Qilong Han,Zuobin Xiong,Kejia Zhang

DOI: https://doi.org/10.1155/2018/4248092

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:A number of security and privacy challenges of cyber system are arising due to the rapidly evolving scale and complexity of modern system and networks. The cyber system is a fundamental ingredient for Internet of Things (IoT) and smart city which are driven by huge amount of data. These data carry a lot of information for mining and analysis, especially trajectory data. If unprotected trajectory data is released, it may disclose user’s personal privacy, such as home, religion, and behavior mode, which will endanger their personal security. Until now, many methods for protecting trajectory information have been proposed. However, these methods have the following deficiencies: (i) they cannot defend against speculative attacks if the attacker’s background knowledge is maximized; (ii) when studying the problem, they made some strong assumptions that did not match the reality; (iii) the implementation algorithm is complicated and the time complexity is high, which means that data cannot be executed quickly when the amount is large. So, in this paper, we propose a spatial partition based method to publish trajectory data via differential privacy. First, by exponential mechanism, we divide location set at the same time into different partitions fast and accurately. Then we propose another effective method to release trajectory in a differential private manner. We design experiment based on the real-life dataset and compare it with existing method. The results show that the trajectory dataset released by our algorithm has better usability while ensuring privacy.

Lin Yao,Zhenyu Chen,Haibo Hu,Guowei Wu,Bin Wu

DOI: https://doi.org/10.1145/3474839

IF: 5

2022-06-30

ACM Transactions on Intelligent Systems and Technology

Abstract:With the proliferation of location-aware devices, trajectory data have been used widely in real-life applications. However, trajectory data are often associated with sensitive labels, such as users’ purchase transactions and planned activities. As such, inappropriate sharing or publishing of these data could threaten users’ privacy, especially when an adversary has sufficient background knowledge about a trajectory through other data sources, such as social media (check-in tags). Though differential privacy has been used to address the privacy of trajectory data, no existing method can protect the privacy of both trajectory data and sensitive labels. In this article, we propose a comprehensive trajectory publishing algorithm with three effective procedures. First, we apply density-based clustering to determine hotspots and outliers and then blur their locations by generalization. Second, we propose a graph-based model to efficiently capture the relationship among sensitive labels and trajectory points in all records and leverage Laplace noise to achieve differential privacy. Finally, we generate and publish trajectories by traversing and updating this graph until we travel all vertexes. Our experiments on synthetic and real-life datasets demonstrate that our algorithm effectively protects the privacy of both sensitive labels and location data in trajectory publication. Compared with existing works on trajectory publishing, our algorithm can also achieve higher data utility.

computer science, information systems, artificial intelligence

Zheng HUO,Xiao-Feng MENG

DOI: https://doi.org/10.11897/SP.J.1016.2018.00400

2018-01-01

Abstract:Trajectory data have rich spatiotemporal information,which may cause users' personal privacy leakage.In order to avoid this,privacy-preserving techniques are required before the publication of trajectory data.Most of the existing trajectory privacy-preserving techniques are based on the k-anonymity model,which has two main drawbacks:one is low privacy guarantee;the other is heavily dependent on the background knowledge that the attackers know.In recent years,researchers proposed differential privacy,which is known as the strongest privacy-preserving model,and it is quite good at publication of statistical information.While,publication of statistical information may also cause leakage of users' location privacy.At first,we propose two attack models in publication of count values of location samples,called sparse location attack and maximum moving speed attack.Then we propose two trajectory data publication methods under differential privacy:in free space,we propose a differentially private trajectory data publication method based on noisy quad-tree.The privacy budget is divided according to the level of the quad-tree;Laplace noise is added into each level's count value of moving object.In road network space,we propose a differentially private trajectory data publication method base on noisy R-tree.While R-tree is used to index road segment,privacy budget is divided and Laplace noise is added to the count values of each road segment or the minimum bounding rectangles of road segment.Both method spublish noisy count values of location data of each timestamp,which form a sequence of count values.Differential privacy algorithms have higher privacy guarantee than traditional k-anonymity methods.Actually,published trajectory data is a location count value sequence of multiple consequent timestamps.Since the main idea of differential privacy is to add Laplace noise into original data,and the added Laplace noise are independent at each timestamp,it may cause data inconsistency,which may reduce the utility of the published data.The data inconsistency happens when publication of location data of two or more consequent timestamps.We propose a heuristic algorithm to solve this problem.This algorithm is an extreme value problem under certain constraints.The constraints we conclude are the maximum and minimum numbers of each area or road segment,according to the moving speed,area size or the length of a road segment.The extreme value function is the L2 distance between the noisy count value sequence and the consistency count value sequence,we may find a consistent count value sequence which is most close to the noisy data.At last,we conduct a set of experiments on two data sets,one is generated location data under Gaussian distribution,and the other is generated data under Oldenburg city road network constraints.We measure data utility and runtime of each algorithm before and after consistency procedure,the results show that the consistency algorithm may improve the data utility about 200％ in average,which shows the effectiveness of the consistency algorithm.We also test runtime of each algorithm,with the incensement of the data set size,run time increases linearly,which means the algorithms are easy to extend.

