With the popularity of GPS-enabled devices, a huge amount of trajectory data has been continuously collected and a variety of location-based services have been developed that greatly benefit our daily life. However, the released trajectories also bring severe concern about personal privacy, and several recent studies have demonstrated the existence of personally-identifying information in spatial trajectories. Trajectory anonymization is nontrivial due to the trade-off between privacy protection and utility preservation. Furthermore, recovery attack has not been well studied in the current literature. To tackle these issues, we propose a frequency-based randomization model with a rigorous differential privacy guarantee for trajectory data publishing. In particular, we introduce two randomized mechanisms to perturb the local/global frequency distributions of significantly important locations in trajectories by injecting Laplace noise. We design a hierarchical indexing along with a novel search algorithm to support efficient trajectory modification, ensuring the modified trajectories satisfy the perturbed distributions without compromising privacy guarantee or data utility. Extensive experiments on a real-world trajectory dataset verify the effectiveness of our approaches in resisting individual re-identification and recovery attacks and meanwhile preserving desirable data utility as well as the feasibility in practice.
翻译:随着全球定位系统装置的普及,不断收集了大量的轨道数据,并开发了大大有利于我们日常生活的各种基于地点的服务,然而,释放的轨迹也引起了人们对个人隐私的严重关切,最近的一些研究表明,空间轨迹中存在着个人识别信息。轨迹匿名化是非边际的,因为保护隐私与保护公用之间的取舍。此外,目前文献中也没有很好地研究恢复攻击问题。为了解决这些问题,我们提出了一个基于频率的随机化模式,对发表轨迹数据提供严格的隐私保障。特别是,我们采用两种随机化机制,以渗透通过注射Laplace噪音在轨迹中非常重要的地点的当地/全球频率分布。我们设计了等级索引和新的搜索算法,以支持有效的轨迹修改,确保修改后的轨迹能够满足周遭分布,同时不损害隐私保障或数据效用。关于真实世界轨迹数据设置的广泛实验,以核实我们在抵制个人再识别和回收袭击方面的做法的有效性,同时维护可取的实用性数据。