ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2022, Vol. 59 ›› Issue (2): 390-402.doi: 10.7544/issn1000-1239.20200843

• 信息安全 • 上一篇    下一篇

基于深度学习的位置隐私攻击

沈钲晨,张千里,张超凡,唐翔宇,王继龙   

  1. (清华大学网络科学与网络空间研究院 北京 100084) (szc18@mails.tsinghua.edu.cn)
  • 出版日期: 2022-02-01
  • 基金资助: 
    国家重点研发计划项目(2017YFB0503703)

Location Privacy Attack Based on Deep Learning

Shen Zhengchen, Zhang Qianli, Zhang Chaofan, Tang Xiangyu, Wang Jilong   

  1. (Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing 100084)
  • Online: 2022-02-01
  • Supported by: 
    This work was supported by the National Key Research and Development Program of China (2017YFB0503703).

摘要: 随着位置服务的不断发展,位置隐私保护已成为隐私保护研究的一个热点.当前已经提出了一系列位置隐私保护方案,这些隐私保护方案大多是基于空间扰动技术来实现的.然而,现有的位置隐私保护研究存在2方面的问题:首先大部分位置隐私保护方案在进行空间扰动时,未考虑用户轨迹点间复杂的关联关系,这样的位置隐私保护方案通常会低估脱敏轨迹的破解风险;其次,脱敏轨迹的破解风险缺乏量化的度量,尽管差分隐私在这一方面做了相当的努力,然而复杂关联关系的存在使得该模型未必能够客观地描述隐私保护的程度.如果不能量化脱敏轨迹的破解风险,也就不能对隐私保护方案建立一个定量的评估指标.因此,首先利用具有关联关系的位置信息,分别设计了利用简单关联关系的Markov攻击算法和利用复杂关联关系的深度神经网络攻击算法,对脱敏轨迹进行了攻击;其次对脱敏轨迹的破解风险进行量化,建立了一个定量的评估方案,用于评估攻击算法对隐私保护方案的威胁程度;最后将这2类攻击算法对Geo-Indistinguishability隐私保护方案进行了攻击,并对攻击效果进行了评估,结果表明Geo-Indistinguishability隐私保护方案抵御了Markov攻击算法的攻击,但未能抵御深度神经网络攻击算法的攻击.

关键词: 位置隐私, 位置隐私攻击, 深度学习, 隐私风险评估, 时间序列

Abstract: With the continuous development of location services, location privacy protection has become a hotspot in privacy protection research. At present, a series of location privacy protection schemes have been proposed, most of which are based on spatial disturbance technology. However, the existing research on location privacy protection has two problems: First of all, most of the location privacy protection schemes do not consider the complicated correlation between the trajectory points of a single trajectory when performing spatial disturbances, and they usually underestimate the risk of cracking desensitization trajectories; Secondly, there is a lack of quantitative measurement of the risk of cracking the desensitization trajectory. Although differential privacy has made considerable efforts in this regard, the existence of complex relationships makes the model may not be able to objectively describe the degree of privacy protection. If the cracking risk of data after privacy protection cannot be quantified, a quantitative evaluation index cannot be established for the privacy protection scheme. Therefore, first of all, the location information with the association relationship is used to attack the desensitization trajectory. Specifically, the Markov attack algorithms using simple association relationships and the deep neural network attack algorithms using complex association relationships are designed in this paper. Secondly, the cracking risk of desensitization trajectory is quantified, and a quantitative evaluation scheme is established to evaluate the threat degree of attack algorithm to privacy protection scheme. Finally, these two kinds of attack algorithms are used to attack Geo-Indistinguishability privacy protection scheme, and the attack effect is evaluated. The results show that Geo-Indistinguishability privacy protection scheme can resist the attack of the Markov attack algorithm, but can not resist the attack of deep neural network attack algorithm.

Key words: location privacy, location privacy attack, deep learning, privacy risk assessment, time series

中图分类号: