Zheng HUO,Xiao-Feng MENG

DOI: https://doi.org/10.11897/SP.J.1016.2018.00400

2018-01-01

Abstract:Trajectory data have rich spatiotemporal information,which may cause users' personal privacy leakage.In order to avoid this,privacy-preserving techniques are required before the publication of trajectory data.Most of the existing trajectory privacy-preserving techniques are based on the k-anonymity model,which has two main drawbacks:one is low privacy guarantee;the other is heavily dependent on the background knowledge that the attackers know.In recent years,researchers proposed differential privacy,which is known as the strongest privacy-preserving model,and it is quite good at publication of statistical information.While,publication of statistical information may also cause leakage of users' location privacy.At first,we propose two attack models in publication of count values of location samples,called sparse location attack and maximum moving speed attack.Then we propose two trajectory data publication methods under differential privacy:in free space,we propose a differentially private trajectory data publication method based on noisy quad-tree.The privacy budget is divided according to the level of the quad-tree;Laplace noise is added into each level's count value of moving object.In road network space,we propose a differentially private trajectory data publication method base on noisy R-tree.While R-tree is used to index road segment,privacy budget is divided and Laplace noise is added to the count values of each road segment or the minimum bounding rectangles of road segment.Both method spublish noisy count values of location data of each timestamp,which form a sequence of count values.Differential privacy algorithms have higher privacy guarantee than traditional k-anonymity methods.Actually,published trajectory data is a location count value sequence of multiple consequent timestamps.Since the main idea of differential privacy is to add Laplace noise into original data,and the added Laplace noise are independent at each timestamp,it may cause data inconsistency,which may reduce the utility of the published data.The data inconsistency happens when publication of location data of two or more consequent timestamps.We propose a heuristic algorithm to solve this problem.This algorithm is an extreme value problem under certain constraints.The constraints we conclude are the maximum and minimum numbers of each area or road segment,according to the moving speed,area size or the length of a road segment.The extreme value function is the L2 distance between the noisy count value sequence and the consistency count value sequence,we may find a consistent count value sequence which is most close to the noisy data.At last,we conduct a set of experiments on two data sets,one is generated location data under Gaussian distribution,and the other is generated data under Oldenburg city road network constraints.We measure data utility and runtime of each algorithm before and after consistency procedure,the results show that the consistency algorithm may improve the data utility about 200％ in average,which shows the effectiveness of the consistency algorithm.We also test runtime of each algorithm,with the incensement of the data set size,run time increases linearly,which means the algorithms are easy to extend.

Hua Shen,Yu Wang,Mingwu Zhang

DOI: https://doi.org/10.3390/s23249652

2023-12-06

Abstract:With the popularity of location services and the widespread use of trajectory data, trajectory privacy protection has become a popular research area. k-anonymity technology is a common method for achieving privacy-preserved trajectory publishing. When constructing virtual trajectories, most existing trajectory k-anonymity methods just consider point similarity, which results in a large dummy trajectory space. Suppose there are n similar point sets, each consisting of m points. The size of the space is then mn. Furthermore, to choose suitable k- 1 dummy trajectories for a given real trajectory, these methods need to evaluate the similarity between each trajectory in the space and the real trajectory, leading to a large performance overhead. To address these challenges, this paper proposes a k-anonymity trajectory privacy protection method based on the similarity of sub-trajectories. This method not only considers the multidimensional similarity of points, but also synthetically considers the area between the historic sub-trajectories and the real sub-trajectories to more fully describe the similarity between sub-trajectories. By quantifying the area enclosed by sub-trajectories, we can more accurately capture the spatial relationship between trajectories. Finally, our approach generates k-1 dummy trajectories that are indistinguishable from real trajectories, effectively achieving k-anonymity for a given trajectory. Furthermore, our proposed method utilizes real historic sub-trajectories to generate dummy trajectories, making them more authentic and providing better privacy protection for real trajectories. In comparison to other frequently employed trajectory privacy protection methods, our method has a better privacy protection effect, higher data quality, and better performance.

