GLPP: A Game-Based Location Privacy-Preserving Framework...

Research ArticleGLPP A Game-Based Location Privacy-Preserving Frameworkin Account Linked Mixed Location-Based Services

Zhuo Ma 12 Jiuxin Cao 12 Xiusheng Chen2 Shuai Xu2 Bo Liu2 and Yuntao Yang2

1Key Laboratory of Computer Network Technology of Jiangsu Province School of Cyber Science and EngineeringSoutheast University Nanjing China2School of Computer Science and Engineering Southeast University Nanjing China

Correspondence should be addressed to Jiuxin Cao jxcaoseueducn

Received 13 January 2018 Revised 12 March 2018 Accepted 3 April 2018 Published 20 May 2018

Academic Editor Laurence T Yang

Copyright copy 2018 ZhuoMa et alThis is an open access article distributed under the Creative Commons Attribution License whichpermits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

In Location-Based Services (LBSs) platforms such as Foursquare and Swarm the submitted position for a share or search leadsto the exposure of usersrsquo activities Additionally the cross-platform account linkage could aggravate this exposure as the fusionof usersrsquo information can enhance inference attacks on usersrsquo next submitted location Hence in this paper we propose GLPP apersonalized and continuous location privacy-preserving framework in account linked platforms with different LBSs (ie search-based LBSs and share-based LBSs) The key point of GLPP is to obfuscate every location submitted in search-based LBSs so as todefend dynamic inference attacks Specifically first possible inference attacks are listed through user behavioral analysis Secondfor each specific attack an obfuscation model is proposed to minimize location privacy leakage under a given location distortionwhich ensures submitted locationsrsquo utility for search-based LBSsThird for dynamic attacks a framework based on zero-sum gameis adopted to joint specific obfuscation above and minimize the location privacy leakage to a balanced point Experiments onreal dataset prove the effectiveness of our proposed attacks in Accuracy Certainty and Correctness and meanwhile also show theperformance of our preserving solution in defense of attacks and guarantee of location utility

1 Introduction

In a platformwith Location-Based Services (LBSs) a relevantposition is submitted for a share or search (eg check-in localsearch) which connects the physical world with cyber worldand social world together [1] However usersrsquo locations areexposed to LBS providers and stored in a LBS server duringthis procedure Once misused or attacked usersrsquo habits oractivities can be inferred through their historical trajectoriesFor example theWeChat (httpswebwechatcom) user whouses the surrounding search to explore new friends nearbymay disclose his current location [2 3] Another exampleis for Foursquare (httpsfoursquarecom) users using localsearch at a relatively private place (eg the hospital the bank)In above cases location privacy protection is a need while theuser experience should also be ensured in search-based LBSs

Existing researches on location privacy protection haveworked out many feasible solutions in this traditional areaincluding access control [4ndash6] data distortion [7ndash9] and

cryptography [10] However little attention has been paid tothe location privacy leakage in account linked mixed LBSswhere the situation becomes more complex The accountlinked mixed LBSs refer to two or more LBSs varied in kindwhose base platforms are linked by account According tofunctionality LBSs can be divided into two groups namelyshare-based LBSs (eg check-in) and search-based LBSs(eg localremote search) respectively With these mixedLBSs linked privacy protection becomes more difficult fromthe view of either individual platform or comprehensiveplatforms

Individually for account linked mixed LBSs differentstrategies should be developed corresponding to differentsituations in specific LBSs Similar to users in search-basedLBSs facing the trade-off between privacy protection anduser experience users using share-based LBSs can also becaught in a dilemma when some locations are considered tobe private for themselves Traditional obfuscation is efficientfor the former case but does not work in the latter case

HindawiSecurity and Communication NetworksVolume 2018 Article ID 9148768 14 pageshttpsdoiorg10115520189148768

2 Security and Communication Networks

name

popularity

address

geo-coordinates

categories

Figure 1 A location profile from Foursquare

Since locations published in share-based LBSs are aimed atrequiring a sentimental value from online friends user statusand locations submitted should not be obfuscated As a resultusers need toweigh the gains and loss by themselves to decidewhether to make the location public

Comprehensively account linkage [11] shares user infor-mation cross platforms which leads to a boost in locationinference attacks about both the users and their friends Foran anchor user who has linked accounts cross platforms hissequential locations in time order are connected to form arelatively complete trajectoryOn the other hand the differentfriend circles maintained in different platforms are integratedinto a new one which provides more abundant informationfor location inference attacks

Based on challenges mentioned above in this paper wewould like to preserve usersrsquo location privacy in accountlinked LBSs which is formally defined as the ldquoaccount linkedLBSs caused location privacy leakagerdquo (AL-LPL) problemAL-LPL is a typical problem belonging to the ldquoaccount linkedservices caused privacy leakagerdquo (AL-PL) problem which isvery urgent under the prevalence of account linked platformsOnce a userrsquos location leaked the harm is greater than insingle platform as more friends are exposed The solutionwe have proposed in this paper could not only solve AL-LPL but also provide a feasible method for the followingwork in this area Furthermore AL-LPL is a general problemand can be applied to a kind of account linked platformsproviding LBSs like Facebook (httpswwwfacebookcom)Yelp (httpswwwyelpcom) WeChat and DIAN PING(httpwwwdianpingcom) In addition AL-LPL is a novelproblem when compared with traditional privacy leakageproblems Different from traditional location privacy leakage[12 13] in a specific kind of LBS AL-LPL has discussedlocation privacy leakage caused by linking different LBSs AL-LPL is also distinct from the work [14] discussing locationprivacy leakage in mixed LBSs in one platform because LBSsin AL-LPL are organized in more than one system such thatnetwork alignment is needed between two platforms

Here we use the Foursquare-Swarm as the research caseto show the effectiveness of our proposed attacks and test the

performance of corresponding protection mechanism Forinformation integration wemake use of existing anchor usersand adopt the location profile system of Foursquare to bethe knowledge base [15] As shown in Figure 1 every Pointof Interest (POI) in this system has a unique profile withdetailed information which can tolerate light deviation ofcoordinates and address name respectively Hence a locationin any forms of coordinates or address can be unified inthis system represented by a location profile with a uniquelocation ID

Based on the network alignment of two platforms anew heterogeneous social network with mixed LBSs is con-structed where specific inference attacks are formed to guessuserrsquos next submitted location These inference attacks aresupported by previous analysis of userrsquos behavior in socialnetwork [16ndash19] which suggests that userrsquos location can bepredicted by both friendsrsquo trajectory and his periodicmobilitypattern Besides to avoid the disturbance from overactiveusers with friends or trajectory across the world we limit therange of inference attacks to a predefined geographical region(eg a city)

To defend the attacks above we use a framework (shownin Figure 2) based on noncooperative game to help a userto obfuscate both his historical locations and his onlinelocation before the submission in search-based LBSThebasichypothesis here is that ldquoservice providers and LBS locationservers are untrustworthyrdquo Therefore our design does notrely on any trusted third party (TTP) Here every locationin search-based LBS is obfuscated through a unified methodThe solution imitates usersrsquo random walk to a near Pointof Interest (POI) takes the trade-off between obfuscationand submissionrsquos utility into consideration and implementsoptimal obfuscation to fend off dynamic inference attacksFor details an obfuscation model is established for specificfixed attack where AL-LPL is transformed into a multiob-jective optimization problem to reduce attackrsquos performancein Accuracy and Correctness Based on every obfuscationsolution against every listed inference attack a game-basedframework is adopted to defend the dynamic attacks whereAL-LPL is transformed into aminimax optimization problem

Security and Communication Networks 3

Service Providers F

Database

Obfuscation

Friendship

Smart Phone

Historical Data

KNN Locations

Service Providers S

Database

Friendship

Check-insFriendship

Friendshiplocations Obfuscation

Foursquare Swarm

Check-ins

Figure 2 The framework of location privacy protection

to avoid the worst case for location privacy leakage under anygiven attacks Our main contribution of this paper consists ofthe following

(i) To the best of our knowledge this is the first work togive a specific protection solution for location privacyleakage caused by account linked LBSs

(ii) New attack models are established to infer usersrsquo nextsubmitted location based on usersrsquo and their friendsrsquohistorical trajectory and proved to have boosts inattack effectiveness through information fusion whencompared with the state-of-the-arts [20 21]

(iii) To defend continuous and dynamic attacks formedfrom the above an improved gamed-based frame-work is proposed to obfuscate every location insearch-based LBS which consists of the offline com-bination of obfuscation solutions generated by ourproposed obfuscation model and the online updatingaccording to whether a new location is produced inany LBS

(iv) The experiments based on real dataset demonstratethe effectiveness of our solutions in defending multi-source continuous attacks and prove that the locationutility of our solutions is under usersrsquo control

The rest of this paper is organized as follows Section 2introduces the preliminary work Section 3 gives the corre-sponding solution and empirical experiments are reportedin Section 4 Section 5 discusses the related work Section 6draws the conclusion

2 Preliminaries

In this section we first introduce background informationabout Foursquare and Swarm (httpswwwswarmappcom)

followed by network alignment between these platformswhich provide a foundation for problem formulation

21 Background Information As representative LBS plat-forms Foursquare and Swarm are adopted to be the researchcase to prove the effectiveness of our proposed attacks andprotection As a companion application separated from olderFoursquare Swarm allows users to share their current loca-tion with friends and develops into a Location-Based SocialNetwork (LBSN) with the share-based LBS Meanwhile newFoursquare provides a local search and recommendationservice and transforms into a popular mixed LBS platform(ie local search is a search-based LBS and recommendationservice is a share-based LBS) Here the recommendationservice is provided based on tipswritten in Foursquare whichreflects usersrsquo preference for POI During the separation oldFoursquare users coexist between these two new platformswhich produces sufficient cross-platform account linkageOn the other hand once new users register in Swarm theycould choose to use their existing Foursquare account Inaddition a redirection linkage is also provided on the webpage of Foursquare which directs to the web page of SwarmAs a result the two online platforms are closely coalignedwith each other In this typical case the AL-LPL problempotentially exists for all these linked accounts

22 Network Alignment As the foundation of user informa-tion fusion network alignment [22] is a reflection betweenthe nodes of different networks so as to combine two ormorenetworks into a new hybrid network with global informationFor platforms with LBSs their networks are composed of twokinds of nodes (ie user node and location node) and twokinds of edges (ie user-user friendship edge user-location


submission edge) As a consequence the reflection should beestablished both between users and between locations

As for network alignment between Foursquare andSwarm for one thing the sufficient account linkages provideadequate anchor users which leads to a complete reflectionbetween user nodes cross platforms For another thingFoursquare and Swarm share the same location profilesystem as a result of earlier separation so they share thesame reflection between a given position (eg coordinatesaddress) and location ID Hence the location mapping is nota problem For platforms not sharing the unified reflectionwith each other Foursquare can also be used as the mappingstandard because of its well-defined location profiles wherecoordinates can be clustered to the nearest POI to alleviatelocation drift and incomplete address can be matched withthe key words

