Differentially Private Trajectory Analysis for Points-of-Interest Recommendation

Ubiquitous deployment of low-cost mobile positioning devices and the widespread use of high-speed wireless networks enable massive collection of large-scale trajectory data of individuals moving on road networks. Trajectory data mining finds numerous applications including understanding users' historical travel preferences and recommending places of interest to new visitors. Privacy-preserving trajectory mining is an important and challenging problem as exposure of sensitive location information in the trajectories can directly invade the location privacy of the users associated with the trajectories. In this paper, we propose a differentially private trajectory analysis algorithm for points-of-interest recommendation to users that aims at maximizing the accuracy of the recommendation results while protecting the privacy of the exposed trajectories with differential privacy guarantees. Our algorithm first transforms the raw trajectory dataset into a bipartite graph with nodes representing the users and the points-of-interest and the edges representing the visits made by the users to the locations, and then extracts the association matrix representing the bipartite graph to inject carefully calibrated noise to meet ϵ-differential privacy guarantees. A post-processing of the perturbed association matrix is performed to suppress noise prior to performing a Hyperlink-Induced Topic Search (HITS) on the transformed data that generates an ordered list of recommended points-of-interest. Extensive experiments on a real trajectory dataset show that our algorithm is efficient, scalable and demonstrates high recommendation accuracy while meeting the required differential privacy guarantees

Preserving privacy for interesting location pattern mining from trajectory data

One main concern for individuals participating in the data collection of personal location history records i.e., trajectories is the disclosure of their location and related information when a user queries for statistical or pattern mining results such as frequent locations derived from these records. In this paper, we investigate how one can achieve the privacy goal that the inclusion of his location history in a statistical database with interesting location mining capability does not substantially increase risk to his privacy. In particular, we propose a e, d-differentially private interesting geographic location pattern mining approach motivated by the sample-aggregate framework. The approach uses spatial decomposition to limit the number of stay points within a localized spatial partition and then followed by density-based clustering. The e, d-differential privacy mechanism is based on translation and scaling insensitive Laplace noise distribution modulated by database instance dependent smoothed local sensitivity. Unlike the database independent e-differential privacy mechanism, the output perturbation from a e, d-differential privacy mechanism depends on a lower local sensitivity resulting in a better query output accuracy and hence, more useful at a higher privacy level, i.e., smaller e. We demonstrate our e, d-differentially private interesting geographic location discovery approach using the region quadtree spatial decomposition followed by the DBSCAN clustering. Experimental results on the real-world GeoLife dataset are used to show the feasibility of the proposed e, d-differentially private interesting location mining approach.Published versio