Xiang Liu,Yuchun Guo,Yishuai Chen,Xiaoying Tan

DOI: https://doi.org/10.1109/GLOCOM.2018.8647918

2018-01-01

Abstract:Continuously sharing user's trajectory data which contain one's location information makes the crowd sensing of the traffic dynamics and mobility trends feasible. This kind of spatial streaming data is beneficial for intelligent transportation but at the risk of disclosing personal privacy, even if it is published in statistical form such as "the number of users in an area at time t". The user number on a location at time t is similar to that of previous release on the same location, and to that on adjacent locations. Such spatio-temporal correlation makes it a challenge to find solutions to protect user's trajectory privacy. The state-ofthe-art privacy protection framework, differential privacy, has been extended to streaming scenario for preventing the privacy leak causing by the temporal correlation. However, such schemes neglect the importance of spatial correlation so that they may suffer the leak of user trajectory privacy or the degradation of data utility. Based on the observation that any piece of trajectory has temporal and spatial locality, we propose a flexible trajectory privacy model of omega-event n(2) -block differential privacy, short as (omega, n)-differential privacy, to ensure any trajectory occurring in an area of n x n blocks during omega successive timestamps under the protection of epsilon-differential privacy. Then we design the Spatial Temporal Budget Distribution (STBD) algorithm for achieving (omega, n)-differential privacy. Validation results of this algorithm on two real-life datasets and one synthetic dataset confirm its practicality.

Zhaowei Hu,Jing Yang

DOI: https://doi.org/10.1371/journal.pone.0237158

IF: 3.7

2020-08-12

PLoS ONE

Abstract:Aiming to solve the problem of low data utilization and privacy protection, a personalized differential privacy protection method based on cross-correlation constraints is proposed. By protecting sensitive location points on the trajectory and their affiliated sensitive points, this method combines the sensitivity of the user's trajectory location and user privacy protection requirements and privacy budget to propose a (R,Ɛ) -extended differential privacy protection model. Using autocorrelation Laplace transform, specific Gaussian white noise is transformed into noise that is related to the user's real trajectory sequence in both time and space. Then the noise is added to the user trajectory sequence to ensure spatio-temporal correlation between the noise sequence and the user trajectory sequence. This defines the cross-correlation constraint mechanism of the published trajectory sequence. By superimposing the real trajectory sequence on the user's noise sequence that satisfies the autocorrelation, a published trajectory sequence that satisfies the cross-correlation constraint condition is established to provide strong privacy guarantees against adversaries. Finally, the feasibility, effectiveness and rationality of the algorithm are verified by simulation experiments, and the proposed method is compared with recent studies in the same field on basis of merits and weakness and so on.