23 Problem Formulation In LBS a user 119906 submits a (longi-tude latitude) pair to location server when he prefers a kindof services Suppose 119906rsquos real location is 119903 without locationprivacy protection this information can be used by adversaryfor his inference attacks For our solution in local searchservice a pseudolocation 1199031015840 is selected in a specific locationset which is composed of all the historical locations producedby 119906 and 119906rsquos friends Here from the specific location setthe 119896-nearest POIs are sorted out each with an obfuscatedprobability 119901 Then the pseudolocation 1199031015840 is chosen fromthese POIs according to the certain probability distribution119875 Here 119896 is called protection level

From adversaryrsquos point of view when location servers arecompromised adversary obtains three parts of user 119906rsquos infor-mation (1) 119906rsquos mixed historical trajectory tr(119906) from twoplatforms (2) 119906rsquos friendship list119865(119906) in Swarm (3) any friend119906119891rsquos mixed historical trajectory tr(119906119891) from two platformsMeanwhile adversary can guess the protection level 119896 if 119906rsquoshome address has been exposed in his profile so we suppose119896 is known to adversary As a result adversaryrsquos backgroundknowledge about 119906 is KnL(119906) = ⟨tr(119906) 119865(119906) tr(119906119891) 119896⟩

Armed with above knowledge KnL(119906) when getting 119906rsquoscurrent pseudolocation 1199031015840 adversary would guess 119906rsquos truelocation according to candidatesrsquo probability distribution 119866Here all possible inference attacks ASet are established tocompute 119866 where candidates are 119896-nearest positions that canbe obfuscated to 1199031015840

Therefore the AL-LPL problem can be defined as followsgiven (1) 119906rsquos setting about lower bound of location utility119876 after obfuscation (119876 is a real number between 0 and 1and larger119876 represents better location utility) (2) 119906rsquos currentlocation 119903 (3) adversaryrsquos background knowledge KnL(119906)about 119906 and (4) adversaryrsquos possible attacks set ASet how toget optimal obfuscation distribution 119875 under maximum lossof location utility 119876119897 (119876119897 = 1 minus 119876)3 Solution

In this section our proposed solution for AL-LPL is giventhrough (1) analyzing potential inference attacks (2) estab-lishing specific obfuscation model for corresponding attacks

and (3) using the improved game-based framework to defendcontinuous dynamic attacks

31 Potential Attacks Analysis Here the analysis of potentialinference attacks consists of two steps (1) we enumerate thecommon-used guessingmethods based on all themeaningfulcombination of background knowledge (2) and adopt twotracking methods namely distribution tracking and maxi-mum likelihood tracking to determine the final probabilitydistribution of guessed results

(1) For the first thing ways to compute initial candidatesrsquoprobability distribution 119866 are as follows

(11) Basic Guessing EB Basic Guessing refers to the guessingwithout any background knowledge With userrsquos pseudolo-cation 1199031015840 given the candidatesrsquo probability is represented as119892(11990310158401015840 | 1199031015840) Here two common conditional probability distri-butions are adopted for their wide usage namely even dis-tribution and Bayesian distribution The guessing followingthese distributions are represented by E and B and theircandidatesrsquo probabilities are defined as follows

119866119864 = 119892 (11990310158401015840 | 1199031015840) = 1119899119866119861 = 119892 (11990310158401015840 | 1199031015840) = 119901 (1199031015840 | 11990310158401015840) 119901 (11990310158401015840)119901 (1199031015840) (1)

where 119899 is the number of candidates 119901(11990310158401015840) and 119901(1199031015840)represent the probability of 119906rsquos appearance in location 11990310158401015840 and1199031015840 respectively Here they are based on the statistics of 119906rsquoshistorical trajectory119901(1199031015840 | 11990310158401015840) is the probability of submitting1199031015840 when 11990310158401015840 is the real location Since real value of 119901(1199031015840 | 11990310158401015840)is difficult for adversary to infer obfuscation is supposed tofollow an even distribution With protection level 119896 known119901(1199031015840 | 11990310158401015840) equals 1119896(12) Friendship-Based Guessing F Friendship-Based Guess-ing is the guessing based on similarity between 119906 and 119906rsquosfriend 119906119891 According to previous research carried out byCho et al [23] there is a positive correlation between socialrelationship and human movement A friend with highersimilarity intends to visit more common places with 119906Suppose the similarity score in guessing F is sim(119906 119906119891) thenthe calculation of the candidatesrsquo probability distribution119866 isas follows119866119865 = 119892 (11990310158401015840 | KnL (119906)) = sum

119906119891isin119865119906

sim (119906 119906119891)sdot (1 minus prod

1199031015840119906119891isin120579(11990310158401015840)

(1 minus 119892 (11990310158401015840 | 1199031015840119906119891))) (2)

where 120579(11990310158401015840) refers to the location set of all the possibleobfuscation when user locates at 11990310158401015840 Here sim(119906 119906119891) is usedas a weight to multiply the probability that 119906119891 has evervisited at least one position in obfuscation set 120579(11990310158401015840) Asa result all friends of 119906 are taken into account to decide


every candidatersquos probability Additionally sim(119906 119906119891) is thesimilarity score between 119906 and 119906119891 which are calculatedthrough two-item attribute information namely commonfriend ratio and trajectory similarity

First the similarity score between usersrsquo friends is calcu-lated with measure Jaccardrsquos coefficient [24] that is for 119906 andhis friend 119906119891

sim (119865 (119906) 119865 (119906119891)) = 10038161003816100381610038161003816119865 (119906) cap 119865 (119906119891)1003816100381610038161003816100381610038161003816100381610038161003816119865 (119906) cup 119865 (119906119891)10038161003816100381610038161003816 (3)

where 119865(119906) and 119865(119906119891) are the friend list of 119906 and 119906119891respectively

Second the trajectory similarity between 119906 and his friend119906119891 is measured by Jaccardrsquos coefficient where sim(tr(119906)tr(119906119891)) can be defined as follows

sim (tr (119906) tr (119906119891)) = 10038161003816100381610038161003816tr (119906) cap tr (119906119891)1003816100381610038161003816100381610038161003816100381610038161003816tr (119906) cup tr (119906119891)10038161003816100381610038161003816 (4)

where 119906 and 119906119891 are the historical locations generated by 119906 and119906119891 on both Foursquare and Swarm in time order respectivelyWith sim(119865(119906) 119865(119906119891)) and sim(tr(119906) tr(119906119891)) known the

similarity score between 119906 and his friend 119906119891 is defined asfollows

sim (119906 119906119891)= 120572 sim (119865 (sdot) 119865 (sdot))max minus sim (119865 (119906) 119865 (119906119891))

sim (119865 (119906) 119865 (119906119891)) minus sim (119865 (sdot) 119865 (sdot))min

+ 120573 sim (tr (sdot) tr (sdot))max minus sim (tr (119906) tr (119906119891))sim (tr (119906) tr (119906119891)) minus sim (tr (sdot) tr (sdot))min

(5)

where 120572 and 120573 are weight coefficients whose optimal valuecan be learnt from data theoretically However this will makethe model too complicated To focus on the AL-LPL problemitself in this paper we assume 120572 and 120573 are equally importantand assign them with the same weight (ie 120572 = 120573 = 05)for simplicity concerns Besides normalization is used tocalculate a relative similarity score so as to eliminate the effectof different value ranges which is caused by different attributeinformation

(13) Mobility-Pattern-Based Guessing M Mobility-Pattern-Based Guessing is the guessing based on periodic mobilitypattern of 119906 Previous studies [23] show that a user tendsto visit the same place at a regular time Here POIs on 119906rsquostrajectory can be extracted and listed based on their proposedtimestamps and are classified into seven timewindows whichrepresent seven days of a week from Sunday to SaturdayAs a consequence the corresponding guessing process isrepresented as

119866119872 = 119892 (11990310158401015840 | KnL (119906))= 1 minus prod

tw(1199031015840ℎ) = tw(1199031015840)amp1199031015840ℎisin120579(11990310158401015840)(1 minus 119892 (11990310158401015840 | 1199031015840ℎ)) (6)

where tw(sdot) is the time window of input location and 1199031015840ℎdenotes the submitted location in the past Other definitionshave been demonstrated in expression (2) Therefore thecandidatesrsquo probability distribution 119866 equals the probabilitythat 119906 has ever paid a visit to at least one location inobfuscation set 120579(11990310158401015840) and meanwhile the visit belongs to thesame time window of current pseudolocation 1199031015840

From all the possible combination of the above guessingin this paper we form four kinds of representative attacks(1) Basic Attacks attacks only adopt Basic Guessing EB(2) Friendship-Based Attacks attacks integrate Basic Guess-ing EB with Friendship-Based Guessing F (3) Mobility-Pattern-Based Attacks attacks integrate Basic Guessing EBwith Mobility-Pattern-Based Guessing M (4) Comprehen-sive Attacks attacks integrate Basic Guessing EB withFriendship-Based Guessing F and Mobility-Pattern-BasedGuessingM Here linear combination is used in this integra-tion due to its simplicity and wide usage That is

119866119862 = 119892 (11990310158401015840 | KnL (119906) 1199031015840)= 1205961119866119861 + 1205962119866119865 + 1205963119866119872sum1199031015840isin120579(11990310158401015840) 119892 (11990310158401015840 | KnL (119906) 1199031015840)

(7)

where 120596119894 is the weight coefficient of every guessing and islearnt through experiments 119866119862 is candidatesrsquo probabilitydistribution 119866 of Comprehensive Attacks based on guessingB F andM The denominator is used for normalization

(2) Moreover tracking methods are introduced as followsAs for tracking methods some adversary believe only

locations with maximum likelihood are qualified for candi-dates such that they remove positions with less likelihood ininferring 119906rsquos real location Others regard all 119896 points around1199031015840 as candidates and select guessed location by followingcandidatesrsquo probability distribution 119866 Figure 3 provides anexample for these two tracking methods

Suppose distribution tracking is denoted by T1 and max-imum likelihood tracking is represented by T2 all possibleattacks are listed as follows ET1 ET2 EFT1 EFT2 EMT1EMT2 ECT1 ECT2 BT1 BT2 BFT1 BFT2 BMT1 BMT2BCT1 BCT2

32 Obfuscation Model As is mentioned before our workaims to get the optimal obfuscation distribution 119866 undermaximum loss of location utility 119876119897 Here two targets areaimed at in our obfuscation according to Raza Shokri etalrsquos work in [25] In that paper three criteria are put for-ward to measure the attacksrsquo effectiveness namely AccuracyCertainty and Correctness Accuracy is defined as the hitprobability of real position 119903 Certainty shows the entropy ofcandidatesrsquo probability distribution 119866 and Correctness is thedistance expectation between guessed location 11990310158401015840 and truelocation 119903 As is analyzed in [25] Certainty is less importantthan the other two factors in determining whether an attackis effective Hence Accuracy and Correctness are selected asoptimum targets in our protection solutions

