摘要
时空K-匿名方法以数据可靠、实现方式简便灵活,适合基于移动计算环境的LBS的特点,成为近年来在LBS领域研究隐私安全的主流技术。挖掘连续查询的时空K-匿名数据集,抽取出潜在的、有用的序列规则,可为众多行业应用提供预测分析功能,但同时也会产生基于敏感序列规则推理攻击用户隐私的威胁。传统的基于敏感知识隐藏的抗攻击方法,不能适应LBS应用具有的长期、连续、在线服务的特点。文中提出一种感知敏感序列规则的在线时空K-匿名的抗攻击方法:基于中间件的第三方匿名服务器首先从挖掘并分析连续查询生成的匿名区域序列数据集得到隐私敏感的序列规则,然后在后续的LBS查询服务请求中,设定一系列"泛化"、"避让"准则,动态感知敏感序列规则在线生成时空K-匿名数据集,并更新成功匿名的匿名数据集到匿名区域序列数据库。最后,当更新次数达到设定阈值后,重复匿名集序列规则的挖掘、分析与动态隐藏,直至消除所有敏感序列规则。实验证明,提出的方法可以实现匿名集数据中敏感序列规则的动态隐藏,有效消除基于敏感匿名集序列规则对用户位置隐私的推理攻击,且具有速度快、代价小的优点。
Spatial-temporal K-anonymity has become a prominent method among a series of privacy protection techniques. Technologies will be adopted in LBS applications in the future. Analyzing large-scale spatial-temporal K-anonymity datasets recorded in LBS application servers can benefit for some LBS applications,but can allow an adversary to make inference attacks which are not capable of handling them by traditional anti-attack methods based on sensitive knowledge hiding. The reason is that traditional anti-attack methods can provide a solution of privacy protection problems in off-line publications,but do not meet privacy requirements of on-line LBS applications. To overcome these problems,an anti-attack method for online spatial-temporal K-anonymity with awareness of privacy sensitive sequence rules is proposed. The detailed process of the method includes three phases: 1) off-line mining spatial-temporal sequence rules from large-scale sequences of anonymity datasets generated from LBS continue queries,and achieving privacy sensitive sequence rules by spatial correlating between privacy sensitive spatial regions and spatialgrid cells among sequence rules. 2) designing three principles of generalizing and avoiding spatial cells of privacy sensitive sequence rules,and adapting the principles to generate spatial-temporal K-anonymity dataset once LBS users' anonymous services are on demand. Specifically,three scenarios are included.Scenario 1,when a LBS user's current position is not located in any spatial grid cells of privacy sensitive sequence rules,the minimum generalizing principle is adopted. Scenario 2,if the position is located in privacy sensitive spatial regions,the normal generalizing principle is adopted. Scenario 3,the position is located in a spatial grid cell of privacy sensitive sequence rule,but not a privacy sensitive spatial region,the maximum generalizing principle is adopted. In addition,in the generalizing process among all 3 scenarios,the principle of avoiding spatial cells of privacy sensitive sequence rules is considered. 3) periodically offline mining again until privacy sensitive sequence rules to be not founded. Finally,extensive experiments are conducted. Experimental results demonstrate that the proposed method has significant effectiveness solving the problems,thus realizing dynamic hiding of sensitive sequence rules and effectively eliminating inference attacks on user location privacy based on sensitive sequence rules of anonymous dataset.
出处
《南京邮电大学学报(自然科学版)》
北大核心
2016年第4期68-76,共9页
Journal of Nanjing University of Posts and Telecommunications:Natural Science Edition
基金
国家自然科学基金(41201465)
江苏省自然科学基金(BK2012439)
2010年江苏政府留学奖学金资助项目
关键词
时空K-匿名
敏感序列规则
位置预测攻击
泛化与避让准则
spatial-temporal K-anonymity
privacy sensitive sequence rules
inference attacks based on location prediction
generalizing and avoiding principle