Guangqiang Xie,Haoran Xu,Jiyuan Xu,Shupeng Zhao,Yang Li,Chang-Dong Wang,Xianbiao Hu,Yonghong Tian

DOI: https://doi.org/10.1109/tkde.2024.3449433

IF: 9.235

2024-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:With the rapid development of wireless communication and localization technologies, the easier collection of trajectory data can bring potential data-driven value. Recently, there has been an increasing interest in how to publish trajectory dataset without revealing personal information. However, since the large-scale and real-world sequential trajectory dataset presents a heterogeneous regional distribution, the existing study ignores the relationship between privacy budget allocation and spatial characteristics, resulting in unreasonable continuity and mapping distortion, and thus lowering the utility of the synthetic dataset. To address this problem, we propose a probability distribution model named Adaptive grid-based Weighted Differential Privacy (AWDP). First, trajectories are adaptively discretized into the multi-resolution grid structures to make trajectories more uniformly distributed and less disturbed by the noise. Second, we allocate different weighted budgets for different grids according to density-based regional characteristics. Third, a spatio-temporal continuity maintenance method is designed to solve unrealistic direction- and density-based continuity deviations of synthetic trajectories. An application system is developed for demonstration purposes which is available online at http://qgailab.com/awdp/ . The extensive experiments on three datasets demonstrate that AWDP performs significantly better than the state-of-the-art model in preserving the density distribution of the original trajectories with differential privacy guarantee and high utility.

Kangkang Dou,Jian Liu

DOI: https://doi.org/10.1007/978-981-15-7984-4_12

2020-01-01

Abstract:AbstractLocation-based services provide service and convenience, while causing the leakage of track privacy. The existing trajectory privacy protection methods lack the consideration of the correlation between the noise sequence, the user’s original trajectory sequence, and the published trajectory sequence. And they are susceptible to noise filtering attacks using filtering methods. In view of this problem, a differential privacy trajectory protection method based on spatiotemporal correlation is proposed in this paper. With this method, the concept of correlation function was introduced to establish the correlation constraint of release track sequence, and the least square method was used to fit the user’s original track and the overall direction of noise sequence to construct noise candidate set. It ensured that the added noise sequence has spatiotemporal correlation with the user’s original track sequence and release track sequence. Also, it effectively resists attackers’ denoising attacks, and reduces the risk of trajectory privacy leakage. Finally, comparative experiments were carried out on the real data sets. The experimental results show that this method effectively improves the privacy protection effect and the data availability of the release track, and it also has better practicability.

Zihao Shen,Yuyang Zhang,Hui Wang,Peiqian Liu,Kun Liu,Yanmei Shen

DOI: https://doi.org/10.1016/j.eswa.2024.124264

IF: 8.5

2024-05-27

Expert Systems with Applications

Abstract:Ignoring the temporal relationship of position points in trajectory data or the change in the number of position points in dummy trajectory generation can result in inadequate data availability. To address the data availability problem of publishing user trajectory data while ensuring privacy protection, this paper proposes an improved privacy protection method combining a Bidirectional Gated Recurrent Unit and differential privacy (BiGRU-DP). First, Laplace noise is added to the time attribute of the trajectory data. Secondly, BiGRU is used to predict the processing of trajectory data, considering the bi-directional data of the predicted point. Then, the k -means clustering method is used to generalize and optimize the trajectory data. Finally, the trajectory data is published after adding noise. The experimental simulation results show that BiGRU-DP enhances the availability of published data and has certain efficiency advantages over traditional trajectory data publishing methods while ensuring privacy protection.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Yongli Wang,Xiaoze Gong,Weicheng Zhi

DOI: https://doi.org/10.1109/bdicn58493.2023.00016

2023-01-01

Abstract:As a reliable privacy protection method, differential privacy has been widely used in trajectory data release. However, the current trajectory protection method based on differential privacy lacks the analysis of the privacy requirements of each user and allocates the same privacy budget to all trajectory location points of the user, which cannot provide personalized trajectory privacy protection according to user characteristics. Aiming at this problem, we propose a trajectory protection method based on area density analysis. Analyze the stay area of each user, calculate the stay point and reconstruct the trajectory set according to the time and distance thresholds. Using the minimum spanning tree clustering algorithm based on local density peaks to obtain the privacy-sensitive location points and active hotspot areas of the user’s trajectory. According to the designed privacy importance degree expression, calculate privacy score of each sensitive location point, and assign them the proper privacy budget value. The experimental comparison on real data sets shows that this trajectory privacy protection method can better reduce the privacy budget waste and improve the availability of data compared with the traditional differential privacy trajectory protection method.

