On the Robustness of LDP Protocols for Numerical Attributes under Data Poisoning Attacks
CoRR(2024)
摘要
Recent studies reveal that local differential privacy (LDP) protocols are
vulnerable to data poisoning attacks where an attacker can manipulate the final
estimate on the server by leveraging the characteristics of LDP and sending
carefully crafted data from a small fraction of controlled local clients. This
vulnerability raises concerns regarding the robustness and reliability of LDP
in hostile environments.
In this paper, we conduct a systematic investigation of the robustness of
state-of-the-art LDP protocols for numerical attributes, i.e., categorical
frequency oracles (CFOs) with binning and consistency, and distribution
reconstruction. We evaluate protocol robustness through an attack-driven
approach and propose new metrics for cross-protocol attack gain measurement.
The results indicate that Square Wave and CFO-based protocols in the Server
setting are more robust against the attack compared to the CFO-based protocols
in the User setting. Our evaluation also unfolds new relationships between LDP
security and its inherent design choices. We found that the hash domain size in
local-hashing-based LDP has a profound impact on protocol robustness beyond the
well-known effect on utility. Further, we propose a zero-shot attack detection
by leveraging the rich reconstructed distribution information. The experiment
show that our detection significantly improves the existing methods and
effectively identifies data manipulation in challenging scenarios.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要