Robust Estimation Method against Poisoning Attacks for Key-Value Data with Local Differential Privacy-Reference-Cited by-同舟云学术

Robust Estimation Method against Poisoning Attacks for Key-Value Data with Local Differential Privacy

Published:2024-07-22 Issue:14 Volume:14 Page:6368
ISSN:2076-3417
Container-title:Applied Sciences
language:en
Short-container-title:Applied Sciences

Author:

Horigome Hikaru¹,Kikuchi Hiroaki²^ORCID,Fujita Masahiro¹,Yu Chia-Mu³

Affiliation:

1. Mitsubishi Electric Corporation, 5-1-1 Ofuna, Kamakura 247-8501, Japan

2. Graduate School of Advanced Mathematical Science, Meiji University, 4-21-1 Nakano, Tokyo 164-8525, Japan

3. Department of Electroncis and Electrical Engineering, National Yang Ming Chiao Tung University (NYCU), 1001 University Rd., Hsinchu 300, Taiwan

Abstract

Local differential privacy (LDP) protects user information from potential threats by randomizing data on individual devices before transmission to untrusted collectors. This method enables collectors to derive user statistics by analyzing randomized data, thereby presenting a promising avenue for privacy-preserving data collection. In the context of key–value data, in which discrete and continuous values coexist, PrivKV has been introduced as an LDP protocol to ensure secure collection. However, this framework is susceptible to poisoning attacks. To address this vulnerability, we propose an expectation maximization (EM)-based algorithm combined with a cryptographic protocol to facilitate secure random sampling. Our LDP protocol, known as emPrivKV, exhibits two key advantages: it improves the accuracy of statistical information estimation from randomized data, and enhances resilience against the manipulation of statistics, that is, poisoning attacks. These attacks involve malicious users manipulating the analysis results without detection. This study presents the empirical results of applying the emPrivKV protocol to both synthetic and open datasets, highlighting a notable improvement in the precision of statistical value estimation and robustness against poisoning attacks. As a result, emPrivKV improved the frequency and the mean gains by 17.1% and 25.9%, respectively, compared to PrivKV, with the number of fake users being 0.1 of the genuine users. Our findings contribute to the ongoing discourse on refining LDP protocols for key–value data in scenarios involving privacy-sensitive information.

Funder

JSPS KAKENHI

JST, CREST

Publisher

MDPI AG

Link

https://www.mdpi.com/2076-3417/14/14/6368/pdf

Reference46 articles.

1. Erlingsson, Ú., Pihur, V., and Korolova, A. (2014, January 3–7). RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA.

2. PrivKV: Key–value Data Collection with Local Differential Privacy;Ye;IEEE Secur. Priv.,2019

3. Gu, X., Li, M., Cheng, Y., Xiong, L., and Cao, Y. (2020, January 12–14). PCKV: Locally Differentially Private Correlated key–value Data Collection with Optimized Utility. Proceedings of the 29th USENIX Security Symposium, Virtual Event.

4. PrivKVM*: Revisiting key–value Statistics Estimation with Local Differential Privacy;Ye;IEEE Trans. Dependable Secur. Comput.,2021

5. Cao, X., Jia, J., and Gong, N.Z. (2021, January 11–13). Data Poisoning Attacks to Local Differential Privacy Protocols. Proceedings of the 30th USENIX Security Symposium, Virtual Event.