Computer Science

Qilong Han,Qianqian Chen,Kejia Zhang,Xiaojiang Du,Nadra Guizani

DOI: https://doi.org/10.48550/arXiv.1804.02052

2018-04-05

Cryptography and Security

Abstract:Collection of user's location and trajectory information that contains rich personal privacy in mobile social networks has become easier for attackers. Network traffic control is an important network system which can solve some security and privacy problems. In this paper, we consider a network traffic control system as a trusted third party and use differential privacy for protecting more personal trajectory data. We studied the influence of the high dimensionality and sparsity of trajectory data sets based on the availability of the published results. Based on similarity point aggregation reconstruction ideas and a prefix tree model, we proposed a hybrid publishing method of differential privacy spatiotemporal trajectory data sets APTB.

Xiaodong Zhao,Dechang Pi,Junfu Chen

DOI: https://doi.org/10.1016/j.eswa.2020.113241

IF: 8.5

2020-07-01

Expert Systems with Applications

Abstract:With the development of location-aware technology, a large amount of location data of users is collected by the trajectory database. If these trajectory data are directly used for data mining without being processed, it will pose a threat to the user's personal privacy. At the moment, differential privacy is favored by experts and scholars because of its strict mathematical rigor, but how to apply differential privacy technology to trajectory clustering analysis is a difficult problem. To solve the problems in which existing trajectory privacy-preserving models have poor data availability or difficulty to resist complex privacy attacks, we devise novel trajectory privacy-preserving method based on clustering using differential privacy. More specifically, Laplacian noise is added to the count of trajectory location in the cluster to resist the continuous query attack. Then, radius-constrained Laplacian noise is added to the trajectory location data in the cluster to avoid too much noise affecting the clustering effect. According to the noise location data and the count of noise location, the noise clustering center in the cluster is obtained. Finally, it is considered that the attacker can associate the user trajectory with other information to form secret reasoning attack, and secret reasoning attack model is proposed. And we use the differential privacy technology to give corresponding resistance. Experimental results using the open data show that the proposed algorithm can not only effectively protect the private information of the trajectory data, but also ensure the data availability in cluster analysis. And compared with other algorithms, our algorithm has good effect on some evaluation indicators.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Jing Zhang,Yanzi Li,Qian Ding,Liwei Lin,Xiucai Ye

DOI: https://doi.org/10.3390/e24091172

IF: 2.738

2022-08-24

Entropy

Abstract:The publication of trajectory data provides critical information for various location-based services, and it is critical to publish trajectory data safely while ensuring its availability. Differential privacy is a promising privacy protection technology for publishing trajectory data securely. Most of the existing trajectory privacy protection schemes do not take into account the user's preference for location and the influence of semantic location. Besides, differential privacy for trajectory protection still has the problem of balance between the privacy budget and service quality. In this paper, a semantics- and prediction-based differential privacy protection scheme for trajectory data is proposed. Firstly, trajectory data are transformed into a prefix tree structure to ensure that they satisfy differential privacy. Secondly, considering the influence of semantic location on trajectory, semantic sensitivity combined with location check-in frequency is used to calculate the sensitivity of each position in the trajectory. The privacy level of the position is classified by setting thresholds. Moreover, the corresponding privacy budget is allocated according to the location privacy level. Finally, a Markov chain is used to predict the attack probability of each position in the trajectory. On this basis, the allocation of the privacy budget is further adjusted and its utilization rate is improved. Thus, the problem of the balance between the privacy budget and service quality is solved. Experimental results show that the proposed scheme is able to ensure data availability while protecting data privacy.

