TY - GEN
T1 - Local Differential Privacy Protocol for Making Key–Value Data Robust Against Poisoning Attacks
AU - Horigome, Hikaru
AU - Kikuchi, Hiroaki
AU - Yu, Chia Mu
N1 - Publisher Copyright:
© 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2023
Y1 - 2023
N2 - Local differential privacy is a technique for concealing a user’s information from collectors by randomizing the information within the user’s own device before sending it to unreliable collectors. Ye et al. proposed PrivKV, a local differential privacy protocol for securely collecting key–value data, which comprises two-dimensional data with discrete and continuous values. However, such data is vulnerable to a “poisoning attack,” whereby a fake user sends data to manipulate the key-value dataset. To address this issue, we propose an Expectation-Maximization (EM) based algorithm, in conjunction with a cryptographical protocol for ensuring secure random sampling. Our local differential privacy protocol, called emPrivKV, offers two main advantages. First, it is able to estimate statistical information more accurately from randomized data. Second, it is robust against manipulation attacks such as poisoning attacks, whereby malicious users manipulate a set of analysis results by sending altered information to the aggregator without being detected. In this paper, we report on the improvement in the accuracy of statistical value estimation and the strength of the robustness against poisoning attacks achieved by applying the proposed method to open datasets.
AB - Local differential privacy is a technique for concealing a user’s information from collectors by randomizing the information within the user’s own device before sending it to unreliable collectors. Ye et al. proposed PrivKV, a local differential privacy protocol for securely collecting key–value data, which comprises two-dimensional data with discrete and continuous values. However, such data is vulnerable to a “poisoning attack,” whereby a fake user sends data to manipulate the key-value dataset. To address this issue, we propose an Expectation-Maximization (EM) based algorithm, in conjunction with a cryptographical protocol for ensuring secure random sampling. Our local differential privacy protocol, called emPrivKV, offers two main advantages. First, it is able to estimate statistical information more accurately from randomized data. Second, it is robust against manipulation attacks such as poisoning attacks, whereby malicious users manipulate a set of analysis results by sending altered information to the aggregator without being detected. In this paper, we report on the improvement in the accuracy of statistical value estimation and the strength of the robustness against poisoning attacks achieved by applying the proposed method to open datasets.
KW - expectation maximization
KW - key–value data
KW - local differential privacy
UR - http://www.scopus.com/inward/record.url?scp=85161212832&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-33498-6_17
DO - 10.1007/978-3-031-33498-6_17
M3 - Conference contribution
AN - SCOPUS:85161212832
SN - 9783031334979
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 241
EP - 252
BT - Modeling Decisions for Artificial Intelligence - 20th International Conference, MDAI 2023, Proceedings
A2 - Torra, Vicenç
A2 - Narukawa, Yasuo
PB - Springer Science and Business Media Deutschland GmbH
T2 - 20th International Conference on Modeling Decisions for Artificial Intelligence, MDAI 2023
Y2 - 19 June 2023 through 22 June 2023
ER -