Differentially Private Aggregated Mobility Data Publication Using Moving Characteristics

With the rapid development of GPS enabled devices (smartphones) and location-based applications, location privacy is increasingly concerned. Intuitively, it is widely believed that location privacy can be preserved by publishing aggregated mobility data, such as the number of users in an area at some time. However, a recent attack shows that these aggregated mobility data can be exploited to recover individual trajectories. In this paper, we first propose two differentially private basic schemes for aggregated mobility data publication, namely direct perturbation and threshold perturbation, which preserve location privacy of users and especially resist the trajectory recovery attack. Then, we explore the moving characteristics of mobile users, and design an improved scheme named static hybrid perturbation by combining the two basic schemes according to the moving characteristics. Since static hybrid perturbation works only for static data, which are entirely available before publishing, we further adapt the static hybrid perturbation by combining it with linear regression, and yield another improved scheme named dynamic hybrid perturbation. The dynamic hybrid perturbation works also for dynamic data, which are generated on the fly during publication. Privacy analysis shows that the proposed schemes achieve differential privacy. Extensive experiments on both simulated and real datasets demonstrate that all proposed schemes resist the trajectory recovery attack well, and the improved schemes significantly outperform the basic schemes.