School of Cyberspace Security, Information Security Center, National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications, Beijing, China.
State Key Laboratory of Public Big Data, College of Computer Science and Technology, Guizhou University, Guiyang, China.
PLoS One. 2021 Sep 16;16(9):e0256892. doi: 10.1371/journal.pone.0256892. eCollection 2021.
In Location-Based Social Networks (LBSNs), registered users submit their reviews for visited point-of-interests (POIs) to the system providers (SPs). The SPs anonymously publish submitted reviews to build reputations for POIs. Unfortunately, the user profile and trajectory contained in reviews can be easily obtained by adversaries who SPs has compromised with. Even worse, existing techniques, such as cryptography and generalization, etc., are infeasible due to the necessity of public publication of reviews and the facticity of reviews. Inspired by pseudonym techniques, we propose an approach to exchanging reviews before users submit reviews to SPs. In our approach, we introduce two attacks, namely review-based location correlation attack (RLCA) and semantic-based long-term statistical attack (SLSA). RLCA can be exploited to link the real user by reconstructing the trajectory, and SLSA can be launched to establish a connection between locations and users through the difference of semantic frequency. To resist RLCA, we design a method named User Selection to Resist RLCA (USR-RLCA) to exchange reviews. We propose a metric to measure the correlation between a user and a trajectory. Based on the metric, USR-RLCA can select reviews resisting RLCA to exchange by suppressing the number of locations on each reconstructed trajectory below the correlation. However, USR-RLCA fails to resist SLSA because of ignoring the essential semantics. Hence, we design an enhanced USR-RLCA named User Selection to Resist SLSA (USR-SLSA). We first propose a metric to measure the indistinguishability of locations concerning the difference of semantic frequency in a long term. Then, USR-SLSA can select reviews resisting SLSA to exchange by allowing two reviews whose indistinguishability is below the probability difference after the exchange to be exchanged. Evaluation results verify the effectiveness of our approach in terms of privacy and utility.
在基于位置的社交网络(LBSN)中,注册用户向系统提供商(SP)提交他们对访问的兴趣点(POI)的评价。SP 匿名发布提交的评价,为 POI 建立声誉。不幸的是,用户配置文件和轨迹包含在评价中,很容易被 SP 妥协的对手获取。更糟糕的是,由于评价的公开发布和评价的真实性,现有的技术,如加密和概括化等,是不可行的。受假名技术的启发,我们提出了一种在用户向 SP 提交评价之前交换评价的方法。在我们的方法中,我们引入了两种攻击,即基于评价的位置关联攻击(RLCA)和基于语义的长期统计攻击(SLSA)。RLCA 可以通过重建轨迹来利用它来链接真实用户,而 SLSA 可以通过语义频率差异来建立位置和用户之间的连接。为了抵抗 RLCA,我们设计了一种名为 User Selection to Resist RLCA(USR-RLCA)的方法来交换评价。我们提出了一种度量来衡量用户和轨迹之间的相关性。基于该度量,USR-RLCA 可以通过抑制每个重建轨迹上的位置数量低于相关性来选择抵抗 RLCA 的评价进行交换。然而,由于忽略了本质语义,USR-RLCA 无法抵抗 SLSA。因此,我们设计了一种增强的 USR-RLCA,名为 User Selection to Resist SLSA(USR-SLSA)。我们首先提出了一种度量来衡量在长期内位置关于语义频率差异的不可区分性。然后,USR-SLSA 可以通过允许两个可交换性低于交换后概率差的评价进行交换,来选择抵抗 SLSA 的评价进行交换。评估结果验证了我们的方法在隐私和效用方面的有效性。
