保护位置隐私的效用优化本地差分隐私机制

移动设备收集用户的地理位置数据用以提供个性化服务，同时也会产生数据泄露的潜在风险。现有地理位置差分隐私保护机制对于不同地理位置隐私保护级别等同对待，效用优化本地差分隐私（ULDP）考虑了对数据加以不同级别的隐私保护，但仅适用于类别型数据的频率估计，在地理位置隐私保护方面没有应用。考虑ULDP机制下的地理位置保护方案，将平方机制进行改造，提出效用优化的平方机制（USM）。该机制对于敏感地理位置满足本地差分隐私，对于非敏感地理位置不作安全性要求以提高整体效用。选取2种不同的真实地理位置数据集，在隐私预算相同的条件下将USM与平方机制进行对比实验，理论分析和实验结果表明USM在效用方面有显著提升。本文同时还展望了本机制进一步优化的可能方向。

Utility-optimized Local Differential Privacy Mechanism for Protecting Location Privacy

Mobile devices collect users’ geographic location data to provide personalized services, which will also produce the potential risk of data leakage. The existing geographic location differential privacy protection mechanism treats different geographic location privacy protection levels equally. Utility-optimized local differential privacy (ULDP) considers different levels of privacy protection for data, but it is only applicable to the frequency estimation of category data and has no application in geographic location privacy protection. Considering the geographic location protection scheme under ULDP mechanism, the square mechanism is transformed, and a utility-optimized square mechanism (USM) is proposed. This mechanism meets the local differential privacy for sensitive geographical locations and does not make security requirements for non-sensitive geographical locations to improve the overall utility. Two different real geographic data sets are selected to compare USM with square mechanism under the condition of the same privacy budget. Theoretical analysis and experimental results show that USM has significantly improved in its effectiveness. At the same time, it also looks forward to the possible direction of further optimization of this mechanism.