Weiqi Zhang,Guisheng Yin,Yuhai Sha,Jishen Yang

DOI: https://doi.org/10.1155/2021/6691975

2021-01-01

Wireless Communications and Mobile Computing

Abstract:The rapid development of the Global Positioning System (GPS) devices and location-based services (LBSs) facilitates the collection of huge amounts of personal information for the untrusted/unknown LBS providers. This phenomenon raises serious privacy concerns. However, most of the existing solutions aim at locating interference in the static scenes or in a single timestamp without considering the correlation between location transfer and time of moving users. In this way, the solutions are vulnerable to various inference attacks. Traditional privacy protection methods rely on trusted third-party service providers, but in reality, we are not sure whether the third party is trustable. In this paper, we propose a systematic solution to preserve location information. The protection provides a rigorous privacy guarantee without the assumption of the credibility of the third parties. The user’s historical trajectory information is used as the basis of the hidden Markov model prediction, and the user’s possible prospective location is used as the model output result to protect the user’s trajectory privacy. To formalize the privacy-protecting guarantee, we propose a new definition, L&A-location region, based on k-anonymity and differential privacy. Based on the proposed privacy definition, we design a novel mechanism to provide a privacy protection guarantee for the users’ identity trajectory. We simulate the proposed mechanism based on a dataset collected in real practice. The result of the simulation shows that the proposed algorithm can provide privacy protection to a high standard.

Wanshu Yu,Haonan Shi,Hongyun Xu

DOI: https://doi.org/10.48550/arXiv.2307.16849

2023-08-01

Abstract:As people's daily life becomes increasingly inseparable from various mobile electronic devices, relevant service application platforms and network operators can collect numerous individual information easily. When releasing these data for scientific research or commercial purposes, users' privacy will be in danger, especially in the publication of spatiotemporal trajectory datasets. Therefore, to avoid the leakage of users' privacy, it is necessary to anonymize the data before they are released. However, more than simply removing the unique identifiers of individuals is needed to protect the trajectory privacy, because some attackers may infer the identity of users by the connection with other databases. Much work has been devoted to merging multiple trajectories to avoid re-identification, but these solutions always require sacrificing data quality to achieve the anonymity requirement. In order to provide sufficient privacy protection for users' trajectory datasets, this paper develops a study on trajectory privacy against re-identification attacks, proposing a trajectory K-anonymity model based on Point Density and Partition (KPDP). Our approach improves the existing trajectory generalization anonymization techniques regarding trajectory set partition preprocessing and trajectory clustering algorithms. It successfully resists re-identification attacks and reduces the data utility loss of the k-anonymized dataset. A series of experiments on a real-world dataset show that the proposed model has significant advantages in terms of higher data utility and shorter algorithm execution time than other existing techniques.

Cryptography and Security,Machine Learning

Meng Li,Liehuang Zhu,Zijian Zhang,Rixin Xu

DOI: https://doi.org/10.1109/dsc.2016.64

2016-01-01

Abstract:Trajectory data. like human mobility trace, in participatory sensing is of vital importance to many applications, like traffic monitoring, urban planning and social relationship mining. However, improper release of trajectory data can incur great threats to user's privacy. Recent researches have adopted Laplace mechanism to achieve differential privacy which can guarantee that small change of one record in database will not breach a user's privacy. However, existing work cannot guarantee privacy perfectly because a randomly picked noise will not contribute to a meaningful trajectory data release and people need to hide their visits to certain sensitive area. In this paper, we propose a differentially private trajectory data publishing algorithm aiming to protect the privacy of sensitive areas. Privacy analysis show that the proposed scheme achieves differential privacy and experiments with real trajectory data exhibits that the proposed scheme achieves good data utility and is scalable to large trajectory databases.

Lin Yao,Zhenyu Chen,Haibo Hu,Guowei Wu,Bin Wu

DOI: https://doi.org/10.1145/3474839

IF: 5

2022-06-30

ACM Transactions on Intelligent Systems and Technology

Abstract:With the proliferation of location-aware devices, trajectory data have been used widely in real-life applications. However, trajectory data are often associated with sensitive labels, such as users’ purchase transactions and planned activities. As such, inappropriate sharing or publishing of these data could threaten users’ privacy, especially when an adversary has sufficient background knowledge about a trajectory through other data sources, such as social media (check-in tags). Though differential privacy has been used to address the privacy of trajectory data, no existing method can protect the privacy of both trajectory data and sensitive labels. In this article, we propose a comprehensive trajectory publishing algorithm with three effective procedures. First, we apply density-based clustering to determine hotspots and outliers and then blur their locations by generalization. Second, we propose a graph-based model to efficiently capture the relationship among sensitive labels and trajectory points in all records and leverage Laplace noise to achieve differential privacy. Finally, we generate and publish trajectories by traversing and updating this graph until we travel all vertexes. Our experiments on synthetic and real-life datasets demonstrate that our algorithm effectively protects the privacy of both sensitive labels and location data in trajectory publication. Compared with existing works on trajectory publishing, our algorithm can also achieve higher data utility.

