引用本文
  • 马卓,曹玖新,王群,胥帅,夏玲玲.抵御推断攻击的在线社交网络用户位置隐私保护综述[J].信息安全学报,已采用    [点击复制]
  • Ma Zhuo,Cao Jiuxin,Wang Qun,Xu Shuai,Xia Lingling.A Survey for User Location Privacy Protection against Inference Attacks in Online Social Networks[J].Journal of Cyber Security,Accept   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

过刊浏览    高级检索

本文已被:浏览 710次   下载 0  
抵御推断攻击的在线社交网络用户位置隐私保护综述
马卓1, 曹玖新2, 王群1, 胥帅3, 夏玲玲1
0
(1.江苏警官学院计算机信息与网络安全系;2.东南大学网络空间安全学院;3.南京航空航天大学计算机科学与技术学院)
摘要:
作为一种通过位置交互连接数字空间和物理空间的新型移动应用,在线社交网络能够为用户提供实时、便捷的在线服务。用户在使用服务时,其隐私位置信息因需要提交给在线服务而面临严重的泄露风险,包括设备劫持攻击、网络中间人攻击和服务器端推断攻击。本文针对服务器环境的潜在风险,立足在线社交网络的主要特点,分别对在线社交网络中特定推断攻击和组合推断攻击的防御方法与技术进行综述性研究,从攻防视角出发清晰呈现在线社交网络用户位置隐私研究的最新进展。首先,在对在线社交网络的位置服务模式与数据特征深入分析的基础上,对传统特定攻击场景和新型组合攻击场景下的攻击模型的机理进行了对比与总结。然后,从可抵御攻击的角度,对用户位置隐私保护方法的分类进行详细分析。针对特定推断攻击,将其抵御方法划分为针对解密攻击的数据加密、针对重识别攻击的身份干扰和针对位置推断攻击的位置失真;针对组合推断攻击,将其抵御方案归纳为针对三类同角度组合推断攻击的保护方案、针对三类双角度组合推断攻击的保护方案和针对全角度组合推断攻击的保护方案。通过对保护技术解析与归纳,总结了不同推断攻击抵御方案的区别与特点,全面描述了抵御效果的评价方法与指标。最后,对未来在线社交网络中的新型推断攻击与热点隐私保护研究方向进行了总结与展望,为本领域的研究提供思路指导和方法归纳。
关键词:  在线社交网络  推断攻击  用户位置隐私
DOI:
投稿时间:2024-03-20修订日期:2024-08-28
基金项目:国家重点基础研究发展计划(973计划),国家自然科学基金项目(面上项目,重点项目,重大项目),江苏省自然科学基金项目,中央高校基本科研业务费项目,江苏省网络与信息安全重点实验室,教育部计算机网络与信息集成重点实验室,紫金山实验室资助。
A Survey for User Location Privacy Protection against Inference Attacks in Online Social Networks
Ma Zhuo1, Cao Jiuxin2, Wang Qun1, Xu Shuai3, Xia Lingling1
(1.Department of Computer Information and Cybersecurity, Jiangsu Police Institute;2.School of Cyber Science and Engineering, Southeast University;3.College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics)
Abstract:
As a new type of mobile application that connects digital space and physical space by location interaction, online social networks can provide users with real-time and convenient online services. When users use the service, their private location information is submitted to the service facing a serious risk of disclosure, including hijacking attacks over mobile devices, man-in-the-middle attacks through network and inference attacks in server-side. This paper was targeted at the potential risk in server environment. It was based on the main characteristics of online social networks and conducted a review study on the defense techniques of both the specific and the combinational inference attack in online social networks. The paper started from the perspective of attack and defense to clearly present the latest progress of online social network users’ location privacy studies. Firstly, based on the in-depth analysis of service model and data characteristics in online social networks, the mechanism of attack models were compared under the traditional specific attack scenario and new combinatorial attack scenario. Then, the classification of user location privacy protection methods was analyzed against inference attacks. For the defense of the specific inference attacks, it was divided into three parts, including data encryption against decryption attacks, identity jamming against re-identification attacks and location distortion against location inference attacks. For the defense of the combinational inference attack, it contains protection solution against three types of same angle combination inference attack, protection solution against three types of two-angle combination inference attack and protection solution against all-angle combination inference attack. By analyzing and summarizing, this paper summarized the differences and characteristics of different inference attack defense schemes, and comprehensively described the evaluation methods and indicators of defense effect. Finally, the research direction of inference attack and hot privacy protection issues was summarized and prospected, which provides ideas and methods for the research in this field.
Key words:  online social network  inference attack  user location privacy