LDP-Purifier: Defending against Poisoning Attacks in Local Differential Privacy

Leixia Wang; Qingqing Ye; Haibo Hu; Xiaofeng Meng; Kai Huang

doi:10.1007/978-981-97-5562-2_14

LDP-Purifier: Defending against Poisoning Attacks in Local Differential Privacy

Leixia Wang, Qingqing Ye, Haibo Hu, Xiaofeng Meng, Kai Huang

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

Abstract

Local differential privacy provides strong user privacy protection but is vulnerable to poisoning attacks launched by malicious users, leading to contaminative estimates. Although various works explore attacks with different manipulation targets, a practical and relatively general defense has remained elusive. In this paper, we address this problem in basic histogram estimation scenarios. We model adversaries as Byzantine users who can collaborate to maximize their attack goals. From the perspective of attackers’ capability, we analyze the impact of poisoning attacks on data utility and introduce a significant threat — the maximal loss attack (MLA). Considering that a high-utility-damage attack would break the smoothness of histograms, we propose the defense method, LDP-Purifier, to sterilize the poisoned histograms. Our extensive experiments validate the effectiveness of the LDP-Purifier, showcasing its ability to significantly suppress estimation errors caused by various attacks.

Original language	English
Title of host publication	Database Systems for Advanced Applications - 29th International Conference, DASFAA 2024, Proceedings
Editors	Makoto Onizuka, Jae-Gil Lee, Yongxin Tong, Chuan Xiao, Yoshiharu Ishikawa, Kejing Lu, Sihem Amer-Yahia, H.V. Jagadish
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	221-231
Number of pages	11
ISBN (Print)	9789819755615
DOIs	https://doi.org/10.1007/978-981-97-5562-2_14
Publication status	Published - Jul 2024
Event	29th International Conference on Database Systems for Advanced Applications, DASFAA 2024 - Gifu, Japan Duration: 2 Jul 2024 → 5 Jul 2024

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	14853 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	29th International Conference on Database Systems for Advanced Applications, DASFAA 2024
Country/Territory	Japan
City	Gifu
Period	2/07/24 → 5/07/24

Keywords

Histogram estimation
LDP
Poisoning attack

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

More information

10.1007/978-981-97-5562-2_14

Cite this

Wang, L., Ye, Q., Hu, H., Meng, X., & Huang, K. (2024). LDP-Purifier: Defending against Poisoning Attacks in Local Differential Privacy. In M. Onizuka, J.-G. Lee, Y. Tong, C. Xiao, Y. Ishikawa, K. Lu, S. Amer-Yahia, & H. V. Jagadish (Eds.), Database Systems for Advanced Applications - 29th International Conference, DASFAA 2024, Proceedings (pp. 221-231). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14853 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-97-5562-2_14

Wang, Leixia ; Ye, Qingqing ; Hu, Haibo et al. / LDP-Purifier: Defending against Poisoning Attacks in Local Differential Privacy. Database Systems for Advanced Applications - 29th International Conference, DASFAA 2024, Proceedings. editor / Makoto Onizuka ; Jae-Gil Lee ; Yongxin Tong ; Chuan Xiao ; Yoshiharu Ishikawa ; Kejing Lu ; Sihem Amer-Yahia ; H.V. Jagadish. Springer Science and Business Media Deutschland GmbH, 2024. pp. 221-231 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{49fb610d3ed6407abeaf894e5b7ed0fd,

title = "LDP-Purifier: Defending against Poisoning Attacks in Local Differential Privacy",

abstract = "Local differential privacy provides strong user privacy protection but is vulnerable to poisoning attacks launched by malicious users, leading to contaminative estimates. Although various works explore attacks with different manipulation targets, a practical and relatively general defense has remained elusive. In this paper, we address this problem in basic histogram estimation scenarios. We model adversaries as Byzantine users who can collaborate to maximize their attack goals. From the perspective of attackers{\textquoteright} capability, we analyze the impact of poisoning attacks on data utility and introduce a significant threat — the maximal loss attack (MLA). Considering that a high-utility-damage attack would break the smoothness of histograms, we propose the defense method, LDP-Purifier, to sterilize the poisoned histograms. Our extensive experiments validate the effectiveness of the LDP-Purifier, showcasing its ability to significantly suppress estimation errors caused by various attacks.",

keywords = "Histogram estimation, LDP, Poisoning attack",

author = "Leixia Wang and Qingqing Ye and Haibo Hu and Xiaofeng Meng and Kai Huang",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024.; 29th International Conference on Database Systems for Advanced Applications, DASFAA 2024 ; Conference date: 02-07-2024 Through 05-07-2024",

year = "2024",

month = jul,

doi = "10.1007/978-981-97-5562-2_14",

language = "English",

isbn = "9789819755615",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "221--231",

editor = "Makoto Onizuka and Jae-Gil Lee and Yongxin Tong and Chuan Xiao and Yoshiharu Ishikawa and Kejing Lu and Sihem Amer-Yahia and H.V. Jagadish",