computer science, information systems, artificial intelligence

Lu Qiwei,Wang Caimei,Xiong Yan,Xia Huihua,Huang Wenchao,Gong Xudong

DOI: https://doi.org/10.1049/cje.2017.01.024

IF: 1.019

2017-01-01

Chinese Journal of Electronics

Abstract:Due to the popularity of mobile Internet and location-aware devices, there is an explosion of location and trajectory data of moving objects. A few proposals have been proposed for privacy preserving trajectory data publishing, and most of them assume the attacks with the same adversarial background knowledge. In practice, different users have different privacy requirements. Such non-personalized privacy assumption does not meet the personalized privacy requirements, meanwhile, it looses the chance to achieve better utility by taking advantage of differences of users' privacy requirements. We study the personalized trajectory k-anonymity criterion for trajectory data publication. Specifically, we explore and propose an overall framework which provides privacy preserving services based on users' personal privacy requests, including trajectory clusteiing, editing and publication. We demonstrate the efficiency and effectiveness of our scheme through experiments on real world dataset.

Feng Tian,Shuangyue Zhang,Laifeng Lu,Hai Liu,Xiaolin Gui

DOI: https://doi.org/10.1109/NaNA.2017.47

2017-01-01

Abstract:With the development of smart city, more organizations analyze people's trajectory data, so as to provide better location-based services. However, publishing the original trajectory data directly raises serious privacy threats to individuals. As a kind of powerful framework for providing formal and strong privacy guarantees, differential privacy has been applied in the trajectory data publication. Nevertheless, the existing approaches assume that individuals require the same privacy preference, and thus the same level of privacy protection is provided for all individuals, which leads to insufficient privacy guarantee is provided for some individuals, while the other individuals received excess privacy protection. This paper assumes that individuals require different level of privacy and propose a personalized differential privacy publication mechanism for trajectory data. We apply the Hilbert curve to extract the distribution characteristics of the trajectory data at each time and propose a personalized different privacy generalization algorithm for trajectories with different privacy preferences. Through extensive experiments on real world trajectory dataset, we show that this mechanism provides better tradeoff between data privacy and utility compared with the uniform differential privacy based methods.

Jing Xiong,Hong Zhu

DOI: https://doi.org/10.1186/s13677-022-00332-3

2022-09-30

Journal of Cloud Computing

Abstract:Accurate and real-time trajectory data publishing plays an important role in providing users with the latest traffic and road condition information to help in rationally planning travel time and routes. However, the improper publishing of location information and reverse analysis and reasoning can easily leak users' personal information, which may threaten users' privacy and lives. Owing to the inclusion of differential privacy model noise, privacy protection introduces inaccuracies in data publishing and validity. To improve the accuracy and usability of published data, we propose a data publishing method based on deep learning and differential privacy models for securing spatiotemporal trajectory data publishing. The method divides the trajectory data into two-dimensional grid regions, counts the density of trajectories at grids, performs a top-down recursive division of regions, and formulates rules for privacy budget allocation from multiple perspectives as recurrence depth increases. Furthermore, the method integrates spatiotemporal sequence data according to temporal order. Subsequently, it extracts temporal and spatial features of the data by the temporal graph convolutional network model for budget matrix prediction, adds Laplace noise to the regions, and evaluates the effect of differential privacy protection with the original data to protect trajectory data privacy. Experiments demonstrate that under the premise of satisfying ε -difference privacy, the query error and Jensen–Shannon divergence are smaller, the Kendall coefficient is more consistent, and the upper and lower limit values are more stable. Hence, the top-down division method achieves better results than those of the two traditional region division methods of the uniform grid and adaptive grid. The proposed method can be used to allocate the privacy budget more reasonably and achieve privacy protection of trajectories, which can be applied to a large amount of spatiotemporal trajectory data.

Marco Gramaglia,Marco Fiore,Alberto Tarable,Albert Banchs

DOI: https://doi.org/10.48550/arXiv.1701.02243

2017-01-09

Computers and Society

Abstract:Mobile network operators can track subscribers via passive or active monitoring of device locations. The recorded trajectories offer an unprecedented outlook on the activities of large user populations, which enables developing new networking solutions and services, and scaling up studies across research disciplines. Yet, the disclosure of individual trajectories raises significant privacy concerns: thus, these data are often protected by restrictive non-disclosure agreements that limit their availability and impede potential usages. In this paper, we contribute to the development of technical solutions to the problem of privacy-preserving publishing of spatiotemporal trajectories of mobile subscribers. We propose an algorithm that generalizes the data so that they satisfy $k^{\tau,\epsilon}$-anonymity, an original privacy criterion that thwarts attacks on trajectories. Evaluations with real-world datasets demonstrate that our algorithm attains its objective while retaining a substantial level of accuracy in the data. Our work is a step forward in the direction of open, privacy-preserving datasets of spatiotemporal trajectories.