As the opposite of adversary our protection solutionsneed to decrease the hit probability EA and increase 11990310158401015840 and 119903rsquos


1818

28

28

28 0

0

Distribution Tracking

0

0013

13 0

13

Maximum Likelihood Tracking

User Check-in (Pseudo-location)Guessed location Set

Figure 3 An example of distribution tracking and maximum likelihood tracking

distance expectation ED as much as possible The definitionsof EA and ED are as follows

EA = sum1199031015840

119891 (1199031015840 | 119903) 119892 (11990310158401015840 = 119903 | KnL (119906) 1199031015840) (8)

ED = sum11990310158401015840 1199031015840

119891 (1199031015840 | 119903) 119892 (11990310158401015840 | KnL (119906) 1199031015840) 119889 (119903 11990310158401015840) (9)

where 119891(1199031015840 | 119903) is the obfuscation probability of 1199031015840 giventhat 119903 is the real location 119892(11990310158401015840 = 119903 | KnL(119906) 1199031015840) is the hitprobability based on knowledge KnL(119906) when 1199031015840 is pseudo-location In addition 119892(11990310158401015840 | KnL(119906) 1199031015840) is candidatesrsquo proba-bility based on knowledge KnL(119906)when 1199031015840 is pseudolocationand 119889(119903 11990310158401015840) is the distance between real position and guessedresult Here all the possible 1199031015840 with corresponding guessedresults are accumulated for ED and the Euclidean distance isused to calculate 119889(119903 11990310158401015840)

Besides the loss of location utility 119876V with the limit ofmaximum value at 119876119897 is defined as follows

119876V = sum1199031015840

119891 (1199031015840 | 119903) 119889 (119903 1199031015840) (10)

Based on restrictions mentioned above including EAED and 119876119897 we have proposed our obfuscation modelcorresponding to the situation where the attack is identified

Measured by hit probability EA and the distance expec-tation ED the score of our obfuscation model can berepresented as

score (119875) = 1205931 times (minusED) + 1205932 times EA (11)

where 1205931 and 1205932 are the weight of ED and EA respectively1205931 1205932 ge 0 and 1205931 + 1205932 = 1 Here we assume that EA isthe most important index and set 1205931 = 01 and 1205932 = 09respectively Definitely it is convenient for users to modifythese factors when they expect higher performance in EDand do not so much care about the performance in EA

Consequently the optimal obfuscation distribution 119875lowast =119891lowast(1199031015840 | 119903) that can minimize the score function will be119875lowastargmin119875

score (119875)= arg min

119875(1205931 times (minusED) + 1205932 times EA)

st 119876V le 119876119897sum1199031015840

119891 (1199031015840 | 119903) = 1 119891 (1199031015840 | 119903) ge 0(12)

To solve the objective function (1) the set 119871 119904 of 119896-nearestlocations is initialized for every POI (2) Next three targetsincluding EA ED and 119876119897 are initialized according to (8)(9) and (10) respectively (3) After that simplex algorithm[26] is used with the input of objective function and theconstraints Here the time complexity of this algorithm is119874(119899log(119896)) where 119899 is the number of POIs in dataset and 119896is the protection level

As a consequence 16 protection solutions are formedaccording to specific attacks proposed beforeThey are ET1PET2P EFT1P EFT2P EMT1P EMT2P ECT1P ECT2PBT1P BT2P BFT1P BFT2P BMT1P BMT2P BCT1P andBCT2P

33 Improved Game-Based Framework Based on everyobfuscation solution against every listed inference attack agame-based framework is adopted to defend the continuousand dynamic attacks The improved game-based frameworkis to obfuscate every location in search-based LBS whichconsists of the offline model combining obfuscation solutionsgenerated by our proposed obfuscation model and the onlineupdating according to whether a new location is produced inany LBS

(1) Offline Model For dynamic inference attacks a mappingis established from attack-and-defense process to a noncoop-erative game corresponding to the main elements of game


namely players the strategy and the profit In our work(1) players refer to adversary and users (2)The adversaryrsquosstrategy space AStra is a subset of possible inference attacksset ASet containing relatively efficient attacks selected fromASet while usersrsquo strategy space PStra is composed ofcorresponding protections to defend attacks in AStra (3)For users the profit 119864119901 is measured by how efficiently theirlocations in local search are protected and correspondingtarget functions have already been analyzed in formula (11)For adversary the obtained profit EA can be regarded as theprofit loss of users so the sum of these two profits is zeroTherefore profits of both sides are defined as below119864119901 = 1205931 times (minusED) + 1205932 times EA (13)

119864119860 = minus (1205931 times (minusED) + 1205932 times EA) (14)

where we assume that EA is the most important index andset 1205931 = 01 and 1205932 = 09 respectively Definitely it isconvenient for users tomodify these factors when they expecthigher performance in ED and do not somuch care about theperformance in EA

To defend dynamic attacks specific obfuscation solutionis mixed based on our proposed obfuscation model throughthe minimax theorem [27] as

119891mix (1199031015840 | 119903) = 119899sum119894=1

120590119894 times PStra119894 (15)

where PStra119894 is every obfuscation solution based on theobfuscation model which belongs to PStra 120590119894 is its weightwhich is learnt through experiments After several roundsan equilibrium will be achieved from which we can obtainhybrid protection solution as is described below

To produce a proper pseudolocation 1199031015840 as userrsquos sub-mission (1) the set 119871 119904 of 119896-nearest locations is initializedfor every POI (2) After that the set of protection strategyPStra is established corresponding to adversaryrsquos strategyspace AStra (3) Then every entry of usersrsquo profit matrix iscalculated through formula (13) (4) Furthermore the zero-sum game is transformed into a dual linear programmingproblem and the simplex optimization method is used toget the final obfuscation probability 119891lowast(1199031015840 | 119903) (5) At lastselection is done following the probability of 119891lowast(1199031015840 | 119903)to produce a pseudolocation 1199031015840 For time complexity thisalgorithm needs119874(119886119899sdot log(119896)) where 119899 is the number of POIsin dataset 119896 is the protection level 119886 is the size of attack spaceAStra (119886 ≪ 119899) and 119887 is the size of protection space PStra(119887 ≪ 119899)

From the above it is uncertain whether the loss oflocation utility 119876V is still lower than 119906rsquos setting in this game-based protection Derivation below is the analysis of thisissue which proves that the119876119897 constraint is still satisfied thatis 119876V = sum

1199031015840

119891mix (1199031015840 | 119903) 119889 (119903 1199031015840)= sum1199031015840

(sum119899

120590119894 times PStra119894)119889 (119903 1199031015840)

= 1205901sum1199031015840

PStra1 times 119889 (119903 1199031015840) + sdot sdot sdot+ 120590119899sum1199031015840

PStra119899 times 119889 (119903 1199031015840) le 1205901119876119897 + sdot sdot sdot + 120590119899119876119897le 119876119897 ( 119899sum

119894=1

120590119894 = 1) (16)

(2) Online Updating Strategy Every time a location is sub-mitted for share-based LBSs in two platforms the onlineupdating is carried out for our game-based solution wherethe optimal obfuscation distribution 119875 is recalculated Onthe other hand if a location is proposed for local searchour protection would work out its fuzzy location following 119875and begin updating afterwards Additionally every updatingrefers to a recalculation of 119875 so as to support consecutiveprotection

4 Experiments

In this section dataset comparedmethods evaluationmetricsand experiment setup are introduced followed by our exper-iment result and some corresponding analysis

41 Dataset Description In our experiments we use trajec-tory produced by New York users in Foursquare and SwarmA user is consideredNewYork-based if he specifies NewYorkin the location field of his profile

Here we adopt the method mentioned in [28] to crawlusersrsquo check-ins in Swarm and get usersrsquo tips in Foursquarethrough Foursquare API Unfortunately usersrsquo submittedlocations in local search are unavailable through public datacollection so we use the location list drawn from tips inFoursquare to simulate the locations in local search due totheir tight coupling in temporary-space Here we make twoassumptions (1) For a common user his tips are alwayspublished after local searching to share his experience (2)Not every user would share tips after using local searchservice As a result the tips used for simulation in ourexperiment provide relatively sparse data compared withpractical local search Though locations are comparativelysparse in local search considering the attack-and-defenseprocess based on the same dataset the utility of datasetcannot be determined Therefore additional experiments inSection 453 would further discuss this problem and findthe influence of location sparsity on effectiveness testing inattack-and-defense process

Here data are preprocessed in both Foursquare andSwarm We filter users through their HomeCity (a tag thatcan be found in user profile and it is included in ourinitial dataset HomeCity indicates the userrsquos living city)eliminate inactive users with less than 5 positions and getthe initial research dataset 119863 As a result in 119863 users areall New York citizens and their proposed locations arelimited in New York in which tips were produced from2008-10-14T225335Z to 2017-10-18T092430Z and check-ins


Local search distribution on users3500

3000

2500

2000

1500

1000

500

0

120

100

80

60

40

20

0

Local search distribution on locations

Local search count

Check-in distribution on locationsCheck-in distribution on users7000

6000

5000

4000

3000

2000

1000

0

times105

times105

times104

Check-in count Check-in count

4003002001000 1086420

Local search count

50403020100 3252151050

9

8

7

6

5

4

3

2

1

0

Loca

tion

coun

tLo

catio

n co

unt

Use

r Cou

ntU

ser c

ount

Figure 4 The check-instips distributions on users and locations respectively

Table 1 Detailed information of initial dataset119863Dataset Foursquare (New York)User node 11776Location node 117658Tips edge 182342Dataset Swarm (New York)User node 11776Location node 395215Friendship edge 223610Check-in edge 1830368

were produced from 2009-04-13T062353Z to 2017-10-27T201939Z As shown in Table 1 in dataset 119863 we canfind that every user has nearly 19 friends and has made

about 15 tips and 155 check-ins in average Furthermore themean check-ins that happened on every location is over 46while the mean tips produced on every location is about2 Besides the distribution of initial dataset is analyzedincluding count of users with varied numbers of check-instips in corresponding LBSs and count of locations withdifferent numbers of check-instips in corresponding LBSsAs is shown in Figure 4 all submitted locations distributionsboth follow the power-law distribution and have scale-freeproperties which accords with the basic characteristics ofLBSN Therefore our research dataset is representative andgeneral

42 ComparedMethods To show the improving effectivenessof multisource attacks we compare our proposed inferenceattacks with two other attacks namely MaximumMovementBoundary (MMB) [20] and Context-aware Location Attack(CLA) [21]


