Data Poisoning Attacks to Locally Differentially Private Frequent Itemset Mining Protocols

TL;DR

This paper reveals vulnerabilities in local differential privacy protocols for frequent itemset mining by proposing practical data poisoning attacks, demonstrating their effectiveness through extensive experiments.

Contribution

It introduces a unified attack framework for LDP frequent itemset mining protocols, highlighting security risks and potential for broader application.

Findings

Proposed attack successfully manipulates LDP frequent itemset mining.

Experiments show the attack outperforms baseline methods.

Threat severity is confirmed across multiple datasets.

Abstract

Local differential privacy (LDP) provides a way for an untrusted data collector to aggregate users' data without violating their privacy. Various privacy-preserving data analysis tasks have been studied under the protection of LDP, such as frequency estimation, frequent itemset mining, and machine learning. Despite its privacy-preserving properties, recent research has demonstrated the vulnerability of certain LDP protocols to data poisoning attacks. However, existing data poisoning attacks are focused on basic statistics under LDP, such as frequency estimation and mean/variance estimation. As an important data analysis task, the security of LDP frequent itemset mining has yet to be thoroughly examined. In this paper, we aim to address this issue by presenting novel and practical data poisoning attacks against LDP frequent itemset mining protocols. By introducing a unified attack framework with composable attack operations, our data poisoning attack can successfully manipulate the state-of-the-art LDP frequent itemset mining protocols and has the potential to be adapted to other protocols with similar structures. We conduct extensive experiments on three datasets to compare the proposed attack with four baseline attacks. The results demonstrate the severity of the threat and the effectiveness of the proposed attack.