Meng Li,Liehuang Zhu,Zijian Zhang,Rixin Xu

DOI: https://doi.org/10.1016/j.ins.2017.03.015

IF: 8.1

2017-01-01

Information Sciences

Abstract:Trajectory data in participatory sensing is of great importance to the deployment and advancement of several applications, like traffic monitoring, marketing analysis, and urban planning. However, releasing trajectory data without proper sanitation poses serious threats to users privacy. Existing work cannot achieve differential privacy perfectly because they use random and unbounded noises, which will leak users privacy and violate the utility of the released trajectory data. Besides, existing trajectory merging method has to remove some trajectories from the input dataset. To solve both problems, we propose a novel differentially private trajectory data publishing algorithm with a bounded noise generation algorithm and a trajectory merging algorithm. Theoretical analysis and experimental results show that the privacy loss of our scheme is at least 69% less; the average trajectories merging time is 50% less than existing work.

Wenqing Cheng,Ruxue Wen,Haojun Huang,Wang Miao,Chen Wang

DOI: https://doi.org/10.1016/j.neucom.2021.04.137

IF: 6

2022-02-01

Neurocomputing

Abstract:With the development of location-based applications, more and more trajectory data are collected. Trajectory data often contains users’ sensitive information, and direct release it may pose a threat to users’ privacy. Differential privacy, as a privacy preserving method with solid mathematical foundation, has been widely used in trajectory data publishing. However, current trajectory data publishing methods based on differential privacy cannot fully realize the personalized privacy protection. In this paper, an optimal personalized trajectory differential privacy mechanism is proposed. Firstly, by establishing the probabilistic mobility model of trajectories, we cluster the locations to achieve semantic location matching between different trajectories. Based on the semantic similarity, we identify the templet trajectory, and propose a privacy level allocation method based on stay-points and frequent sub-trajectories. Then, according to the location matching results, we can automatically identify the privacy level of all locations. Combined with the optimal location differential privacy mechanism, we disturb the location points on the user’s trajectory before publishing, where different location privacy levels correspond to different privacy budgets. Experiment results on real-world datasets show that our mechanism provides a better tradeoff between privacy protection and data utility compared with traditional differential privacy methods.

computer science, artificial intelligence

Wanqing Wu,Wenlong Shang,Ruohe Lei,Xin Yang

DOI: https://doi.org/10.1155/2022/8635275

2022-07-05

Wireless Communications and Mobile Computing

Abstract:With the rapid development of mobile Internet and communication technology, location-based services (LBS) are widely used in our daily life. The server stores a large amount of user location data, and these location data constitute user trajectories. If trajectory information on the server is leaked, it will seriously endanger users’ privacy. Trajectory k -anonymity technology is one of the most important methods to protect the privacy of user trajectory. However, current trajectory k -anonymity methods have less discussion on the semantic of stop point when selecting dummy trajectory, which leads to the fact that attacker can still exclude the dummy trajectory from the k -anonymity set and infer the real trajectory by combining background knowledge with the semantic information of stop points. To address this problem, this paper decomposes the real trajectory into location pairs set; the set consists of start-end points and stop points. According to the similarity of location pairs, the similar location pairs in history trajectory set are used to generate dummy trajectory: firstly, extracting the start-end points and stop points from real trajectory and assigning semantic to them. Then, based on the semantic, temporal, and geographical attributes, eligible location pairs are selected from history trajectory set to construct equivalence class. Finally, according to the location pairs in equivalence class, k − 1 dummy trajectories are generated to form a k -anonymity set. We evaluate our method thoroughly with real dataset. The results show that our method achieve an effective data availability and higher privacy protection than other methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Rui Chen,Benjamin C. M. Fung,Bipin C. Desai

