Adversarial Classification Under Differential Privacy

The last decade has seen a growing interest in adversarial classification, where an attacker tries to mislead a classifier meant to detect anomalies. We study this problem in a setting where anomaly detection is being used in conjunction with differential privacy to protect personal information. We show that a strategic attacker can leverage the additional noise (introduced to ensure differential privacy) to mislead the classifier beyond what the attacker could do otherwise; we also propose countermeasures against such attacks. We then evaluate the impact of our attacks and defenses in road traffic congestion and smart metering examples.

[1]  Aleksander Madry,et al.  On Evaluating Adversarial Robustness , 2019, ArXiv.

[2]  Gang Wang,et al.  Poster: Defending against Sybil Devices in Crowdsourced Mapping Services , 2016, MobiSys '16 Companion.

[3]  Dimitri P. Bertsekas,et al.  Convex Optimization Algorithms , 2015 .

[4]  Rajnikant Sharma,et al.  Attack Mitigation in Adversarial Platooning Using Detection-Based Sliding Mode Control , 2015, CPS-SPC '15.

[5]  M Rinehart,et al.  Analysis of competitive electricity markets under a new model of real-time retail pricing , 2011, 2011 8th International Conference on the European Energy Market (EEM).

[6]  Alexandre M. Bayen,et al.  Virtual trip lines for distributed privacy-preserving traffic monitoring , 2008, MobiSys '08.

[7]  Elisa Bertino,et al.  Private record matching using differential privacy , 2010, EDBT '10.

[8]  Kevin P. Schneider,et al.  Modern Grid Initiative Distribution Taxonomy Final Report , 2008 .

[9]  Benjamin Coifman,et al.  Vehicle Re-Identification and Travel Time Measurement in Real-Time on Freeways Using Existing Loop Detector Infrastructure , 1998 .

[10]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[11]  Jean-Yves Le Boudec,et al.  Quantifying Location Privacy , 2011, 2011 IEEE Symposium on Security and Privacy.

[12]  T. Moon,et al.  Mathematical Methods and Algorithms for Signal Processing , 1999 .

[13]  Venugopal V. Veeravalli,et al.  Decentralized detection in sensor networks , 2003, IEEE Trans. Signal Process..

[14]  Margaret Martonosi,et al.  DP-WHERE: Differentially private modeling of human mobility , 2013, 2013 IEEE International Conference on Big Data.

[15]  Prashant J. Shenoy,et al.  Private memoirs of a smart meter , 2010, BuildSys '10.

[16]  Martin Treiber,et al.  Traffic Flow Dynamics , 2013 .

[17]  John S. Baras,et al.  Evaluation of Detection Algorithms for MAC Layer Misbehavior: Theory and Experiments , 2009, IEEE/ACM Transactions on Networking.

[18]  Alexandre M. Bayen,et al.  Evaluation of traffic data obtained via GPS-enabled mobile phones: The Mobile Century field experiment , 2009 .

[19]  Claude Castelluccia,et al.  I Have a DREAM! (DiffeRentially privatE smArt Metering) , 2011, Information Hiding.

[20]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[21]  George J. Pappas,et al.  Real-time privacy-preserving model-based estimation of traffic flows , 2014, 2014 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS).

[22]  Henrik Sandberg,et al.  Limiting the Impact of Stealthy Attacks on Industrial Control Systems , 2016, CCS.

[23]  Rebecca N. Wright,et al.  A Practical Differentially Private Random Decision Tree Classifier , 2009, 2009 IEEE International Conference on Data Mining Workshops.

[24]  J. Andel Sequential Analysis , 2022, The SAGE Encyclopedia of Research Design.

[25]  S. Datta,et al.  Attributes of direct measurement of inductance in a loop detector for traffic control , 2004 .

[26]  Alvaro A. Cárdenas,et al.  Evaluating Electricity Theft Detectors in Smart Grid Networks , 2012, RAID.

