Abstract
Local differential privacy (LDP) has been widely used to collect sensitive data from distributed users while preserving individual privacy. However, very recent studies show that LDP is vulnerable to manipulation and poisoning attacks. Maximal gain attack (MGA) is one of the most fundamental examples. In this paper, we take one step further to introduce a novel type of attacks called Byzantine LDP amplified gain attacks (BLAGA) that is precisely derived from the randomness of an LDP protocol, unveiling LDP’s inherent conflict between privacy and security. We show that MGA is a special case of BLAGA. Subsequently, we propose a defense framework that makes use of a data-driven approach to automatically identify the target items via multi-round data collection. It differs from existing solutions in that it does not require any prior knowledge, which is normally difficult to acquire in practical settings. Finally, we perform extensive experiments on various datasets to show that our defense framework can well preserve the utility of heavy hitter identification with effective security protection.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Acharya, J., Sun, Z., Zhang, H.: Hadamard response: estimating distributions privately, efficiently, and with little communication. In: Proceedings of the 22nd International Conference on Artificial Intelligence and Statistics (2019)
Bassily, R., Nissim, K., Stemmer, U., Guha Thakurta, A.: Practical locally private heavy hitters. In: Advances in Neural Information Processing Systems, vol. 30 (2017)
Bassily, R., Smith, A.: Local, private, efficient protocols for succinct histograms. In: Proceedings of the 47th Annual ACM Symposium on Theory of Computing (2015)
Cao, X., Jia, J., Gong, N.Z.: Data poisoning attacks to local differential privacy protocols. In: Proceedings of the 30th USENIX Security Symposium (2021)
Cheu, A., Smith, A., Ullman, J.: Manipulation attacks in local differential privacy. In: Proceedings of the 42nd IEEE Symposium on Security and Privacy (2021)
Cormode, G., Maddock, S., Maple, C.: Frequency estimation under local differential privacy. Proc. VLDB Endow. 14(11), 2046–2058 (2021)
Erlingsson, Ú., Pihur, V., Korolova, A.: RAPPOR: randomized aggregatable privacy-preserving ordinal response. In: Proceedings of the 21st ACM Conference on Computer and Communications Security (2014)
Gunes, I., Kaleli, C., Bilge, A., Polat, H.: Shilling attacks against recommender systems: a comprehensive survey. Artif. Intell. Rev. 42(4), 767–799 (2014)
Kairouz, P., Oh, S., Viswanath, P.: Extremal mechanisms for local differential privacy. In: Advances in Neural Information Processing Systems, vol. 27 (2014)
Kato, F., Cao, Y., Yoshikawa, M.: Preventing manipulation attack in local differential privacy using verifiable randomization mechanism. In: Barker, K., Ghazinour, K. (eds.) DBSec 2021. LNCS, vol. 12840, pp. 43–60. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81242-3_3
Li, X., Gong, N.Z., Li, N., Sun, W., Li, H.: Fine-grained poisoning attacks to local differential privacy protocols for mean and variance estimation. arXiv preprint arXiv:2205.11782 (2022)
Moon, T.K.: The expectation-maximization algorithm. IEEE Signal Process. Mag. 13(6), 47–60 (1996)
Prakash, S., Avestimehr, A.S.: Mitigating byzantine attacks in federated learning. arXiv preprint arXiv:2010.07541 (2020)
Tang, W., Tang, F.: The Poisson binomial distribution - old & new. Stat. Sci. 1(1), 1–12 (2022)
ADP Team: Learning with privacy at scale. Apple Mach. J1(8), 1–25 (2017)
Wang, T., Blocki, J., Li, N., Jha, S.: Locally differentially private protocols for frequency estimation. In: Proceedings of the 26th USENIX Security Symposium (2017)
Wang, T., Li, N., Jha, S.: Locally differentially private heavy hitter identification. IEEE Trans. Dependable Secure Comput. 18(2), 982–993 (2019)
Wu, Y., Cao, X., Jia, J., Gong, N.Z.: Poisoning attacks to local differential privacy protocols for key-value data. In: Proceedings of the 31st USENIX Security Symposium (2022)
Yang, J., Cheng, X., Su, S., Chen, R., Ren, Q., Liu, Y.: Collecting preference rankings under local differential privacy. In: Proceedings of the 35th IEEE International Conference on Data Engineering (2019)
Ye, Q., Hu, H., Meng, X., Zheng, H.: PrivKV: key-value data collection with local differential privacy. In: Proceedings of the 40th IEEE Symposium on Security and Privacy (2019)
Acknowledgments
This work was supported by the National Key R &D Program of China under Grant No. 2020YFB1710200, the National Natural Science Foundation of China (Grant No. 62072136, 62072390, 62102334 and 92270123), and the Research Grants Council, Hong Kong SAR, China (Grant No. 15222118, 15218919, 15203120, 15226221, 15225921, 15209922 and C2004-21GF).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Yan, Y., Ye, Q., Hu, H., Chen, R., Han, Q., Wang, L. (2023). Towards Defending Against Byzantine LDP Amplified Gain Attacks. In: Wang, X., et al. Database Systems for Advanced Applications. DASFAA 2023. Lecture Notes in Computer Science, vol 13943. Springer, Cham. https://doi.org/10.1007/978-3-031-30637-2_42
Download citation
DOI: https://doi.org/10.1007/978-3-031-30637-2_42
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-30636-5
Online ISBN: 978-3-031-30637-2
eBook Packages: Computer ScienceComputer Science (R0)