Data Poisoning Attacks and Defenses to LDP-Based Crowdsensing
摘要
In this chapter, we explore data poisoning attacks and their defenses in local differential privacy (LDP)-based crowdsensing systems. First, we design attacks where compromised workers intentionally alter their reported data to skew the crowdsensing outcomes. These attacks are modeled as a bi-level optimization problem in which attackers carefully leverage the noise introduced by LDP to camouflage their malicious activities, making them undetectable even by weight-based truth discovery methods. Subsequently, we introduce the corresponding defenses, formulated as a minimization problem, with the goal of reducing the impact of these attacks by pinpointing and excluding the corrupted workers. Comprehensive experiments on real-world datasets validate that LDP noise can indeed enhance the effectiveness of data poisoning attacks, while our proposed defenses are capable of accurately identifying and mitigating the disguised malicious behavior.