[27]  Norbert Henze,et al.  Empirical‐distribution‐function goodness‐of‐fit tests for discrete models , 1996 .

[28]  Jean-Pierre Hubaux,et al.  Quantifying Interdependent Privacy Risks with Location Data , 2017, IEEE Transactions on Mobile Computing.

[29]  Edward Chung,et al.  Traffic Queue Estimation for Metered Motorway On-Ramps through use of Loop Detector Time Occupancies , 2013 .

[30]  David A. Wagner,et al.  Mimicry attacks on host-based intrusion detection systems , 2002, CCS '02.

[31]  C. Daganzo THE CELL TRANSMISSION MODEL.. , 1994 .

[32]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[33]  Pravin Varaiya,et al.  Arterial travel time estimation based on vehicle re-identification using wireless magnetic sensors , 2009 .

[34]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2009, CCS.

[35]  Hoeteck Wee,et al.  Toward Privacy in Public Databases , 2005, TCC.

[36]  Mario Gerla,et al.  Congestion Attacks to Autonomous Cars Using Vehicular Botnets , 2015 .

[37]  Claude Castelluccia,et al.  Differentially private sequential data publication via variable-length n-grams , 2012, CCS.

[38]  Alexander Skabardonis,et al.  Detecting Errors and Imputing Missing Data for Single-Loop Surveillance Systems , 2003 .

[39]  M. Burris,et al.  Benefit-Cost Analysis of Variable Pricing Projects: SR-91 Express Lanes , 2006 .

[40]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[41]  A. Banerjee Convex Analysis and Optimization , 2006 .

[42]  J. Wolfowitz,et al.  Optimum Character of the Sequential Probability Ratio Test , 1948 .

[43]  Ing-Ray Chen,et al.  Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems , 2013, IEEE Transactions on Reliability.

[44]  John S. Baras,et al.  Evaluation of classifiers: Practical considerations for security applications , 2006, AAAI 2006.

[45]  J. Zico Kolter,et al.  Certified Adversarial Robustness via Randomized Smoothing , 2019, ICML.

[46]  Cynthia Dwork,et al.  Privacy, accuracy, and consistency too: a holistic solution to contingency table release , 2007, PODS.

[47]  John S. Baras,et al.  A framework for the evaluation of intrusion detection systems , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[48]  Eran Yahav,et al.  Exploiting Social Navigation , 2014, ArXiv.

[49]  Hisashi Kashima,et al.  Theoretical evidence for adversarial robustness through randomization: the case of the Exponential family , 2019, ArXiv.

[50]  David K. Y. Yau,et al.  Impact of integrity attacks on real-time pricing in smart grids , 2013, CCS.

[51]  J. Alex Halderman,et al.  Green Lights Forever: Analyzing the Security of Traffic Infrastructure , 2014, WOOT.

[52]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[53]  Catuscia Palamidessi,et al.  Geo-indistinguishability: differential privacy for location-based systems , 2012, CCS.

[54]  Benjamin Coifman,et al.  Improved Speed Estimation From Single-Loop Detectors With High Truck Flow , 2014, J. Intell. Transp. Syst..

[55]  Michael J. Cassidy,et al.  Vehicle reidentification and travel time measurement on congested freeways , 2002 .

[56]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[57]  G. Danezis,et al.  Privacy Technologies for Smart Grids - A Survey of Options , 2012 .

[58]  Carlos Murguia,et al.  CUSUM and chi-squared attack detection of compromised sensors , 2016, 2016 IEEE Conference on Control Applications (CCA).

[59]  Suman Jana,et al.  Certified Robustness to Adversarial Examples with Differential Privacy , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[60]  Hui Xiong,et al.  Preserving privacy in gps traces via uncertainty-aware path cloaking , 2007, CCS '07.

[61]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[62]  Simone Tini,et al.  Towards a formal notion of impact metric for cyber-physical attacks (full version) , 2018, IFM.