(1)MMB is an attack introduced in [20] based on userrsquosmaximum movement boundaries In this attack userrsquos reallocation can be inferred from the overlapping area of twocontinuous movement boundaries In our experiment theuserrsquos maximum movement speed is set to 6 kmh accordingto empirical human walking speed(2) CLA is an attack based on association of locationsin the context and is proposed in [21] For 119906rsquos any twopseudolocations 1199031015840119894 and 1199031015840119894+1 the corresponding referenceattack targeting at AL-LPL problem can be represented as

ℎ (11990310158401015840 | 119870 (119906) 1199031015840119894 1199031015840119894+1)= sum119901119894isin120579(1199031015840119894)119901119894+1isin120579(1199031015840119894+1) 119875CLA (11990310158401015840 | 119901119894 119901119894+1)1003816100381610038161003816120579 (1199031015840119894)1003816100381610038161003816 times 1003816100381610038161003816120579 (1199031015840119894+1)1003816100381610038161003816 (17)

where 119875CLA(11990310158401015840 | 119901119894 119901119894+1) can be calculated by sixth formulaproposed in [21] and 120579(sdot) contains all the possible obfuscationwhen user locates at the input position

To show the performance of our proposed Improvedgame-based protection I-GAMEP two kinds of protectionare adopted here to make a comparison namely I-INIP andI-BASICP respectively

Here I-INIP is the continuous obfuscation solutionwhich follows even distribution Its offline solution is rep-resented by INIP I-BASICP and I-GAMEP are both estab-lished based on initial protection I-INIP I-BASICP refersto the corresponding obfuscation protections combined withour proposed updating strategy in defense of specific attacksFor comparison I-GAMEP is the continuous protectionsolutions in defense of the combination of five representativeinference attacks (ie ET1 ECT1 ECT2 BCT1 and BCT2)

43 Evaluation Metrics Here Accuracy Certainty and Cor-rectness proposed in [25] are used to verify the effectivenessof our attack models at one point Furthermore their meanvalues ACC CER and COR are proposed to measure theperformance of our proposed continuous protection and aredefined as follows

ACC = 1119873sum119873

119875 (119903 | KnL (119906) 1199031015840)CER

= 1119873sum119873

sum11990310158401015840

119875 (11990310158401015840 | KnL (119906) 1199031015840) log 1119875 (11990310158401015840 | KnL (119906))COR = 1119873sum

119873

sum11990310158401015840

119875 (11990310158401015840 | KnL (119906) 1199031015840) 119889 (119903 11990310158401015840) (18)

where119873 is the frequency of attack and defense in the testingset KnL(119906) is 119906rsquos background knowledge 119903 is 119906rsquos real position1199031015840 is pseudolocation and 11990310158401015840 is guessed location 119889(sdot) ismeasured by Euclidean distance

When it comes to the location utility on the one handfrom theoretical aspect we adopt two representative protec-tions as examples to show the tendency of privacy leakageunder different value of location utility loss which aim to

verify that the location utility loss has an upper limit for theminimized privacy leakageOn the other hand frompracticalaspect we use the PrecisionN to measure the Accuracyof the location list returned by local search service whensubmitting pseudolocation Here the list returned by localsearch before the obfuscation is set to be the benchmarkThelist as a result of Foursquare local search contains nearbyrequested locations from the closest to furthest within limiteddistance range Hence the PrecisionN is used to reflectthe physical distance between pseudo- and true location ina direct way

44 Experiment Setup All of our experiments were con-ducted on a machine running Windows 7 with an Intel5Core i5 processor and 8GB of RAM Our solutions havebeen implemented in C++

In our experiments (1) to test the effectiveness of attacksthe initial protection INIP following even distribution iscarried out to locations in local search (2) For performanceanalysis of protection solution 400 users are selected totrain the weight coefficient 120596119894 of the hybrid attacks and theoptimized combination of weights is selected through thesecases (3) To evaluate the performance of our protectionmethods the same method is adopted while the training setof randomly selected 400 users is used to find the optimizedweight120590119894 combination of usersrsquo strategy space PStra (4)Thenother 100 users are randomly selected to compose the testingset to evaluate the performance of baseline and our proposedprotection methods

For parameters introduced in this paper we set theprotection level 119896 isin 3 5 7 9 11 13 15 and the loss oflocation utility 119876119897 isin 005 006 018 019 If there is nospecific explanation the default values are assigned where119896 = 7 and 119876119897 = 00845 Experiment Results Theexperiment results of addressingthe AL-LPL problem are available in Tables 2-3 and Figures5ndash7 In this part we test the effectiveness of our proposedinference attacks prove the priority of our game-basedprotection through comparison and measure the loss oflocation utility

451 Attacksrsquo Effectiveness Analysis To test the performanceof our proposed 7 representative attack methods INIP iscarried out on local search part of dataset 119863 Here wefix 119876119897 = 008 and vary the protection level 119896 from 3to 15 in a step of 2 From the results shown in Table 2we can observe the following (1) In most cases BCT2performs the best among all the compared methods ininferring user future location evaluated by Accuracy andCertainty If not the best its performance is also near the bestThis demonstrates that the joint of multisource informationcan deeply aggravate the leakage of location privacy Bycomparison for Correctness the performance seems to haveno obvious regularity (2) In most cases EMT1 can achievebetter performance in Accuracy and Correctness than EFT1while EFT1 performs better in Certainty which suggests thatboth close friendsrsquo trajectory and usersrsquo historical trajectory


014

015

016

017

018

019

ECT1 BCT1 MMB CLA

Accuracy

155

16

165

17

175

18

ECT1 BCT1 MMB CLA

Certainty

0

2

4

6

8

10

ECT1 BCT1 MMB CLA

Correctness

Figure 5 Performance comparison of different representative attacks (119896 = 7 and 119876119897 = 008)

01

0105

011

0115

012

0125

013

0135

014

005

006

007

008

009 0

10

110

120

130

140

150

160

170

180

19

ECT1PGAMEP

Ql

EP

Figure 6 Relation between location utility and privacy leakageunder ECT1P andGAMEP (119896 = 7)

0

005

01

015

02

025

5 10 15 20 25 30

Prec

ision

N

N

Local Search about lsquolsquoShop amp Servicerdquo

BCT2PGAMEP

Figure 7 Local search results comparison of our proposed protec-tion (119896 = 7 and 119876119897 = 008)can reveal more location privacy in different aspects and alsoproves the supplemental role of linked platforms in locationdisclosure (3) By comparing ECT2BCT2 with ECT1BCT1correspondingly we observe that trackingmethodT2 ismoreeffective than T1 in most cases when measured by AccuracyCertainty andCorrectness (4)With the increase of protectionlevel most attacksrsquo Accuracy falls down steadily while most

of their Certainty and Correctness show a rise trend insteadwhich agrees with the correlation analysis in [25]

Extra experiments are performed to compare the effec-tiveness of different attacks which are controlled by variables119896 = 7 and 119876119897 = 008 In Figure 5 comparison is madebetween our proposed inference attacks (ie ECT1 BCT1)MMB andCLAwith the same trackingmethodT1 Here (1)it is shown that BCT1 performs best in all the cases whichreflects the general optimization of our proposed attackstowards location inference in most linked platforms (2)Furthermore the attack effectiveness of MMB is undesirablebecause of the locationsrsquo sparsity in online social networksThe reason why CLA has a bad performance is that CLAonly considers the correlation between locations but neglectsfriendship and user behavioral periodicity As a result attacksconsidering these factors perform better

452 Protection Effectiveness Analysis In this experiment 119896and119876119897 are both set to the default value Here Table 3 providesthe performance comparison between different protectionmethods I-BCT1P and I-BCT2P are chosen as the typicalI-BASICP We observe that (1) our proposed protectionmethods both performbetter than baseline protection I-INIPin defensive Accuracy and Correctness while I-INIP has abetter performance in Certainty (2) When compared withthe typical I-BASICP I-GAMEP shows its general defenseof varied changed attacks such that the I-GAMEP can alwaysavoid the worst case in defense of varied attacks Hence the I-GAMEP is proved to have priority in semantic level to avoidadversaryrsquos accurate guessing in POI level

453 Location Utility Analysis Here from the view of ourmodel to verify that the location utility loss has a limit forthe minimized privacy leakage the relation between locationutility and privacy leakage is analyzed for each attack anddefense through experiment where the value of 119896 is fixedas before Here we use the latest attack and defense to bethe example and measure the privacy leakage by 119864119901 throughformula (13) As is shown in Figure 6 we specify BASICPto be ECT1P and compare it with GAMEP To find out therelation between location utility and privacy leakage towardsECT1 attack under these two protections respectively wecompute every privacy leakage under different 119876119897 (from005 to 019 step by 001) and describe the tendency byconnecting every discreet point Corresponding conclusions


Table 2 Performance comparison of our proposed representative attacks (119876119897 = 008)Measure Attacks 119896

3 5 7 9 11 13 15

Accuracy

ET1 03287 02050 01555 01078 00930 00778 00703EFT1 03288 01995 01495 01217 00871 00808 00738EMT1 03598 02443 01733 01402 01029 00886 00680ECT1 03557 02337 01761 01419 01082 00874 00762BCT1 03565 02506 01836 01418 01412 00875 00764ECT2 03575 02452 01690 01420 00986 00905 00752BCT2 03797 02894 02166 01420 01380 00905 00752

Certainty


Correctness


Table 3 Comparison of protection under different continuous attacks (119896 = 7 and 119876119897 = 008)Measure Protections Attack methods

ECT1 BCT1 BCT2 ET1 BT1 BT2 MMB CLA

ACC

I-INIP 01589 01666 01930 01438 01792 01795 01443 01442I-BCT1P 01581 01659 01926 01434 01791 01793 - - - -I-BCT2P 01583 01660 01924 01435 01789 01792 - - - -I-GAMEP 01570 01649 01915 01434 01788 01790 - - - -

CER


COR


are as follows (1) It is easy to find that the leaked privacydecreases with the increase of 119876119897 and converges to a stablevalue Here the stable value is supposed to be the limit ofthe location utility loss 119876119897 when privacy leakage maintainsminimum This is because the protection methods cannotselect a pseudolocation which has an infinite distance fromreal position According to our mechanism the selectedcandidates are limited by the locations of userrsquos and hisfriendsrsquo daily visit (2)Besides for the same119876119897 privacy leakedby ECT1P is always smaller than using GAMEP We suggestthat this is becauseGAMEP has involved the defense of other

localization attacks so that its performance is more inferiorthan ECT1P in defense of ECT1 attack

Moreover when it comes to the specific analysis of localsearch results we make the comparison between differentprotection solutions which contains the BCT2P as a typicalBASICP and the GAMEP Here we use the latest attackand defense to be the example Since each local search inFoursquare will return 30 locations at first we use 30 tobe the upper bound in our precision computing On theother hand one topic is selected namely ldquoShop amp Servicerdquoin order to provide real-world scenarios in our verification


