.org/10.1109/imccc.2018.00229

2018-01-01

Abstract:The use of individual trajectory information may result in serious invasions of personal privacy or leakage of personal data. Existing trajectory privacy protection methods are designed to protect the whole trajectory rather than to protect sensitive or frequently visited location points, which can cause additional information loss. This paper proposes an approach to trajectory privacy protection which targets active point information. Active information points are replaced with an anonymous region and silent information points directly published to protect the trajectory, which minimizes the distortion of trajectory data as well as the likelihood that personal information is leaked. The proposed method takes into account the diversity of sensitive attributes, restricts the type of region, and minimizes the quantity of the cloak area to protect privacy. The proposed method outperforms other similar methods in terms of privacy protection level and data utility.