Differential Aggregation against General Colluding Attackers
Local Differential Privacy (LDP) is now widely adopted in large-scale systems to collect and analyze sensitive data while preserving users' privacy. However, almost all LDP protocols rely on a semi-trust model where users are curious-but-honest, which rarely holds in real-world scenarios. Recen...
Gespeichert in:
| Hauptverfasser: | , , , , , , |
|---|---|
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Du, Rong Ye, Qingqing Fu, Yue Hu, Haibo Li, Jin Fang, Chengfang Shi, Jie |
| description | Local Differential Privacy (LDP) is now widely adopted in large-scale systems
to collect and analyze sensitive data while preserving users' privacy. However,
almost all LDP protocols rely on a semi-trust model where users are
curious-but-honest, which rarely holds in real-world scenarios. Recent works
show poor estimation accuracy of many LDP protocols under malicious threat
models. Although a few works have proposed some countermeasures to address
these attacks, they all require prior knowledge of either the attacking pattern
or the poison value distribution, which is impractical as they can be easily
evaded by the attackers.
In this paper, we adopt a general opportunistic-and-colluding threat model
and propose a multi-group Differential Aggregation Protocol (DAP) to improve
the accuracy of mean estimation under LDP. Different from all existing works
that detect poison values on individual basis, DAP mitigates the overall impact
of poison values on the estimated mean. It relies on a new probing mechanism
EMF (i.e., Expectation-Maximization Filter) to estimate features of the
attackers. In addition to EMF, DAP also consists of two EMF post-processing
procedures (EMF* and CEMF*), and a group-wise mean aggregation scheme to
optimize the final estimated mean to achieve the smallest variance. Extensive
experimental results on both synthetic and real-world datasets demonstrate the
superior performance of DAP over state-of-the-art solutions. |
| doi_str_mv | 10.48550/arxiv.2302.09315 |
| format | Article |
| fullrecord | <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2302_09315</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2302_09315</sourcerecordid><originalsourceid>FETCH-LOGICAL-a675-f21f20a7c73faa33abb04acdfcf0d8eb51a1f287c677d403476c8cb6db9b18fa3</originalsourceid><addsrcrecordid>eNotj71uwjAUhb0wVNAH6NS8QFI7jmMjsUShpUhILOzR9c-1rAZTOQbRty-lTGc4R5_OR8gLo1WjhKBvkK7hUtWc1hVdciaeyGodEF1yMQcYi8775DzkcIoFeAhxysXGRZduXX8ax7MN0RddzmC-XJoWZIYwTu75kXNy-Hg_9J_lbr_Z9t2uhFaKEmuGNQVpJEcAzkFr2oCxaJBa5bRgcBsoaVopbUN5I1ujjG6tXmqmEPicvP5j7_eH7xSOkH6GP43hrsF_AUwiQ7E</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Differential Aggregation against General Colluding Attackers</title><source>arXiv.org</source><creator>Du, Rong ; Ye, Qingqing ; Fu, Yue ; Hu, Haibo ; Li, Jin ; Fang, Chengfang ; Shi, Jie</creator><creatorcontrib>Du, Rong ; Ye, Qingqing ; Fu, Yue ; Hu, Haibo ; Li, Jin ; Fang, Chengfang ; Shi, Jie</creatorcontrib><description>Local Differential Privacy (LDP) is now widely adopted in large-scale systems
to collect and analyze sensitive data while preserving users' privacy. However,
almost all LDP protocols rely on a semi-trust model where users are
curious-but-honest, which rarely holds in real-world scenarios. Recent works
show poor estimation accuracy of many LDP protocols under malicious threat
models. Although a few works have proposed some countermeasures to address
these attacks, they all require prior knowledge of either the attacking pattern
or the poison value distribution, which is impractical as they can be easily
evaded by the attackers.
In this paper, we adopt a general opportunistic-and-colluding threat model
and propose a multi-group Differential Aggregation Protocol (DAP) to improve
the accuracy of mean estimation under LDP. Different from all existing works
that detect poison values on individual basis, DAP mitigates the overall impact
of poison values on the estimated mean. It relies on a new probing mechanism
EMF (i.e., Expectation-Maximization Filter) to estimate features of the
attackers. In addition to EMF, DAP also consists of two EMF post-processing
procedures (EMF* and CEMF*), and a group-wise mean aggregation scheme to
optimize the final estimated mean to achieve the smallest variance. Extensive
experimental results on both synthetic and real-world datasets demonstrate the
superior performance of DAP over state-of-the-art solutions.</description><identifier>DOI: 10.48550/arxiv.2302.09315</identifier><language>eng</language><subject>Computer Science - Cryptography and Security</subject><creationdate>2023-02</creationdate><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,777,882</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2302.09315$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2302.09315$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Du, Rong</creatorcontrib><creatorcontrib>Ye, Qingqing</creatorcontrib><creatorcontrib>Fu, Yue</creatorcontrib><creatorcontrib>Hu, Haibo</creatorcontrib><creatorcontrib>Li, Jin</creatorcontrib><creatorcontrib>Fang, Chengfang</creatorcontrib><creatorcontrib>Shi, Jie</creatorcontrib><title>Differential Aggregation against General Colluding Attackers</title><description>Local Differential Privacy (LDP) is now widely adopted in large-scale systems
to collect and analyze sensitive data while preserving users' privacy. However,
almost all LDP protocols rely on a semi-trust model where users are
curious-but-honest, which rarely holds in real-world scenarios. Recent works
show poor estimation accuracy of many LDP protocols under malicious threat
models. Although a few works have proposed some countermeasures to address
these attacks, they all require prior knowledge of either the attacking pattern
or the poison value distribution, which is impractical as they can be easily
evaded by the attackers.
