Differential Aggregation against General Colluding Attackers

by   Rong Du, et al.

Local Differential Privacy (LDP) is now widely adopted in large-scale systems to collect and analyze sensitive data while preserving users' privacy. However, almost all LDP protocols rely on a semi-trust model where users are curious-but-honest, which rarely holds in real-world scenarios. Recent works show poor estimation accuracy of many LDP protocols under malicious threat models. Although a few works have proposed some countermeasures to address these attacks, they all require prior knowledge of either the attacking pattern or the poison value distribution, which is impractical as they can be easily evaded by the attackers. In this paper, we adopt a general opportunistic-and-colluding threat model and propose a multi-group Differential Aggregation Protocol (DAP) to improve the accuracy of mean estimation under LDP. Different from all existing works that detect poison values on individual basis, DAP mitigates the overall impact of poison values on the estimated mean. It relies on a new probing mechanism EMF (i.e., Expectation-Maximization Filter) to estimate features of the attackers. In addition to EMF, DAP also consists of two EMF post-processing procedures (EMF* and CEMF*), and a group-wise mean aggregation scheme to optimize the final estimated mean to achieve the smallest variance. Extensive experimental results on both synthetic and real-world datasets demonstrate the superior performance of DAP over state-of-the-art solutions.


Fine-grained Poisoning Attacks to Local Differential Privacy Protocols for Mean and Variance Estimation

Local differential privacy (LDP) protects individual data contributors a...

DUMP: A Dummy-Point-Based Framework for Histogram Estimation in Shuffle Model

In Central Differential Privacy (CDP), there is a trusted analyst who co...

Discrete Distribution Estimation with Local Differential Privacy: A Comparative Analysis

Local differential privacy is a promising privacy-preserving model for s...

Locally Differentially Private Sparse Vector Aggregation

Vector mean estimation is a central primitive in federated analytics. In...

Consistent and Accurate Frequency Oracles under Local Differential Privacy

Local Differential Privacy (LDP) protects user privacy from the data col...

Applying the Shuffle Model of Differential Privacy to Vector Aggregation

In this work we introduce a new protocol for vector aggregation in the c...

Towards Communication-efficient and Attack-Resistant Federated Edge Learning for Industrial Internet of Things

Federated Edge Learning (FEL) allows edge nodes to train a global deep l...

Please sign up or login with your details

Forgot password? Click here to reset