physics, multidisciplinary

Xinyao Liu,Baojiang Cui,Junsong Fu,Zishuai Cheng,Xuyan Song

DOI: https://doi.org/10.1155/2022/2045586

IF: 1.968

2022-01-01

Security and Communication Networks

Abstract:Secure data publishing of private trajectory is a typical application scene in the Internet of Things (IoT). Protecting users’ privacy while publishing data has always been a long-term challenge. In recent years, the mainstream method is to combine the Markov model and differential privacy (DP) mechanism to build a private trajectory generation model and publishes the generated synthetic trajectory data instead of the original data. However, Markov cannot effectively model the long-term trajectory data spatio-temporal correlation, and the DP noise results in the low availability of the synthetic data. To protect users’ privacy and improve the availability of synthetic trajectory data, we propose a trajectory generation model with differential privacy and deep learning (DTG). In DTG, we design a private hierarchical adaptive grid method. It divides the geospatial region into several subregions according to the density of positions to realize the discretization of coordinates of the trajectory data. Second, GRU is used to capture the temporal features of the trajectory sequence for good availability, and we generate synthetic trajectory data by predicting the next position. Third, we adopt the optimizer perturbation method in gradient descent to protect the privacy of model parameters. Finally, we experimentally compare DTG with the state-of-the-art approaches in trajectory generation on actual trajectory data T-Drive, Portotaxi, and Swedishtaxi. The result demonstrates that DTG has a better performance in generating synthetic trajectories under four error metrics.

Wenqing Cheng,Ruxue Wen,Haojun Huang,Wang Miao,Chen Wang

DOI: https://doi.org/10.1016/j.neucom.2021.04.137

IF: 6

2022-02-01

Neurocomputing

Abstract:With the development of location-based applications, more and more trajectory data are collected. Trajectory data often contains users’ sensitive information, and direct release it may pose a threat to users’ privacy. Differential privacy, as a privacy preserving method with solid mathematical foundation, has been widely used in trajectory data publishing. However, current trajectory data publishing methods based on differential privacy cannot fully realize the personalized privacy protection. In this paper, an optimal personalized trajectory differential privacy mechanism is proposed. Firstly, by establishing the probabilistic mobility model of trajectories, we cluster the locations to achieve semantic location matching between different trajectories. Based on the semantic similarity, we identify the templet trajectory, and propose a privacy level allocation method based on stay-points and frequent sub-trajectories. Then, according to the location matching results, we can automatically identify the privacy level of all locations. Combined with the optimal location differential privacy mechanism, we disturb the location points on the user’s trajectory before publishing, where different location privacy levels correspond to different privacy budgets. Experiment results on real-world datasets show that our mechanism provides a better tradeoff between privacy protection and data utility compared with traditional differential privacy methods.

computer science, artificial intelligence

Zhen Gu,Guoyin Zhang

DOI: https://doi.org/10.4018/ijisp.315593

2023-01-01

International Journal of Information Security and Privacy

Abstract:Analyzing trajectory data can provide people with a higher quality of life. However, publishing trajectory data directly will leak privacy. The authors propose a trajectory data publication method based on differential privacy (TDDP). TDDP method consists of two stages. In the location generalization stage, firstly, the locations at each timestamp are clustered into classes by k-means++ algorithm, and then the representative location of each class is selected by using the exponential mechanism. In the generalized trajectory data publication stage, the authors design a sampling mechanism to form the generalized trajectories. The locations are sampled from the representative locations under different timestamps to form the generalized trajectories. The TDDP method can avoid the generation of non-semantic representative locations and ensure that the generalized trajectories can resist filtering attacks. The experimental results show that the trajectory data released by TDDP method can achieve a good balance between privacy protection and data availability.