The topic ldquoShop amp Servicerdquo is a relatively wide range whichincludes ATM bank andmarketWith 119896 and119876119897 at the defaultvalue based on three criteria the results shown in Figure 7suggest the following (1) Both BASICP and the GAMEPcould support local search service since the searching resultshave some overlapping parts when compared with the resultsproduced by userrsquos real position (2) Additionally the preci-sion of GAMEP seems better than the results from BASICPin most cases

5 Related Work

Previous studies on location privacy protection have mainlypaid their attention to the leakage problems that occurredin search-based LBS through mobile phone data [29] whosesolutions are all provided from the view of LBS providerssystem design and users

From the stand of LBS providers the earliest work isa protocol named Geopriv [30] proposed by The InternetEngineering Task Force (IETF) which is aimed at makingspecifications about location presentation and transforma-tion After that a growing number of works are carried outabout access control [4ndash6] however most provisions needto be observed conscientiously With no legal restraint andno benefit for LBS providers corresponding protocols aredifficult to be effective

Moreover solutions trying to promote system design aremost based on data distortion [8 9 31ndash33] and cryptography[10] For data distortion methods like cloaking [8 31]suppression [9] and perturbation [32 33] are proposedHerecloaking [8 31] requires the submission of a larger regionto avoid privacy leakage while suppression [9] is aimed atbreaking the periodic mobility pattern through the removalof location data In addition differential privacy [32 33]as a typical perturbation-based method adds noise to theaggregate data to prevent information disclosure betweencontinuous query Besides Imran Memon et al propose anasymmetric cryptograph based anonymous communicationfor LBS in [10] Despite having performedwell most of worksmentioned above draw support from a TTP or the locationanonymizer which is not easy to establish and maintain for adeveloped LBS platform such as Foursquare and Yelp

For user-centric solutions Raza Shokri et al use theStackelberg Bayesian game to formalize themutual optimiza-tion of user-adversary objectives in LBS in [7] which is easierto be put into effect As a result the game-based protectionframework we used in this paper draws on the experience ofRaza Shokri et alrsquos work combined with an update strategyto defend dynamic continuous inference attacks Other user-centric solutions more or less have their drawbacks suchas Shokri et alrsquos another work in [34] It hides most of theuserrsquos queries through collaboration with other peers contextinformation has been kept in a buffer and passed to someonewho is seeking it Although it does not rely on the TTP theQoS is also not measured in this situation

Combined with the above methods there are two com-mon frameworks One is Mix-Zone proposed in [35] andimproved in [36 37] to provide a space for a set of users enter-ing changing pseudonyms and exitingThe key point of this

framework is to establish a mapping between usersrsquo old andnew pseudonyms but this exchange does not apply to socialnetworks Another famous example is 119896-anonymity [38 39]which needs a trusted third party to collect information ofthe 119896 minus 1 nearest users for obfuscation Having realized thisproblem many researchers proposed extensions to avoid thisproblem including Raza Shokri et al in [7]

With the prevalence of smartphones and the developmentof LBS platforms attention has been turned to the locationprivacy protection in search-basedLBSplatforms and shared-based LBS platforms where new challenges are faced due todifferent application scenarios and varied data sparsity Forlocation privacy protection in search-based LBS platformssome new possible attacks [2 40] are focused on and solvedOther works [41 42] are devoted to traditional locationprivacy leakage problem such as that of Cheng and Aritsugiin [41] who have designed a system with obfuscated regionmaps generated in mobile devices to provide a user-centricprotection And our work is similar to them in storing userrelated locations in their mobile phone As for share-basedLBS platforms new attacks are proposed including untrustedfriendsrsquo inference attacks [43 44] and destination inferenceattacks [45]

Above all existing researches have not paid much atten-tion to location privacy leakage in account linked LBSs notto mention corresponding protection solutions As a newproblem full of challenges it has been solved in this paperwith a continuous game-based preserving framework

6 Conclusions

In this paper we focus on a new circumstance where theinformation linked by accounts is fused by the adversary tomake amore accurate inference attacks about userrsquos next pro-posed location Our analysis shows a remarkable influence ofmultisource data on location privacy disclosure To defendthe continuous multisource attacks we propose an improvedgame-based location privacy-preserving framework GLPP toobfuscate every location in local search before submissionHere the obfuscationmodel is used to provide specific obfus-cation solutions according to varied inference attacks whilethe user experience is ensured under userrsquos control Duringthe attack-and-defense process the online updating strategyin GLPP provides a dynamic obfuscation distribution whichas a result supports consecutive protection Experimentalresults show that our proposed GLPP performs better thaninitial protection in Accuracy Certainty and CorrectnessMeanwhile GLPP is also proved in our experiments toprovide a good user experience withoutmuch loss in locationutility

Additional Points

Highlights In this paper Location-Based Services (LBS) aredivided into two kinds of services (1) The search-basedLBSs provide search service for users which would still workwith submission obfuscated under a limited distortion (2)The share-based LBSs refer to check-in services and othercheck-in based LBSs which cannot work with obfuscatedsubmission due to their functionality


Conflicts of Interest

The authors declare that there are no conflicts of interestregarding the publication of this paper

Acknowledgments

This work is supported by National Natural Science Foun-dation of China under Grants no 61772133 no 61472081no 61402104 no 61370207 no 61370208 no 61300024 no61320106007 no 61272531 no 61202449 and no 61272054Collaborative Innovation Center of Wireless Communica-tions Technology Collaborative Innovation Center of SocialSafety Science and Technology Jiangsu Provincial Key Labo-ratory of Network and Information Security under Grant noBM2003201 and Key Laboratory of Computer Network andInformation Integration of Ministry of Education of Chinaunder Grant no 93K-9

References

[1] C R Vicente D Freni C Bettini et al ldquoLocation-RelatedPrivacy in Geo-Social Networksrdquo IEEE Internet Computing vol15 no 3 pp 20ndash27 2011

[2] J Peng Y Meng M Xue X Hei and K W Ross ldquoAttacksand defenses in location-based social networks a heuristicnumber theory approachrdquo in Proceedings of the InternationalSymposium on Security and Privacy in Social Networks and BigData (SocialSec) pp 64ndash71 IEEE Hangzhou China 2015

[3] M Xue Y Liu and K W Ross ldquoI know where you areThwarting privacy protection in location-based social discoveryservicesrdquo Security Communication Networks pp 179ndash184 2015

[4] M E Kabir and H Wang ldquoConditional purpose based accesscontrol model for privacy protectionrdquo in Proceedings of theConditional Purpose Based Access Control Model for PrivacyProtection Twentieth Australasian Conference on AustralasianDatabase Australian Computer Society pp 135ndash142 AustralianComputer Society 2009

[5] X Sun HWang Y Zhang and J Zhang ldquoPrivacy-aware accesscontrol with trust management in web servicerdquo World WideWeb-internet ampWeb Information Systems vol 14 no 4 pp 407ndash430 2011

[6] HWang L Sun and E Bertino ldquoBuilding access control policymodel for privacy preserving and testing policy conflictingproblemsrdquo Journal of Computer and System Sciences vol 80 no8 pp 1493ndash1503 2014

[7] R Shokri GTheodorakopoulos C Troncoso et al ldquoProtectinglocation privacy optimal strategy against localization attacksrdquoin Proceedings of the 2012 ACM Conference on Computer andCommunications Security pp 617ndash627 ACM New York NYUSA 2012

[8] L Kuang Y Wang P Ma L Yu C Li L Huang et al ldquoAnimproved privacy-preserving framework for location-basedservices based on double cloaking regions with supplementaryinformation constraintsrdquo Security and Communication Net-works vol 2017 Article ID 7495974 15 pages 2017

[9] X Chen X Wu X Y Li Y He and Y Liu ldquoPrivacy-preservinghigh-quality map generation with participatory sensingrdquo inProceedings of the IEEE INFOCOM vol 15 pp 2310ndash2318 IEEEToronto Canada 2014

[10] I Memon I Hussain R Akhtar and G Chen ldquoEnhancedprivacy and authentication an efficient and secure anonymouscommunication for location based service using asymmetriccryptography schemerdquo Wireless Personal Communications vol84 no 2 pp 1487ndash1508 2015

[11] Y Chen C-F Zhuang Q Cao and P Hui ldquoUnderstandingcross-site linking in online social networksrdquo in Proceedingsof the 8th Workshop on Social Network Mining and Analysis(SNAKDD) pp 1ndash9 ACM New York NY USA 2014

[12] H Zheng and X-F Meng ldquoA survey of trajectory privacy-preserving techniquesrdquo Chinese Journal of Computers vol 34no 10 pp 1820ndash1830 2011

[13] M Wernke P Skvortsov F Durr and K Rothermel ldquoA classifi-cation of location privacy attacks and approachesrdquo Personal andUbiquitous Computing vol 18 no 1 pp 163ndash175 2014

[14] D-Q Yang D-Q Zhang B-Q Qu and C PhilippeldquoPrivCheck privacy-preserving check-in data publishing forpersonalized location based servicesrdquo in Proceedings of the2016 ACM International Joint Conference on Pervasive andUbiquitous Computing (UbiComp) pp 545ndash556 ACM NewYork NY USA 2016

[15] Z Ji A Sun G Cong and J Han ldquoJoint recognition and linkingof fine-grained locations from tweetsrdquo in Proceedings of the 25thInternational Conference onWorldWideWeb (WWW) pp 1271ndash1281 2016

[16] E Cho S A Myers and J Leskovec ldquoFriendship and mobilityuser movement in location-based social networksrdquo in Proceed-ings of the 17th ACM SIGKDD International Conference onKnowledge Discovery and Data Mining pp 1082ndash1090 ACMSan Diego calif USA 2011

[17] Q Li Y Zheng X Xie Y Chen W Liu andW Y Ma ldquoMininguser similarity based on location historyrdquo in Proceedings of the16th ACM Sigspatial International Conference on Advances inGeographic Information Systems p 34 ACM New York NYUSA 2008

[18] M Ye P Yin W C Lee and D L Lee ldquoExploiting geographicalinfluence for collaborative point-of-interest recommendationrdquoin Proceedings of the 34th International ACM SIGIR Conferenceon Research and Development in Information Retrieval pp 325ndash334 ACM New York NY USA 2011

[19] B Niu Q Li X Zhu G Cao andH Li ldquoAchieving k-anonymityin privacy-aware location-based servicesrdquo in Proceedings ofIEEE INFOCOM pp 754ndash762 Toronto Canada 2014

[20] G Ghinita M L Damiani C Silvestri and E Bertino ldquoPre-venting velocity-based linkage attacks in location-aware appli-cationsrdquo in Proceedings of the 17th ACM Sigspatial InternationalConference on Advances in Geographic Information Systems pp246ndash255 ACM New York NY USA 2009 httpsdoiorg10114516537711653807

