Abstract
GPS-enabled devices are now ubiquitous, from airplanes and cars to smartphones and wearable technology. This has resulted in a wealth of data about the movements of individuals and populations, which can be analyzed for useful information to aid in city and traffic planning, disaster preparedness and so on. However, the places that people go can disclose extremely sensitive information about them, and thus their use needs to be filtered through privacy preserving mechanisms. This turns out to be a highly challenging task: raw trajectories are highly detailed, and typically no pair is alike. Previous attempts fail either to provide adequate privacy protection, or to remain sufficiently faithful to the original behavior.
This paper presents DPT, a system to synthesize mobility data based on raw GPS trajectories of individuals while ensuring strong privacy protection in the form of ε-differential privacy. DPT makes a number of novel modeling and algorithmic contributions including (i) discretization of raw trajectories using hierarchical reference systems (at multiple resolutions) to capture individual movements at differing speeds, (ii) adaptive mechanisms to select a small set of reference systems and construct prefix tree counts privately, and (iii) use of direction-weighted sampling for improved utility. While there have been prior attempts to solve the subproblems required to generate synthetic trajectories, to the best of our knowledge, ours is the first system that provides an end-to-end solution. We show the efficacy of our synthetic trajectory generation system using an extensive empirical evaluation.
- Taxi trajectory open dataset, Tsinghua university, China. http://sensor.ee.tsinghua.edu.cn, 2009.Google Scholar
- O. Abul, F. Bonchi, and M. Nanni. Never walk alone: Uncertainty for anonymity in moving objects databases. In ICDE, pages 376--385, 2008. Google ScholarDigital Library
- R. A. Becker, R. Cáceres, K. Hanson, S. Isaacman, J. M. Loh, M. Martonosi, J. Rowland, S. Urbanek, A. Varshavsky, and C. Volinsky. Human mobility characterization from cellular network data. Commun. ACM, 56(1):74--82, 2013. Google ScholarDigital Library
- L. Bonomi and L. Xiong. A two-phase algorithm for mining sequential patterns with differential privacy. In CIKM, pages 269--278, 2013. Google ScholarDigital Library
- T. Brinkhoff. A framework for generating network-based moving objects. GeoInformatica, 6(2):153--180, 2002. Google ScholarDigital Library
- R. Chen, G. Acs, and C. Castelluccia. Differentially private sequential data publication via variable-length n-grams. In CCS, pages 638--649, 2012. Google ScholarDigital Library
- R. Chen, B. C. Fung, B. C. Desai, and N. M. Sossou. Differentially private transit data publication: a case study on the montreal transportation system. In KDD, pages 213--221, 2012. Google ScholarDigital Library
- R. Chen, B. C. M. Fung, N. Mohammed, B. C. Desai, and K. Wang. Privacy-preserving trajectory data publishing by local suppression. Inf. Sci., 231:83--97, 2013. Google ScholarDigital Library
- G. Cormode, M. Procopiuc, D. Srivastava, E. Shen, and T. Yu. Differentially private spatial decompositions. In ICDE, pages 20--31, 2012. Google ScholarDigital Library
- Y.-A. de Montjoye, C. A. Hidalgo, M. Verleysen, and V. D. Blondel. Unique in the crowd: The privacy bounds of human mobility. Sci. Rep., 3(1376), 2013.Google Scholar
- C. Dwork. Differential privacy. In ICALP, pages 1--12, 2006. Google ScholarDigital Library
- C. Dwork, F. McSherry, K. Nissim, and A. Smith. Calibrating noise to sensitivity in private data analysis. In TCC, pages 265--284, 2006. Google ScholarDigital Library
- M. Hay, V. Rastogi, G. Miklau, and D. Suciu. Boosting the accuracy of differentially private histograms through consistency. PVLDB, 3(1):1021--1032, 2010. Google ScholarDigital Library
- H. Hu, J. Xu, S. T. On, J. Du, and J. K. Ng. Privacy-aware location data publishing. ACM Trans. Database Syst., 35(3), 2010. Google ScholarDigital Library
- H. Jeung, H. T. Shen, and X. Zhou. Mining trajectory patterns using hidden markov models. In DaWaK, pages 470--480. Springer, 2007. Google ScholarDigital Library
- D. Kopanaki, N. Pelekis, A. Gkoulalas-Divanis, M. Vodas, and Y. Theodoridis. A framework for mobility pattern mining and privacy-aware querying of trajectory data. In HDMS, 2012.Google Scholar
- F. McSherry. Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In SIGMOD, pages 19--30, 2009. Google ScholarDigital Library
- A. Monreale, G. L. Andrienko, N. V. Andrienko, F. Giannotti, D. Pedreschi, S. Rinzivillo, and S. Wrobel. Movement data anonymity through generalization. Transactions on Data Privacy, 3(2):91--121, 2010. Google ScholarDigital Library
- J. Norris. Discrete-time markov chains. Markov Chains, 2004.Google Scholar
- F. Pratesi, A. Monreale, H. Wang, S. Rinzivillo, D. Pedreschi, G. Andrienko, and N. Andrienko. Privacy-aware distributed mobility data analytics. In SEBD, 2013.Google Scholar
- W. Qardaji, W. Yang, and N. Li. Differentially private grids for geospatial data. In ICDE, pages 757--768, 2013. Google ScholarDigital Library
- D. Shao, K. Jiang, T. Kister, S. Bressan, and K.-L. Tan. Publishing trajectory with differential privacy: A priori vs. a posteriori sampling mechanisms. In DEXA, pages 357--365, 2013.Google ScholarDigital Library
- C. Song, Z. Qu, N. Blumm, and A.-L. Barabsi. Limits of predictability in human mobility. Science, 327(5968):1018--1021, 2010.Google ScholarCross Ref
- H. Su, K. Zheng, H. Wang, J. Huang, and X. Zhou. Calibrating trajectory data for similarity-based analysis. In SIGMOD, pages 833--844, 2013. Google ScholarDigital Library
- M. Terrovitis and N. Mamoulis. Privacy preservation in the publication of trajectories. In MDM, pages 65--72, 2008. Google ScholarDigital Library
- X. Xiao, G. Bender, M. Hay, and J. Gehrke. iReduct: Differential privacy with reduced related errors. In SIGMOD, pages 229--240, 2011. Google ScholarDigital Library
- S. Xu, S. Su, X. Cheng, Z. Li, and L. Xiong. Differentially private frequent sequence mining via sampling-based candidate pruning. In ICDE, 2015.Google ScholarCross Ref
- R. Yarovoy, F. Bonchi, L. V. S. Lakshmanan, and W. H. Wang. Anonymizing moving objects: How to hide a mob in a crowd? In EDBT, pages 72--83, 2009. Google ScholarDigital Library
Index Terms
- DPT: differentially private trajectory synthesis using hierarchical reference systems
Recommendations
Personalised anonymity for microdata release
Individual privacy protection in the released data sets has become an important issue in recent years. The release of microdata provides a significant information resource for researchers, whereas the release of person‐specific data poses a threat to ...
A new unpredictability-based radio frequency identification forward privacy model and a provably secure construction
The privacy model of radio frequency identification RFID systems is for formalizing the adversarial capabilities and the security requirements of RFID anonymity and untraceability. Existing unpredictability-based privacy models such as unp-privacy, eunp-...
Comments