Meng Li,Liehuang Zhu,Zijian Zhang,Rixin Xu

DOI: https://doi.org/10.1016/j.ins.2017.03.015

IF: 8.1

2017-01-01

Information Sciences

Abstract:Trajectory data in participatory sensing is of great importance to the deployment and advancement of several applications, like traffic monitoring, marketing analysis, and urban planning. However, releasing trajectory data without proper sanitation poses serious threats to users privacy. Existing work cannot achieve differential privacy perfectly because they use random and unbounded noises, which will leak users privacy and violate the utility of the released trajectory data. Besides, existing trajectory merging method has to remove some trajectories from the input dataset. To solve both problems, we propose a novel differentially private trajectory data publishing algorithm with a bounded noise generation algorithm and a trajectory merging algorithm. Theoretical analysis and experimental results show that the privacy loss of our scheme is at least 69% less; the average trajectories merging time is 50% less than existing work.

Meng Li,Liehuang Zhu,Zijian Zhang,Rixin Xu

DOI: https://doi.org/10.1109/dsc.2016.64

2016-01-01

Abstract:Trajectory data. like human mobility trace, in participatory sensing is of vital importance to many applications, like traffic monitoring, urban planning and social relationship mining. However, improper release of trajectory data can incur great threats to user's privacy. Recent researches have adopted Laplace mechanism to achieve differential privacy which can guarantee that small change of one record in database will not breach a user's privacy. However, existing work cannot guarantee privacy perfectly because a randomly picked noise will not contribute to a meaningful trajectory data release and people need to hide their visits to certain sensitive area. In this paper, we propose a differentially private trajectory data publishing algorithm aiming to protect the privacy of sensitive areas. Privacy analysis show that the proposed scheme achieves differential privacy and experiments with real trajectory data exhibits that the proposed scheme achieves good data utility and is scalable to large trajectory databases.

Sujin Cai,Xin Lyu,Xin Li,Duohan Ban,Tao Zeng

DOI: https://doi.org/10.1109/tits.2021.3130978

IF: 8.5

2022-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:The locations and users' information can be shared and interacted in the IoV (Internet of Vehicles), which provides sufficient data for traffic deployment and behavior pattern analysis. However, privacy issues had become more severe since personal or sensitive information is inclined to be revealed in a big data environment. In this work, a novel differential privacy-based algorithm named DPTD (Differentially Private Trajectory Database) is proposed for trajectory database releasing. Firstly, a 3-dimensional generalized trajectory dataset is established by considering the time factor. Then, the trajectory space is divided into several planes through the timestamps, and the set of the locations on each plane is further processed by clustering and generalizing to re-form new trajectories, that is, the trajectories to be released. This method is quite favorable to prefix-tree releasing because the spatiotemporal characteristics of the trajectories can be captured and spareness problem is fixed. Besides, a Markov assumption-based prediction method is suggested in order to reduce the cost of adding noise. Unlike the traditional method that the noise is added layer by layer, the noise is only added to the odd layers based on the prediction through spatio-temporal correlation, saving approximately 50% of the privacy budget. Theoretical analysis and experimental results show that the proposed algorithm has better data availability than the compared algorithms while guaranteeing the expected privacy level.

Wei LAN,Ying LIN,Lingyan BAO,Tong LI,Mengrong CHEN,Jinzhao SHAN

DOI: https://doi.org/10.3778/j.issn.1673-9418.1901007

2020-01-01

Abstract:Trajectory data privacy protection method is a hot topic in data privacy protection research field. Most of existing trajectory data privacy protection methods adopt the strategy of adding noise to all locations, which reduces the availability of data after protection while protecting trajectory data. Aiming to solve this problem, this paper proposes a trajectory-differential privacy-protection method with interest region. In this method, an area where a user stays long enough within a certain distance range is defined as interest region. And the corresponding central point of the interest region is defined as stay point. Then this paper mines the frequent-stay points from all stay points by setting threshold. After that, this paper generates a simplified trajectory by using stay point to represent the corresponding interest region. At last, this method uses the Laplace mechanism to add noise to the frequent-stay points. This method realizes trajectory data privacy protection under differential privacy just by adding noise to a part of the locations in a trajectory. The experiment conducted on the real world datasets and simulation datasets shows that the proposed method can improve data utility under the premise of protecting the privacy of trajectory data.