Local differential privacy (LDP) provides a way for an untrusted data collector to aggregate users' data without violating their privacy. Various privacy-preserving data analysis tasks have been studied under the protection of LDP, such as frequency estimation, frequent itemset mining, and machine learning. Despite its privacy-preserving properties, recent research has demonstrated the vulnerability of certain LDP protocols to data poisoning attacks. However, existing data poisoning attacks are focused on basic statistics under LDP, such as frequency estimation and mean/variance estimation. As an important data analysis task, the security of LDP frequent itemset mining has yet to be thoroughly examined. In this paper, we aim to address this issue by presenting novel and practical data poisoning attacks against LDP frequent itemset mining protocols. By introducing a unified attack framework with composable attack operations, our data poisoning attack can successfully manipulate the state-of-the-art LDP frequent itemset mining protocols and has the potential to be adapted to other protocols with similar structures. We conduct extensive experiments on three datasets to compare the proposed attack with four baseline attacks. The results demonstrate the severity of the threat and the effectiveness of the proposed attack.

翻译：本地差分隐私（LDP）为不可信的数据收集者提供了一种在不侵犯用户隐私的前提下聚合数据的方法。在LDP的保护下，已研究了多种隐私保护数据分析任务，如频率估计、频繁项集挖掘和机器学习。尽管LDP具有隐私保护特性，但近期研究表明某些LDP协议易受数据投毒攻击。然而，现有的数据投毒攻击主要针对LDP下的基础统计任务，如频率估计与均值/方差估计。作为一项重要的数据分析任务，LDP频繁项集挖掘的安全性尚未得到深入检验。本文旨在通过提出针对LDP频繁项集挖掘协议的新型实用数据投毒攻击来解决这一问题。通过引入具有可组合攻击操作的统一攻击框架，我们的数据投毒攻击能够成功操控最先进的LDP频繁项集挖掘协议，并具备适配其他类似结构协议的潜力。我们在三个数据集上进行了大量实验，将所提攻击与四种基线攻击进行对比。实验结果证明了该威胁的严重性及所提攻击的有效性。