DOI: https://doi.org/10.48550/arXiv.1112.2020

2011-12-09

Databases

Abstract:With the increasing prevalence of location-aware devices, trajectory data has been generated and collected in various application domains. Trajectory data carries rich information that is useful for many data analysis tasks. Yet, improper publishing and use of trajectory data could jeopardize individual privacy. However, it has been shown that existing privacy-preserving trajectory data publishing methods derived from partition-based privacy models, for example k-anonymity, are unable to provide sufficient privacy protection. In this paper, motivated by the data publishing scenario at the Societe de transport de Montreal (STM), the public transit agency in Montreal area, we study the problem of publishing trajectory data under the rigorous differential privacy model. We propose an efficient data-dependent yet differentially private sanitization algorithm, which is applicable to different types of trajectory data. The efficiency of our approach comes from adaptively narrowing down the output domain by building a noisy prefix tree based on the underlying data. Moreover, as a post-processing step, we make use of the inherent constraints of a prefix tree to conduct constrained inferences, which lead to better utility. This is the first paper to introduce a practical solution for publishing large volume of trajectory data under differential privacy. We examine the utility of sanitized data in terms of count queries and frequent sequential pattern mining. Extensive experiments on real-life trajectory data from the STM demonstrate that our approach maintains high utility and is scalable to large trajectory datasets.

Zihao Shen,Yuyang Zhang,Hui Wang,Peiqian Liu,Kun Liu,Yanmei Shen

DOI: https://doi.org/10.1016/j.eswa.2024.124264

IF: 8.5

2024-05-27

Expert Systems with Applications

Abstract:Ignoring the temporal relationship of position points in trajectory data or the change in the number of position points in dummy trajectory generation can result in inadequate data availability. To address the data availability problem of publishing user trajectory data while ensuring privacy protection, this paper proposes an improved privacy protection method combining a Bidirectional Gated Recurrent Unit and differential privacy (BiGRU-DP). First, Laplace noise is added to the time attribute of the trajectory data. Secondly, BiGRU is used to predict the processing of trajectory data, considering the bi-directional data of the predicted point. Then, the k -means clustering method is used to generalize and optimize the trajectory data. Finally, the trajectory data is published after adding noise. The experimental simulation results show that BiGRU-DP enhances the availability of published data and has certain efficiency advantages over traditional trajectory data publishing methods while ensuring privacy protection.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Xiaodong Zhao,Dechang Pi,Junfu Chen

DOI: https://doi.org/10.1016/j.eswa.2020.113241

IF: 8.5

2020-07-01

Expert Systems with Applications

Abstract:With the development of location-aware technology, a large amount of location data of users is collected by the trajectory database. If these trajectory data are directly used for data mining without being processed, it will pose a threat to the user's personal privacy. At the moment, differential privacy is favored by experts and scholars because of its strict mathematical rigor, but how to apply differential privacy technology to trajectory clustering analysis is a difficult problem. To solve the problems in which existing trajectory privacy-preserving models have poor data availability or difficulty to resist complex privacy attacks, we devise novel trajectory privacy-preserving method based on clustering using differential privacy. More specifically, Laplacian noise is added to the count of trajectory location in the cluster to resist the continuous query attack. Then, radius-constrained Laplacian noise is added to the trajectory location data in the cluster to avoid too much noise affecting the clustering effect. According to the noise location data and the count of noise location, the noise clustering center in the cluster is obtained. Finally, it is considered that the attacker can associate the user trajectory with other information to form secret reasoning attack, and secret reasoning attack model is proposed. And we use the differential privacy technology to give corresponding resistance. Experimental results using the open data show that the proposed algorithm can not only effectively protect the private information of the trajectory data, but also ensure the data availability in cluster analysis. And compared with other algorithms, our algorithm has good effect on some evaluation indicators.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

She Sun,Shuai Ma,Jing-He Song,Wen-Hai Yue,Xue-Lian Lin,Tiejun Ma

DOI: https://doi.org/10.1007/s11390-022-2409-x

IF: 1.871

2022-01-01

Journal of Computer Science and Technology

Abstract:With the advancing of location-detection technologies and the increasing popularity of mobile phones and other location-aware devices, trajectory data is continuously growing. While large-scale trajectories provide opportunities for various applications, the locations in trajectories pose a threat to individual privacy. Recently, there has been an interesting debate on the reidentifiability of individuals in the Science magazine. The main finding of Sánchez et al. is exactly opposite to that of De Montjoye et al. , which raises the first question: “what is the true situation of the privacy preservation for trajectories in terms of reidentification?” Furthermore, it is known that anonymization typically causes a decline of data utility, and anonymization mechanisms need to consider the trade-off between privacy and utility. This raises the second question: “what is the true situation of the utility of anonymized trajectories?” To answer these two questions, we conduct a systematic experimental study, using three real-life trajectory datasets, five existing anonymization mechanisms (i.e., identifier anonymization, grid-based anonymization, dummy trajectories, k -anonymity and ε -differential privacy), and two practical applications (i.e., travel time estimation and window range queries). Our findings reveal the true situation of the privacy preservation for trajectories in terms of reidentification and the true situation of the utility of anonymized trajectories, and essentially close the debate between De Montjoye et al. and Sánchez et al. To the best of our knowledge, this study is among the first systematic evaluation and analysis of anonymized trajectories on the individual privacy in terms of unicity and on the utility in terms of practical applications.