[21] H Zhang Z Xu Z Zhou J Shi and X Du ldquoCLPP Context-aware location privacy protection for location-based socialnetworkrdquo in Proceedings of the IEEE International Conference onCommunications pp 1164ndash1169 2015

[22] J Zhang and P S Yu ldquoPCT Partial Co-Alignment of SocialNetworksrdquo in Proceedings of the 25th International Conferenceon World Wide Web pp 749ndash759 ACM Montreal Canada2016

[23] E Cho S A Myers and J Leskovec ldquoFriendship and mobilityuser movement in location-based social networksrdquo in Proceed-ings of the 17th ACM SIGKDD International Conference onKnowledge Discovery and Data Mining pp 1082ndash1090 ACMNew York NY USA 2011


[24] D Liben-Nowell and J Kleinberg ldquoThe link prediction problemfor social networksrdquo in Proceedings of the 12th InternationalConference on Information and KnowledgeManagement vol 58pp 556ndash559 ACM New York NY USA 2003

[25] R Shokri G Theodorakopoulos J Y L Boudec and J PHubaux ldquoQuantifying location privacyrdquo in Proceedings of theIEEE Symposium on Security amp Privacy vol 42 pp 247ndash2622011

[26] G B Dantzig Programming in a linear structure Report of theSeptember meeting in Madison vol 17 pp 73-74 1948

[27] J V Neumann ldquoZurTheorie der GesellschaftsspielerdquoMathema-tische Annalen vol 100 no 1 pp 295ndash320 1928

[28] T Zhou J Cao B Liu S Xu Z Zhu and J Luo ldquoLocation-basedinfluence maximization in social networksrdquo in Proceedings ofthe 24th ACM International on Conference on Information andKnowledge Management pp 1211ndash1220 New York NY USA2015

[29] J K Laurila D Gatica-Perez I Aad et al ldquoFrom big smart-phone data to worldwide research the Mobile Data ChallengerdquoPervasive andMobile Computing vol 9 no 6 pp 752ndash771 2013

[30] J R Cuellar J BMorris D KMulligan J Peterson and J PolkldquoGeopriv reqsrdquo IETF Internet Draft 2003

[31] B Niu Q Li X Zhu and H Li ldquoA fine-grained spatial cloakingscheme for privacy-aware users in Location-Based Servicesrdquoin Proceedings of the International Conference on ComputerCommunication and Networks pp 1ndash8 IEEE 2014

[32] E ElSalamouny and S Gambs ldquoDifferential privacy models forlocation-based servicesrdquo Transactions on Data Privacy vol 9no 1 pp 15ndash48 2016

[33] L Yu L Liu and C Pu ldquoDynamicDifferential Location Privacywith Personalized Error Boundsrdquo in Proceedings of the Networkand Distributed System Security Symposium 2017

[34] R Shokri G Theodorakopoulos P Papadimitratos E Kazemiand J-P Hubaux ldquoHiding in the mobile crowd Location pri-vacy through collaborationrdquo IEEE Transactions on Dependableand Secure Computing vol 11 no 3 pp 266ndash279 2014

[35] A R Beresford and F Stajano ldquoLocation privacy in pervasivecomputingrdquo IEEE Pervasive Computing vol 2 no 1 pp 46ndash552003

[36] A R Beresford and F Stajano ldquoMix Zones User Privacy inLocation-aware Servicesrdquo in Proceedings of the Second IEEEConference on Pervasive Computing andCommunicationsWork-shops pp 127ndash131 IEEE Florida FL USA 2004

[37] B Niu Z Zhang X Li and H Li ldquoPrivacy-area aware dummygeneration algorithms for Location-Based Servicesrdquo in Proceed-ings of the IEEE International Conference on Communicationspp 957ndash962 Sydney Australia 2014

[38] X SunHWang J Li andY Zhang ldquoSatisfying privacy require-ments before data anonymizationrdquo The Computer Journal vol55 no 4 pp 422ndash437 2012

[39] B Gedik and L Liu ldquoLocation Privacy in Mobile SystemsA Personalized Anonymization Modelrdquo in Proceedings of 25thIEEE International Conference on Distributed Computing Sys-tems (ICDCS) pp 620ndash629 IEEE Columbus OH USA 2005

[40] G Theodorakopoulos ldquoThe Same-Origin Attack against Loca-tion Privacyrdquo in Proceedings of the 14th ACM Workshop onPrivacy in the Electronic Society pp 49ndash53 ACM New YorkNY USA 2015 httpdxdoiorg10114528081382808150

[41] W C Cheng and M Aritsugi ldquoA User Proprietary ObfuscateSystem for Positions Sharing in Location-Aware Social Net-worksrdquo Journal of Computer amp Communications vol 3 no 5pp 7ndash20 2015

[42] X Gong X Chen K Xing D-H Shin M Zhang and JZhang ldquoFrom social group utilitymaximization to personalizedlocation privacy in mobile networksrdquo IEEEACM Transactionson Networking vol 25 no 3 pp 1703ndash1716 2017

[43] YWuH Peng X Zhang andHChen ldquoPublishme andprotectme Personalized and flexible location privacy protection inmobile social networksrdquo in Proceedings of the 23rd InternationalSymposium on Quality of Service pp 147ndash152 IEEE PortlandOR USA 2015

[44] W C Cheng and M Aritsugi ldquoA User Sensitive Privacy-preserving Location Sharing System inMobile Social NetworkrdquoProcedia Computer Science vol 35 pp 1692ndash1701 2014

[45] D Xue L-F Wu H-B Li Z Hong and Z-J Zhou ldquoA noveldestination prediction attack and corresponding location pri-vacy protection method in geo-social networksrdquo InternationalJournal of Distributed Sensor Networks vol 13 no 1 2017

International Journal of

AerospaceEngineeringHindawiwwwhindawicom Volume 2018

RoboticsJournal of

Hindawiwwwhindawicom Volume 2018


Active and Passive Electronic Components

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics

Hindawiwwwhindawicom

Volume 2018

Hindawi Publishing Corporation httpwwwhindawicom Volume 2013Hindawiwwwhindawicom

The Scientific World Journal

Volume 2018

Control Scienceand Engineering

Journal of



Journal ofEngineeringVolume 2018

SensorsJournal of



RotatingMachinery


Modelling ampSimulationin EngineeringHindawiwwwhindawicom Volume 2018


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation


Hindawi

wwwhindawicom Volume 2018

Advances in

Multimedia

Submit your manuscripts atwwwhindawicom


name

popularity

address

geo-coordinates

categories

Figure 1 A location profile from Foursquare

Since locations published in share-based LBSs are aimed atrequiring a sentimental value from online friends user statusand locations submitted should not be obfuscated As a resultusers need toweigh the gains and loss by themselves to decidewhether to make the location public

Comprehensively account linkage [11] shares user infor-mation cross platforms which leads to a boost in locationinference attacks about both the users and their friends Foran anchor user who has linked accounts cross platforms hissequential locations in time order are connected to form arelatively complete trajectoryOn the other hand the differentfriend circles maintained in different platforms are integratedinto a new one which provides more abundant informationfor location inference attacks

Based on challenges mentioned above in this paper wewould like to preserve usersrsquo location privacy in accountlinked LBSs which is formally defined as the ldquoaccount linkedLBSs caused location privacy leakagerdquo (AL-LPL) problemAL-LPL is a typical problem belonging to the ldquoaccount linkedservices caused privacy leakagerdquo (AL-PL) problem which isvery urgent under the prevalence of account linked platformsOnce a userrsquos location leaked the harm is greater than insingle platform as more friends are exposed The solutionwe have proposed in this paper could not only solve AL-LPL but also provide a feasible method for the followingwork in this area Furthermore AL-LPL is a general problemand can be applied to a kind of account linked platformsproviding LBSs like Facebook (httpswwwfacebookcom)Yelp (httpswwwyelpcom) WeChat and DIAN PING(httpwwwdianpingcom) In addition AL-LPL is a novelproblem when compared with traditional privacy leakageproblems Different from traditional location privacy leakage[12 13] in a specific kind of LBS AL-LPL has discussedlocation privacy leakage caused by linking different LBSs AL-LPL is also distinct from the work [14] discussing locationprivacy leakage in mixed LBSs in one platform because LBSsin AL-LPL are organized in more than one system such thatnetwork alignment is needed between two platforms

Here we use the Foursquare-Swarm as the research caseto show the effectiveness of our proposed attacks and test the

performance of corresponding protection mechanism Forinformation integration wemake use of existing anchor usersand adopt the location profile system of Foursquare to bethe knowledge base [15] As shown in Figure 1 every Pointof Interest (POI) in this system has a unique profile withdetailed information which can tolerate light deviation ofcoordinates and address name respectively Hence a locationin any forms of coordinates or address can be unified inthis system represented by a location profile with a uniquelocation ID

Based on the network alignment of two platforms anew heterogeneous social network with mixed LBSs is con-structed where specific inference attacks are formed to guessuserrsquos next submitted location These inference attacks aresupported by previous analysis of userrsquos behavior in socialnetwork [16ndash19] which suggests that userrsquos location can bepredicted by both friendsrsquo trajectory and his periodicmobilitypattern Besides to avoid the disturbance from overactiveusers with friends or trajectory across the world we limit therange of inference attacks to a predefined geographical region(eg a city)

To defend the attacks above we use a framework (shownin Figure 2) based on noncooperative game to help a userto obfuscate both his historical locations and his onlinelocation before the submission in search-based LBSThebasichypothesis here is that ldquoservice providers and LBS locationservers are untrustworthyrdquo Therefore our design does notrely on any trusted third party (TTP) Here every locationin search-based LBS is obfuscated through a unified methodThe solution imitates usersrsquo random walk to a near Pointof Interest (POI) takes the trade-off between obfuscationand submissionrsquos utility into consideration and implementsoptimal obfuscation to fend off dynamic inference attacksFor details an obfuscation model is established for specificfixed attack where AL-LPL is transformed into a multiob-jective optimization problem to reduce attackrsquos performancein Accuracy and Correctness Based on every obfuscationsolution against every listed inference attack a game-basedframework is adopted to defend the dynamic attacks whereAL-LPL is transformed into aminimax optimization problem


Service Providers F

Database

Obfuscation

Friendship

Smart Phone

Historical Data

KNN Locations

Service Providers S

Database

Friendship

Check-insFriendship


Foursquare Swarm

Check-ins








2 Preliminaries

















119866119864 = 119892 (11990310158401015840 | 1199031015840) = 1119899119866119861 = 119892 (11990310158401015840 | 1199031015840) = 119901 (1199031015840 | 11990310158401015840) 119901 (11990310158401015840)119901 (1199031015840) (1)


119906119891isin119865119906


1199031015840119906119891isin120579(11990310158401015840)

