Towards Defending Against Byzantine LDP Amplified Gain Attacks

Local differential privacy (LDP) has been widely used to collect sensitive data from distributed users while preserving individual privacy. However, very recent studies show that LDP is vulnerable to manipulation and poisoning attacks. Maximal gain attack (MGA) is one of the most fundamental examples. In this paper, we take one step further to introduce a novel type of attacks called Byzantine LDP amplified gain attacks (BLAGA) that is precisely derived from the randomness of an LDP protocol, unveiling LDP’s inherent conflict between privacy and security. We show that MGA is a special case of BLAGA. Subsequently, we propose a defense framework that makes use of a data-driven approach to automatically identify the target items via multi-round data collection. It differs from existing solutions in that it does not require any prior knowledge, which is normally difficult to acquire in practical settings. Finally, we perform extensive experiments on various datasets to show that our defense framework can well preserve the utility of heavy hitter identification with effective security protection.