NDSS 2025 – On the Robustness Of LDP Protocols For Numerical Attributes Under Data Poisoning Attacks
嗯,用户让我总结一篇文章的内容,控制在100字以内,而且不需要特定的开头。首先,我需要仔细阅读文章内容,抓住主要信息。
文章标题是“On the Robustness of LDP Protocols for Numerical Attributes under Data Poisoning Attacks”,看起来是关于局部差分隐私协议在数据投毒攻击下的鲁棒性研究。作者来自西电、 Purdue和阿里巴巴等机构。
文章提到,LDP协议在面对数据投毒攻击时存在漏洞,攻击者可以利用这些协议的特点发送恶意数据,影响服务器的最终估计结果。这引发了对LDP在敌对环境中的可靠性的担忧。
研究方法方面,他们系统地评估了现有LDP协议的鲁棒性,特别是针对数值属性的情况。使用了攻击驱动的方法,并提出了新的跨协议攻击增益衡量指标。结果显示,在服务器端的Square Wave和CFO协议比用户端的更 robust。
此外,研究还发现哈希域大小对协议鲁棒性的影响,并提出了一种零样本攻击检测方法,实验表明检测效果显著优于现有方法。
现在要将这些内容浓缩到100字以内。需要涵盖研究主题、方法、关键发现和贡献。
可能的结构:研究LDP协议在数据投毒下的鲁棒性,评估现有协议,提出新指标和检测方法,发现服务器端协议更 robust,并揭示设计选择的影响。
确保语言简洁明了,不使用复杂术语过多。
</think>
该研究探讨了局部差分隐私(LDP)协议在数据投毒攻击下的鲁棒性问题。通过系统评估现有LDP协议,并提出新指标和零样本攻击检测方法,发现服务器端的Square Wave和CFO协议更具抗攻击能力。研究还揭示了LDP设计选择对鲁棒性的影响。
2026-1-27 20:0:0
Author: securityboulevard.com(查看原文)
阅读量:3
收藏
Session 10C: Privacy Preservation
Authors, Creators & Presenters: Xiaoguang Li (Xidian University, Purdue University), Zitao Li (Alibaba Group (U.S.) Inc.), Ninghui Li (Purdue University), Wenhai Sun (Purdue University, West Lafayette, USA)
PAPER
On the Robustness of LDP Protocols for Numerical Attributes under Data Poisoning Attacks
Recent studies reveal that local differential privacy (LDP) protocols are vulnerable to data poisoning attacks where an attacker can manipulate the final estimate on the server by leveraging the characteristics of LDP and sending carefully crafted data from a small fraction of controlled local clients. This vulnerability raises concerns regarding the robustness and reliability of LDP in hostile environments. In this paper, we conduct a systematic investigation of the robustness of state-of-the-art LDP protocols for numerical attributes, i.e., categorical frequency oracles (CFOs) with binning and consistency, and distribution reconstruction. We evaluate protocol robustness through an attack-driven approach and propose new metrics for cross-protocol attack gain measurement. The results indicate that Square Wave and CFO-based protocols in the server setting are more robust against the attack compared to the CFO-based protocols in the user setting. Our evaluation also unfolds new relationships between LDP security and its inherent design choices. We found that the hash domain size in local-hashing-based LDP has a profound impact on protocol robustness beyond the well-known effect on utility. Further, we propose a zero-shot attack detection by leveraging the rich reconstructed distribution information. The experiment show that our detection significantly improves the existing methods and effectively identifies data manipulation in challenging scenarios.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