(1 minus 119892 (11990310158401015840 | 1199031015840119906119891))) (2)





sim (119865 (119906) 119865 (119906119891)) = 10038161003816100381610038161003816119865 (119906) cap 119865 (119906119891)1003816100381610038161003816100381610038161003816100381610038161003816119865 (119906) cup 119865 (119906119891)10038161003816100381610038161003816 (3)









(5)



119866119872 = 119892 (11990310158401015840 | KnL (119906))= 1 minus prod




119866119862 = 119892 (11990310158401015840 | KnL (119906) 1199031015840)= 1205961119866119861 + 1205962119866119865 + 1205963119866119872sum1199031015840isin120579(11990310158401015840) 119892 (11990310158401015840 | KnL (119906) 1199031015840)

(7)








1818

28

28

28 0

0


0

0013

13 0

13





EA = sum1199031015840

119891 (1199031015840 | 119903) 119892 (11990310158401015840 = 119903 | KnL (119906) 1199031015840) (8)

ED = sum11990310158401015840 1199031015840

119891 (1199031015840 | 119903) 119892 (11990310158401015840 | KnL (119906) 1199031015840) 119889 (119903 11990310158401015840) (9)



119876V = sum1199031015840

119891 (1199031015840 | 119903) 119889 (119903 1199031015840) (10)








st 119876V le 119876119897sum1199031015840

119891 (1199031015840 | 119903) = 1 119891 (1199031015840 | 119903) ge 0(12)










119891mix (1199031015840 | 119903) = 119899sum119894=1

120590119894 times PStra119894 (15)




1199031015840

119891mix (1199031015840 | 119903) 119889 (119903 1199031015840)= sum1199031015840

(sum119899

120590119894 times PStra119894)119889 (119903 1199031015840)

= 1205901sum1199031015840



119894=1

120590119894 = 1) (16)


4 Experiments







3000

2500

2000

1500

1000

500

0

120

100

80

60

40

20

0


Local search count


6000

5000

4000

3000

2000

1000

0

times105

times105

times104


4003002001000 1086420

Local search count

50403020100 3252151050

9

8

7

6

5

4

3

2

1

0

Loca

tion

coun

tLo

catio

n co

unt

Use

r Cou

ntU

ser c

ount













ACC = 1119873sum119873

119875 (119903 | KnL (119906) 1199031015840)CER

= 1119873sum119873

sum11990310158401015840


119873

sum11990310158401015840

119875 (11990310158401015840 | KnL (119906) 1199031015840) 119889 (119903 11990310158401015840) (18)









014

015

016

017

018

019

ECT1 BCT1 MMB CLA

Accuracy

155

16

165

17

175

18

ECT1 BCT1 MMB CLA

Certainty

0

2

4

6

8

10

ECT1 BCT1 MMB CLA

Correctness


01

0105

011

0115

012

0125

013

0135

014

005

006

007

008

009 0

10

110

120

130

140

150

160

170

180

19

ECT1PGAMEP

Ql

EP


0

005

01

015

02

025

5 10 15 20 25 30

Prec

ision

N

N


BCT2PGAMEP








3 5 7 9 11 13 15

Accuracy


Certainty


Correctness




ACC


CER


COR







5 Related Work









6 Conclusions


Additional Points





Acknowledgments


References

















































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



Service Providers F

Database

Obfuscation

Friendship

Smart Phone

Historical Data

KNN Locations

Service Providers S

Database

Friendship

Check-insFriendship


Foursquare Swarm

Check-ins








2 Preliminaries

















119866119864 = 119892 (11990310158401015840 | 1199031015840) = 1119899119866119861 = 119892 (11990310158401015840 | 1199031015840) = 119901 (1199031015840 | 11990310158401015840) 119901 (11990310158401015840)119901 (1199031015840) (1)


119906119891isin119865119906


1199031015840119906119891isin120579(11990310158401015840)

(1 minus 119892 (11990310158401015840 | 1199031015840119906119891))) (2)





sim (119865 (119906) 119865 (119906119891)) = 10038161003816100381610038161003816119865 (119906) cap 119865 (119906119891)1003816100381610038161003816100381610038161003816100381610038161003816119865 (119906) cup 119865 (119906119891)10038161003816100381610038161003816 (3)









(5)



119866119872 = 119892 (11990310158401015840 | KnL (119906))= 1 minus prod




119866119862 = 119892 (11990310158401015840 | KnL (119906) 1199031015840)= 1205961119866119861 + 1205962119866119865 + 1205963119866119872sum1199031015840isin120579(11990310158401015840) 119892 (11990310158401015840 | KnL (119906) 1199031015840)

(7)








1818

28

28

28 0

0


0

0013

13 0

13





EA = sum1199031015840

119891 (1199031015840 | 119903) 119892 (11990310158401015840 = 119903 | KnL (119906) 1199031015840) (8)

ED = sum11990310158401015840 1199031015840

119891 (1199031015840 | 119903) 119892 (11990310158401015840 | KnL (119906) 1199031015840) 119889 (119903 11990310158401015840) (9)



119876V = sum1199031015840

119891 (1199031015840 | 119903) 119889 (119903 1199031015840) (10)








st 119876V le 119876119897sum1199031015840

119891 (1199031015840 | 119903) = 1 119891 (1199031015840 | 119903) ge 0(12)










119891mix (1199031015840 | 119903) = 119899sum119894=1

120590119894 times PStra119894 (15)




1199031015840

119891mix (1199031015840 | 119903) 119889 (119903 1199031015840)= sum1199031015840

(sum119899

120590119894 times PStra119894)119889 (119903 1199031015840)

= 1205901sum1199031015840



119894=1

120590119894 = 1) (16)


4 Experiments







3000

2500

2000

1500

1000

500

0

120

100

80

60

40

20

0


Local search count


6000

5000

4000

3000

2000

1000

0

times105

times105

times104


4003002001000 1086420

Local search count

50403020100 3252151050

9

8

7

6

5

4

3

2

1

0

Loca

tion

coun

tLo

catio

n co

unt

Use

r Cou

ntU

ser c

ount













ACC = 1119873sum119873

119875 (119903 | KnL (119906) 1199031015840)CER

= 1119873sum119873

sum11990310158401015840


119873

sum11990310158401015840

119875 (11990310158401015840 | KnL (119906) 1199031015840) 119889 (119903 11990310158401015840) (18)









014

015

016

017

018

019

ECT1 BCT1 MMB CLA

Accuracy

155

16

165

17

175

18

ECT1 BCT1 MMB CLA

Certainty

0

2

4

6

8

10

ECT1 BCT1 MMB CLA

Correctness


01

0105

011

0115

012

0125

013

0135

014

005

006

007

008

009 0

10

110

120

130

140

150

160

170

180

19

ECT1PGAMEP

Ql

EP


0

005

01

015

02

025

5 10 15 20 25 30

Prec

ision

N

N


BCT2PGAMEP








3 5 7 9 11 13 15

Accuracy


Certainty


Correctness




ACC


CER


COR







5 Related Work









6 Conclusions


Additional Points





Acknowledgments


References

















































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia














119866119864 = 119892 (11990310158401015840 | 1199031015840) = 1119899119866119861 = 119892 (11990310158401015840 | 1199031015840) = 119901 (1199031015840 | 11990310158401015840) 119901 (11990310158401015840)119901 (1199031015840) (1)


119906119891isin119865119906


1199031015840119906119891isin120579(11990310158401015840)

(1 minus 119892 (11990310158401015840 | 1199031015840119906119891))) (2)





sim (119865 (119906) 119865 (119906119891)) = 10038161003816100381610038161003816119865 (119906) cap 119865 (119906119891)1003816100381610038161003816100381610038161003816100381610038161003816119865 (119906) cup 119865 (119906119891)10038161003816100381610038161003816 (3)









(5)



119866119872 = 119892 (11990310158401015840 | KnL (119906))= 1 minus prod




119866119862 = 119892 (11990310158401015840 | KnL (119906) 1199031015840)= 1205961119866119861 + 1205962119866119865 + 1205963119866119872sum1199031015840isin120579(11990310158401015840) 119892 (11990310158401015840 | KnL (119906) 1199031015840)

(7)








1818

28

28

28 0

0


0

0013

13 0

13





EA = sum1199031015840

119891 (1199031015840 | 119903) 119892 (11990310158401015840 = 119903 | KnL (119906) 1199031015840) (8)

ED = sum11990310158401015840 1199031015840

119891 (1199031015840 | 119903) 119892 (11990310158401015840 | KnL (119906) 1199031015840) 119889 (119903 11990310158401015840) (9)



119876V = sum1199031015840

119891 (1199031015840 | 119903) 119889 (119903 1199031015840) (10)








st 119876V le 119876119897sum1199031015840

119891 (1199031015840 | 119903) = 1 119891 (1199031015840 | 119903) ge 0(12)










119891mix (1199031015840 | 119903) = 119899sum119894=1

120590119894 times PStra119894 (15)




1199031015840

119891mix (1199031015840 | 119903) 119889 (119903 1199031015840)= sum1199031015840

(sum119899

120590119894 times PStra119894)119889 (119903 1199031015840)

= 1205901sum1199031015840



119894=1

120590119894 = 1) (16)


4 Experiments







3000

2500

2000

1500

1000

500

0

120

100

80

60

40

20

0


Local search count


6000

5000

4000

3000

2000

1000

0

times105

times105

times104


4003002001000 1086420

Local search count

50403020100 3252151050

9

8

7

6

5

4

3

2

1

0

Loca

tion

coun

tLo

catio

n co

unt

Use

r Cou

ntU

ser c

ount













ACC = 1119873sum119873

119875 (119903 | KnL (119906) 1199031015840)CER

= 1119873sum119873

sum11990310158401015840


119873

sum11990310158401015840

119875 (11990310158401015840 | KnL (119906) 1199031015840) 119889 (119903 11990310158401015840) (18)









014

015

016

017

018

019

ECT1 BCT1 MMB CLA

Accuracy

155

16

165

17

175

18

ECT1 BCT1 MMB CLA

Certainty

0

2

4

6

8

10

ECT1 BCT1 MMB CLA

Correctness


01

0105

011

0115

012

0125

013

0135

014

005

006

007

008

009 0

10

110

120

130

140

150

160

170

180

19

ECT1PGAMEP

Ql

EP


0

005

01

015

02

025

5 10 15 20 25 30

Prec

ision

N

N


BCT2PGAMEP








3 5 7 9 11 13 15

Accuracy


Certainty


Correctness




ACC


CER


COR







5 Related Work









6 Conclusions


Additional Points





Acknowledgments


References

















































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia





sim (119865 (119906) 119865 (119906119891)) = 10038161003816100381610038161003816119865 (119906) cap 119865 (119906119891)1003816100381610038161003816100381610038161003816100381610038161003816119865 (119906) cup 119865 (119906119891)10038161003816100381610038161003816 (3)