booktitle = "Database Systems for Advanced Applications - 29th International Conference, DASFAA 2024, Proceedings",

address = "Germany",

}

Wang, L, Ye, Q , Hu, H, Meng, X & Huang, K 2024, LDP-Purifier: Defending against Poisoning Attacks in Local Differential Privacy. in M Onizuka, J-G Lee, Y Tong, C Xiao, Y Ishikawa, K Lu, S Amer-Yahia & HV Jagadish (eds), Database Systems for Advanced Applications - 29th International Conference, DASFAA 2024, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 14853 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 221-231, 29th International Conference on Database Systems for Advanced Applications, DASFAA 2024, Gifu, Japan, 2/07/24. https://doi.org/10.1007/978-981-97-5562-2_14

LDP-Purifier: Defending against Poisoning Attacks in Local Differential Privacy. / Wang, Leixia; Ye, Qingqing ; Hu, Haibo et al.
Database Systems for Advanced Applications - 29th International Conference, DASFAA 2024, Proceedings. ed. / Makoto Onizuka; Jae-Gil Lee; Yongxin Tong; Chuan Xiao; Yoshiharu Ishikawa; Kejing Lu; Sihem Amer-Yahia; H.V. Jagadish. Springer Science and Business Media Deutschland GmbH, 2024. p. 221-231 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14853 LNCS).

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

TY - GEN

T1 - LDP-Purifier: Defending against Poisoning Attacks in Local Differential Privacy

AU - Wang, Leixia

AU - Ye, Qingqing

AU - Hu, Haibo

AU - Meng, Xiaofeng

AU - Huang, Kai

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024.

PY - 2024/7

Y1 - 2024/7

N2 - Local differential privacy provides strong user privacy protection but is vulnerable to poisoning attacks launched by malicious users, leading to contaminative estimates. Although various works explore attacks with different manipulation targets, a practical and relatively general defense has remained elusive. In this paper, we address this problem in basic histogram estimation scenarios. We model adversaries as Byzantine users who can collaborate to maximize their attack goals. From the perspective of attackers’ capability, we analyze the impact of poisoning attacks on data utility and introduce a significant threat — the maximal loss attack (MLA). Considering that a high-utility-damage attack would break the smoothness of histograms, we propose the defense method, LDP-Purifier, to sterilize the poisoned histograms. Our extensive experiments validate the effectiveness of the LDP-Purifier, showcasing its ability to significantly suppress estimation errors caused by various attacks.

AB - Local differential privacy provides strong user privacy protection but is vulnerable to poisoning attacks launched by malicious users, leading to contaminative estimates. Although various works explore attacks with different manipulation targets, a practical and relatively general defense has remained elusive. In this paper, we address this problem in basic histogram estimation scenarios. We model adversaries as Byzantine users who can collaborate to maximize their attack goals. From the perspective of attackers’ capability, we analyze the impact of poisoning attacks on data utility and introduce a significant threat — the maximal loss attack (MLA). Considering that a high-utility-damage attack would break the smoothness of histograms, we propose the defense method, LDP-Purifier, to sterilize the poisoned histograms. Our extensive experiments validate the effectiveness of the LDP-Purifier, showcasing its ability to significantly suppress estimation errors caused by various attacks.

KW - Histogram estimation

KW - LDP

KW - Poisoning attack

UR - http://www.scopus.com/inward/record.url?scp=85209589971&partnerID=8YFLogxK

U2 - 10.1007/978-981-97-5562-2_14

DO - 10.1007/978-981-97-5562-2_14

M3 - Conference article published in proceeding or book

AN - SCOPUS:85209589971

SN - 9789819755615

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 221

EP - 231

BT - Database Systems for Advanced Applications - 29th International Conference, DASFAA 2024, Proceedings

A2 - Onizuka, Makoto

A2 - Lee, Jae-Gil

A2 - Tong, Yongxin

A2 - Xiao, Chuan

A2 - Ishikawa, Yoshiharu

A2 - Lu, Kejing

A2 - Amer-Yahia, Sihem

A2 - Jagadish, H.V.

PB - Springer Science and Business Media Deutschland GmbH

T2 - 29th International Conference on Database Systems for Advanced Applications, DASFAA 2024

Y2 - 2 July 2024 through 5 July 2024

ER -

Wang L, Ye Q , Hu H, Meng X, Huang K. LDP-Purifier: Defending against Poisoning Attacks in Local Differential Privacy. In Onizuka M, Lee JG, Tong Y, Xiao C, Ishikawa Y, Lu K, Amer-Yahia S, Jagadish HV, editors, Database Systems for Advanced Applications - 29th International Conference, DASFAA 2024, Proceedings. Springer Science and Business Media Deutschland GmbH. 2024. p. 221-231. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-981-97-5562-2_14

LDP-Purifier: Defending against Poisoning Attacks in Local Differential Privacy

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

More information

Other files and links

Fingerprint

Cite this