Research On The Privacy Vulnerability Of Published Anonymous Mobility Trajectories

The development of mobile device and location technology makes obtaining moving objects' precise locations anywhere and anytime possible.Collecting one moving object's series of location information with time related can form a mobility trace.These traces usually contain a wealth of spatio-temporal information,and valuable information can be obtained through reasonable mining and analysis.Since these traces may contain large amount of participants' private information,if an attacker illegally acquires trajectories of victims,he or she can deduces different kinds of confidential events which are closely related to victims..In order to protect the privacy of trajectories,appropriate privacy protection technology should be used to preprocess those data before being released.The commonly used privacy protecting methods can be divided into two categories: 1.modify the original trajectory,reduce the traces' accuracy in space-time(for example,reduce the resolution of the recording trace or insert noise into the trace)to achieve the purpose of protection of privacy,the disadvantage is data distortion seriously,low availability.2.anonymize the mobility trajectory,namely use pseudonyms(random unique identifier)to replace the true identity of the participants.And the true identity of the participants can't be associated with the pseudonym in any way.This anonymous method is easy to implement,having low computing cost,without changing the original trace data.Because of obtaining the greatest advantages of data availability,it is widely used.However,although pseudonyms technology eliminates the identity of participants released,but it's not able to effectively protect participants' location privacy.Reasons are that:1.The trajectory of each participant has its inherent characteristics(mode),and will not be changed dramatically in the short term.2.After anonymous traces released,the movement of participants will still continue to happen,which can be observed by others in various ways.For example,an attacker could track their targets over a period of time or infer their location from side channel such as social network,blog.After that,an attacker will use targets' traces or location that obtained to make a feature comparison with accessible anonymous trajectory,and then can get targets' traces from anonymous traces with high probability and uniquely.This paper presents a novel de-anonymization attack from anonymous mobility traces: firstly,the attacker obtains temporal and spatial characteristics of mobile objects by conducting analysis on an anonymous mobility trace set.Secondly,the attacker tries to capture some pieces of trajectories of victims within any time interval in the future through tracking the victims or searching side channel information.Finally,by comparing the features extracted from anonymous traces with obtained trajectories,history trajectories of victims can be identified from anonymous traces.In order to verify the feasibility of the proposed attack,two de-anonymization schemes are implemented.We used real trajectories collected from Shanghai and Shenzhen city to conduct trace-driven simulations.It is demonstrated by experiments that high de-anonymization accuracy can be achieve,which reveals the potential risks of privacy on the published anonymous trajectories traces.Firstly,the paper analyzed preference for anonymous track sections and proposed an improved TF-IDF method for constructing the trajectory feature vector,which an attacker use traces obtained to compare with traces in anonymous set.After analyzed preference of anonymous track sections,the paper found significant different preferences between different track sections,and have the common features between the same vehicle trajectories.By this method,the paper can get accuracy rate of de-anonymization in Shanghai and Shenzhen anonymous trajectory at 70.65% and 50.96% respectively.With the increase of the test track length,it can make an accurate rate reached 94.81% and 74.24%.To analyze the characteristics of parking spots,and then the paper proposed a method to use k-means and SVM technology to construct the trajectory feature vector for de-anonymization.The paper analyzed the reasons that caused the stops in detail,the parking spots are divided into two categories and get these stops that represent characteristic of tracks.Through the experiment,the accuracy rate can reach 48.58% and 39.66% respectively.Similarly,increasing the length of the test track,the paper can get 85.22% and 66.67%.Multi-classifier combination technologies are adapted to aggregate the above two attacks.Simulation results shows the performances of several commonly used combination schemes.We conclude that by using appropriate classifier combination,the de-anonymization accuracy can be increased.