Data Poisoning Attacks and Defenses to CDP-Based Crowdsensing
摘要
Central Differential Privacy (CDP) is commonly employed to protect privacy in crowdsensing systems by introducing noise. Nonetheless, malicious workers can leverage this noise to carry out stealthy data poisoning attacks. In this chapter, we propose a game-theoretic defense mechanism aimed at countering such threats within CDP-based privacy-preserving crowdsensing systems. Our model assumes that attackers are formidable, as they can tailor their attack strategies by observing the deployed defensive measures. Specifically, defenders tackle the problem by casting their challenge as a functional minimization task, defending poisoning attacks through the removal of data contributed by workers flagged as malicious via a log-likelihood ratio test. In contrast, attackers design their poisoning strategy as a bi-level maximization problem, striving to skew crowdsensing outcomes as significantly as possible while remaining undetected. Since attackers have insight into the defense strategies, they may circumvent these defenses by manipulating the expected log-likelihood ratio test. Moreover, they can bypass truth discovery algorithms in CDP-based privacy-preserving crowdsensing systems by exploiting the injected noise. Finally, we introduce an algorithm for computing local minimax points to identify an equilibrium in the defender-attacker game, thereby establishing an optimal defense strategy against robust data poisoning. Extensive experiments on both real-world and synthetic datasets confirm that our game-based defense mechanism effectively mitigates covert and potent attacks.