In this paper, we adopt a general opportunistic-and-colluding threat model
and propose a multi-group Differential Aggregation Protocol (DAP) to improve
the accuracy of mean estimation under LDP. Different from all existing works
that detect poison values on individual basis, DAP mitigates the overall impact
of poison values on the estimated mean. It relies on a new probing mechanism
EMF (i.e., Expectation-Maximization Filter) to estimate features of the
attackers. In addition to EMF, DAP also consists of two EMF post-processing
procedures (EMF* and CEMF*), and a group-wise mean aggregation scheme to
optimize the final estimated mean to achieve the smallest variance. Extensive
experimental results on both synthetic and real-world datasets demonstrate the
superior performance of DAP over state-of-the-art solutions.</description><subject>Computer Science - Cryptography and Security</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotj71uwjAUhb0wVNAH6NS8QFI7jmMjsUShpUhILOzR9c-1rAZTOQbRty-lTGc4R5_OR8gLo1WjhKBvkK7hUtWc1hVdciaeyGodEF1yMQcYi8775DzkcIoFeAhxysXGRZduXX8ax7MN0RddzmC-XJoWZIYwTu75kXNy-Hg_9J_lbr_Z9t2uhFaKEmuGNQVpJEcAzkFr2oCxaJBa5bRgcBsoaVopbUN5I1ujjG6tXmqmEPicvP5j7_eH7xSOkH6GP43hrsF_AUwiQ7E</recordid><startdate>20230218</startdate><enddate>20230218</enddate><creator>Du, Rong</creator><creator>Ye, Qingqing</creator><creator>Fu, Yue</creator><creator>Hu, Haibo</creator><creator>Li, Jin</creator><creator>Fang, Chengfang</creator><creator>Shi, Jie</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20230218</creationdate><title>Differential Aggregation against General Colluding Attackers</title><author>Du, Rong ; Ye, Qingqing ; Fu, Yue ; Hu, Haibo ; Li, Jin ; Fang, Chengfang ; Shi, Jie</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a675-f21f20a7c73faa33abb04acdfcf0d8eb51a1f287c677d403476c8cb6db9b18fa3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Computer Science - Cryptography and Security</topic><toplevel>online_resources</toplevel><creatorcontrib>Du, Rong</creatorcontrib><creatorcontrib>Ye, Qingqing</creatorcontrib><creatorcontrib>Fu, Yue</creatorcontrib><creatorcontrib>Hu, Haibo</creatorcontrib><creatorcontrib>Li, Jin</creatorcontrib><creatorcontrib>Fang, Chengfang</creatorcontrib><creatorcontrib>Shi, Jie</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Du, Rong</au><au>Ye, Qingqing</au><au>Fu, Yue</au><au>Hu, Haibo</au><au>Li, Jin</au><au>Fang, Chengfang</au><au>Shi, Jie</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Differential Aggregation against General Colluding Attackers</atitle><date>2023-02-18</date><risdate>2023</risdate><abstract>Local Differential Privacy (LDP) is now widely adopted in large-scale systems
to collect and analyze sensitive data while preserving users' privacy. However,
almost all LDP protocols rely on a semi-trust model where users are
curious-but-honest, which rarely holds in real-world scenarios. Recent works
show poor estimation accuracy of many LDP protocols under malicious threat
models. Although a few works have proposed some countermeasures to address
these attacks, they all require prior knowledge of either the attacking pattern
or the poison value distribution, which is impractical as they can be easily
evaded by the attackers.
In this paper, we adopt a general opportunistic-and-colluding threat model
and propose a multi-group Differential Aggregation Protocol (DAP) to improve
the accuracy of mean estimation under LDP. Different from all existing works
that detect poison values on individual basis, DAP mitigates the overall impact
of poison values on the estimated mean. It relies on a new probing mechanism
EMF (i.e., Expectation-Maximization Filter) to estimate features of the
attackers. In addition to EMF, DAP also consists of two EMF post-processing
procedures (EMF* and CEMF*), and a group-wise mean aggregation scheme to
optimize the final estimated mean to achieve the smallest variance. Extensive
experimental results on both synthetic and real-world datasets demonstrate the
superior performance of DAP over state-of-the-art solutions.</abstract><doi>10.48550/arxiv.2302.09315</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | DOI: 10.48550/arxiv.2302.09315 |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_arxiv_primary_2302_09315 |
| source | arXiv.org |
| subjects | Computer Science - Cryptography and Security |
| title | Differential Aggregation against General Colluding Attackers |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-20T03%3A33%3A02IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Differential%20Aggregation%20against%20General%20Colluding%20Attackers&rft.au=Du,%20Rong&rft.date=2023-02-18&rft_id=info:doi/10.48550/arxiv.2302.09315&rft_dat=%3Carxiv_GOX%3E2302_09315%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |