An Attack-Agnostic Defense Framework Against Manipulation Attacks under Local Differential Privacy

Abstract

Protection of local differential privacy (LDP) protocols against manipulation attacks is an important and challenging problem. We design an attack-agnostic framework that does not rely on prior knowledge of attackers. An early work [1] restricts attacker capability by converting each sample into a binary signal. However, this compression causes severe information loss and unnecessary utility degradation, especially when epsilon > 1. In this paper, we propose a general estimation framework, RobustLDP, for robust estimation under LDP. The key idea is to send carefully crafted predefined information to all users and then aggregate their feedback at the server. We strike a better tradeoff between preserving information and restricting attacker capability. We instantiate RobustLDP for frequency estimation and mean estimation in l1 and l2 support, which serve as building blocks for more advanced tasks. We also establish theoretical guarantees for all possible attacks. Results show that our method significantly outperforms the existing one for epsilon > 1. Extensive experiments on multiple real-world datasets validate the effectiveness of our method.