(5)



119866119872 = 119892 (11990310158401015840 | KnL (119906))= 1 minus prod




119866119862 = 119892 (11990310158401015840 | KnL (119906) 1199031015840)= 1205961119866119861 + 1205962119866119865 + 1205963119866119872sum1199031015840isin120579(11990310158401015840) 119892 (11990310158401015840 | KnL (119906) 1199031015840)

(7)








1818

28

28

28 0

0


0

0013

13 0

13





EA = sum1199031015840

119891 (1199031015840 | 119903) 119892 (11990310158401015840 = 119903 | KnL (119906) 1199031015840) (8)

ED = sum11990310158401015840 1199031015840

119891 (1199031015840 | 119903) 119892 (11990310158401015840 | KnL (119906) 1199031015840) 119889 (119903 11990310158401015840) (9)



119876V = sum1199031015840

119891 (1199031015840 | 119903) 119889 (119903 1199031015840) (10)








st 119876V le 119876119897sum1199031015840

119891 (1199031015840 | 119903) = 1 119891 (1199031015840 | 119903) ge 0(12)










119891mix (1199031015840 | 119903) = 119899sum119894=1

120590119894 times PStra119894 (15)




1199031015840

119891mix (1199031015840 | 119903) 119889 (119903 1199031015840)= sum1199031015840

(sum119899

120590119894 times PStra119894)119889 (119903 1199031015840)

= 1205901sum1199031015840



119894=1

120590119894 = 1) (16)


4 Experiments







3000

2500

2000

1500

1000

500

0

120

100

80

60

40

20

0


Local search count


6000

5000

4000

3000

2000

1000

0

times105

times105

times104


4003002001000 1086420

Local search count

50403020100 3252151050

9

8

7

6

5

4

3

2

1

0

Loca

tion

coun

tLo

catio

n co

unt

Use

r Cou

ntU

ser c

ount













ACC = 1119873sum119873

119875 (119903 | KnL (119906) 1199031015840)CER

= 1119873sum119873

sum11990310158401015840


119873

sum11990310158401015840

119875 (11990310158401015840 | KnL (119906) 1199031015840) 119889 (119903 11990310158401015840) (18)









014

015

016

017

018

019

ECT1 BCT1 MMB CLA

Accuracy

155

16

165

17

175

18

ECT1 BCT1 MMB CLA

Certainty

0

2

4

6

8

10

ECT1 BCT1 MMB CLA

Correctness


01

0105

011

0115

012

0125

013

0135

014

005

006

007

008

009 0

10

110

120

130

140

150

160

170

180

19

ECT1PGAMEP

Ql

EP


0

005

01

015

02

025

5 10 15 20 25 30

Prec

ision

N

N


BCT2PGAMEP








3 5 7 9 11 13 15

Accuracy


Certainty


Correctness




ACC


CER


COR







5 Related Work









6 Conclusions


Additional Points





Acknowledgments


References

















































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



1818

28

28

28 0

0


0

0013

13 0

13





EA = sum1199031015840

119891 (1199031015840 | 119903) 119892 (11990310158401015840 = 119903 | KnL (119906) 1199031015840) (8)

ED = sum11990310158401015840 1199031015840

119891 (1199031015840 | 119903) 119892 (11990310158401015840 | KnL (119906) 1199031015840) 119889 (119903 11990310158401015840) (9)



119876V = sum1199031015840

119891 (1199031015840 | 119903) 119889 (119903 1199031015840) (10)








st 119876V le 119876119897sum1199031015840

119891 (1199031015840 | 119903) = 1 119891 (1199031015840 | 119903) ge 0(12)










119891mix (1199031015840 | 119903) = 119899sum119894=1

120590119894 times PStra119894 (15)




1199031015840

119891mix (1199031015840 | 119903) 119889 (119903 1199031015840)= sum1199031015840

(sum119899

120590119894 times PStra119894)119889 (119903 1199031015840)

= 1205901sum1199031015840



119894=1

120590119894 = 1) (16)


4 Experiments







3000

2500

2000

1500

1000

500

0

120

100

80

60

40

20

0


Local search count


6000

5000

4000

3000

2000

1000

0

times105

times105

times104


4003002001000 1086420

Local search count

50403020100 3252151050

9

8

7

6

5

4

3

2

1

0

Loca

tion

coun

tLo

catio

n co

unt

Use

r Cou

ntU

ser c

ount













ACC = 1119873sum119873

119875 (119903 | KnL (119906) 1199031015840)CER

= 1119873sum119873

sum11990310158401015840


119873

sum11990310158401015840

119875 (11990310158401015840 | KnL (119906) 1199031015840) 119889 (119903 11990310158401015840) (18)









014

015

016

017

018

019

ECT1 BCT1 MMB CLA

Accuracy

155

16

165

17

175

18

ECT1 BCT1 MMB CLA

Certainty

0

2

4

6

8

10

ECT1 BCT1 MMB CLA

Correctness


01

0105

011

0115

012

0125

013

0135

014

005

006

007

008

009 0

10

110

120

130

140

150

160

170

180

19

ECT1PGAMEP

Ql

EP


0

005

01

015

02

025

5 10 15 20 25 30

Prec

ision

N

N


BCT2PGAMEP








3 5 7 9 11 13 15

Accuracy


Certainty


Correctness




ACC


CER


COR







5 Related Work









6 Conclusions


Additional Points





Acknowledgments


References

















































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia







119891mix (1199031015840 | 119903) = 119899sum119894=1

120590119894 times PStra119894 (15)




1199031015840

119891mix (1199031015840 | 119903) 119889 (119903 1199031015840)= sum1199031015840

(sum119899

120590119894 times PStra119894)119889 (119903 1199031015840)

= 1205901sum1199031015840



119894=1

120590119894 = 1) (16)


4 Experiments







3000

2500

2000

1500

1000

500

0

120

100

80

60

40

20

0


Local search count


6000

5000

4000

3000

2000

1000

0

times105

times105

times104


4003002001000 1086420

Local search count

50403020100 3252151050

9

8

7

6

5

4

3

2

1

0

Loca

tion

coun

tLo

catio

n co

unt

Use

r Cou

ntU

ser c

ount













ACC = 1119873sum119873

119875 (119903 | KnL (119906) 1199031015840)CER

= 1119873sum119873

sum11990310158401015840


119873

sum11990310158401015840

119875 (11990310158401015840 | KnL (119906) 1199031015840) 119889 (119903 11990310158401015840) (18)









014

015

016

017

018

019

ECT1 BCT1 MMB CLA

Accuracy

155

16

165

17

175

18

ECT1 BCT1 MMB CLA

Certainty

0

2

4

6

8

10

ECT1 BCT1 MMB CLA

Correctness


01

0105

011

0115

012

0125

013

0135

014

005

006

007

008

009 0

10

110

120

130

140

150

160

170

180

19

ECT1PGAMEP

Ql

EP


0

005

01

015

02

025

5 10 15 20 25 30

Prec

ision

N

N


BCT2PGAMEP








3 5 7 9 11 13 15

Accuracy


Certainty


Correctness




ACC


CER


COR







5 Related Work









6 Conclusions


Additional Points





Acknowledgments


References

















































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia




3000

2500

2000

1500

1000

500

0

120

100

80

60

40

20

0


Local search count


6000

5000

4000

3000

2000

1000

0

times105

times105

times104


4003002001000 1086420

Local search count

50403020100 3252151050

9

8

7

6

5

4

3

2

1

0

Loca

tion

coun

tLo

catio

n co

unt

Use

r Cou

ntU

ser c

ount













ACC = 1119873sum119873

119875 (119903 | KnL (119906) 1199031015840)CER

= 1119873sum119873

sum11990310158401015840


119873

sum11990310158401015840

119875 (11990310158401015840 | KnL (119906) 1199031015840) 119889 (119903 11990310158401015840) (18)









014

015

016

017

018

019

ECT1 BCT1 MMB CLA

Accuracy

155

16

165

17

175

18

ECT1 BCT1 MMB CLA

Certainty

0

2

4

6

8

10

ECT1 BCT1 MMB CLA

Correctness


01

0105

011

0115

012

0125

013

0135

014

005

006

007

008

009 0

10

110

120

130

140

150

160

170

180

19

ECT1PGAMEP

Ql

EP


0

005

01

015

02

025

5 10 15 20 25 30

Prec

ision

N

N


BCT2PGAMEP








3 5 7 9 11 13 15

Accuracy


Certainty


Correctness




ACC


CER


COR







5 Related Work









6 Conclusions


Additional Points





Acknowledgments


References

















































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia









ACC = 1119873sum119873

119875 (119903 | KnL (119906) 1199031015840)CER

= 1119873sum119873

sum11990310158401015840


119873

sum11990310158401015840

119875 (11990310158401015840 | KnL (119906) 1199031015840) 119889 (119903 11990310158401015840) (18)









014

015

016

017

018

019

ECT1 BCT1 MMB CLA

Accuracy

155

16

165

17

175

18

ECT1 BCT1 MMB CLA

Certainty

0

2

4

6

8

10

ECT1 BCT1 MMB CLA

Correctness


01

0105

011

0115

012

0125

013

0135

014

005

006

007

008

009 0

10

110

120

130

140

150

160

170

180

19

ECT1PGAMEP

Ql

EP


0

005

01

015

02

025

5 10 15 20 25 30

Prec

ision

N

N


BCT2PGAMEP








3 5 7 9 11 13 15

Accuracy


Certainty


Correctness




ACC


CER


COR







5 Related Work









6 Conclusions


Additional Points





Acknowledgments


References

















































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



014

015

016

017

018

019

ECT1 BCT1 MMB CLA

Accuracy

155

16

165

17

175

18

ECT1 BCT1 MMB CLA

Certainty

0

2

4

6

8

10

ECT1 BCT1 MMB CLA

Correctness


01

0105

011

0115

012

0125

013

0135

014

005

006

007

008

009 0

10

110

120

130

140

150

160

170

180

19

ECT1PGAMEP

Ql

EP


0

005

01

015

02

025

5 10 15 20 25 30

Prec

ision

N

N


BCT2PGAMEP








3 5 7 9 11 13 15

Accuracy


Certainty


Correctness




ACC


CER


COR







5 Related Work









6 Conclusions


Additional Points





Acknowledgments


References

















































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia




3 5 7 9 11 13 15

Accuracy


Certainty


Correctness




ACC


CER


COR







5 Related Work









6 Conclusions


Additional Points





Acknowledgments


References

















































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia




5 Related Work









6 Conclusions


Additional Points





Acknowledgments


References

















































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia





Acknowledgments


References

















































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



























RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia


GLPP: A Game-Based Location Privacy-Preserving Framework...

Documents

Transcript of GLPP: A Game-Based Location Privacy-Preserving Framework...