Kai Zhao,Zhen Tu,Fengli Xu,Yong Li,Pengyu Zhang,Dan Pei,Li Su,Depeng Jin

DOI: https://doi.org/10.1109/tnsm.2019.2907542

2019-01-01

IEEE Transactions on Network and Service Management

Abstract:Trajectory data has been widely collected via mobile devices and publicly released for academic research and commercial purposes. One primary concern of publishing such a dataset is the privacy issue. Previous protection schemes mainly focus on preventing re-identification attack, which utilizes the uniqueness of trajectories. However, the correlation between trajectories, which has not been given much attention to before, could also give rise to serious privacy leakage. Recent studies have proved that it is possible to identify social relationship, de-anonymize trajectories or even infer user’s locations by analyzing the correlation between users’ trajectories. We identify the serious privacy problem of social relationship leakage caused by what we call social relationship attack and aim to protect social relationship information, which cannot be protected by existing algorithms. We contribute to the design of a new privacy model and an effective system to deal with social relationship attack and re-identification attack simultaneously while maintaining high data utility. We propose a <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">SlidingWindow</italic> algorithm to merge trajectories according to their <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">social-aware distance</italic> , which concerns both the spatiotemporal distance and social proximity. Evaluations of two trajectory datasets under different scenarios demonstrate that our system provides more than 1.84 times privacy protection at the cost of only 2.5% data utility loss.

Fengmei Jin,Wen Hua,Boyu Ruan,Xiaofang Zhou

DOI: https://doi.org/10.48550/arXiv.2207.03722

2022-07-08

Databases

Abstract:With the popularity of GPS-enabled devices, a huge amount of trajectory data has been continuously collected and a variety of location-based services have been developed that greatly benefit our daily life. However, the released trajectories also bring severe concern about personal privacy, and several recent studies have demonstrated the existence of personally-identifying information in spatial trajectories. Trajectory anonymization is nontrivial due to the trade-off between privacy protection and utility preservation. Furthermore, recovery attack has not been well studied in the current literature. To tackle these issues, we propose a frequency-based randomization model with a rigorous differential privacy guarantee for trajectory data publishing. In particular, we introduce two randomized mechanisms to perturb the local/global frequency distributions of significantly important locations in trajectories by injecting Laplace noise. We design a hierarchical indexing along with a novel search algorithm to support efficient trajectory modification, ensuring the modified trajectories satisfy the perturbed distributions without compromising privacy guarantee or data utility. Extensive experiments on a real-world trajectory dataset verify the effectiveness of our approaches in resisting individual re-identification and recovery attacks and meanwhile preserving desirable data utility as well as the feasibility in practice.

Zhiping Xu,Jing Zhang,Pei-Wei Tsai,Liwei Lin,Chao Zhuo

DOI: https://doi.org/10.3390/s21062021

2021-03-12

Abstract:Recent years have seen the wide application of Location-Based Services (LBSs) in our daily life. Although users can enjoy many conveniences from the LBSs, they may lose their trajectory privacy when their location data are collected. Therefore, it is urgent to protect the user's trajectory privacy while providing high quality services. Trajectory k-anonymity is one of the most important technologies to protect the user's trajectory privacy. However, the user's attributes are rarely considered when constructing the k-anonymity set. It results in that the user's trajectories are especially vulnerable. To solve the problem, in this paper, a Spatiotemporal Mobility (SM) measurement is defined for calculating the relationship between the user's attributes and the anonymity set. Furthermore, a trajectory graph is designed to model the relationship between trajectories. Based on the user's attributes and the trajectory graph, the SM based trajectory privacy-preserving algorithm (MTPPA) is proposed. The optimal k-anonymity set is obtained by the simulated annealing algorithm. The experimental results show that the privacy disclosure probability of the anonymity set obtained by MTPPA is about 40% lower than those obtained by the existing algorithms while the same quality of services can be provided.