LDPGuard: Defenses against Data Poisoning Attacks to Local Differential Privacy Protocols

Kai Huang, Gaoya Ouyang, Qingqing Ye, Haibo Hu, Bolong Zheng, Xi Zhao, Ruiyuan Zhang, Xiaofang Zhou

Research output: Journal article publicationJournal articleAcademic researchpeer-review

2 Citations (Scopus)

Abstract

The protocols that satisfy Local Differential Privacy (LDP) enable untrusted third parties to collect aggregate information about a population without disclosing each user's privacy. In particular, each user locally encodes and perturbs his private data before sending it to the data collector, who aggregates and estimates the statistics about the population based on the collected perturbed values from individuals. Owing to their growing importance, LDP protocols have been widely studied and deployed in real-world scenarios (e.g., Chrome and Windows). However, as data poisoning attacks may be injected by attackers who introduce many fake users, the utility of the statistics is heavily poisoned. In this paper, we present a generic and extensible framework called LDPGuard to address the problem. LDPGuard provides effective defenses against data poisoning attacks to LDP protocols for frequency estimation, a basic query of most data analytics tasks. In particular, it first precisely estimates the percentage of fake users and then provides adversarial schemes to defend against particular data poisoning attacks. Experimental study on real-world and synthetic datasets demonstrates the superiority of LDPGuard compared to existing techniques.

Original languageEnglish
Article number10415225
Pages (from-to)3195-3209
Number of pages15
JournalIEEE Transactions on Knowledge and Data Engineering
Volume36
Issue number7
DOIs
Publication statusPublished - 1 Jul 2024

Keywords

  • Adversarial schemes
  • data poisoning attacks
  • frequency estimation
  • local differential privacy

ASJC Scopus subject areas

  • Information Systems
  • Computer Science Applications
  • Computational Theory and Mathematics

Fingerprint

Dive into the research topics of 'LDPGuard: Defenses against Data Poisoning Attacks to Local Differential Privacy Protocols'. Together they form a unique fingerprint.

Cite this